rpms/setools
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f42
rpms:f43
rpms:main
rpms:f41
rpms:f40
rpms:f38
rpms:f39
rpms:f37
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:4.2
rpms:f30
rpms:4.2.0
rpms:f29
rpms:f28
rpms:f26
rpms:f27
rpms:f25
rpms:private-plautrba-4.0.0
rpms:f24
rpms:f23
rpms:private-master-2.5
rpms:f21
rpms:f22
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f16
rpms:f15
rpms:f14
rpms:f13
rpms:f11
rpms:f9
rpms:f10
rpms:f12
rpms:f7
rpms:f8
rpms:setools-3_3_7-4_fc14
rpms:setools-3_3_7-3_fc14
rpms:setools-3_3_7-2_fc13
rpms:setools-3_3_7-2_fc14
rpms:setools-3_3_7-1_fc14
rpms:F-13-start
rpms:F-13-split
rpms:setools-3_3_6-4_fc12
rpms:F-12-start
rpms:F-12-split
rpms:setools-3_3_6-3_fc12
rpms:setools-3_3_6-2_fc12
rpms:setools-3_3_6-1_fc12
rpms:setools-3_3_5-8_fc11
rpms:F-11-start
rpms:F-11-split
rpms:setools-3_3_5-7_fc11
rpms:setools-3_3_5-6_fc11
rpms:setools-3_3_5-5_fc11
rpms:setools-3_3_5-4_fc11
rpms:setools-3_3_5-3_fc11
rpms:setools-3_3_5-2_fc10
rpms:F-10-start
rpms:F-10-split
rpms:setools-3_3_4-2_fc9
rpms:setools-3_3_5-1_fc10
rpms:setools-3_3_4-1_fc9
rpms:F-9-start
rpms:F-9-split
rpms:setools-3_3_2-3_fc9
rpms:setools-3_3_2-2_fc9
rpms:setools-3_3_2-1_fc9
rpms:setools-3_3_1-7_fc8
rpms:F-8-start
rpms:F-8-split
rpms:setools-3_3_1-6_fc8
rpms:setools-3_2-3_fc7
rpms:setools-3_2-4_fc8
rpms:setools-3_2-3
rpms:setools-3_2-2
rpms:setools-3_2-1
rpms:F-7-start
rpms:F-7-split
rpms:setools-3_1-4_fc7
rpms:setools-3_1-3_fc7
rpms:setools-3_1-2_fc7
rpms:setools-3_1-1_fc7
rpms:setools-3_0-4_fc7
rpms:setools-3_0-3_fc7
rpms:setools-3_0-2_fc7
rpms:setools-3_0-2
rpms:setools-2_4-2_1
rpms:FC-6-split
rpms:setools-2_4-2
rpms:setools-2_4-1
rpms:setools-2_3-3
rpms:setools-2_3-2
rpms:setools-2_3-1_2
rpms:FC-5-split
rpms:setools-2_3-1_1
rpms:setools-2_3-1
rpms:setools-2_2-4_1
rpms:setools-2_2-4
rpms:setools-2_2-3_1
rpms:setools-2_2-3
rpms:setools-2_2-2
rpms:setools-2_2-1
rpms:setools-2_1_3-1
rpms:setools-2_1_2-3
rpms:setools-2_1_2-2
rpms:setools-2_1_2-1
rpms:setools-2_1_1-4
rpms:setools-2_1_1-3
rpms:setools-2_1_1-1
rpms:FC-4-split
rpms:setools-2_1_0-5
rpms:setools-2_1_0-4
rpms:setools-2_1_0-3
rpms:setools-2_1_0-2
rpms:setools-2_1_0-0
rpms:setools-2_0_0-2
rpms:setools-2_0_0-1
rpms:setools-1_5_1-6
rpms:setools-1_5_1-3
rpms:setools-1_5_1-2
rpms:setools-1_5_1-1
rpms:setools-1_4_1-5
rpms:RHEL-4-split
rpms:FC-3-split
rpms:setools-1_4_1-4
rpms:setools-1_4_1-3
rpms:setools-1_4_1-2
rpms:setools-1_4_1-1
rpms:present-on-devel
rpms:setools-1_4-5
rpms:setools-1_4-4
rpms:setools-1_4-3
rpms:setools-1_4-2
rpms:setools-1_4-1
rpms:setools-1_3_1-3
rpms:setools-1_3-2
rpms:setools-1_2_1-2_1
rpms:setools-1_1_1-1
rpms:FC-2-split
..
compare: rpms:f30
Branches Tags
rpms:f42
rpms:f43
rpms:main
rpms:rawhide
rpms:f41
rpms:f40
rpms:f38
rpms:f39
rpms:f37
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:4.2
rpms:f30
rpms:4.2.0
rpms:f29
rpms:f28
rpms:f26
rpms:f27
rpms:f25
rpms:private-plautrba-4.0.0
rpms:f24
rpms:f23
rpms:private-master-2.5
rpms:f21
rpms:f22
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f16
rpms:f15
rpms:f14
rpms:f13
rpms:f11
rpms:f9
rpms:f10
rpms:f12
rpms:f7
rpms:f8
rpms:setools-3_3_7-4_fc14
rpms:setools-3_3_7-3_fc14
rpms:setools-3_3_7-2_fc13
rpms:setools-3_3_7-2_fc14
rpms:setools-3_3_7-1_fc14
rpms:F-13-start
rpms:F-13-split
rpms:setools-3_3_6-4_fc12
rpms:F-12-start
rpms:F-12-split
rpms:setools-3_3_6-3_fc12
rpms:setools-3_3_6-2_fc12
rpms:setools-3_3_6-1_fc12
rpms:setools-3_3_5-8_fc11
rpms:F-11-start
rpms:F-11-split
rpms:setools-3_3_5-7_fc11
rpms:setools-3_3_5-6_fc11
rpms:setools-3_3_5-5_fc11
rpms:setools-3_3_5-4_fc11
rpms:setools-3_3_5-3_fc11
rpms:setools-3_3_5-2_fc10
rpms:F-10-start
rpms:F-10-split
rpms:setools-3_3_4-2_fc9
rpms:setools-3_3_5-1_fc10
rpms:setools-3_3_4-1_fc9
rpms:F-9-start
rpms:F-9-split
rpms:setools-3_3_2-3_fc9
rpms:setools-3_3_2-2_fc9
rpms:setools-3_3_2-1_fc9
rpms:setools-3_3_1-7_fc8
rpms:F-8-start
rpms:F-8-split
rpms:setools-3_3_1-6_fc8
rpms:setools-3_2-3_fc7
rpms:setools-3_2-4_fc8
rpms:setools-3_2-3
rpms:setools-3_2-2
rpms:setools-3_2-1
rpms:F-7-start
rpms:F-7-split
rpms:setools-3_1-4_fc7
rpms:setools-3_1-3_fc7
rpms:setools-3_1-2_fc7
rpms:setools-3_1-1_fc7
rpms:setools-3_0-4_fc7
rpms:setools-3_0-3_fc7
rpms:setools-3_0-2_fc7
rpms:setools-3_0-2
rpms:setools-2_4-2_1
rpms:FC-6-split
rpms:setools-2_4-2
rpms:setools-2_4-1
rpms:setools-2_3-3
rpms:setools-2_3-2
rpms:setools-2_3-1_2
rpms:FC-5-split
rpms:setools-2_3-1_1
rpms:setools-2_3-1
rpms:setools-2_2-4_1
rpms:setools-2_2-4
rpms:setools-2_2-3_1
rpms:setools-2_2-3
rpms:setools-2_2-2
rpms:setools-2_2-1
rpms:setools-2_1_3-1
rpms:setools-2_1_2-3
rpms:setools-2_1_2-2
rpms:setools-2_1_2-1
rpms:setools-2_1_1-4
rpms:setools-2_1_1-3
rpms:setools-2_1_1-1
rpms:FC-4-split
rpms:setools-2_1_0-5
rpms:setools-2_1_0-4
rpms:setools-2_1_0-3
rpms:setools-2_1_0-2
rpms:setools-2_1_0-0
rpms:setools-2_0_0-2
rpms:setools-2_0_0-1
rpms:setools-1_5_1-6
rpms:setools-1_5_1-3
rpms:setools-1_5_1-2
rpms:setools-1_5_1-1
rpms:setools-1_4_1-5
rpms:RHEL-4-split
rpms:FC-3-split
rpms:setools-1_4_1-4
rpms:setools-1_4_1-3
rpms:setools-1_4_1-2
rpms:setools-1_4_1-1
rpms:present-on-devel
rpms:setools-1_4-5
rpms:setools-1_4-4
rpms:setools-1_4-3
rpms:setools-1_4-2
rpms:setools-1_4-1
rpms:setools-1_3_1-3
rpms:setools-1_3-2
rpms:setools-1_2_1-2_1
rpms:setools-1_1_1-1
rpms:FC-2-split

No commits in common. "rawhide" and "f30" have entirely different histories.
rawhide ... f30

26 changed files with 452 additions and 841 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.fmf/version
View file

@ -1 +0,0 @@
1

16
.gitignore vendored
View file

@ -3,19 +3,3 @@ setools-3.3.8.tar.bz2
setools-3.3.8-f1e5b20.tar.bz2
/4.1.0.tar.gz
/4.1.1.tar.gz
/4.2.0-beta.tar.gz
/4.2.0-rc.tar.gz
/4.2.0.tar.gz
/4.2.1.tar.gz
/4.2.2.tar.gz
/4.3.0.tar.gz
/05e90ee.tar.gz
/16c0696.tar.gz
/4.4.0.tar.gz
/4.4.1.tar.gz
/4.4.2.tar.gz
/4.4.3.tar.gz
/4.4.4.tar.gz
/4.5.0.tar.gz
/4.5.1.tar.gz
/4.6.0.tar.gz

49
0001-Do-not-use-Werror-during-build.patch Normal file
View file

@ -0,0 +1,49 @@
From 617c3ae83c1c72ead627a57e1529724c62df807f Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 23 Feb 2017 08:17:07 +0100
Subject: [PATCH 1/2] Do not use -Werror during build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There are new warnings when setools are built with gcc 7 therefore we
want to suppress -Werror for now
Fixes:
libqpol/policy_extend.c: In function policy_extend:
libqpol/policy_extend.c:161:27: error: %04zd directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~~~~~~~
In file included from /usr/include/stdio.h:939:0,
from /usr/include/sepol/policydb/policydb.h:53,
from libqpol/policy_extend.c:29:
/usr/include/bits/stdio2.h:64:10: note: __builtin___snprintf_chk output between 9 and 15 bytes into a destination of size 9
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__bos (__s), __fmt, __va_arg_pack ());
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
error: command 'gcc' failed with exit status 1
---
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index 2ca44c9..9319bf6 100644
--- a/setup.py
+++ b/setup.py
@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
'libqpol/policy_scan.c',
'libqpol/xen_query.c'],
include_dirs=include_dirs,
- extra_compile_args=['-Werror', '-Wextra',
+ extra_compile_args=['-Wextra',
'-Waggregate-return',
'-Wfloat-equal',
'-Wformat', '-Wformat=2',
--
2.9.3

140
0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Normal file
View file

@ -0,0 +1,140 @@
From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 23 Feb 2017 08:17:07 +0100
Subject: [PATCH 2/2] Do not export/use setools.InfoFlowAnalysis and
setools.DomainTransitionAnalysis
dta and infoflow modules require networkx which brings lot of dependencies.
These dependencies are not necessary for setools module itself as it's
used in policycoreutils.
Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
setools.dta.DomainTransitionAnalysis and let the package containing
sedta and seinfoflow to require python3-networkx
---
sedta | 3 ++-
seinfoflow | 3 ++-
setools/__init__.py | 4 ++--
setoolsgui/apol/dta.py | 2 +-
setoolsgui/apol/infoflow.py | 2 +-
tests/dta.py | 3 ++-
tests/infoflow.py | 3 ++-
7 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/sedta b/sedta
index 1c76ebb..255ad49 100755
--- a/sedta
+++ b/sedta
@@ -23,6 +23,7 @@ import argparse
import logging
import setools
+import setools.dta
def print_transition(trans):
@@ -111,7 +112,7 @@ else:
try:
p = setools.SELinuxPolicy(args.policy)
- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
+ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
if args.shortest_path or args.all_paths:
if args.shortest_path:
diff --git a/seinfoflow b/seinfoflow
index b287921..d53bdef 100755
--- a/seinfoflow
+++ b/seinfoflow
@@ -19,6 +19,7 @@
from __future__ import print_function
import setools
+import setools.infoflow
import argparse
import sys
import logging
@@ -79,7 +80,7 @@ else:
try:
p = setools.SELinuxPolicy(args.policy)
m = setools.PermissionMap(args.map)
- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
if args.shortest_path or args.all_paths:
if args.shortest_path:
diff --git a/setools/__init__.py b/setools/__init__.py
index a84c846..a53c5a7 100644
--- a/setools/__init__.py
+++ b/setools/__init__.py
@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery
from .devicetreeconquery import DevicetreeconQuery
# Information Flow Analysis
-from .infoflow import InfoFlowAnalysis
+# from .infoflow import InfoFlowAnalysis
from .permmap import PermissionMap
# Domain Transition Analysis
-from .dta import DomainTransitionAnalysis
+# from .dta import DomainTransitionAnalysis
# Policy difference
from .diff import PolicyDifference
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
index 0aaf13f..5b1ea20 100644
--- a/setoolsgui/apol/dta.py
+++ b/setoolsgui/apol/dta.py
@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
-from setools import DomainTransitionAnalysis
+from setools.dta import DomainTransitionAnalysis
from ..logtosignal import LogHandlerToSignal
from .analysistab import AnalysisTab
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
index 1ae16de..fdf8f7b 100644
--- a/setoolsgui/apol/infoflow.py
+++ b/setoolsgui/apol/infoflow.py
@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
-from setools import InfoFlowAnalysis
+from setools.infoflow import InfoFlowAnalysis
from setools.exception import UnmappedClass, UnmappedPermission
from ..logtosignal import LogHandlerToSignal
diff --git a/tests/dta.py b/tests/dta.py
index 32b9271..2bdd052 100644
--- a/tests/dta.py
+++ b/tests/dta.py
@@ -17,7 +17,8 @@
#
import unittest
-from setools import SELinuxPolicy, DomainTransitionAnalysis
+from setools import SELinuxPolicy
+from setools.dta import DomainTransitionAnalysis
from setools import TERuletype as TERT
from setools.policyrep.exception import InvalidType
from setools.policyrep.typeattr import Type
diff --git a/tests/infoflow.py b/tests/infoflow.py
index 7751dda..a21c683 100644
--- a/tests/infoflow.py
+++ b/tests/infoflow.py
@@ -17,7 +17,8 @@
#
import unittest
-from setools import SELinuxPolicy, InfoFlowAnalysis
+from setools import SELinuxPolicy
+from setools.infoflow import InfoFlowAnalysis
from setools import TERuletype as TERT
from setools.permmap import PermissionMap
from setools.policyrep.exception import InvalidType
--
2.9.3

26
0003-bswap_-macros-are-defined-in-byteswap.h.patch Normal file
View file

@ -0,0 +1,26 @@
From 2ac588919dd96d3d624e6ec20c67d1d91386e879 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 10 Aug 2017 08:23:47 +0200
Subject: [PATCH] bswap_* macros are defined in byteswap.h
Fixes ImportError on s390x:
/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32
---
libqpol/policy.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libqpol/policy.c b/libqpol/policy.c
index ae3acb5..e412be0 100644
--- a/libqpol/policy.c
+++ b/libqpol/policy.c
@@ -28,6 +28,7 @@
#include "qpol_internal.h"
#include <assert.h>
+#include <byteswap.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
--
2.13.3

158
0004-Add-support-for-SCTP-protocol.patch Normal file
View file

@ -0,0 +1,158 @@
From 3ef6369a22691e8e11cbf63f37b114941b3577a1 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Mon, 16 Apr 2018 20:46:20 +0200
Subject: [PATCH] Add support for SCTP protocol
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1568333
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
libqpol/include/qpol/linux_types.h | 1 +
libqpol/policy_define.c | 5 +++++
setools/perm_map | 36 +++++++++++++++++++++++++++---
setools/policyrep/netcontext.py | 5 +++++
4 files changed, 44 insertions(+), 3 deletions(-)
diff --git a/libqpol/include/qpol/linux_types.h b/libqpol/include/qpol/linux_types.h
index c3c056b..0985162 100644
--- a/libqpol/include/qpol/linux_types.h
+++ b/libqpol/include/qpol/linux_types.h
@@ -12,6 +12,7 @@ typedef uint16_t __u16;
#define s6_addr32 __u6_addr32
#define IPPROTO_DCCP 33
+#define IPPROTO_SCTP 132
#endif
#endif
diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c
index dcc69fc..1e623a3 100644
--- a/libqpol/policy_define.c
+++ b/libqpol/policy_define.c
@@ -44,6 +44,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <stdlib.h>
#include <limits.h>
@@ -4933,6 +4936,8 @@ int define_port_context(unsigned int low, unsigned int high)
protocol = IPPROTO_UDP;
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP;
} else {
yyerror2("unrecognized protocol %s", id);
goto bad;
diff --git a/setools/perm_map b/setools/perm_map
index 0a9f91c..8bd34f5 100644
--- a/setools/perm_map
+++ b/setools/perm_map
@@ -27,7 +27,7 @@
# Look to the examples below for further clarification.
#
# Number of object classes.
-95
+96
class netlink_audit_socket 27
nlmsg_relay w 10
@@ -376,7 +376,7 @@ class file 22
quotaon b 1
swapon b 1
-class node 11
+class node 13
rawip_recv r 10
tcp_recv r 10
udp_recv r 10
@@ -385,6 +385,8 @@ class node 11
udp_send w 10
dccp_recv r 10
dccp_send w 10
+ sctp_recv r 10
+ sctp_send w 10
enforce_dest n 1
sendto w 10
recvfrom r 10
@@ -699,6 +701,32 @@ class dccp_socket 24
relabelto w 10
listen r 1
+class sctp_socket 24
+ node_bind n 1
+ name_connect w 10
+ append w 10
+ bind w 1
+ connect w 1
+ create w 1
+ write w 10
+ relabelfrom r 10
+ ioctl n 1
+ name_bind n 1
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ getattr r 7
+ setattr w 7
+ accept r 1
+ getopt r 1
+ read r 10
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ lock n 1
+ relabelto w 10
+ listen r 1
+
class netlink_firewall_socket 24
nlmsg_write w 10
nlmsg_read r 10
@@ -973,7 +1001,7 @@ class key_socket 22
relabelto w 10
listen r 1
-class netif 10
+class netif 12
rawip_recv r 10
tcp_recv r 10
udp_recv r 10
@@ -984,6 +1012,8 @@ class netif 10
udp_send w 10
dccp_recv r 10
dccp_send w 10
+ sctp_recv r 10
+ sctp_send w 10
class packet_socket 22
append w 10
diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py
index 9a01fc5..630b42c 100644
--- a/setools/policyrep/netcontext.py
+++ b/setools/policyrep/netcontext.py
@@ -35,6 +35,10 @@ try:
IPPROTO_DCCP = getprotobyname("dccp")
except socket.error:
IPPROTO_DCCP = 33
+try:
+ IPPROTO_SCTP = getprotobyname("sctp")
+except socket.error:
+ IPPROTO_SCTP = 132
def netifcon_factory(policy, name):
@@ -161,6 +165,7 @@ class PortconProtocol(int, PolicyEnum):
tcp = IPPROTO_TCP
udp = IPPROTO_UDP
dccp = IPPROTO_DCCP
+ sctp = IPPROTO_SCTP
class Portcon(NetContext):
--
2.18.0

43
156.patch
View file

@ -1,43 +0,0 @@
From 39f7c88251925463c38f5000f6178fe70b484f44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Tue, 8 Apr 2025 11:22:47 +0200
Subject: [PATCH] Remove redundant runtime requirement on setuptools
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The dependency was dropped in 99a1cf3b50cd8bf502b5070293c4d1bf792d1566
Add a build time dependency for setup.py build_ext on Python 3.12+
which no longer contains distutils.
Signed-off-by: Miro Hrončok <miro@hroncok.cz>
---
pyproject.toml | 2 +-
tox.ini | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/pyproject.toml b/pyproject.toml
index f7815a15..28ae121a 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -39,7 +39,7 @@ classifiers = ["Development Status :: 5 - Production/Stable",
requires-python=">=3.10"
# also requires libsepol.so and libselinux.so.
-dependencies = ["setuptools"]
+dependencies = []
optional-dependencies.analysis = ["networkx>=2.6",
"pygraphviz"]
diff --git a/tox.ini b/tox.ini
index 8fa6954f..b2a21d6b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -56,5 +56,6 @@ deps = networkx>=2.6
pygraphviz
pytest-qt
pytest-xvfb
+ setuptools;python_version>="3.12"
commands_pre = {envpython} setup.py build_ext -i
commands = {envpython} -m pytest tests

42
157.patch
View file

@ -1,42 +0,0 @@
From a33a2e394435316f3822e89ac9c2a9aabab17252 Mon Sep 17 00:00:00 2001
From: Pranav Lawate <pran.lawate@gmail.com>
Date: Tue, 30 Sep 2025 22:29:10 +0530
Subject: [PATCH] Fix seinfo argument parsing when policy path follows query
options
Signed-off-by: Pranav Lawate <pran.lawate@gmail.com>
---
seinfo | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/seinfo b/seinfo
index 99180c36..d04ec320 100755
--- a/seinfo
+++ b/seinfo
@@ -12,6 +12,7 @@ import logging
import signal
import ipaddress
import warnings
+from pathlib import Path
from typing import Callable, List, Tuple
@@ -102,6 +103,18 @@ xen.add_argument("--devicetreecon", help="Print all devicetreecon statements.",
args = parser.parse_args()
+# Fix argument misparsing: when policy is None and a query option is a string,
+# check if the string is actually a policy file that is incorrectly consumed by the query option
+if not args.policy:
+ # Check all query options defined in the queries argument group
+ for action in queries._group_actions:
+ value = getattr(args, action.dest, None)
+ if isinstance(value, str) and Path(value).exists():
+ # This query argument consumed the policy path - fix it
+ args.policy = value
+ setattr(args, action.dest, True)
+ break
+
if args.debug:
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')

16
gating.yaml
View file

@ -1,16 +0,0 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

7
plans/selinux.fmf
View file

@ -1,7 +0,0 @@
summary: selinux tests - Tier 1 | policycoreutils | checkpolicy
discover:
how: fmf
url: https://src.fedoraproject.org/tests/selinux
filter: "tier: 1 | component: policycoreutils | component: checkpolicy"
execute:
how: tmt

5
plans/tests.fmf
View file

@ -1,5 +0,0 @@
summary: setools test plan
discover:
how: fmf
execute:
how: tmt

3
rpminspect.yaml
View file

@ -1,3 +0,0 @@
emptyrpm:
expected_empty:
- setools

309
setools.spec
View file

@ -1,34 +1,42 @@
%global sepol_ver 3.9
%global selinux_ver 3.9
# sitelib for noarch packages, sitearch for others (remove the unneeded one)
%{!?__python2: %global __python2 %__python}
%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
# % global setools_pre_ver beta.1.8e09d95
# % global gitver f1e5b20
%global sepol_ver 2.8-1
%global selinux_ver 2.8-1
Name: setools
Version: 4.6.0
Release: 4%{?dist}
Version: 4.1.1
Release: 14%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
Summary: Policy analysis tools for SELinux
License: GPL-2.0-only AND LGPL-2.1-only
License: GPLv2
URL: https://github.com/SELinuxProject/setools/wiki
Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz
Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
Source1: setools.pam
Source2: apol.desktop
# Remove redundant runtime requirement on setuptools
Patch: https://github.com/SELinuxProject/setools/pull/156.patch
# Fix seinfo argument parsing when policy path follows query
Patch: https://github.com/SELinuxProject/setools/pull/157.patch
Patch1: 0001-Do-not-use-Werror-during-build.patch
Patch2: 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
Patch3: 0003-bswap_-macros-are-defined-in-byteswap.h.patch
Patch4: 0004-Add-support-for-SCTP-protocol.patch
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
BuildRequires: flex, bison
BuildRequires: glibc-devel, gcc, git-core
BuildRequires: glibc-devel, gcc, git
BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver}
BuildRequires: qt5-qtbase-devel
BuildRequires: swig
BuildRequires: python3-Cython
BuildRequires: python2-devel
BuildRequires: python2-setuptools
BuildRequires: python3-devel
BuildRequires: libselinux-devel
BuildRequires: python3-setuptools
Requires: %{name}-console = %{version}-%{release}
Requires: %{name}-console-analyses = %{version}-%{release}
Requires: %{name}-gui = %{version}-%{release}
# BuildArch:
Requires: python3-%{name} = %{version}-%{release}
%description
SETools is a collection of graphical tools, command-line tools, and
@ -36,7 +44,7 @@ Python modules designed to facilitate SELinux policy analysis.
%package console
Summary: Policy analysis command-line tools for SELinux
License: GPL-2.0-only
License: GPLv2
Requires: python3-setools = %{version}-%{release}
Requires: libselinux >= %{selinux_ver}
@ -53,7 +61,7 @@ This package includes the following console tools:
%package console-analyses
Summary: Policy analysis command-line tools for SELinux
License: GPL-2.0-only
License: GPLv2
Requires: python3-setools = %{version}-%{release}
Requires: libselinux >= %{selinux_ver}
Requires: python3-networkx
@ -68,10 +76,31 @@ This package includes the following console tools:
seinfoflow Perform information flow analyses.
%package -n python2-setools
Summary: Policy analysis tools for SELinux
Recommends: python2-libselinux
%{?python_provide:%python_provide python2-setools}
# Remove before F30
Provides: %{name}-python = %{version}-%{release}
Provides: %{name}-python%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python < %{version}-%{release}
Requires: python2-enum34
Requires: python2-setuptools
%description -n python2-setools
SETools is a collection of graphical tools, command-line tools, and
Python 2 modules designed to facilitate SELinux policy analysis.
%package -n python3-setools
Summary: Policy analysis tools for SELinux
License: LGPL-2.1-only
Summary: Policy analysis tools for SELinux
Obsoletes: setools-libs < 4.0.0
Recommends: libselinux-python3
%{?python_provide:%python_provide python2-setools}
# Remove before F30
Provides: %{name}-python3 = %{version}-%{release}
Provides: %{name}-python3%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python3 < %{version}-%{release}
Requires: python3-setuptools
%description -n python3-setools
SETools is a collection of graphical tools, command-line tools, and
@ -80,9 +109,8 @@ Python 3 modules designed to facilitate SELinux policy analysis.
%package gui
Summary: Policy analysis graphical tools for SELinux
License: GPL-2.0-only
Requires: python3-setools = %{version}-%{release}
Requires: python3-pyqt6 python3-pyqt6-sip
Requires: python3-qt5
Requires: python3-networkx
%description gui
@ -91,253 +119,72 @@ Python modules designed to facilitate SELinux policy analysis.
%prep
%autosetup -p 1 -S git -n setools-%{version}
%autosetup -p 1 -S git
%generate_buildrequires
%pyproject_buildrequires
cp -a ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
%build
%pyproject_wheel
%py3_build
pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
# Remove CFLAGS=... for noarch packages (unneeded)
CFLAGS="%{optflags}" %{__python2} setup.py build
popd
%install
%pyproject_install
rm -rf %{buildroot}
pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
%{__python2} setup.py install --root %{buildroot}
popd
rm -rf %{buildroot}%{_bindir}
%py3_install
%check
%if %{?_with_check:1}%{!?_with_check:0}
# dnf install python3-pytest python3-pytest-qt
%pytest
%{__python3} setup.py test
pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
%{__python2} setup.py test
popd
%endif
%files
%files console
%license COPYING.GPL
%{_bindir}/sechecker
%{_bindir}/sediff
%{_bindir}/seinfo
%{_bindir}/sesearch
%{_mandir}/man1/sechecker*
%{_mandir}/man1/sediff*
%{_mandir}/man1/seinfo*
%{_mandir}/man1/sesearch*
%{_mandir}/ru/man1/sediff*
%{_mandir}/ru/man1/seinfo*
%{_mandir}/ru/man1/sesearch*
%files console-analyses
%license COPYING.GPL
%{_bindir}/sedta
%{_bindir}/seinfoflow
%{_mandir}/man1/sedta*
%{_mandir}/man1/seinfoflow*
%{_mandir}/ru/man1/sedta*
%{_mandir}/ru/man1/seinfoflow*
%files -n python2-setools
%license COPYING COPYING.GPL COPYING.LGPL
%{python2_sitearch}/*
%files -n python3-setools
%license COPYING COPYING.LGPL
%license COPYING COPYING.GPL COPYING.LGPL
%{python3_sitearch}/setools
%{python3_sitearch}/setools-*
%files gui
%license COPYING.GPL
%{_bindir}/apol
%{python3_sitearch}/setoolsgui
%{_mandir}/man1/apol*
%{_mandir}/ru/man1/apol*
%changelog
* Mon Dec 01 2025 Veronika Syncakova <vsyncako@redhat.com> - 4.6.0-4
- Fix seinfo argument parsing when policy path follows query options
* Thu Oct 02 2025 Miro Hrončok <mhroncok@redhat.com> - 4.6.0-3
- Drop redundant runtime requirement on python3-setuptools (redux)
* Fri Sep 19 2025 Python Maint <python-maint@redhat.com> - 4.6.0-2
- Rebuilt for Python 3.14.0rc3 bytecode
* Tue Sep 09 2025 Petr Lautrbach <lautrbach@redhat.com> - 4.6.0-1
- SETools 4.6.0
* Fri Aug 15 2025 Python Maint <python-maint@redhat.com> - 4.5.1-11
- Rebuilt for Python 3.14.0rc2 bytecode
* Mon Aug 04 2025 Miro Hrončok <mhroncok@redhat.com> - 4.5.1-10
- Drop redundant runtime requirement on python3-setuptools (correction)
* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 4.5.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Jul 05 2025 Petr Lautrbach <lautrbach@redhat.com> - 4.5.1-8
- Rebuilt with SELinux userspace 3.9-rc2 release
* Mon Jun 02 2025 Python Maint <python-maint@redhat.com> - 4.5.1-7
- Rebuilt for Python 3.14
* Tue Apr 01 2025 Miro Hrončok <mhroncok@redhat.com> - 4.5.1-6
- Drop redundant runtime requirement on python3-setuptools, dropped in setools 4.5.1
* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 4.5.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.5.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 07 2024 Python Maint <python-maint@redhat.com> - 4.5.1-3
- Rebuilt for Python 3.13
* Thu May 02 2024 Petr Lautrbach <lautrbach@redhat.com> - 4.5.1-2
- Fix License tag
* Thu May 02 2024 Petr Lautrbach <lautrbach@redhat.com> - 4.5.1-1
- SETools 4.5.1
* Thu Apr 18 2024 Petr Lautrbach <lautrbach@redhat.com> - 4.5.0-1
- SETools 4.5.0
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Dec 11 2023 Petr Lautrbach <lautrbach@redhat.com> - 4.4.4-1
- SETools 4.4.4 release
* Mon Aug 28 2023 Petr Lautrbach <lautrbach@redhat.com> - 4.4.3-2
- Use Qt 6
* Wed Aug 9 2023 Petr Lautrbach <lautrbach@redhat.com> - 4.4.3-1
- SETools 4.4.3 release
* Wed Jul 26 2023 Petr Lautrbach <lautrbach@redhat.com> - 4.4.2-4
- Disable/remove neverallow options in sediff.
- Improve man pages
- seinfoflow: Add -r option to get flows into the source type.
- seinfoflow.1: Remove references to sepolgen permission map.
- AVRule/AVRuleXperm: Treat rules with no permissions as invalid policy.
- SELinuxPolicy: Add explicit cast for libspol message
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 4.4.2-2
- Rebuilt for Python 3.12
* Thu Apr 20 2023 Petr Lautrbach <lautrbach@redhat.com> - 4.4.2-1
- SETools 4.4.2 release
* Mon Feb 6 2023 Petr Lautrbach <lautrbach@redhat.com> - 4.4.1-1
- SETools 4.4.1 release
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 4.4.0-8
- Rebuilt for Python 3.11
* Mon Jun 13 2022 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-7
- Update required userspace versions to 3.4
- Drop unnecessary Recommends
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 4.4.0-6
- Rebuilt for Python 3.11
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Nov 19 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-4
- Make seinfo output predictable
https://github.com/SELinuxProject/setools/issues/65
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 4.4.0-2
- Rebuilt for Python 3.10
* Mon Mar 8 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-1
- SETools 4.4.0 release
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-0.3.20210121git16c0696
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Jan 21 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20210121git16c0696
- Rebuild with SELinux userspace 3.2-rc1
- Update to 16c0696
* Thu Dec 10 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20201102git05e90ee
- Fix imports in /usr/bin/sedta
* Tue Nov 3 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.1.20201102git05e90ee
- Update to 05e90ee
- Add /usr/bin/sechecker
- Adapt to new libsepol filename transition structures
- Rebuild with libsepol.so.2
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-5
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jul 16 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-3
- rebuild with SELinux userspace 3.1 release
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 4.3.0-2
- Rebuilt for Python 3.9
* Thu Apr 2 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-1
- SETools 4.3.0 release
- Revised sediff method for TE rules. This drastically reduced memory and run time.
- Added infiniband context support to seinfo, sediff, and apol.
- Added apol configuration for location of Qt assistant.
- Fixed sediff issue where properties header would display when not requested.
- Fixed sediff issue with type_transition file name comparison.
- Fixed permission map socket sendto information flow direction.
- Added methods to TypeAttribute class to make it a complete Python collection.
- Genfscon now will look up classes rather than using fixed values which
were dropped from libsepol.
* Mon Mar 23 2020 Petr Lautrbach <plautrba@redhat.com> - 4.2.2-5
- setools requires -console, -console-analyses and -gui packages (#1794314)
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 4.2.2-3
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 4.2.2-2
- Rebuilt for Python 3.8
* Mon Jul 08 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.2-1}
- SETools 4.2.2 release
* Mon May 13 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-3
- Use %set_build_flags instead of %optflags
* Mon May 06 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-2
- SELinuxPolicy: Create a map of aliases on policy load (#1672631)
* Tue Mar 26 2019 Petr Lautrbach <plautrba@redhat.com> - 4.2.1-1
- SETools 4.2.1 release (#1581761, #1595582)
* Wed Nov 14 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-1
- Update source to SETools 4.2.0 release
* Mon Oct 01 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.3.rc
- Update upstream source to 4.2.0-rc
* Wed Sep 19 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.2.beta
- Require userspace release 2.8
- setools-gui requires python3-setools
- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371)
- Drop python2 subpackage (4.2.0 no longer supports python2)
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Aug 29 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-13
- Add Requires for python[23]-setuptools - no longer required (just recommended)

2
sources
View file

@ -1 +1 @@
SHA512 (4.6.0.tar.gz) = 5b654f480f285717d15fa55f754fbd00cb030a0d8af8342d901e0514c4fdbacb7873e19420dab98540eaa481c687ff1e03423df893c0d1744eb4c53eb81afbf5
SHA512 (4.1.1.tar.gz) = 2e55a3b07e2f94d7c84054f31d266567b9acc708fe2b0e16ac3ea24e8301c712bcf564ff915a6135a1a6ba6822682bb3a6530dae20161a832fb7048364acbd04

63
tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile
View file

@ -1,63 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
# Description: Make sure setools requires setools-console and setools-gui
# Author: Vit Mojzis <vmojzis@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Vit Mojzis <vmojzis@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Make sure setools requires setools-console and setools-gui" >> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: setools" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1820078" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7" >> $(METADATA)
rhts-lint $(METADATA)

11
tests/Regression/The-setools-package-doesn-t-install-any-tools/main.fmf
View file

@ -1,11 +0,0 @@
summary: Make sure setools requires setools-console and setools-gui
contact: Vit Mojzis <vmojzis@redhat.com>
component:
- setools
test: ./runtest.sh
framework: beakerlib
duration: 5m
link:
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1820078
extra-summary: /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
extra-task: /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools

53
tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh
View file

@ -1,53 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/setools/Regression/bz1820078-The-setools-package-doesn-t-install-any-tools
# Description: Make sure setools requires setools-console and setools-gui
# Author: Vit Mojzis <vmojzis@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setools"
rlJournalStart
rlPhaseStartSetup
rlRun "dnf -y remove ${PACKAGE} ${PACKAGE}-gui ${PACKAGE}-console"
OUTPUT_FILE=`mktemp`
rlPhaseEnd
rlPhaseStartTest "bz#1820078"
rlRun "dnf -y install ${PACKAGE}" 0
rlAssertRpm "${PACKAGE}-gui"
rlAssertRpm "${PACKAGE}-console"
# make sure that setools-* packages do not require setools
rlRun "rpm -q --whatrequires ${PACKAGE} >& ${OUTPUT_FILE}" 0,1
rlRun "grep -i \"${PACKAGE}-\" ${OUTPUT_FILE}" 1
if [ $? -ne 1 ]; then rlRun "cat \"${OUTPUT_FILE}\""; fi
rlPhaseEnd
rlPhaseStartCleanup
rm -f ${OUTPUT_FILE}
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

63
tests/Sanity/sedta/Makefile
View file

@ -1,63 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/setools/Sanity/sedta
# Description: Does sedta work as expected? Does it support all features?
# Author: Milos Malik <mmalik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/setools/Sanity/sedta
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.cil
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Does sedta work as expected? Does it support all features?" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 1h" >> $(METADATA)
@echo "RunFor: setools" >> $(METADATA)
@echo "Requires: policycoreutils setools-console-analyses" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHEL6 -RHEL7 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/Sanity/sedta/PURPOSE
View file

@ -1,3 +0,0 @@
PURPOSE of /CoreOS/setools/Sanity/sedta
Description: Does sedta work as expected? Does it support all features?
Author: Milos Malik <mmalik@redhat.com>

30
tests/Sanity/sedta/main.fmf
View file

@ -1,30 +0,0 @@
summary: Does sedta work as expected? Does it support all features?
description: ''
contact: Milos Malik <mmalik@redhat.com>
component:
- setools
test: ./runtest.sh
framework: beakerlib
recommend:
- git
- policycoreutils
- setools-console-analyses
duration: 1h
enabled: true
tag:
- CI-Tier-1
- NoRHEL4
- NoRHEL5
- NoRHEL6
- NoRHEL7
- TIPfail_Security
- f32friendly
- f33friendly
- targeted
adjust:
- enabled: false
when: distro == rhel-4, rhel-5, rhel-6, rhel-7
continue: false
extra-nitrate: TC#0604139
extra-summary: /CoreOS/setools/Sanity/sedta
extra-task: /CoreOS/setools/Sanity/sedta

87
tests/Sanity/sedta/runtest.sh
View file

@ -1,87 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/setools/Sanity/sedta
# Description: Does sedta work as expected? Does it support all features?
# Author: Milos Malik <mmalik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setools"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm ${PACKAGE}-console-analyses
OUTPUT_FILE=`mktemp`
rlRun "semodule -i testpolicy.cil"
rlRun "semodule -l | grep testpolicy"
rlPhaseEnd
rlPhaseStartTest "invalid values"
rlRun "sedta -s unknown_t >& ${OUTPUT_FILE}" 1
rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}"
rlRun "sedta -s apmd_t -t unknown_t -S >& ${OUTPUT_FILE}" 1
rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}"
rlRun "sedta -s unknown_t -p /etc/selinux/unknown/policy/policy.31 >& ${OUTPUT_FILE}" 1
rlRun "grep -i 'no such file or directory' ${OUTPUT_FILE}"
rlRun "sedta -s apmd_t -t var_lib_t -A -1 >& ${OUTPUT_FILE}" 1
rlRun "grep -i 'must be positive' ${OUTPUT_FILE}"
rlRun "sedta -s xyz_t >& ${OUTPUT_FILE}"
rlRun "grep -i '^0.*transition.*found' ${OUTPUT_FILE}"
rlPhaseEnd
rlPhaseStartTest "valid values"
# transitivity
rlRun "sedta -s first_t -t second_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
rlRun "sedta -s second_t -t third_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
rlRun "sedta -s first_t -t third_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
# reflexivity
rlRun "sedta -s first_t -t first_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
rlRun "sedta -s second_t -t second_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
rlRun "sedta -s third_t -t third_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
# path is longer than limit
rlRun "sedta -s first_t -t third_t -A 1 >& ${OUTPUT_FILE}"
rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
# non-existent relation
rlRun "sedta -s first_t -t third_t -S -r >& ${OUTPUT_FILE}"
rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
# non-existent relation
rlRun "sedta -s third_t -t first_t -S >& ${OUTPUT_FILE}"
rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "semodule -r testpolicy"
rlRun "semodule -l | grep testpolicy" 1
rm -f ${OUTPUT_FILE}
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

21
tests/Sanity/sedta/testpolicy.cil
View file

@ -1,21 +0,0 @@
( type xyz_t )
( type first_t )
( type first_exec_t )
( type second_t )
( type second_exec_t )
( type third_t )
( type third_exec_t )
( typetransition first_t second_exec_t process second_t )
( typetransition second_t third_exec_t process third_t )
( allow first_t second_exec_t ( file ( getattr open read execute )))
( allow first_t second_t ( process ( transition )))
( allow second_t third_exec_t ( file ( getattr open read execute )))
( allow second_t third_t ( process ( transition )))
( allow first_t first_exec_t ( file ( entrypoint )))
( allow second_t second_exec_t ( file ( entrypoint )))
( allow third_t third_exec_t ( file ( entrypoint )))

64
tests/Sanity/seinfo-consistent-output/Makefile
View file

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of Sanity/seinfo-consistent-output
# Description: Check whether different 2 or more runs of same seinfo commands produce same output
# Author: Petr Lautrbach <plautrba@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2021 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=Sanity/seinfo-consistent-output
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Petr Lautrbach <plautrba@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Check whether different 2 or more runs of same seinfo commands produce same output" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: setools" >> $(METADATA)
@echo "Requires: setools-console" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 2019962" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/Sanity/seinfo-consistent-output/PURPOSE
View file

@ -1,3 +0,0 @@
PURPOSE of Sanity/seinfo-consistent-output
Description: Check whether different 2 or more runs of same seinfo commands produce same output
Author: Petr Lautrbach <plautrba@redhat.com>

15
tests/Sanity/seinfo-consistent-output/main.fmf
View file

@ -1,15 +0,0 @@
summary: Check whether different 2 or more runs of same seinfo commands produce same
output
description: ''
contact: Petr Lautrbach <plautrba@redhat.com>
component:
- setools
test: ./runtest.sh
framework: beakerlib
recommend:
- setools-console
duration: 5m
link:
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=2019962
extra-summary: Sanity/seinfo-consistent-output
extra-task: Sanity/seinfo-consistent-output

63
tests/Sanity/seinfo-consistent-output/runtest.sh
View file

@ -1,63 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of Sanity/seinfo-consistent-output
# Description: Check whether different 2 or more runs of same seinfo commands produce same output
# Author: Petr Lautrbach <plautrba@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2021 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="setools-console"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlPhaseEnd
commands=(
"seinfo --all -x"
"seinfo --constrain"
"seinfo --common"
"seinfo -c -x"
"seinfo -r -x"
"seinfo -u -x"
)
for c in "${commands[@]}"; do
rlPhaseStartTest "$c"
rlRun "$c > 1.out"
rlRun "$c > 2.out"
rlRun "cmp 1.out 2.out" 0
rlPhaseEnd
done
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd