Signed-off-by: Thomas Petazzoni <[email protected]> --- utils/selinux-python/Makefile | 155 ++++++++++++++++++ .../0001-sepolgen-adjust-data_dir.patch | 26 +++ ...hardcode-search-for-ausearch-in-sbin.patch | 38 +++++ .../0003-Don-t-force-using-python3.patch | 67 ++++++++ 4 files changed, 286 insertions(+) create mode 100644 utils/selinux-python/Makefile create mode 100644 utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch create mode 100644 utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch create mode 100644 utils/selinux-python/patches/0003-Don-t-force-using-python3.patch
diff --git a/utils/selinux-python/Makefile b/utils/selinux-python/Makefile new file mode 100644 index 000000000..4fd0376b6 --- /dev/null +++ b/utils/selinux-python/Makefile @@ -0,0 +1,155 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=selinux-python +PKG_VERSION:=2.9 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20190315 +PKG_HASH:=3650b5393b0d1790cac66db00e34f059aa91c23cfe3c2559676594e295d75fde +PKG_BUILD_DEPENDS:=PACKAGE_selinux-audit2allow:libsepol + +PKG_MAINTAINER:=Thomas Petazzoni <[email protected]> + +include $(INCLUDE_DIR)/package.mk +include ../../lang/python/python-package.mk + +# +# common definitions +# + +define Package/selinux-python/Default + SECTION:=utils + DEPENDS:=+python +python-libselinux + CATEGORY:=Utilities + URL:=http://selinuxproject.org/page/Main_Page +endef + +define Package/selinux-python/Default/description + A set of SELinux tools written in python that help with + managing a system with SELinux enabled. +endef + +MAKE_VARS = \ + PYTHON=$(HOST_PYTHON_BIN) \ + PYTHONLIBDIR=$(PYTHON_PKG_DIR) + +define Build/Compile + $(call Build/Compile/Default,all) +endef + +# +# selinux-audit2allow +# + +define Package/selinux-audit2allow +$(call Package/selinux-python/Default) + TITLE:=selinux-audit2allow + DEPENDS:=+python-sepolgen +libsepol +endef + +define Package/selinux-audit2allow/description +$(call Package/selinux-python/Default/description) + This package contains the audit2allow and audit2why tools. +endef + +define Package/selinux-audit2allow/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/audit2allow DESTDIR=$(1) install + rm -rf $(1)/usr/share/man +endef + +# +# selinux-chchat +# + +define Package/selinux-chcat +$(call Package/selinux-python/Default) + TITLE:=selinux-chcat +endef + +define Package/selinux-chcat/description +$(call Package/selinux-python/Default/description) + This package contains the chcat tool. +endef + +define Package/selinux-chcat/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/chcat DESTDIR=$(1) install + rm -rf $(1)/usr/share +endef + +# +# selinux-semanage +# + +define Package/selinux-semanage +$(call Package/selinux-python/Default) + TITLE:=selinux-semanage + DEPENDS:=+python-sepolicy +endef + +define Package/selinux-semanage/description +$(call Package/selinux-python/Default/description) + This package contains the semanage tool. +endef + +define Package/selinux-semanage/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/semanage DESTDIR=$(1) install + rm -rf $(1)/usr/share +endef + +# +# python-sepolgen +# + +define Package/python-sepolgen +$(call Package/selinux-python/Default) + SUBMENU:=Python + SECTION:=lang + CATEGORY:=Languages + TITLE:=python-sepolgen +endef + +define Package/python-sepolgen/description +$(call Package/selinux-python/Default/description) + This package contains the sepolgen Python library. +endef + +define Package/python-sepolgen/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolgen DESTDIR=$(1) install + $(INSTALL_DIR) $(1)/usr/share/sepolgen/ + $(INSTALL_DATA) $(1)/var/lib/sepolgen/perm_map $(1)/usr/share/sepolgen/perm_map + $(RM) -rf $(1)/var +endef + +# +# python-sepolicy +# + +define Package/python-sepolicy +$(call Package/selinux-python/Default) + SUBMENU:=Python + SECTION:=lang + CATEGORY:=Languages + TITLE:=python-sepolicy +endef + +define Package/python-sepolicy/description +$(call Package/selinux-python/Default/description) + This package contains the sepolicy Python library. +endef + +define Package/python-sepolicy/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolicy DESTDIR=$(1) install + rm -rf $(1)/usr/share +endef + +$(eval $(call BuildPackage,selinux-audit2allow)) +$(eval $(call BuildPackage,selinux-chcat)) +$(eval $(call BuildPackage,selinux-semanage)) +$(eval $(call BuildPackage,python-sepolgen)) +$(eval $(call BuildPackage,python-sepolicy)) diff --git a/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch new file mode 100644 index 000000000..5b5426007 --- /dev/null +++ b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch @@ -0,0 +1,26 @@ +From 4dfa91b1377b6dc57e66443ea1a08c6d79a3a6e2 Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni <[email protected]> +Date: Wed, 2 Oct 2019 12:04:24 +0200 +Subject: [PATCH] sepolgen: adjust data_dir() + +Signed-off-by: Thomas Petazzoni <[email protected]> +--- + sepolgen/src/sepolgen/defaults.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sepolgen/src/sepolgen/defaults.py b/sepolgen/src/sepolgen/defaults.py +index 6e800695..a61d1efd 100644 +--- a/sepolgen/src/sepolgen/defaults.py ++++ b/sepolgen/src/sepolgen/defaults.py +@@ -57,7 +57,7 @@ Various default settings, including file and directory locations. + """ + + def data_dir(): +- return "/var/lib/sepolgen" ++ return "/usr/share/sepolgen" + + def perm_map(): + return data_dir() + "/perm_map" +-- +2.21.0 + diff --git a/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch b/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch new file mode 100644 index 000000000..0ebc3e593 --- /dev/null +++ b/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch @@ -0,0 +1,38 @@ +From a8a7f8fb5cfe95f28cd5f7ff4b4679ca122fe410 Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni <[email protected]> +Date: Wed, 2 Oct 2019 13:38:18 +0200 +Subject: [PATCH] sepolgen: don't hardcode search for ausearch in /sbin + +ausearch may be installed in another location, just rely on PATH to +find ausearch. + +Signed-off-by: Thomas Petazzoni <[email protected]> +--- + sepolgen/src/sepolgen/audit.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py +index 4adb851f..5eafa587 100644 +--- a/sepolgen/src/sepolgen/audit.py ++++ b/sepolgen/src/sepolgen/audit.py +@@ -41,7 +41,7 @@ def get_audit_boot_msgs(): + s = time.localtime(time.time() - off) + bootdate = time.strftime("%x", s) + boottime = time.strftime("%X", s) +- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime], ++ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime], + stdout=subprocess.PIPE).communicate()[0] + if util.PY3: + output = util.decode_input(output) +@@ -56,7 +56,7 @@ def get_audit_msgs(): + string contain all of the audit messages returned by ausearch. + """ + import subprocess +- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"], ++ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"], + stdout=subprocess.PIPE).communicate()[0] + if util.PY3: + output = util.decode_input(output) +-- +2.21.0 + diff --git a/utils/selinux-python/patches/0003-Don-t-force-using-python3.patch b/utils/selinux-python/patches/0003-Don-t-force-using-python3.patch new file mode 100644 index 000000000..c0746d026 --- /dev/null +++ b/utils/selinux-python/patches/0003-Don-t-force-using-python3.patch @@ -0,0 +1,67 @@ +From 193e708d53517802040742e63041716e1f89a039 Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni <[email protected]> +Date: Wed, 2 Oct 2019 13:40:20 +0200 +Subject: [PATCH] Don't force using python3 + +Signed-off-by: Thomas Petazzoni <[email protected]> +--- + audit2allow/audit2allow | 2 +- + audit2allow/sepolgen-ifgen | 2 +- + chcat/chcat | 2 +- + semanage/semanage | 2 +- + sepolicy/sepolicy.py | 2 +- + 5 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/audit2allow/audit2allow b/audit2allow/audit2allow +index 09b06f66..81f610ad 100644 +--- a/audit2allow/audit2allow ++++ b/audit2allow/audit2allow +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 -Es ++#!/usr/bin/python -Es + # Authors: Karl MacMillan <[email protected]> + # Authors: Dan Walsh <[email protected]> + # +diff --git a/audit2allow/sepolgen-ifgen b/audit2allow/sepolgen-ifgen +index be2d093b..99700ea9 100644 +--- a/audit2allow/sepolgen-ifgen ++++ b/audit2allow/sepolgen-ifgen +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 -Es ++#!/usr/bin/python -Es + # + # Authors: Karl MacMillan <[email protected]> + # +diff --git a/chcat/chcat b/chcat/chcat +index ba398684..63e91635 100755 +--- a/chcat/chcat ++++ b/chcat/chcat +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 -Es ++#!/usr/bin/python -Es + # Copyright (C) 2005 Red Hat + # see file 'COPYING' for use and warranty information + # +diff --git a/semanage/semanage b/semanage/semanage +index 144cc000..552ace6a 100644 +--- a/semanage/semanage ++++ b/semanage/semanage +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 -Es ++#!/usr/bin/python -Es + # Copyright (C) 2012-2013 Red Hat + # AUTHOR: Miroslav Grepl <[email protected]> + # AUTHOR: David Quigley <[email protected]> +diff --git a/sepolicy/sepolicy.py b/sepolicy/sepolicy.py +index 1934cd86..af606857 100755 +--- a/sepolicy/sepolicy.py ++++ b/sepolicy/sepolicy.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 -Es ++#!/usr/bin/python -Es + # Copyright (C) 2012 Red Hat + # AUTHOR: Dan Walsh <[email protected]> + # see file 'COPYING' for use and warranty information +-- +2.21.0 + -- 2.23.0 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
