diff options
author | Nicolas Iooss | 2016-12-18 20:02:16 +0100 |
---|---|---|
committer | Nicolas Iooss | 2016-12-18 20:02:16 +0100 |
commit | 94484d635ee6b5fe337e581f139de317f792ebff (patch) | |
tree | fd5f90f6aea23413d09f63f03e09310e176cbf03 | |
parent | c18a356669a37eb81bdd9b56f77a7ee8d1ae08c3 (diff) | |
download | aur-94484d635ee6b5fe337e581f139de317f792ebff.tar.gz |
systemd-selinux 232-6 update
-rw-r--r-- | .SRCINFO | 14 | ||||
-rw-r--r-- | 0001-nspawn-don-t-hide-bind-tmp-mounts.patch | 26 | ||||
-rw-r--r-- | PKGBUILD | 22 | ||||
-rw-r--r-- | systemd-user.pam | 5 |
4 files changed, 56 insertions, 11 deletions
@@ -1,6 +1,6 @@ pkgbase = systemd-selinux pkgver = 232 - pkgrel = 4 + pkgrel = 6 url = https://www.github.com/systemd/systemd arch = i686 arch = x86_64 @@ -37,9 +37,11 @@ pkgbase = systemd-selinux source = arch.conf source = loader.conf source = splash-arch.bmp::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/splash-arch.bmp?h=packages/systemd&id=e43ddb71a5b1ab56e898347a63e54c5d5d07728a + source = systemd-user.pam source = udev-hwdb.hook source = 0001-disable-RestrictAddressFamilies-on-i686.patch source = 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch + source = 0001-nspawn-don-t-hide-bind-tmp-mounts.patch validpgpkeys = 63CDA1E5D3FC22B998D20DD6327F26951A015CC4 sha512sums = SKIP sha512sums = f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73 @@ -48,9 +50,11 @@ pkgbase = systemd-selinux sha512sums = 61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648 sha512sums = c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5 sha512sums = 5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75 + sha512sums = b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19 sha512sums = 888ab01bc6e09beb08d7126472c34c9e1aa35ea34e62a09e900ae34c93b1de2fcc988586efd8d0dc962393974f45c77b206d59a86cf53e370f061bf9a1b1a862 sha512sums = 89f9b2d3918c679ce4f76c2b10dc7fcb7e04f1925a5f92542f06891de2a123a91df7eb67fd4ce71506a8132f5440b3560b7bb667e1c1813944b115c1dfe35e3f sha512sums = b993a42c5534582631f7b379d54f6abc37e3aaa56ecf869a6d86ff14ae5a52628f4e447b6a30751bc1c14c30cec63a5c6d0aa268362d235ed477b639cac3a219 + sha512sums = 68478403433aafc91a03fda5d83813d2ed1dfc6ab7416b2927a803314ecf826edcb6c659587e74df65de3ccb1edf958522f56ff9ac461a1f696b6dede1d4dd35 pkgname = systemd-selinux pkgdesc = system and service manager with SELinux support @@ -84,7 +88,7 @@ pkgname = systemd-selinux provides = nss-myhostname provides = systemd-tools=232 provides = udev=232 - provides = systemd=232-4 + provides = systemd=232-6 conflicts = nss-myhostname conflicts = systemd-tools conflicts = udev @@ -116,15 +120,15 @@ pkgname = libsystemd-selinux depends = xz provides = libsystemd.so provides = libudev.so - provides = libsystemd=232-4 + provides = libsystemd=232-6 conflicts = libsystemd pkgname = systemd-sysvcompat-selinux pkgdesc = sysvinit compat for systemd with SELinux support license = GPL2 depends = systemd-selinux - provides = systemd-sysvcompat=232-4 - provides = selinux-systemd-sysvcompat=232-4 + provides = systemd-sysvcompat=232-6 + provides = selinux-systemd-sysvcompat=232-6 conflicts = sysvinit conflicts = systemd-sysvcompat conflicts = selinux-systemd-sysvcompat diff --git a/0001-nspawn-don-t-hide-bind-tmp-mounts.patch b/0001-nspawn-don-t-hide-bind-tmp-mounts.patch new file mode 100644 index 000000000000..a5336ece5730 --- /dev/null +++ b/0001-nspawn-don-t-hide-bind-tmp-mounts.patch @@ -0,0 +1,26 @@ +From 7ec42a45410cb27140292d85ebb0e4b6dcea5555 Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreisner@archlinux.org> +Date: Wed, 7 Dec 2016 13:45:48 -0500 +Subject: [PATCH] nspawn: don't hide --bind=/tmp/* mounts + +This is a v232-applicable version of upstream c9fd987279a462e. +--- + src/nspawn/nspawn-mount.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c +index 115de64..2dabe2a 100644 +--- a/src/nspawn/nspawn-mount.c ++++ b/src/nspawn/nspawn-mount.c +@@ -382,7 +382,7 @@ int mount_all(const char *dest, + { "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true, false, false }, + { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, false, false }, + { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, false, false }, +- { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_STRICTATIME, true, true, false }, ++ { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_STRICTATIME, true, false, false }, + #ifdef HAVE_SELINUX + { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, false, false, false }, /* Bind mount first */ + { NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, false, false, false }, /* Then, make it r/o */ +-- +2.10.2 + @@ -7,7 +7,7 @@ pkgbase=systemd-selinux pkgname=('systemd-selinux' 'libsystemd-selinux' 'systemd-sysvcompat-selinux') pkgver=232 -pkgrel=4 +pkgrel=6 arch=('i686' 'x86_64') url="https://www.github.com/systemd/systemd" groups=('selinux') @@ -26,9 +26,11 @@ source=("git+https://github.com/systemd/systemd.git#tag=v$pkgver" 'arch.conf' 'loader.conf' 'splash-arch.bmp::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/splash-arch.bmp?h=packages/systemd&id=e43ddb71a5b1ab56e898347a63e54c5d5d07728a' + 'systemd-user.pam' 'udev-hwdb.hook' '0001-disable-RestrictAddressFamilies-on-i686.patch' - '0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch') + '0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch' + '0001-nspawn-don-t-hide-bind-tmp-mounts.patch') sha512sums=('SKIP' 'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73' '52af734947a768758d5eb3f18e31a1cfec6699eca6fa10e40b90c7f11991509186c0a696e3490af3eaba80064ea4cb93e041579abf05addf072d294300aa4b28' @@ -36,9 +38,11 @@ sha512sums=('SKIP' '61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648' 'c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5' '5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75' + 'b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19' '888ab01bc6e09beb08d7126472c34c9e1aa35ea34e62a09e900ae34c93b1de2fcc988586efd8d0dc962393974f45c77b206d59a86cf53e370f061bf9a1b1a862' '89f9b2d3918c679ce4f76c2b10dc7fcb7e04f1925a5f92542f06891de2a123a91df7eb67fd4ce71506a8132f5440b3560b7bb667e1c1813944b115c1dfe35e3f' - 'b993a42c5534582631f7b379d54f6abc37e3aaa56ecf869a6d86ff14ae5a52628f4e447b6a30751bc1c14c30cec63a5c6d0aa268362d235ed477b639cac3a219') + 'b993a42c5534582631f7b379d54f6abc37e3aaa56ecf869a6d86ff14ae5a52628f4e447b6a30751bc1c14c30cec63a5c6d0aa268362d235ed477b639cac3a219' + '68478403433aafc91a03fda5d83813d2ed1dfc6ab7416b2927a803314ecf826edcb6c659587e74df65de3ccb1edf958522f56ff9ac461a1f696b6dede1d4dd35') validpgpkeys=( '63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering ) @@ -48,6 +52,9 @@ _backports=( 'abd67ce74858491565cde157c7b08fda43d3279c' # basic/virt: fix userns check on CONFIG_USER_NS=n kernel (#4651) '4318abe8d26e969ebdb97744a63ab900233a0185' # build-sys: do not install ctrl-alt-del.target symlink twice 'd112eae7da77899be245ab52aa1747d4675549f1' # device: Avoid calling unit_free(NULL) in device setup logic (#4748) + 'cfed63f60dd7412c199652825ed172c319b02b3c' # nspawn: fix exit code for --help and --version (#4609) + '3099caf2b5bb9498b1d0227c40926435ca81f26f' # journal: make sure to initially populate the space info cache (#4807) + '3d4cf7de48a74726694abbaa09f9804b845ff3ba' # build-sys: check for lz4 in the old and new numbering scheme (#4717) ) _validate_tag() { @@ -86,6 +93,9 @@ prepare() { git cherry-pick -n "${_backports[@]}" fi + # https://github.com/systemd/systemd/issues/4789 + patch -Np1 <../0001-nspawn-don-t-hide-bind-tmp-mounts.patch + # these patches aren't upstream, but they make v232 more useable. # https://github.com/systemd/systemd/issues/4575 @@ -188,9 +198,6 @@ package_systemd-selinux() { # we'll create this on installation rmdir "$pkgdir/var/log/journal/remote" - # fix pam file - sed 's|system-auth|system-login|g' -i "$pkgdir/etc/pam.d/systemd-user" - # ship default policy to leave services disabled echo 'disable *' >"$pkgdir"/usr/lib/systemd/system-preset/99-default.preset @@ -206,6 +213,9 @@ package_systemd-selinux() { install -Dm644 "$srcdir/splash-arch.bmp" "$pkgdir"/usr/share/systemd/bootctl/splash-arch.bmp install -Dm644 "$srcdir/udev-hwdb.hook" "$pkgdir/usr/share/libalpm/hooks/udev-hwdb.hook" + + # overwrite the systemd-user PAM configuration with our own + install -Dm644 systemd-user.pam "$pkgdir/etc/pam.d/systemd-user" } package_libsystemd-selinux() { diff --git a/systemd-user.pam b/systemd-user.pam new file mode 100644 index 000000000000..83f762696e0e --- /dev/null +++ b/systemd-user.pam @@ -0,0 +1,5 @@ +# Used by systemd --user instances. + +account include system-login +session required pam_loginuid.so +session include system-login |