commit 1d683eb59248 Author: Petr Lautrbach Date: Tue Nov 12 18:14:54 2019 +0100 Update VERSIONs to 3.0-rc2 for release. Signed-off-by: Petr Lautrbach commit ad2208ec220f Author: Baichuan Kong Date: Thu Nov 14 10:48:07 2019 +0800 restorecond: Fix redundant console log output error When starting restorecond without any option the following redundant console log is outputed: /dev/log 100.0% /var/volatile/run/syslogd.pid 100.0% ... This is caused by two global variables of same name r_opts. When executes r_opts = opts in restore_init(), it originally intends to assign the address of struct r_opts in "restorecond.c" to the pointer *r_opts in "restore.c". However, the address is assigned to the struct r_opts and covers the value of low eight bytes in it. That causes unexpected value of member varibale 'nochange' and 'verbose' in struct r_opts, thus affects value of 'restorecon_flags' and executes unexpected operations when restorecon the files such as the redundant console log output or file label nochange. Cause restorecond/restore.c is copied from policycoreutils/setfiles, which share the same pattern. It also has potential risk to generate same problems, So fix it in case. Signed-off-by: Baichuan Kong commit 91cd4600dbd0 Author: Nicolas Iooss Date: Mon Nov 11 11:11:13 2019 +0100 libselinux,libsemanage: check in python_exception.i files Generating selinuxswig_python_exception.i and semanageswig_python_exception.i requires gcc, which appears to be unavailable on some platform. Work around this issue by adding the generated files to the git repository. While at it, remove a stray space in the generated selinuxswig_python_exception.i. Original thread: https://lore.kernel.org/selinux/20191012172357.GB19655@imap.altlinux.org/T/#ma78bd7fe71fb5784387a8c0cebd867d6c02ee6e4 Signed-off-by: Nicolas Iooss Cc: Michael Shigorin commit dd9c70e0d7b9 Author: Nicolas Iooss Date: Mon Nov 11 10:56:54 2019 +0100 libselinux,libsemanage: fix python_exception.i dependencies selinuxswig_python_exception.i and semanageswig_python_exception.i need to be regenerated when either an input header file changes or exception.sh changes. Add the missing items to the respective Makefiles. Signed-off-by: Nicolas Iooss commit 5815cc9843d7 Author: Nicolas Iooss Date: Mon Nov 11 10:49:37 2019 +0100 libselinux,libsemanage: never create -.o in exception.sh Files starting with "-" causes issues in commands such as "rm *.o". For libselinux and libsemanage, when exception.sh fails to remove "-.o", "make clean" fails with: rm: invalid option -- '.' Try 'rm ./-.o' to remove the file '-.o'. Try 'rm --help' for more information. Fix this by making exception.sh create "temp.o" instead of "-.o". Signed-off-by: Nicolas Iooss commit 8375671d30c8 Author: Petr Lautrbach Date: Thu Nov 7 11:23:37 2019 +0100 python/sepolicy: Revert "Only invoke RPM on RPM-enabled Linux distributions" Commit 73b7ff410c1b ("Only invoke RPM on RPM-enabled Linux distributions") used platform.linux_distribution() function to detect whether the system is rpm based. This function is deprecated since Python 3.5 and it's removed from Python 3.8 - https://bugs.python.org/issue28167 The original problem is already fixed by another commit 671f83b42ba2 ("policycoreutils/sepolicy: Check get_rpm_nvr_list() return value"): $ sepolicy generate --customize -p mypolicy -n testpolicy -d httpd_sys_script_t -w /home Failed to retrieve rpm info for selinux-policy Created the following files: mypolicy/testpolicy.te # Type Enforcement file mypolicy/testpolicy.if # Interface file mypolicy/testpolicy.fc # File Contexts file mypolicy/testpolicy_selinux.spec # Spec file mypolicy/testpolicy.sh # Setup Script Fixes: File "/usr/lib/python3.8/site-packages/sepolicy/generate.py", line 1384, in generate if (platform.linux_distribution(full_distribution_name=0)[0] in ("redhat", "centos", "SuSE", "fedora", "mandrake", "mandriva")): AttributeError: module 'platform' has no attribute 'linux_distribution' Signed-off-by: Petr Lautrbach commit 6d5f7f20bc99 Author: Petr Lautrbach Date: Wed Nov 6 17:30:43 2019 +0100 Replace www.nsa.gov references by github.com/SELinuxProject The original page doesn't exist anymore. Fixes: https://github.com/SELinuxProject/selinux/issues/170 Signed-off-by: Petr Lautrbach commit c7527bdb608b Author: James Carter Date: Fri Nov 1 09:50:53 2019 -0400 libsepol/cil: Report disabling an optional block only at high verbose levels Since failing to resolve a statement in an optional block is normal, only display messages about the statement failing to resolve and the optional block being disabled at the highest verbosity level. These messages are now only at log level CIL_INFO instead of CIL_WARN. Signed-off-by: James Carter commit 0271bf4136e3 Author: Thomas Petazzoni Date: Fri Oct 25 15:41:49 2019 +0200 libselinux/src/Makefile: don't pass bogus -I and -L to python setup.py build_ext Using $(DESTDIR) during the build does not follow the normal/standard semantic of DESTDIR: it is normally only needed during the installation. Therefore, a lot of build systems/environments don't pass any DESTDIR at build time, which causes setup.py to be called with -I /usr/include -L /usr/lib, which breaks cross-compilation. Signed-off-by: Thomas Petazzoni