1 |
commit: 685aedaac01af5646f14c545bd81c7d4d6069dd8 |
2 |
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Sep 1 15:54:03 2016 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Sep 1 16:28:20 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=685aedaa |
7 |
|
8 |
sys-libs/libsemanage: Remove unneeded patch |
9 |
|
10 |
Package-Manager: portage-2.2.28 |
11 |
|
12 |
...-do-not-copy-contexts-in-semanage_migrate.patch | 208 --------------------- |
13 |
sys-libs/libsemanage/libsemanage-9999.ebuild | 4 - |
14 |
2 files changed, 212 deletions(-) |
15 |
|
16 |
diff --git a/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch b/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch |
17 |
deleted file mode 100644 |
18 |
index 8e523dc..00000000 |
19 |
--- a/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch |
20 |
+++ /dev/null |
21 |
@@ -1,208 +0,0 @@ |
22 |
-From 9caebebd598de737f27cdc8d5253a2cebd67d5a9 Mon Sep 17 00:00:00 2001 |
23 |
-From: Jason Zaman <jason@×××××××××.com> |
24 |
-Date: Wed, 22 Apr 2015 18:27:09 +0400 |
25 |
-Subject: [PATCH] libsemanage: do not copy contexts in semanage_migrate_store |
26 |
- |
27 |
-The modules from the old store were previously copied to the new one |
28 |
-using setfscreatecon and shutil.copy2(). Now that refpolicy has rules |
29 |
-about the new policy location[1], copying the contexts is redundant. |
30 |
- |
31 |
-More importantly, the setcreatefscon caused a constraint violation[2] |
32 |
-which made the migration fail. In python3, shutil.copy2() copies xattrs |
33 |
-as well which again causes problems. shutil.copy() is enough for our |
34 |
-needs here as it will copy the file and permissions in both py2 and 3. |
35 |
-We do not need the extra things that copy2() does (mtime, xattr, etc). |
36 |
- |
37 |
-[1] http://oss.tresys.com/pipermail/refpolicy/2014-December/007511.html |
38 |
- |
39 |
-[2] |
40 |
-type=AVC msg=audit(1429438272.872:1869): avc: denied { create } for pid=28739 comm="semanage_migrat" name="strict" scontext=staff_u:sysadm_r:semanage_t tcontext=system_u:object_r:semanage_store_t tclass=dir permissive=0 |
41 |
- constrain dir { create relabelfrom relabelto } ((u1 == u2 -Fail-) or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED |
42 |
-allow semanage_t semanage_store_t:dir create; |
43 |
- |
44 |
-Signed-off-by: Jason Zaman <jason@×××××××××.com> |
45 |
---- |
46 |
- libsemanage/utils/semanage_migrate_store | 77 ++++++++------------------------ |
47 |
- 1 file changed, 18 insertions(+), 59 deletions(-) |
48 |
- |
49 |
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store |
50 |
-index 03b492e..2f85e9c 100755 |
51 |
---- a/libsemanage/utils/semanage_migrate_store |
52 |
-+++ b/libsemanage/utils/semanage_migrate_store |
53 |
-@@ -8,7 +8,6 @@ import shutil |
54 |
- import sys |
55 |
- from optparse import OptionParser |
56 |
- |
57 |
--import bz2 |
58 |
- import ctypes |
59 |
- |
60 |
- sepol = ctypes.cdll.LoadLibrary('libsepol.so') |
61 |
-@@ -21,41 +20,20 @@ except: |
62 |
- exit(1) |
63 |
- |
64 |
- |
65 |
-- |
66 |
-- |
67 |
--# For some reason this function doesn't exist in libselinux :\ |
68 |
--def copy_with_context(src, dst): |
69 |
-+def copy_file(src, dst): |
70 |
- if DEBUG: |
71 |
- print("copying %s to %s" % (src, dst)) |
72 |
- try: |
73 |
-- con = selinux.lgetfilecon_raw(src)[1] |
74 |
-- except: |
75 |
-- print("Could not get file context of %s" % src, file=sys.stderr) |
76 |
-- exit(1) |
77 |
-- |
78 |
-- try: |
79 |
-- selinux.setfscreatecon_raw(con) |
80 |
-- except: |
81 |
-- print("Could not set fs create context: %s" %con, file=sys.stderr) |
82 |
-- exit(1) |
83 |
-- |
84 |
-- try: |
85 |
-- shutil.copy2(src, dst) |
86 |
-+ shutil.copy(src, dst) |
87 |
- except OSError as the_err: |
88 |
- (err, strerr) = the_err.args |
89 |
- print("Could not copy %s to %s, %s" %(src, dst, strerr), file=sys.stderr) |
90 |
- exit(1) |
91 |
- |
92 |
-- try: |
93 |
-- selinux.setfscreatecon_raw(None) |
94 |
-- except: |
95 |
-- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) |
96 |
- |
97 |
--def create_dir_from(src, dst, mode): |
98 |
-+def create_dir(dst, mode): |
99 |
- if DEBUG: print("Making directory %s" % dst) |
100 |
- try: |
101 |
-- con = selinux.lgetfilecon_raw(src)[1] |
102 |
-- selinux.setfscreatecon_raw(con) |
103 |
- os.makedirs(dst, mode) |
104 |
- except OSError as the_err: |
105 |
- (err, stderr) = the_err.args |
106 |
-@@ -65,28 +43,18 @@ def create_dir_from(src, dst, mode): |
107 |
- print("Error creating %s" % dst, file=sys.stderr) |
108 |
- exit(1) |
109 |
- |
110 |
-- try: |
111 |
-- selinux.setfscreatecon_raw(None) |
112 |
-- except: |
113 |
-- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) |
114 |
- |
115 |
--def create_file_from(src, dst): |
116 |
-+def create_file(dst): |
117 |
- if DEBUG: print("Making file %s" % dst) |
118 |
- try: |
119 |
-- con = selinux.lgetfilecon_raw(src)[1] |
120 |
-- selinux.setfscreatecon_raw(con) |
121 |
- open(dst, 'a').close() |
122 |
- except OSError as the_err: |
123 |
- (err, stderr) = the_err.args |
124 |
- print("Error creating %s" % dst, file=sys.stderr) |
125 |
- exit(1) |
126 |
- |
127 |
-- try: |
128 |
-- selinux.setfscreatecon_raw(None) |
129 |
-- except: |
130 |
-- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) |
131 |
- |
132 |
--def copy_module(store, name, con, base): |
133 |
-+def copy_module(store, name, base): |
134 |
- if DEBUG: print("Install module %s" % name) |
135 |
- (file, ext) = os.path.splitext(name) |
136 |
- if ext != ".pp": |
137 |
-@@ -94,8 +62,6 @@ def copy_module(store, name, con, base): |
138 |
- print("warning: %s has invalid extension, skipping" % name, file=sys.stderr) |
139 |
- return |
140 |
- try: |
141 |
-- selinux.setfscreatecon_raw(con) |
142 |
-- |
143 |
- if base: |
144 |
- root = oldstore_path(store) |
145 |
- else: |
146 |
-@@ -105,7 +71,7 @@ def copy_module(store, name, con, base): |
147 |
- |
148 |
- os.mkdir("%s/%s" % (bottomdir, file)) |
149 |
- |
150 |
-- copy_with_context(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file)) |
151 |
-+ copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file)) |
152 |
- |
153 |
- # This is the ext file that will eventually be used to choose a compiler |
154 |
- efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600) |
155 |
-@@ -116,15 +82,11 @@ def copy_module(store, name, con, base): |
156 |
- print("Error installing module %s" % name, file=sys.stderr) |
157 |
- exit(1) |
158 |
- |
159 |
-- try: |
160 |
-- selinux.setfscreatecon_raw(None) |
161 |
-- except: |
162 |
-- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) |
163 |
- |
164 |
--def disable_module(file, root, name, disabledmodules): |
165 |
-+def disable_module(file, name, disabledmodules): |
166 |
- if DEBUG: print("Disabling %s" % name) |
167 |
- (disabledname, disabledext) = os.path.splitext(file) |
168 |
-- create_file_from(os.path.join(root, name), "%s/%s" % (disabledmodules, disabledname)) |
169 |
-+ create_file("%s/%s" % (disabledmodules, disabledname)) |
170 |
- |
171 |
- def migrate_store(store): |
172 |
- |
173 |
-@@ -138,17 +100,14 @@ def migrate_store(store): |
174 |
- print("Migrating from %s to %s" % (oldstore, newstore)) |
175 |
- |
176 |
- # Build up new directory structure |
177 |
-- create_dir_from(oldstore, "%s/%s" % (newroot_path(), store), 0o755) |
178 |
-- create_dir_from(oldstore, newstore, 0o700) |
179 |
-- create_dir_from(oldstore, newmodules, 0o700) |
180 |
-- create_dir_from(oldstore, bottomdir, 0o700) |
181 |
-- create_dir_from(oldstore, disabledmodules, 0o700) |
182 |
-- |
183 |
-- # use whatever the file context of bottomdir is for the module directories |
184 |
-- con = selinux.lgetfilecon_raw(bottomdir)[1] |
185 |
-+ create_dir("%s/%s" % (newroot_path(), store), 0o755) |
186 |
-+ create_dir(newstore, 0o700) |
187 |
-+ create_dir(newmodules, 0o700) |
188 |
-+ create_dir(bottomdir, 0o700) |
189 |
-+ create_dir(disabledmodules, 0o700) |
190 |
- |
191 |
- # Special case for base since it was in a different location |
192 |
-- copy_module(store, "base.pp", con, 1) |
193 |
-+ copy_module(store, "base.pp", 1) |
194 |
- |
195 |
- # Dir structure built, start copying files |
196 |
- for root, dirs, files in os.walk(oldstore): |
197 |
-@@ -161,7 +120,7 @@ def migrate_store(store): |
198 |
- newname = "seusers.local" |
199 |
- else: |
200 |
- newname = name |
201 |
-- copy_with_context(os.path.join(root, name), os.path.join(newstore, newname)) |
202 |
-+ copy_file(os.path.join(root, name), os.path.join(newstore, newname)) |
203 |
- |
204 |
- elif root == oldmodules: |
205 |
- # This should be the modules directory |
206 |
-@@ -171,9 +130,9 @@ def migrate_store(store): |
207 |
- print("Error installing module %s, name conflicts with base" % name, file=sys.stderr) |
208 |
- exit(1) |
209 |
- elif ext == ".disabled": |
210 |
-- disable_module(file, root, name, disabledmodules) |
211 |
-+ disable_module(file, name, disabledmodules) |
212 |
- else: |
213 |
-- copy_module(store, name, con, 0) |
214 |
-+ copy_module(store, name, 0) |
215 |
- |
216 |
- def rebuild_policy(): |
217 |
- # Ok, the modules are loaded, lets try to rebuild the policy |
218 |
-@@ -287,7 +246,7 @@ if __name__ == "__main__": |
219 |
- "preserve_tunables" ] |
220 |
- |
221 |
- |
222 |
-- create_dir_from(oldroot_path(), newroot_path(), 0o755) |
223 |
-+ create_dir(newroot_path(), 0o755) |
224 |
- |
225 |
- stores = None |
226 |
- if TYPE is not None: |
227 |
--- |
228 |
-2.0.5 |
229 |
- |
230 |
|
231 |
diff --git a/sys-libs/libsemanage/libsemanage-9999.ebuild b/sys-libs/libsemanage/libsemanage-9999.ebuild |
232 |
index aa544a3..d444574 100644 |
233 |
--- a/sys-libs/libsemanage/libsemanage-9999.ebuild |
234 |
+++ b/sys-libs/libsemanage/libsemanage-9999.ebuild |
235 |
@@ -72,10 +72,6 @@ src_prepare() { |
236 |
echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf" |
237 |
echo "bzip-small=true" >> "${S}/src/semanage.conf" |
238 |
|
239 |
- if [[ ${PV} != 9999 ]] ; then |
240 |
- # If wanted for live builds, please use /etc/portage/patches |
241 |
- eapply "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch" |
242 |
- fi |
243 |
eapply "${FILESDIR}"/${PN}-2.6-build-paths.patch |
244 |
|
245 |
eapply_user |