diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | fix-test-failure-with-secilc.patch | 84 | ||||
| -rw-r--r-- | libsemanage.spec | 144 | ||||
| -rw-r--r-- | semanage.conf | 57 | ||||
| -rw-r--r-- | sources | 1 |
5 files changed, 287 insertions, 0 deletions
@@ -0,0 +1 @@ +/libsemanage-3.5.tar.gz diff --git a/fix-test-failure-with-secilc.patch b/fix-test-failure-with-secilc.patch new file mode 100644 index 0000000..95cb2c2 --- /dev/null +++ b/fix-test-failure-with-secilc.patch @@ -0,0 +1,84 @@ +From b4dff18c54fd666100d10581ce9215c8d5cbde93 Mon Sep 17 00:00:00 2001 +From: gengqihu <gengqihu1@huawei.com> +Date: Tue, 11 May 2021 04:28:37 -0400 +Subject: [PATCH] fix test failure with secilc + +There's no secilc here. The SELinux CIL Compiler is a compiler that +converts the CIL language as described on the CIL design wiki into a +kernel binary policy file. +This patch deletes the testcode related to secilc. + +--- + tests/Makefile | 12 ++++++------ + tests/libsemanage-tests.c | 16 ---------------- + 2 files changed, 6 insertions(+), 22 deletions(-) + +diff --git a/tests/Makefile b/tests/Makefile +index 69f49a3..c98dae0 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -1,6 +1,5 @@ + # Add your test source files here: +-SOURCES = $(sort $(wildcard *.c)) +-CILS = $(sort $(wildcard *.cil)) ++SOURCES = $(sort $(wildcard libsemanage-tests.c test_other.c test_semanage_store.c test_utilities.c utilities.c)) + + ########################################################################### + +@@ -10,18 +9,14 @@ override CFLAGS += -I../src -I../include + override LDLIBS += -lcunit -lbz2 -laudit -lselinux -lsepol + + OBJECTS = $(SOURCES:.c=.o) +-POLICIES = $(CILS:.cil=.policy) + +-all: $(EXECUTABLE) $(POLICIES) ++all: $(EXECUTABLE) + + $(EXECUTABLE): $(OBJECTS) ../src/libsemanage.a + $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) +- +-%.policy: %.cil +- ../../secilc/secilc $*.cil -o $*.policy -f /dev/null + + clean distclean: +- rm -rf $(OBJECTS) $(POLICIES) $(EXECUTABLE) ++ rm -rf $(OBJECTS) $(EXECUTABLE) + + test: all + ./$(EXECUTABLE) +diff --git a/tests/libsemanage-tests.c b/tests/libsemanage-tests.c +index 2ae4a21..df2d5b2 100644 +--- a/tests/libsemanage-tests.c ++++ b/tests/libsemanage-tests.c +@@ -21,14 +21,6 @@ + + #include "test_semanage_store.h" + #include "test_utilities.h" +-#include "test_handle.h" +-#include "test_bool.h" +-#include "test_fcontext.h" +-#include "test_iface.h" +-#include "test_ibendport.h" +-#include "test_node.h" +-#include "test_port.h" +-#include "test_user.h" + #include "test_other.h" + + #include <CUnit/Basic.h> +@@ -68,14 +60,6 @@ static bool do_tests(int interactive, int verbose) + + DECLARE_SUITE(semanage_store); + DECLARE_SUITE(semanage_utilities); +- DECLARE_SUITE(handle); +- DECLARE_SUITE(bool); +- DECLARE_SUITE(fcontext); +- DECLARE_SUITE(iface); +- DECLARE_SUITE(ibendport); +- DECLARE_SUITE(node); +- DECLARE_SUITE(port); +- DECLARE_SUITE(user); + DECLARE_SUITE(other); + + if (verbose) +-- +2.19.1 diff --git a/libsemanage.spec b/libsemanage.spec new file mode 100644 index 0000000..1c82353 --- /dev/null +++ b/libsemanage.spec @@ -0,0 +1,144 @@ +%define libsepol_version 3.5-1 +%define libselinux_version 3.5-1 + +Name: libsemanage +Version: 3.5 +Release: 1 +License: LGPLv2+ +Summary: SELinux binary policy manipulation library +URL: https://github.com/SELinuxProject/selinux/wiki +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz +Source1: semanage.conf + +Patch9000: fix-test-failure-with-secilc.patch + +BuildRequires: gcc python3-devel bison flex bzip2-devel audit-libs-devel +BuildRequires: libselinux-devel >= %{libselinux_version} swig libsepol-devel >= %{libsepol_version} +BuildRequires: CUnit-devel gdb-headless + +Requires: bzip2-libs audit-libs +Requires: libselinux >= %{libselinux_version} + +%description +libsemanage is the policy management library. Using libsepol and +libselinux to interact with the SELinux system, it also calls helper +programs for loading policy and for checking whether the +file_contexts configuration is valid. + +%package devel +Summary: Header files and libraries used to build policy manipulation tools +Requires: %{name} = %{version}-%{release} +Provides: libsemanage-static = %{version}-%{release} +Obsoletes: libsemanage-static < %{version}-%{release} + +%description devel +The libsemanage-devel package contains the libraries and header files +needed for developing applications that manipulate SELinux policies. + +%package -n python3-libsemanage +Summary: python3 bindings for libsemanage +Requires: %{name} = %{version}-%{release} libselinux-python3 +Provides: %{name}-python3 = %{version}-%{release} +Obsoletes: %{name}-python3 < %{version}-%{release} + +%description -n python3-libsemanage +The python3-libsemanage package contains the python bindings for developing +SELinux management applications. + +%package_help + +%prep +%autosetup -n libsemanage-%{version} -p1 + +%build +export LDFLAGS="%{?__global_ldflags}" + +make clean +%make_build CFLAGS="%{optflags}" swigify +%make_build CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all +%make_build %{__python3} LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" pywrap + +%install +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +mkdir -p %{buildroot}%{_sharedstatedir}/selinux +mkdir -p %{buildroot}%{_sharedstatedir}/selinux/tmp + +make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install +make PYTHON=%{__python3} DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" install-pywrap + +cp %{SOURCE1} %{buildroot}/etc/selinux/semanage.conf +ln -sf %{_libdir}/libsemanage.so.2 %{buildroot}/%{_libdir}/libsemanage.so + +%ldconfig_scriptlets + +%check +make test + +%files +%license LICENSE +%dir %{_sysconfdir}/selinux +%config(noreplace) %{_sysconfdir}/selinux/semanage.conf +%{_libdir}/libsemanage.so.* +%dir %{_libexecdir}/selinux +%dir %{_sharedstatedir}/selinux +%dir %{_sharedstatedir}/selinux/tmp + +%files devel +%{_libdir}/libsemanage.a +%{_libdir}/libsemanage.so +%{_libdir}/pkgconfig/libsemanage.pc +%dir %{_includedir}/semanage +%{_includedir}/semanage/*.h + +%files -n python3-libsemanage +%{python3_sitearch}/*.so +%{python3_sitearch}/semanage.py* +%{python3_sitearch}/__pycache__/semanage* +%{_libexecdir}/selinux/semanage_migrate_store + +%files help +%{_mandir}/man3/* +%{_mandir}/man5/* +%{_mandir}/ru/man5/* + + +%changelog +* Mon Jul 17 2023 zhangguangzhi<zhangguangzhi3@huawei.com> - 3.5-1 +- update version to 3.5 + +* Mon Jan 30 2023 zhangguangzhi<zhangguangzhi3@huawei.com> - 3.4-1 +- update version to 3.4 + +* Fri Mar 18 2022 panxiaohe<panxh.life@foxmail.com> - 3.3-3 +- delete useless old version dynamic library + +* Tue Mar 15 2022 panxiaohe<panxh.life@foxmail.com> - 3.3-2 +- use new version dynamic library + +* Tue Dec 14 2021 panxiaohe<panxiaohe@huawei.com> - 3.3-1 +- update to 3.3 + +* Mon Jul 26 2021 yangzhuangzhuang<yangzhuangzhuang1@huawei.com> - 3.1-6 +- Remove unnecessary BuildRequires:gdb + +* Sat Jul 17 2021 luhuaxin <1539327763@qq.com> - 3.1-5 +- fix use after free in semanage config parse + +* Sat May 22 2021 Hugel<gengqihu1@huawei.com> - 3.1-4 +- enabel make test + +* Thu Oct 29 2020 Hugel <gengqihu1@huawei.com> - 3.1-3 +- remove the dependency on python2 + +* Mon Aug 17 2020 wangchen <wangchen137@huawei.com> - 3.1-2 +- remove ustr + +* Sat Jul 25 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.1-1 +- update to 3.1 + +* Thu Mar 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.9-2 +- add BuildRequires: gdb + +* Thu Sep 5 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.9-1 +- Package init diff --git a/semanage.conf b/semanage.conf new file mode 100644 index 0000000..9045021 --- /dev/null +++ b/semanage.conf @@ -0,0 +1,57 @@ +# Authors: Jason Tang <jtang@tresys.com> +# +# Copyright (C) 2004-2005 Tresys Technology, LLC +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +# Specify how libsemanage will interact with a SELinux policy manager. +# The four options are: +# +# "source" - libsemanage manipulates a source SELinux policy +# "direct" - libsemanage will write directly to a module store. +# /foo/bar - Write by way of a policy management server, whose +# named socket is at /foo/bar. The path must begin +# with a '/'. +# foo.com:4242 - Establish a TCP connection to a remote policy +# management server at foo.com. If there is a colon +# then the remainder is interpreted as a port number; +# otherwise default to port 4242. +module-store = direct + +# When generating the final linked and expanded policy, by default +# semanage will set the policy version to POLICYDB_VERSION_MAX, as +# given in <sepol/policydb.h>. Change this setting if a different +# version is necessary. +#policy-version = 19 + +# expand-check check neverallow rules when executing all semanage +# commands. There might be a penalty in execution time if this +# option is enabled. +expand-check=0 + +# usepasswd check tells semanage to scan all pass word records for home directories +# and setup the labeling correctly. If this is turned off, SELinux will label /home +# correctly only. You will need to use semanage fcontext command. +# For example, if you had home dirs in /althome directory you would have to execute +# semanage fcontext -a -e /home /althome +usepasswd=False +bzip-small=true +bzip-blocksize=5 +ignoredirs=/root + +[sefcontext_compile] +path = /usr/sbin/sefcontext_compile +args = -r $@ +[end] @@ -0,0 +1 @@ +71c5603b835fb0246b12236a07b4cb7b libsemanage-3.5.tar.gz |