diff options
author | Nicolas Iooss | 2016-12-19 12:40:53 +0100 |
---|---|---|
committer | Nicolas Iooss | 2016-12-19 12:40:53 +0100 |
commit | 506d597b593eeb1cb88632a49d74dc481006f1dc (patch) | |
tree | 16ae255f294654676c22b81d3cf2d52cbe0d6dce | |
parent | e6a7c4442b99b5229f8e78dfeef977c82e84a87c (diff) | |
download | aur-506d597b593eeb1cb88632a49d74dc481006f1dc.tar.gz |
coreutils-selinux 8.26-1 update
-rw-r--r-- | .SRCINFO | 20 | ||||
-rw-r--r-- | 0001-tests-support-non-MLS-SELinux-systems-in-mkdir-tests.patch | 46 | ||||
-rw-r--r-- | 0001-tests-support-non-MLS-enabled-SELinux-systems.patch | 158 | ||||
-rw-r--r-- | PKGBUILD | 18 |
4 files changed, 177 insertions, 65 deletions
@@ -1,8 +1,8 @@ pkgbase = coreutils-selinux pkgdesc = The basic file, shell and text manipulation utilities of the GNU operating system with SELinux support - pkgver = 8.25 - pkgrel = 2 - url = http://www.gnu.org/software/coreutils + pkgver = 8.26 + pkgrel = 1 + url = https://www.gnu.org/software/coreutils/ arch = i686 arch = x86_64 groups = selinux @@ -14,17 +14,17 @@ pkgbase = coreutils-selinux depends = libcap depends = openssl depends = libselinux - provides = coreutils=8.25-2 - provides = selinux-coreutils=8.25-2 + provides = coreutils=8.26-1 + provides = selinux-coreutils=8.26-1 conflicts = coreutils conflicts = selinux-coreutils - source = ftp://ftp.gnu.org/gnu/coreutils/coreutils-8.25.tar.xz - source = ftp://ftp.gnu.org/gnu/coreutils/coreutils-8.25.tar.xz.sig - source = 0001-tests-support-non-MLS-SELinux-systems-in-mkdir-tests.patch + source = https://ftp.gnu.org/gnu/coreutils/coreutils-8.26.tar.xz + source = https://ftp.gnu.org/gnu/coreutils/coreutils-8.26.tar.xz.sig + source = 0001-tests-support-non-MLS-enabled-SELinux-systems.patch validpgpkeys = 6C37DC12121A5006BC1DB804DF6FD971306037D9 - md5sums = 070e43ba7f618d747414ef56ab248a48 + md5sums = d5aa2072f662d4118b9f4c63b94601a6 md5sums = SKIP - md5sums = ab90c6ba801e06bcc11cf79a3f6168f6 + md5sums = 9c1011aaf8c9109d5e7de1cea087befa pkgname = coreutils-selinux diff --git a/0001-tests-support-non-MLS-SELinux-systems-in-mkdir-tests.patch b/0001-tests-support-non-MLS-SELinux-systems-in-mkdir-tests.patch deleted file mode 100644 index 0c8427c46b37..000000000000 --- a/0001-tests-support-non-MLS-SELinux-systems-in-mkdir-tests.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b6668a23d4a58c08d25023440854f9ce720b87de Mon Sep 17 00:00:00 2001 -From: Nicolas Iooss <nicolas.iooss@m4x.org> -Date: Thu, 11 Feb 2016 14:36:50 +0100 -Subject: [PATCH] tests: support non-MLS SELinux systems in mkdir tests - -When running "make check" on a Linux system running SELinux with a -non-MLS policy, tests/mkdir/restorecon.sh test fails with: - - chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument - -Indeed in such a configuration, contexts cannot have ":s0" suffix. - -* tests/mkdir/restorecon.sh: detect non-MLS SELinux configurations by - using sestatus and in this case use a valid context when calling - runcon. Update the sed pattern of get_selinux_type to always grab the - SELinux type from the output of "ls -Zd" even with a non-MLS policy. - -[Upstream bug: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22631] ---- - tests/mkdir/restorecon.sh | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh -index 0e7f03bc93db..cfd3bdda9637 100755 ---- a/tests/mkdir/restorecon.sh -+++ b/tests/mkdir/restorecon.sh -@@ -21,10 +21,14 @@ print_ver_ mkdir mknod mkfifo - require_selinux_ - - --get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } -+get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; } - - mkdir subdir || framework_failure_ --chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ -+if sestatus 2>&1 |grep 'Policy MLS status:.*enabled' > /dev/null; then -+ chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ -+else -+ chcon 'root:object_r:tmp_t' subdir || framework_failure_ -+fi - cd subdir - - # --- mkdir -Z --- --- -2.7.0 - diff --git a/0001-tests-support-non-MLS-enabled-SELinux-systems.patch b/0001-tests-support-non-MLS-enabled-SELinux-systems.patch new file mode 100644 index 000000000000..db183cc45384 --- /dev/null +++ b/0001-tests-support-non-MLS-enabled-SELinux-systems.patch @@ -0,0 +1,158 @@ +From 97f0b56bcad827d954f9a6fe2051aa63ab591478 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss <nicolas.iooss@m4x.org> +Date: Thu, 11 Feb 2016 15:07:52 +0100 +Subject: [PATCH 1/1] tests: support non-MLS enabled SELinux systems + +When running "make check" on a Linux system running SELinux with a +non-MLS policy, tests/mkdir/restorecon.sh test fails with: + + chcon: invalid context: root:object_r:tmp_t:s0: Invalid argument + +Indeed in such a configuration, contexts cannot have ":s0" suffix. + +* init.cfg (get_selinux_type): Refactor this function to here +from various tests. Update to work with a non-MLS policy. +(mls_enabled_): A new function to detect if MLS is enabled. +(skip_if_mcstransd_is_running_): Update to not skip when +MLS is not enabled. +* tests/mkdir/restorecon.sh: Use a valid non-MLS context when needed. +* tests/install/install-Z-selinux.sh: Likewise. +* tests/cp/cp-a-selinux.sh: Likewise. +* tests/misc/selinux.sh: Likewise. +* tests/misc/chcon.sh: Skip if non-MLS as --range used throughout. +Fixes http://bugs.gnu.org/22631 +--- + init.cfg | 18 +++++++++++++++--- + tests/cp/cp-a-selinux.sh | 4 ++-- + tests/install/install-Z-selinux.sh | 7 +++---- + tests/misc/chcon.sh | 1 + + tests/misc/selinux.sh | 3 ++- + tests/mkdir/restorecon.sh | 7 +++---- + 6 files changed, 26 insertions(+), 14 deletions(-) + +diff --git a/init.cfg b/init.cfg +index db861944c6af..d29b3f254585 100644 +--- a/init.cfg ++++ b/init.cfg +@@ -128,6 +128,15 @@ require_selinux_() + esac + } + ++# Return the SELinux type component if available ++get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\)[: ].*/\1/p'; } ++ ++# Whether SELinux Multi Level Security is enabled ++mls_enabled_() { ++ sestatus 2>&1 | ++ grep 'Policy MLS status:.*enabled' > /dev/null ++} ++ + # Skip this test if we're not in SELinux "enforcing" mode. + require_selinux_enforcing_() + { +@@ -637,10 +646,13 @@ skip_if_mcstransd_is_running_() + # and if it's running, skip this test. + __ctx=$(stat --printf='%C\n' .) || framework_failure_ + case $__ctx in +- *:*:*:*) ;; # four components is ok +- *) # anything else probably means mcstransd is running +- skip_ "unexpected context '$__ctx'; turn off mcstransd" ;; ++ *:*:*:*) __ctx_ok=1 ;; # four components is ok ++ *:*:*) # three components is ok too if there is no MLS ++ mls_enabled_ || __ctx_ok=1 ;; + esac ++ ++ test "$__ctx_ok" || ++ skip_ "unexpected context '$__ctx'; turn off mcstransd" + } + + # Skip the current test if umask doesn't work as usual. +diff --git a/tests/cp/cp-a-selinux.sh b/tests/cp/cp-a-selinux.sh +index 89735b65a832..3915952188dd 100755 +--- a/tests/cp/cp-a-selinux.sh ++++ b/tests/cp/cp-a-selinux.sh +@@ -28,7 +28,8 @@ cwd=$(pwd) + cleanup_() { cd /; umount "$cwd/mnt"; } + + # This context is special: it works even when mcstransd isn't running. +-ctx=root:object_r:tmp_t:s0 ++ctx='root:object_r:tmp_t' ++mls_enabled_ && ctx="$ctx:s0" + + # Check basic functionality - before check on fixed context mount + touch c || framework_failure_ +@@ -62,7 +63,6 @@ grep $ctx ed_ctx && + { ls -lZd restore/existing_dir; fail=1; } + + # Check restorecon (-Z) functionality for file and directory +-get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } + # Also make a dir with our known context + mkdir c_d || framework_failure_ + chcon $ctx c_d || framework_failure_ +diff --git a/tests/install/install-Z-selinux.sh b/tests/install/install-Z-selinux.sh +index 9c3b6420bc95..c63a4786230a 100755 +--- a/tests/install/install-Z-selinux.sh ++++ b/tests/install/install-Z-selinux.sh +@@ -21,11 +21,10 @@ + print_ver_ ginstall + require_selinux_ + +- +-get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } +- + mkdir subdir || framework_failure_ +-chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ ++ctx='root:object_r:tmp_t' ++mls_enabled_ && ctx="$ctx:s0" ++chcon "$ctx" subdir || framework_failure_ + cd subdir + + # Since in a tmp_t dir, dirs can be created as user_tmp_t ... +diff --git a/tests/misc/chcon.sh b/tests/misc/chcon.sh +index bd40fbc7d314..c99021907172 100755 +--- a/tests/misc/chcon.sh ++++ b/tests/misc/chcon.sh +@@ -21,6 +21,7 @@ print_ver_ chcon + require_root_ + require_selinux_ + skip_if_mcstransd_is_running_ ++mls_enabled_ || skip_ 'MLS is disabled' + + mkdir -p d/sub/s2 || framework_failure_ + touch f g d/sub/1 d/sub/2 || framework_failure_ +diff --git a/tests/misc/selinux.sh b/tests/misc/selinux.sh +index a9515680a44f..28c05c4f82d7 100755 +--- a/tests/misc/selinux.sh ++++ b/tests/misc/selinux.sh +@@ -30,7 +30,8 @@ mkfifo_or_skip_ p + + + # special context that works both with and without mcstransd +-ctx=root:object_r:tmp_t:s0 ++ctx='root:object_r:tmp_t' ++mls_enabled_ && ctx="$ctx:s0" + + chcon $ctx f d p || + skip_ '"chcon '$ctx' ..." failed' +diff --git a/tests/mkdir/restorecon.sh b/tests/mkdir/restorecon.sh +index 0e7f03bc93db..49e72196ff88 100755 +--- a/tests/mkdir/restorecon.sh ++++ b/tests/mkdir/restorecon.sh +@@ -20,11 +20,10 @@ + print_ver_ mkdir mknod mkfifo + require_selinux_ + +- +-get_selinux_type() { ls -Zd "$1" | sed -n 's/.*:\(.*_t\):.*/\1/p'; } +- + mkdir subdir || framework_failure_ +-chcon 'root:object_r:tmp_t:s0' subdir || framework_failure_ ++ctx='root:object_r:tmp_t' ++mls_enabled_ && ctx="$ctx:s0" ++chcon "$ctx" subdir || framework_failure_ + cd subdir + + # --- mkdir -Z --- +-- +2.11.0 + @@ -8,23 +8,23 @@ # SELinux Contributor: Nicky726 (Nicky726 <at> gmail <dot> com) pkgname=coreutils-selinux -pkgver=8.25 -pkgrel=2 +pkgver=8.26 +pkgrel=1 pkgdesc='The basic file, shell and text manipulation utilities of the GNU operating system with SELinux support' arch=('i686' 'x86_64') license=('GPL3') -url='http://www.gnu.org/software/coreutils' +url='https://www.gnu.org/software/coreutils/' groups=('selinux') depends=('glibc' 'acl' 'attr' 'gmp' 'libcap' 'openssl' 'libselinux') conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}") provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}") -source=("ftp://ftp.gnu.org/gnu/${pkgname/-selinux}/${pkgname/-selinux}-$pkgver.tar.xz"{,.sig} - '0001-tests-support-non-MLS-SELinux-systems-in-mkdir-tests.patch') +source=("https://ftp.gnu.org/gnu/${pkgname/-selinux}/${pkgname/-selinux}-$pkgver.tar.xz"{,.sig} + '0001-tests-support-non-MLS-enabled-SELinux-systems.patch') validpgpkeys=('6C37DC12121A5006BC1DB804DF6FD971306037D9') # Pádraig Brady -md5sums=('070e43ba7f618d747414ef56ab248a48' +md5sums=('d5aa2072f662d4118b9f4c63b94601a6' 'SKIP' - 'ab90c6ba801e06bcc11cf79a3f6168f6') + '9c1011aaf8c9109d5e7de1cea087befa') prepare() { cd ${pkgname/-selinux}-$pkgver @@ -32,8 +32,8 @@ prepare() { local filename for filename in "${source[@]}"; do if [[ "$filename" =~ \.patch$ ]]; then - msg2 "Applying patch $filename" - patch -p1 -N -i "$srcdir/$filename" + msg2 "Applying patch ${filename##*/}" + patch -p1 -N -i "$srcdir/${filename##*/}" fi done : |