[gentoo-commits] repo/gentoo:master commit in: sys-libs/libsemanage/, sys-libs/libsemanage/files/ - gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-libs/libsemanage/, sys-libs/libsemanage/files/
Date:	Thu, 01 Sep 2016 16:32:06
Message-Id:	`1472747300.685aedaac01af5646f14c545bd81c7d4d6069dd8.perfinion@gentoo`

1

commit:     685aedaac01af5646f14c545bd81c7d4d6069dd8

2

Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

3

AuthorDate: Thu Sep  1 15:54:03 2016 +0000

4

Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

5

CommitDate: Thu Sep  1 16:28:20 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=685aedaa

7

8

sys-libs/libsemanage: Remove unneeded patch

9

10

Package-Manager: portage-2.2.28

11

12

 ...-do-not-copy-contexts-in-semanage_migrate.patch | 208 ---------------------

13

 sys-libs/libsemanage/libsemanage-9999.ebuild       |   4 -

14

 2 files changed, 212 deletions(-)

15

16

diff --git a/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch b/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch

17

deleted file mode 100644

18

index 8e523dc..00000000

19

--- a/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch

20

+++ /dev/null

21

@@ -1,208 +0,0 @@

22

-From 9caebebd598de737f27cdc8d5253a2cebd67d5a9 Mon Sep 17 00:00:00 2001

23

-From: Jason Zaman <jason@×××××××××.com>

24

-Date: Wed, 22 Apr 2015 18:27:09 +0400

25

-Subject: [PATCH] libsemanage: do not copy contexts in semanage_migrate_store

26

-

27

-The modules from the old store were previously copied to the new one

28

-using setfscreatecon and shutil.copy2(). Now that refpolicy has rules

29

-about the new policy location[1], copying the contexts is redundant.

30

-

31

-More importantly, the setcreatefscon caused a constraint violation[2]

32

-which made the migration fail. In python3, shutil.copy2() copies xattrs

33

-as well which again causes problems. shutil.copy() is enough for our

34

-needs here as it will copy the file and permissions in both py2 and 3.

35

-We do not need the extra things that copy2() does (mtime, xattr, etc).

36

-

37

-[1] http://oss.tresys.com/pipermail/refpolicy/2014-December/007511.html

38

-

39

-[2]

40

-type=AVC msg=audit(1429438272.872:1869): avc:  denied  { create } for  pid=28739 comm="semanage_migrat" name="strict" scontext=staff_u:sysadm_r:semanage_t tcontext=system_u:object_r:semanage_store_t tclass=dir permissive=0

41

-	constrain dir { create relabelfrom relabelto } ((u1 == u2 -Fail-)  or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED

42

-allow semanage_t semanage_store_t:dir create;

43

-

44

-Signed-off-by: Jason Zaman <jason@×××××××××.com>

45

----

46

- libsemanage/utils/semanage_migrate_store | 77 ++++++++------------------------

47

- 1 file changed, 18 insertions(+), 59 deletions(-)

48

-

49

-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store

50

-index 03b492e..2f85e9c 100755

51

---- a/libsemanage/utils/semanage_migrate_store

52

-+++ b/libsemanage/utils/semanage_migrate_store

53

-@@ -8,7 +8,6 @@ import shutil

54

- import sys

55

- from optparse import OptionParser

56

-

57

--import bz2

58

- import ctypes

59

-

60

- sepol = ctypes.cdll.LoadLibrary('libsepol.so')

61

-@@ -21,41 +20,20 @@ except:

62

- 	exit(1)

63

-

64

-

65

--

66

--

67

--# For some reason this function doesn't exist in libselinux :\

68

--def copy_with_context(src, dst):

69

-+def copy_file(src, dst):

70

- 	if DEBUG:

71

- 		print("copying %s to %s" % (src, dst))

72

- 	try:

73

--		con = selinux.lgetfilecon_raw(src)[1]

74

--	except:

75

--		print("Could not get file context of %s" % src, file=sys.stderr)

76

--		exit(1)

77

--

78

--	try:

79

--		selinux.setfscreatecon_raw(con)

80

--	except:

81

--		print("Could not set fs create context: %s" %con, file=sys.stderr)

82

--		exit(1)

83

--

84

--	try:

85

--		shutil.copy2(src, dst)

86

-+		shutil.copy(src, dst)

87

- 	except OSError as the_err:

88

- 		(err, strerr) = the_err.args

89

- 		print("Could not copy %s to %s, %s" %(src, dst, strerr), file=sys.stderr)

90

- 		exit(1)

91

-

92

--	try:

93

--		selinux.setfscreatecon_raw(None)

94

--	except:

95

--		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)

96

-

97

--def create_dir_from(src, dst, mode):

98

-+def create_dir(dst, mode):

99

- 	if DEBUG: print("Making directory %s" % dst)

100

- 	try:

101

--		con = selinux.lgetfilecon_raw(src)[1]

102

--		selinux.setfscreatecon_raw(con)

103

- 		os.makedirs(dst, mode)

104

- 	except OSError as the_err:

105

- 		(err, stderr) = the_err.args

106

-@@ -65,28 +43,18 @@ def create_dir_from(src, dst, mode):

107

- 			print("Error creating %s" % dst, file=sys.stderr)

108

- 			exit(1)

109

-

110

--	try:

111

--		selinux.setfscreatecon_raw(None)

112

--	except:

113

--		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)

114

-

115

--def create_file_from(src, dst):

116

-+def create_file(dst):

117

- 	if DEBUG: print("Making file %s" % dst)

118

- 	try:

119

--		con = selinux.lgetfilecon_raw(src)[1]

120

--		selinux.setfscreatecon_raw(con)

121

- 		open(dst, 'a').close()

122

- 	except OSError as the_err:

123

- 		(err, stderr) = the_err.args

124

- 		print("Error creating %s" % dst, file=sys.stderr)

125

- 		exit(1)

126

-

127

--	try:

128

--		selinux.setfscreatecon_raw(None)

129

--	except:

130

--		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)

131

-

132

--def copy_module(store, name, con, base):

133

-+def copy_module(store, name, base):

134

- 	if DEBUG: print("Install module %s" % name)

135

- 	(file, ext) = os.path.splitext(name)

136

- 	if ext != ".pp":

137

-@@ -94,8 +62,6 @@ def copy_module(store, name, con, base):

138

- 		print("warning: %s has invalid extension, skipping" % name, file=sys.stderr)

139

- 		return

140

- 	try:

141

--		selinux.setfscreatecon_raw(con)

142

--

143

- 		if base:

144

- 			root = oldstore_path(store)

145

- 		else:

146

-@@ -105,7 +71,7 @@ def copy_module(store, name, con, base):

147

-

148

- 		os.mkdir("%s/%s" % (bottomdir, file))

149

-

150

--		copy_with_context(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))

151

-+		copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))

152

-

153

- 		# This is the ext file that will eventually be used to choose a compiler

154

- 		efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600)

155

-@@ -116,15 +82,11 @@ def copy_module(store, name, con, base):

156

- 		print("Error installing module %s" % name, file=sys.stderr)

157

- 		exit(1)

158

-

159

--	try:

160

--		selinux.setfscreatecon_raw(None)

161

--	except:

162

--		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)

163

-

164

--def disable_module(file, root, name, disabledmodules):

165

-+def disable_module(file, name, disabledmodules):

166

- 	if DEBUG: print("Disabling %s" % name)

167

- 	(disabledname, disabledext) = os.path.splitext(file)

168

--	create_file_from(os.path.join(root, name), "%s/%s" % (disabledmodules, disabledname))

169

-+	create_file("%s/%s" % (disabledmodules, disabledname))

170

-

171

- def migrate_store(store):

172

-

173

-@@ -138,17 +100,14 @@ def migrate_store(store):

174

- 	print("Migrating from %s to %s" % (oldstore, newstore))

175

-

176

- 	# Build up new directory structure

177

--	create_dir_from(oldstore, "%s/%s" % (newroot_path(), store), 0o755)

178

--	create_dir_from(oldstore, newstore, 0o700)

179

--	create_dir_from(oldstore, newmodules, 0o700)

180

--	create_dir_from(oldstore, bottomdir, 0o700)

181

--	create_dir_from(oldstore, disabledmodules, 0o700)

182

--

183

--	# use whatever the file context of bottomdir is for the module directories

184

--	con = selinux.lgetfilecon_raw(bottomdir)[1]

185

-+	create_dir("%s/%s" % (newroot_path(), store), 0o755)

186

-+	create_dir(newstore, 0o700)

187

-+	create_dir(newmodules, 0o700)

188

-+	create_dir(bottomdir, 0o700)

189

-+	create_dir(disabledmodules, 0o700)

190

-

191

- 	# Special case for base since it was in a different location

192

--	copy_module(store, "base.pp", con, 1)

193

-+	copy_module(store, "base.pp", 1)

194

-

195

- 	# Dir structure built, start copying files

196

- 	for root, dirs, files in os.walk(oldstore):

197

-@@ -161,7 +120,7 @@ def migrate_store(store):

198

- 						newname = "seusers.local"

199

- 					else:

200

- 						newname = name

201

--					copy_with_context(os.path.join(root, name), os.path.join(newstore, newname))

202

-+					copy_file(os.path.join(root, name), os.path.join(newstore, newname))

203

-

204

- 		elif root == oldmodules:

205

- 			# This should be the modules directory

206

-@@ -171,9 +130,9 @@ def migrate_store(store):

207

- 					print("Error installing module %s, name conflicts with base" % name, file=sys.stderr)

208

- 					exit(1)

209

- 				elif ext == ".disabled":

210

--					disable_module(file, root, name, disabledmodules)

211

-+					disable_module(file, name, disabledmodules)

212

- 				else:

213

--					copy_module(store, name, con, 0)

214

-+					copy_module(store, name, 0)

215

-

216

- def rebuild_policy():

217

- 	# Ok, the modules are loaded, lets try to rebuild the policy

218

-@@ -287,7 +246,7 @@ if __name__ == "__main__":

219

- 		"preserve_tunables" ]

220

-

221

-

222

--	create_dir_from(oldroot_path(), newroot_path(), 0o755)

223

-+	create_dir(newroot_path(), 0o755)

224

-

225

- 	stores = None

226

- 	if TYPE is not None:

227

---

228

-2.0.5

229

-

230

231

diff --git a/sys-libs/libsemanage/libsemanage-9999.ebuild b/sys-libs/libsemanage/libsemanage-9999.ebuild

232

index aa544a3..d444574 100644

233

--- a/sys-libs/libsemanage/libsemanage-9999.ebuild

234

+++ b/sys-libs/libsemanage/libsemanage-9999.ebuild

235

@@ -72,10 +72,6 @@ src_prepare() {

236

 	echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"

237

 	echo "bzip-small=true" >> "${S}/src/semanage.conf"

238

239

-	if [[ ${PV} != 9999 ]] ; then

240

-		# If wanted for live builds, please use /etc/portage/patches

241

-		eapply "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch"

242

-	fi

243

 	eapply "${FILESDIR}"/${PN}-2.6-build-paths.patch

244

245

 	eapply_user

1	commit: 685aedaac01af5646f14c545bd81c7d4d6069dd8
2	Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
3	AuthorDate: Thu Sep 1 15:54:03 2016 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Thu Sep 1 16:28:20 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=685aedaa
7
8	sys-libs/libsemanage: Remove unneeded patch
9
10	Package-Manager: portage-2.2.28
11
12	...-do-not-copy-contexts-in-semanage_migrate.patch \| 208 ---------------------
13	sys-libs/libsemanage/libsemanage-9999.ebuild \| 4 -
14	2 files changed, 212 deletions(-)
15
16	diff --git a/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch b/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch
17	deleted file mode 100644
18	index 8e523dc..00000000
19	--- a/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch
20	+++ /dev/null
21	@@ -1,208 +0,0 @@
22	-From 9caebebd598de737f27cdc8d5253a2cebd67d5a9 Mon Sep 17 00:00:00 2001
23	-From: Jason Zaman <jason@×××××××××.com>
24	-Date: Wed, 22 Apr 2015 18:27:09 +0400
25	-Subject: [PATCH] libsemanage: do not copy contexts in semanage_migrate_store
26	-
27	-The modules from the old store were previously copied to the new one
28	-using setfscreatecon and shutil.copy2(). Now that refpolicy has rules
29	-about the new policy location[1], copying the contexts is redundant.
30	-
31	-More importantly, the setcreatefscon caused a constraint violation[2]
32	-which made the migration fail. In python3, shutil.copy2() copies xattrs
33	-as well which again causes problems. shutil.copy() is enough for our
34	-needs here as it will copy the file and permissions in both py2 and 3.
35	-We do not need the extra things that copy2() does (mtime, xattr, etc).
36	-
37	-[1] http://oss.tresys.com/pipermail/refpolicy/2014-December/007511.html
38	-
39	-[2]
40	-type=AVC msg=audit(1429438272.872:1869): avc: denied { create } for pid=28739 comm="semanage_migrat" name="strict" scontext=staff_u:sysadm_r:semanage_t tcontext=system_u:object_r:semanage_store_t tclass=dir permissive=0
41	- constrain dir { create relabelfrom relabelto } ((u1 == u2 -Fail-) or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED
42	-allow semanage_t semanage_store_t:dir create;
43	-
44	-Signed-off-by: Jason Zaman <jason@×××××××××.com>
45	----
46	- libsemanage/utils/semanage_migrate_store \| 77 ++++++++------------------------
47	- 1 file changed, 18 insertions(+), 59 deletions(-)
48	-
49	-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
50	-index 03b492e..2f85e9c 100755
51	---- a/libsemanage/utils/semanage_migrate_store
52	-+++ b/libsemanage/utils/semanage_migrate_store
53	-@@ -8,7 +8,6 @@ import shutil
54	- import sys
55	- from optparse import OptionParser
56	-
57	--import bz2
58	- import ctypes
59	-
60	- sepol = ctypes.cdll.LoadLibrary('libsepol.so')
61	-@@ -21,41 +20,20 @@ except:
62	- exit(1)
63	-
64	-
65	--
66	--
67	--# For some reason this function doesn't exist in libselinux :\
68	--def copy_with_context(src, dst):
69	-+def copy_file(src, dst):
70	- if DEBUG:
71	- print("copying %s to %s" % (src, dst))
72	- try:
73	-- con = selinux.lgetfilecon_raw(src)[1]
74	-- except:
75	-- print("Could not get file context of %s" % src, file=sys.stderr)
76	-- exit(1)
77	--
78	-- try:
79	-- selinux.setfscreatecon_raw(con)
80	-- except:
81	-- print("Could not set fs create context: %s" %con, file=sys.stderr)
82	-- exit(1)
83	--
84	-- try:
85	-- shutil.copy2(src, dst)
86	-+ shutil.copy(src, dst)
87	- except OSError as the_err:
88	- (err, strerr) = the_err.args
89	- print("Could not copy %s to %s, %s" %(src, dst, strerr), file=sys.stderr)
90	- exit(1)
91	-
92	-- try:
93	-- selinux.setfscreatecon_raw(None)
94	-- except:
95	-- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
96	-
97	--def create_dir_from(src, dst, mode):
98	-+def create_dir(dst, mode):
99	- if DEBUG: print("Making directory %s" % dst)
100	- try:
101	-- con = selinux.lgetfilecon_raw(src)[1]
102	-- selinux.setfscreatecon_raw(con)
103	- os.makedirs(dst, mode)
104	- except OSError as the_err:
105	- (err, stderr) = the_err.args
106	-@@ -65,28 +43,18 @@ def create_dir_from(src, dst, mode):
107	- print("Error creating %s" % dst, file=sys.stderr)
108	- exit(1)
109	-
110	-- try:
111	-- selinux.setfscreatecon_raw(None)
112	-- except:
113	-- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
114	-
115	--def create_file_from(src, dst):
116	-+def create_file(dst):
117	- if DEBUG: print("Making file %s" % dst)
118	- try:
119	-- con = selinux.lgetfilecon_raw(src)[1]
120	-- selinux.setfscreatecon_raw(con)
121	- open(dst, 'a').close()
122	- except OSError as the_err:
123	- (err, stderr) = the_err.args
124	- print("Error creating %s" % dst, file=sys.stderr)
125	- exit(1)
126	-
127	-- try:
128	-- selinux.setfscreatecon_raw(None)
129	-- except:
130	-- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
131	-
132	--def copy_module(store, name, con, base):
133	-+def copy_module(store, name, base):
134	- if DEBUG: print("Install module %s" % name)
135	- (file, ext) = os.path.splitext(name)
136	- if ext != ".pp":
137	-@@ -94,8 +62,6 @@ def copy_module(store, name, con, base):
138	- print("warning: %s has invalid extension, skipping" % name, file=sys.stderr)
139	- return
140	- try:
141	-- selinux.setfscreatecon_raw(con)
142	--
143	- if base:
144	- root = oldstore_path(store)
145	- else:
146	-@@ -105,7 +71,7 @@ def copy_module(store, name, con, base):
147	-
148	- os.mkdir("%s/%s" % (bottomdir, file))
149	-
150	-- copy_with_context(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))
151	-+ copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))
152	-
153	- # This is the ext file that will eventually be used to choose a compiler
154	- efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600)
155	-@@ -116,15 +82,11 @@ def copy_module(store, name, con, base):
156	- print("Error installing module %s" % name, file=sys.stderr)
157	- exit(1)
158	-
159	-- try:
160	-- selinux.setfscreatecon_raw(None)
161	-- except:
162	-- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
163	-
164	--def disable_module(file, root, name, disabledmodules):
165	-+def disable_module(file, name, disabledmodules):
166	- if DEBUG: print("Disabling %s" % name)
167	- (disabledname, disabledext) = os.path.splitext(file)
168	-- create_file_from(os.path.join(root, name), "%s/%s" % (disabledmodules, disabledname))
169	-+ create_file("%s/%s" % (disabledmodules, disabledname))
170	-
171	- def migrate_store(store):
172	-
173	-@@ -138,17 +100,14 @@ def migrate_store(store):
174	- print("Migrating from %s to %s" % (oldstore, newstore))
175	-
176	- # Build up new directory structure
177	-- create_dir_from(oldstore, "%s/%s" % (newroot_path(), store), 0o755)
178	-- create_dir_from(oldstore, newstore, 0o700)
179	-- create_dir_from(oldstore, newmodules, 0o700)
180	-- create_dir_from(oldstore, bottomdir, 0o700)
181	-- create_dir_from(oldstore, disabledmodules, 0o700)
182	--
183	-- # use whatever the file context of bottomdir is for the module directories
184	-- con = selinux.lgetfilecon_raw(bottomdir)[1]
185	-+ create_dir("%s/%s" % (newroot_path(), store), 0o755)
186	-+ create_dir(newstore, 0o700)
187	-+ create_dir(newmodules, 0o700)
188	-+ create_dir(bottomdir, 0o700)
189	-+ create_dir(disabledmodules, 0o700)
190	-
191	- # Special case for base since it was in a different location
192	-- copy_module(store, "base.pp", con, 1)
193	-+ copy_module(store, "base.pp", 1)
194	-
195	- # Dir structure built, start copying files
196	- for root, dirs, files in os.walk(oldstore):
197	-@@ -161,7 +120,7 @@ def migrate_store(store):
198	- newname = "seusers.local"
199	- else:
200	- newname = name
201	-- copy_with_context(os.path.join(root, name), os.path.join(newstore, newname))
202	-+ copy_file(os.path.join(root, name), os.path.join(newstore, newname))
203	-
204	- elif root == oldmodules:
205	- # This should be the modules directory
206	-@@ -171,9 +130,9 @@ def migrate_store(store):
207	- print("Error installing module %s, name conflicts with base" % name, file=sys.stderr)
208	- exit(1)
209	- elif ext == ".disabled":
210	-- disable_module(file, root, name, disabledmodules)
211	-+ disable_module(file, name, disabledmodules)
212	- else:
213	-- copy_module(store, name, con, 0)
214	-+ copy_module(store, name, 0)
215	-
216	- def rebuild_policy():
217	- # Ok, the modules are loaded, lets try to rebuild the policy
218	-@@ -287,7 +246,7 @@ if __name__ == "__main__":
219	- "preserve_tunables" ]
220	-
221	-
222	-- create_dir_from(oldroot_path(), newroot_path(), 0o755)
223	-+ create_dir(newroot_path(), 0o755)
224	-
225	- stores = None
226	- if TYPE is not None:
227	---
228	-2.0.5
229	-
230
231	diff --git a/sys-libs/libsemanage/libsemanage-9999.ebuild b/sys-libs/libsemanage/libsemanage-9999.ebuild
232	index aa544a3..d444574 100644
233	--- a/sys-libs/libsemanage/libsemanage-9999.ebuild
234	+++ b/sys-libs/libsemanage/libsemanage-9999.ebuild
235	@@ -72,10 +72,6 @@ src_prepare() {
236	echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
237	echo "bzip-small=true" >> "${S}/src/semanage.conf"
238
239	- if [[ ${PV} != 9999 ]] ; then
240	- # If wanted for live builds, please use /etc/portage/patches
241	- eapply "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch"
242	- fi
243	eapply "${FILESDIR}"/${PN}-2.6-build-paths.patch
244
245	eapply_user

Gentoo Archives: gentoo-commits