diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch index 6bf0880..a2d0115 100644 --- a/checkpolicy-rhat.patch +++ b/checkpolicy-rhat.patch @@ -1,60 +1,23 @@ -diff --exclude-from=exclude -N -u -r nsacheckpolicy/checkmodule.8 checkpolicy-1.27.19/checkmodule.8 ---- nsacheckpolicy/checkmodule.8 1969-12-31 19:00:00.000000000 -0500 -+++ checkpolicy-1.27.19/checkmodule.8 2005-12-01 15:00:22.000000000 -0500 -@@ -0,0 +1,45 @@ -+.TH CHECKMODULE 8 -+.SH NAME -+checkmodule \- SELinux policy module compiler -+.SH SYNOPSIS -+.B checkmodule -+.I "[-b] [-d] [-M] [-c policyvers] [-o output_file] [input_file]" -+ .br -+.SH "DESCRIPTION" -+This manual page describes the -+.BR checkmodule -+command. -+.PP -+.B checkmodule -+is a program that checks and compiles a SELinux security policy module -+into a binary representation. Use semodule_package to combine this module with -+its optional file context to create a policy package that can be loaded into the kernel. -+ -+.SH OPTIONS -+.TP -+.B \-b -+Read an existing binary policy file rather than a source policy.conf file. -+.TP -+.B \-d -+Enter debug mode after loading the policy. -+.TP -+.B \-M -+Enable the MLS policy when checking and compiling the policy. -+.TP -+.B \-o filename -+Write a binary policy file to the specified filename. -+.TP -+.B \-c policyvers -+Specify the policy version, defaults to the latest. -+ -+.SH "SEE ALSO" -+.B load_policy(8), semodule(8), semodule_package(8), semodule_expand(8), semodule_link(8) -+SELinux documentation at http://www.nsa.gov/selinux/docs.html, -+especially "Configuring the SELinux Policy". -+ -+ -+.SH AUTHOR -+This manual page was copied from the checkpolicy man page -+written by Arpad Magosanyi , -+and edited by Dan Walsh . -+The program was written by Stephen Smalley . -diff --exclude-from=exclude -N -u -r nsacheckpolicy/Makefile checkpolicy-1.27.19/Makefile ---- nsacheckpolicy/Makefile 2005-09-12 16:30:34.000000000 -0400 -+++ checkpolicy-1.27.19/Makefile 2005-12-01 15:00:34.000000000 -0500 -@@ -45,6 +45,7 @@ - -mkdir -p $(MANDIR)/man8 - install -m 755 $(TARGETS) $(BINDIR) - install -m 644 checkpolicy.8 $(MANDIR)/man8 -+ install -m 644 checkmodule.8 $(MANDIR)/man8 - - relabel: install - /sbin/restorecon $(BINDIR)/checkpolicy +--- checkpolicy/policy_parse.y 2008-05-05 14:45:13 UTC (rev 2877) ++++ checkpolicy/policy_parse.y 2008-05-05 15:12:17 UTC (rev 2878) +@@ -723,6 +723,7 @@ + ; + version_identifier : VERSION_IDENTIFIER + { if (insert_id(yytext,0)) return -1; } ++ | ipv4_addr_def /* version can look like ipv4 address */ + ; + avrules_block : avrule_decls avrule_user_defs + ; + + +This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. + +------------------------------------------------------------------------- +This SF.net email is sponsored by the 2008 JavaOne(SM) Conference +Don't miss this year's exciting event. There's still time to save $100. +Use priority code J8TL2D2. +http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone +_______________________________________________ +Selinux-commits mailing list +Selinux-commits@lists.sourceforge.net +https://lists.sourceforge.net/lists/listinfo/selinux-commits diff --git a/checkpolicy.spec b/checkpolicy.spec index bf98862..2de0396 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -2,10 +2,11 @@ Summary: SELinux policy compiler Name: checkpolicy Version: 2.0.14 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL Group: Development/System Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: checkpolicy-rhat.patch BuildRoot: %{_tmppath}/%{name}-buildroot BuildRequires: byacc bison flex libsepol-static >= %{libsepolver} libselinux-devel @@ -26,6 +27,7 @@ Only required for building policies. %prep %setup -q +%patch -p1 -b .rhat %build make clean @@ -53,6 +55,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_bindir}/sedispol %changelog +* Tue May 2 2008 Dan Walsh - 2.0.14-2 +- Allow modules with 4 sections or more + * Thu Mar 27 2008 Dan Walsh - 2.0.14-1 - Latest update from NSA * Add permissive domain support from Eric Paris.