[v2,13/13] package/refpolicy: bump to version 2.20221101

Message ID	20230425171454.48802-14-aduskett@gmail.com
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> From: Adam Duskett <aduskett@gmail.com> To: buildroot@buildroot.org Date: Tue, 25 Apr 2023 10:14:54 -0700 Message-Id: <20230425171454.48802-14-aduskett@gmail.com> In-Reply-To: <20230425171454.48802-1-aduskett@gmail.com> References: <20230425171454.48802-1-aduskett@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682442913; x=1685034913; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qVnx8uhUMBtkiUNj44OVEuTghkrIamLKjdK+q1Ok+nI=; b=n/+JdNE8COVXBtbSEyMfIPDOqep/ki2a6slLqzJuzgKudnaBzkk51VRwifGVlaUudw v1BCQvPZovz/b8aemIJaHsi86Gv8btZ635zH+2eWrRyYhLHGlbjx9iuu8sbpohEcC8NW u+xoXLUfTOnlp0uVrD0rbq2MX6wyRu/5lYdjBzGTjWJxQNGW/JU7mqKPuiLURZMyBStq lcCvt5PxaubdaWbf67dUo7x7gAO2gfyk14uapFfQ9Pvb7H3csq1VaTBgedRHtz59vjwa jOY9EWv9EN9PuNMi0ErnZQJZnmKyWYQ7uVS1OsEjPT6J2eProM4IuRCiEeX6iKNMF5rT Ommw== X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=n/+JdNE8 Subject: [Buildroot] [PATCH v2 13/13] package/refpolicy: bump to version 2.20221101 Precedence: list Cc: Marcus Folkesson <marcus.folkesson@gmail.com>, Antoine Tenart <atenart@kernel.org>, Asaf Kahlon <asafka7@gmail.com>, Thomas Petazzoni <thomas.petazzoni@bootlin.com>, Fabrice Fontaine <fontaine.fabrice@gmail.com>, Adam Duskett <aduskett@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	Selinux: bump to 3.5 \| expand [v2,00/13] Selinux: bump to 3.5 [v2,01/13] package/libglib2/0003-disable-building-docs.patch: new patch [v2,02/13] package/python-pip: add host variant [v2,03/13] package/libsepol: bump to version 3.5 [v2,04/13] package/libsemanage: bump to version 3.5 [v2,05/13] package/libselinux: bump to version 3.5 [v2,06/13] package/policycoreutils: bump to version 3.5 [v2,07/13] package/checkpolicy: bump to version 3.5 [v2,08/13] package/restorecond: bump to version 3.5 [v2,09/13] package/semodule-utils: bump to version 3.5 [v2,10/13] package/audit: bump to version 3.1 [v2,11/13] package/selinux-python: bump to version 3.5 [v2,12/13] package/setools: bump to version 4.4.2 [v2,13/13] package/refpolicy: bump to version 2.20221101

Message ID

20230425171454.48802-14-aduskett@gmail.com

State

Accepted

Headers

From: Adam Duskett <aduskett@gmail.com>
To: buildroot@buildroot.org
Date: Tue, 25 Apr 2023 10:14:54 -0700
Message-Id: <20230425171454.48802-14-aduskett@gmail.com>
In-Reply-To: <20230425171454.48802-1-aduskett@gmail.com>
References: <20230425171454.48802-1-aduskett@gmail.com>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp3.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20221208 header.b=n/+JdNE8
Subject: [Buildroot] [PATCH v2 13/13] package/refpolicy: bump to version
 2.20221101
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Cc: Marcus Folkesson <marcus.folkesson@gmail.com>,
 Antoine Tenart <atenart@kernel.org>, Asaf Kahlon <asafka7@gmail.com>,
 Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
 Fabrice Fontaine <fontaine.fabrice@gmail.com>,
 Adam Duskett <aduskett@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

Selinux: bump to 3.5 | expand

Commit Message

Adam Duskett April 25, 2023, 5:14 p.m. UTC

Add an upstream patch in package/refpolicy/2.20221101 that makes dbus optional
for the mount interface. The patch must go in the 2.20221101 directory or else
the build system will automatically attempt to apply the patch to a custom git
version of refpolicy if chosen.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
Changes v1 -> v2:
  - Added 2.20221101/0001-mount-dbus-interface-must-be-optional.patch

 ...ount-dbus-interface-must-be-optional.patch | 33 +++++++++++++++++++
 package/refpolicy/refpolicy.hash              |  2 +-
 package/refpolicy/refpolicy.mk                |  2 +-
 3 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch

Comments

Yann E. MORIN May 9, 2023, 9:06 p.m. UTC | #1

Adam, All,

On 2023-04-25 10:14 -0700, Adam Duskett spake thusly:
> Add an upstream patch in package/refpolicy/2.20221101 that makes dbus optional
> for the mount interface. The patch must go in the 2.20221101 directory or else
> the build system will automatically attempt to apply the patch to a custom git
> version of refpolicy if chosen.
> 
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
> ---
> Changes v1 -> v2:
>   - Added 2.20221101/0001-mount-dbus-interface-must-be-optional.patch
> 
>  ...ount-dbus-interface-must-be-optional.patch | 33 +++++++++++++++++++
>  package/refpolicy/refpolicy.hash              |  2 +-
>  package/refpolicy/refpolicy.mk                |  2 +-
>  3 files changed, 35 insertions(+), 2 deletions(-)
>  create mode 100644 package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
> 
> diff --git a/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch b/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
> new file mode 100644
> index 0000000000..dec0af828f
> --- /dev/null
> +++ b/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
> @@ -0,0 +1,33 @@
> +From 6c6be65ccf0891391681d4662cc11f508c0f4aeb Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <aduskett@gmail.com>
> +Date: Mon, 24 Apr 2023 14:24:49 -0700
> +Subject: [PATCH] mount: dbus interface must be optional
> +
> +If DBus isn't built, the build process fails due to mount.te always using a
> +dbus interface even if the dbus module. Fix this by setting the dbus interface
> +as optional.
> +
> +Signed-off-by: Adam Duskett <aduskett@gmail.com>
> +Upstream-status: accepted. 207b09a656c2c3ac5c286d3f7eef085325e35408

The proper format for an Upstream: tag is just "Upstream:" (but that is
a very recent change. so I just fixed it). We also prefer to have an URL
to the upstream commit, so I changed that too.

Applied to master, thanks.

Regards,
Yann E. MORIN.

> +---
> + policy/modules/system/mount.te | 4 +++-
> + 1 file changed, 3 insertions(+), 1 deletion(-)
> +
> +diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> +index d028723..af84af0 100644
> +--- a/policy/modules/system/mount.te
> ++++ b/policy/modules/system/mount.te
> +@@ -145,7 +145,9 @@ selinux_getattr_fs(mount_t)
> + 
> + userdom_use_all_users_fds(mount_t)
> + 
> +-dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
> ++optional_policy(`
> ++	dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
> ++')
> + 
> + ifdef(`distro_redhat',`
> + 	optional_policy(`
> +-- 
> +2.40.0
> +
> diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
> index b08c22ed4e..a09e59c270 100644
> --- a/package/refpolicy/refpolicy.hash
> +++ b/package/refpolicy/refpolicy.hash
> @@ -1,5 +1,5 @@
>  # From https://github.com/SELinuxProject/refpolicy/releases
> -sha256  965f98f0b68a24fd0b8e8d973d319332aea88973e1d6c455ef9c2a31aefaeaa6  refpolicy-2.20220106.tar.bz2
> +sha256  44f88e62c8efcef54d019b9ca077520d5993de580926bd7575788cfa78515396  refpolicy-2.20221101.tar.bz2
>  
>  # Locally computed
>  sha256  204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994  COPYING
> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
> index f11b72755a..8fea7cc254 100644
> --- a/package/refpolicy/refpolicy.mk
> +++ b/package/refpolicy/refpolicy.mk
> @@ -23,7 +23,7 @@ REFPOLICY_SITE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL))
>  REFPOLICY_SITE_METHOD = git
>  BR_NO_CHECK_HASH_FOR += $(REFPOLICY_SOURCE)
>  else
> -REFPOLICY_VERSION = 2.20220106
> +REFPOLICY_VERSION = 2.20221101
>  REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
>  REFPOLICY_SITE = https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_$(subst .,_,$(REFPOLICY_VERSION))
>  endif
> -- 
> 2.40.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

diff --git a/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch b/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
new file mode 100644
index 0000000000..dec0af828f
--- /dev/null
+++ b/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
@@ -0,0 +1,33 @@ 
+From 6c6be65ccf0891391681d4662cc11f508c0f4aeb Mon Sep 17 00:00:00 2001
+From: Adam Duskett <aduskett@gmail.com>
+Date: Mon, 24 Apr 2023 14:24:49 -0700
+Subject: [PATCH] mount: dbus interface must be optional
+
+If DBus isn't built, the build process fails due to mount.te always using a
+dbus interface even if the dbus module. Fix this by setting the dbus interface
+as optional.
+
+Signed-off-by: Adam Duskett <aduskett@gmail.com>
+Upstream-status: accepted. 207b09a656c2c3ac5c286d3f7eef085325e35408
+---
+ policy/modules/system/mount.te | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
+index d028723..af84af0 100644
+--- a/policy/modules/system/mount.te
++++ b/policy/modules/system/mount.te
+@@ -145,7 +145,9 @@ selinux_getattr_fs(mount_t)
+ 
+ userdom_use_all_users_fds(mount_t)
+ 
+-dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
++optional_policy(`
++	dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
++')
+ 
+ ifdef(`distro_redhat',`
+ 	optional_policy(`
+-- 
+2.40.0
+
diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
index b08c22ed4e..a09e59c270 100644
--- a/package/refpolicy/refpolicy.hash
+++ b/package/refpolicy/refpolicy.hash
@@ -1,5 +1,5 @@ 
 # From https://github.com/SELinuxProject/refpolicy/releases
-sha256  965f98f0b68a24fd0b8e8d973d319332aea88973e1d6c455ef9c2a31aefaeaa6  refpolicy-2.20220106.tar.bz2
+sha256  44f88e62c8efcef54d019b9ca077520d5993de580926bd7575788cfa78515396  refpolicy-2.20221101.tar.bz2
 
 # Locally computed
 sha256  204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994  COPYING
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index f11b72755a..8fea7cc254 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -23,7 +23,7 @@  REFPOLICY_SITE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL))
 REFPOLICY_SITE_METHOD = git
 BR_NO_CHECK_HASH_FOR += $(REFPOLICY_SOURCE)
 else
-REFPOLICY_VERSION = 2.20220106
+REFPOLICY_VERSION = 2.20221101
 REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
 REFPOLICY_SITE = https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_$(subst .,_,$(REFPOLICY_VERSION))
 endif

[v2,13/13] package/refpolicy: bump to version 2.20221101

Commit Message

Comments

Patch