diff options
3 files changed, 101 insertions, 4 deletions
diff --git a/sys-apps/policycoreutils/files/0130-Only-invoke-RPM-on-RPM-enabled-Linux-distributions-bug-534682.patch b/sys-apps/policycoreutils/files/0130-Only-invoke-RPM-on-RPM-enabled-Linux-distributions-bug-534682.patch new file mode 100644 index 000000000000..25fc900e3a5a --- /dev/null +++ b/sys-apps/policycoreutils/files/0130-Only-invoke-RPM-on-RPM-enabled-Linux-distributions-bug-534682.patch @@ -0,0 +1,69 @@ +From 73b7ff410c1b2958c5c1f8e26cae5347d56416d4 Mon Sep 17 00:00:00 2001 +From: Sven Vermeulen <sven.vermeulen@siphos.be> +Date: Tue, 9 Jun 2015 13:26:24 +0200 +Subject: [PATCH 1/1] Only invoke RPM on RPM-enabled Linux distributions + +When calling "sepolgen generate" to automatically generate a SELinux +policy template, the command fails when it cannot invoke RPM related +commands on Linux distributions that do not support RPM by default: + +Failed to retrieve rpm info for selinux-policy +Traceback (most recent call last): + File "/usr/lib/python-exec/python2.7/sepolicy", line 643, in <module> + args.func(args) + File "/usr/lib/python-exec/python2.7/sepolicy", line 517, in generate + print mypolicy.generate(args.path) + File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1370, in generate + out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file")) + File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1219, in write_spec + fd.write(self.generate_spec()) + File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1181, in generate_spec + selinux_policyver = get_rpm_nvr_list("selinux-policy")[1] +TypeError: 'NoneType' object has no attribute '__getitem__' + +As the RPM related steps are only needed on RPM-enabled distributions, +we should ignore these steps on other Linux distribution platforms. + +In this patch, we use the Python platform module to get the Linux +distribution, and only start the RPM-related activities on Linux +distributions that use RPM as their native package manager. + +Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> +--- + policycoreutils/sepolicy/sepolicy/generate.py | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py +index 6b53035..4858582 100644 +--- a/policycoreutils/sepolicy/sepolicy/generate.py ++++ b/policycoreutils/sepolicy/sepolicy/generate.py +@@ -26,6 +26,7 @@ import re + import sepolicy + from sepolicy import get_all_types, get_all_attributes, get_all_roles + import time ++import platform + + from templates import executable + from templates import boolean +@@ -1171,7 +1172,8 @@ allow %s_t %s_t:%s_socket name_%s; + newsh += re.sub("TEMPLATETYPE", self.name, t1) + + newsh += self.generate_user_sh() +- newsh += re.sub("TEMPLATEFILE", self.file_name, script.rpm) ++ if (platform.linux_distribution(full_distribution_name=0)[0] in ("redhat","centos","SuSE","fedora","mandrake","mandriva")): ++ newsh += re.sub("TEMPLATEFILE", self.file_name, script.rpm) + + return newsh + +@@ -1367,6 +1369,7 @@ Warning %s does not exist + out += "%s # %s\n" % (self.write_if(out_dir), _("Interface file")) + out += "%s # %s\n" % (self.write_fc(out_dir), _("File Contexts file")) + if self.type != NEWTYPE: +- out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file")) ++ if (platform.linux_distribution(full_distribution_name=0)[0] in ("redhat","centos","SuSE","fedora","mandrake","mandriva")): ++ out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file")) + out += "%s # %s\n" % (self.write_sh(out_dir), _("Setup Script")) + return out +-- +2.4.6 + diff --git a/sys-apps/policycoreutils/files/0140-Set-self.sename-to-sename-after-calling-semanage-bug-557370.patch b/sys-apps/policycoreutils/files/0140-Set-self.sename-to-sename-after-calling-semanage-bug-557370.patch new file mode 100644 index 000000000000..1a11d394da1a --- /dev/null +++ b/sys-apps/policycoreutils/files/0140-Set-self.sename-to-sename-after-calling-semanage-bug-557370.patch @@ -0,0 +1,29 @@ +From 4fbc6623eba0d32f1cc8609d605a6b5a2e051e15 Mon Sep 17 00:00:00 2001 +From: Laurent Bigonville <bigon@bigon.be> +Date: Tue, 14 Jul 2015 19:07:56 +0200 +Subject: [PATCH 1/1] Set self.sename to sename after calling + semanage_seuser_set_sename() + +This fixes audit information that are being logged and a crash when the +python-audit binding is not installed. + +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734806 +--- + policycoreutils/semanage/seobject.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py +index 568ebfd..2edb050 100644 +--- a/policycoreutils/semanage/seobject.py ++++ b/policycoreutils/semanage/seobject.py +@@ -575,6 +575,7 @@ class loginRecords(semanageRecords): + + if sename != "": + semanage_seuser_set_sename(self.sh, u, sename) ++ self.sename = sename + else: + self.sename = self.oldsename + +-- +2.4.6 + diff --git a/sys-apps/policycoreutils/policycoreutils-9999.ebuild b/sys-apps/policycoreutils/policycoreutils-9999.ebuild index 43bc3b315113..48e996f02f98 100644 --- a/sys-apps/policycoreutils/policycoreutils-9999.ebuild +++ b/sys-apps/policycoreutils/policycoreutils-9999.ebuild @@ -67,13 +67,10 @@ RDEPEND="${DEPEND} src_unpack() { # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds + default if [[ ${PV} == 9999 ]] ; then git-r3_src_unpack fi - if [ -n ${A} ] ; then - S="${S2}" - unpack ${A}; - fi } src_prepare() { @@ -88,6 +85,8 @@ src_prepare() { epatch "${FILESDIR}/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch" epatch "${FILESDIR}/0110-build-mcstrans-bug-472912.patch" epatch "${FILESDIR}/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch" + epatch "${FILESDIR}/0130-Only-invoke-RPM-on-RPM-enabled-Linux-distributions-bug-534682.patch" + epatch "${FILESDIR}/0140-Set-self.sename-to-sename-after-calling-semanage-bug-557370.patch" fi # rlpkg is more useful than fixfiles |