Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libselinux for openSUSE:Factory checked in at 2022-07-18 18:32:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libselinux (Old) and /work/SRC/openSUSE:Factory/.libselinux.new.1523 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libselinux" Mon Jul 18 18:32:42 2022 rev:71 rq:988988 version:3.4 Changes: -------- --- /work/SRC/openSUSE:Factory/libselinux/libselinux.changes 2022-06-20 15:36:56.182829744 +0200 +++ /work/SRC/openSUSE:Factory/.libselinux.new.1523/libselinux.changes 2022-07-18 18:32:43.705654314 +0200 @@ -1,0 +2,11 @@ +Thu Jul 7 12:16:45 UTC 2022 - Johannes Segitz <[email protected]> + +- Fixed initrd check in selinux-ready (bnc#1186127) + +------------------------------------------------------------------- +Tue May 31 15:10:26 UTC 2022 - Johannes Segitz <[email protected]> + +- Added restorecon_pin_file.patch. Fixes issus when running + fixfiles/restorecon + +------------------------------------------------------------------- New: ---- restorecon_pin_file.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libselinux-bindings.spec ++++++ --- /var/tmp/diff_new_pack.d24g9P/_old 2022-07-18 18:32:44.405655310 +0200 +++ /var/tmp/diff_new_pack.d24g9P/_new 2022-07-18 18:32:44.409655315 +0200 @@ -36,6 +36,7 @@ # Make linking working even when default pkg-config doesn???t provide -lpython<ver> Patch5: python3.8-compat.patch Patch6: swig4_moduleimport.patch +Patch7: restorecon_pin_file.patch BuildRequires: libsepol-devel-static >= %{libsepol_ver} BuildRequires: python-rpm-macros BuildRequires: python3-devel ++++++ libselinux.spec ++++++ --- /var/tmp/diff_new_pack.d24g9P/_old 2022-07-18 18:32:44.433655350 +0200 +++ /var/tmp/diff_new_pack.d24g9P/_new 2022-07-18 18:32:44.437655355 +0200 @@ -32,6 +32,7 @@ # PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype Patch4: readv-proto.patch Patch5: skip_cycles.patch +Patch7: restorecon_pin_file.patch BuildRequires: fdupes BuildRequires: libsepol-devel >= %{libsepol_ver} BuildRequires: pkgconfig @@ -101,6 +102,7 @@ %setup -q -n libselinux-%{version} %patch4 -p1 %patch5 -p1 +%patch7 -p1 %build %define _lto_cflags %{nil} ++++++ restorecon_pin_file.patch ++++++ Index: libselinux-3.4/src/selinux_restorecon.c =================================================================== --- libselinux-3.4.orig/src/selinux_restorecon.c +++ libselinux-3.4/src/selinux_restorecon.c @@ -623,13 +623,13 @@ out: return rc; } -static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool first) +static int restorecon_sb(const char *pathname, const struct stat *sb, + struct rest_flags *flags, bool first) { char *newcon = NULL; char *curcon = NULL; char *newtypecon = NULL; - int fd = -1, rc; - struct stat stat_buf; + int rc; bool updated = false; const char *lookup_path = pathname; float pc; @@ -644,21 +644,13 @@ static int restorecon_sb(const char *pat lookup_path += rootpathlen; } - fd = open(pathname, O_PATH | O_NOFOLLOW | O_EXCL); - if (fd < 0) - goto err; - - rc = fstat(fd, &stat_buf); - if (rc < 0) - goto err; - if (rootpath != NULL && lookup_path[0] == '\0') /* this is actually the root dir of the alt root. */ rc = selabel_lookup_raw(fc_sehandle, &newcon, "/", - stat_buf.st_mode); + sb->st_mode); else rc = selabel_lookup_raw(fc_sehandle, &newcon, lookup_path, - stat_buf.st_mode); + sb->st_mode); if (rc < 0) { if (errno == ENOENT) { @@ -667,10 +659,10 @@ static int restorecon_sb(const char *pat "Warning no default label for %s\n", lookup_path); - goto out; /* no match, but not an error */ + return 0; /* no match, but not an error */ } - goto err; + return -1; } if (flags->progress) { @@ -690,17 +682,19 @@ static int restorecon_sb(const char *pat } if (flags->add_assoc) { - rc = filespec_add(stat_buf.st_ino, newcon, pathname, flags); + rc = filespec_add(sb->st_ino, newcon, pathname, flags); if (rc < 0) { selinux_log(SELINUX_ERROR, "filespec_add error: %s\n", pathname); - goto out1; + freecon(newcon); + return -1; } if (rc > 0) { /* Already an association and it took precedence. */ - goto out; + freecon(newcon); + return 0; } } @@ -708,7 +702,7 @@ static int restorecon_sb(const char *pat selinux_log(SELINUX_INFO, "%s matched by %s\n", pathname, newcon); - if (fgetfilecon_raw(fd, &curcon) < 0) { + if (lgetfilecon_raw(pathname, &curcon) < 0) { if (errno != ENODATA) goto err; @@ -741,7 +735,7 @@ static int restorecon_sb(const char *pat } if (!flags->nochange) { - if (fsetfilecon(fd, newcon) < 0) + if (lsetfilecon(pathname, newcon) < 0) goto err; updated = true; } @@ -766,8 +760,6 @@ static int restorecon_sb(const char *pat out: rc = 0; out1: - if (fd >= 0) - close(fd); freecon(curcon); freecon(newcon); return rc; @@ -865,6 +857,7 @@ static void *selinux_restorecon_thread(v FTSENT *ftsent; int error; char ent_path[PATH_MAX]; + struct stat ent_st; bool first = false; if (state->parallel) @@ -963,11 +956,11 @@ loop_body: /* fall through */ default: strcpy(ent_path, ftsent->fts_path); - + ent_st = *ftsent->fts_statp; if (state->parallel) pthread_mutex_unlock(&state->mutex); - error = restorecon_sb(ent_path, &state->flags, + error = restorecon_sb(ent_path, &ent_st, &state->flags, first); if (state->parallel) { @@ -1163,7 +1156,7 @@ static int selinux_restorecon_common(con goto cleanup; } - error = restorecon_sb(pathname, &state.flags, true); + error = restorecon_sb(pathname, &sb, &state.flags, true); goto cleanup; } ++++++ selinux-ready ++++++ --- /var/tmp/diff_new_pack.d24g9P/_old 2022-07-18 18:32:44.521655475 +0200 +++ /var/tmp/diff_new_pack.d24g9P/_new 2022-07-18 18:32:44.521655475 +0200 @@ -67,54 +67,47 @@ check_mkinitrd() { - if [ "$INITRD" == "unknown" ]; then - return 1 - fi MCMD="mount.*/root/proc.*" - if ! [ -f "/boot/$INITRD" ];then - printf "\tcheck_mkinitrd: ERR. Unable to locate '/boot/$INITRD'\n" - return 2 - fi - - cp /boot/$INITRD $TD/ 2>/dev/null - - if ! [ -f "$TD/$INITRD" ];then - printf "\tcheck_mkinitrd: ERR. Error while copying initrd file.'\n" + if ! [ -f "/boot/initrd" ];then + printf "\tcheck_mkinitrd: ERR. Unable to locate '/boot/initrd'\n" return 2 fi + cp /boot/initrd $TD/ 2>/dev/null pushd . 2>&1>/dev/null cd $TD mkdir initrd-extracted cd initrd-extracted - INITRD_FORMAT=$(file $TD/$INITRD | awk -F' ' '{print $2}') - case $INITRD_FORMAT in - 'XZ' ) - xz -d -c $TD/$INITRD | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; - 'ASCII' ) - /usr/lib/dracut/skipcpio $TD/$INITRD | xz -d | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; - 'gzip' ) - gzip -d -c $TD/$INITRD | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; - * ) - printf "\tcheck_mkinitrd: ERR. Error while extracting initrd file.'\n" - return 2 - esac - if [ -d boot ]; then - grep -E -- $MCMD boot/* 2>&1 >/dev/null - FLG1=$? - grep -E -- load_policy boot/* 2>&1 >/dev/null - FLG2=$? - else - # looks like we're using dracut/systemd. We can only check if libselinux1 - # exists - if [ -f lib64/libselinux.so.1 ]; then - # if this exists - FLG1=0 - FLG2=0 - fi - fi + INITRD_FORMAT=$(file $TD/initrd | awk -F' ' '{print $2}') + case $INITRD_FORMAT in + 'XZ' ) + xz -d -c $TD/initrd | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; + 'ASCII' ) + /usr/lib/dracut/skipcpio $TD/initrd | zstd -d | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; + 'gzip' ) + gzip -d -c $TD/initrd | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; + 'Zstandard' ) + zstd -d -c $TD/initrd | cpio -i --force-local --no-absolute-filenames 2>/dev/null ;; + * ) + printf "\tcheck_mkinitrd: ERR. Error while extracting initrd file.'\n" + return 2 + esac + if [ -d boot ]; then + grep -E -- $MCMD boot/* 2>&1 >/dev/null + FLG1=$? + grep -E -- load_policy boot/* 2>&1 >/dev/null + FLG2=$? + else + # looks like we're using dracut/systemd. We can only check if libselinux1 + # exists + if [ -f lib64/libselinux.so.1 ]; then + # if this exists + FLG1=0 + FLG2=0 + fi + fi popd 2>&1>/dev/null if [ $FLG1 == 0 -a $FLG2 == 0 ];then
