mirror of
https://github.com/PartialVolume/shredos.x86_64.git
synced 2026-02-20 09:35:26 +00:00
Upgrade buildroot to 2023.05 (from 2021.08.2), kernel is upgraded to 6.3 (from 5.13.19).
This commit is contained in:
@@ -0,0 +1,63 @@
|
||||
From 8610efc1610a4e9d4cbfa19ed4a519a6425aee70 Mon Sep 17 00:00:00 2001
|
||||
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
|
||||
Date: Tue, 9 May 2023 22:28:36 +0200
|
||||
Subject: [PATCH] python?sepolgen: fix ausearch path
|
||||
|
||||
ausearch is not always isntalled in /sbin; some systems install it in
|
||||
/usr/sbin, or it can also be locally installed in /usr/local/sbin.
|
||||
|
||||
The python doc [0] suggests using shutil.which() to find the path where
|
||||
a command is. which() returns None if the command is not found. If
|
||||
ausearch is not found, that would result in an exception being raised by
|
||||
Popen():
|
||||
TypeError: expected str, bytes or os.PathLike object, not NoneType
|
||||
|
||||
This is not very informative of what actually failed...
|
||||
|
||||
However, the doc suggests so for portability. In our case, the python
|
||||
tools are only ever going to run on a Linux host (by their virtue of
|
||||
dealing with SELinux), so the search will be reliably done by looking in
|
||||
PATH, so we can let Popen() bubble the resolving of an unqualified
|
||||
command, down to execvpe() (or the similar actual syscall of the exec*()
|
||||
familly). If ausearch is then not found, Popen() raises an exception
|
||||
that is wy more informative then:
|
||||
FileNotFoundError: [Errno 2] No such file or directory: 'ausearch'
|
||||
|
||||
[0] https://docs.python.org/3/library/subprocess.html#subprocess.Popen
|
||||
|
||||
Signed-off-by: Adam Duskett <aduskett@gmail.com>
|
||||
[yann.morin.1998@free.fr:
|
||||
- let Popen() resolve from PATH
|
||||
- rewrite commit log
|
||||
]
|
||||
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
|
||||
Upstream: not submitted
|
||||
---
|
||||
python/sepolgen/src/sepolgen/audit.py | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolgen/src/sepolgen/audit.py b/python/sepolgen/src/sepolgen/audit.py
|
||||
index 4adb851f..5eafa587 100644
|
||||
--- a/sepolgen/src/sepolgen/audit.py
|
||||
+++ b/sepolgen/src/sepolgen/audit.py
|
||||
@@ -41,7 +41,7 @@ def get_audit_boot_msgs():
|
||||
s = time.localtime(time.time() - off)
|
||||
bootdate = time.strftime("%x", s)
|
||||
boottime = time.strftime("%X", s)
|
||||
- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
|
||||
+ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
|
||||
stdout=subprocess.PIPE).communicate()[0]
|
||||
if util.PY3:
|
||||
output = util.decode_input(output)
|
||||
@@ -56,7 +56,7 @@ def get_audit_msgs():
|
||||
string contain all of the audit messages returned by ausearch.
|
||||
"""
|
||||
import subprocess
|
||||
- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
|
||||
+ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
|
||||
stdout=subprocess.PIPE).communicate()[0]
|
||||
if util.PY3:
|
||||
output = util.decode_input(output)
|
||||
--
|
||||
2.25.1
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
config BR2_PACKAGE_SELINUX_PYTHON
|
||||
bool "selinux-python"
|
||||
depends on !BR2_PACKAGE_PYTHON
|
||||
depends on BR2_USE_MMU
|
||||
depends on BR2_USE_WCHAR
|
||||
depends on BR2_TOOLCHAIN_HAS_THREADS
|
||||
@@ -17,6 +16,7 @@ if BR2_PACKAGE_SELINUX_PYTHON
|
||||
|
||||
config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
|
||||
bool "audit2allow"
|
||||
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_5 # semodule-utils -> libsepol
|
||||
select BR2_PACKAGE_CHECKPOLICY
|
||||
select BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
|
||||
select BR2_PACKAGE_SEMODULE_UTILS
|
||||
@@ -29,18 +29,21 @@ config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
|
||||
audit2why - translates SELinux audit messages into a
|
||||
description of why the access was denied (audit2allow -w)
|
||||
|
||||
comment "audit2allow needs a toolchain w/ gcc 5"
|
||||
depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_5
|
||||
|
||||
config BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
|
||||
bool "sepolgen"
|
||||
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_5 # semodule-utils -> libsepol
|
||||
select BR2_PACKAGE_SEMODULE_UTILS
|
||||
help
|
||||
This package contains a Python module that allows you to
|
||||
generate an initial SELinux policy module template.
|
||||
|
||||
endif
|
||||
comment "sepolgen needs a toolchain w/ gcc 5"
|
||||
depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_5
|
||||
|
||||
comment "selinux-python needs python3"
|
||||
depends on BR2_USE_MMU
|
||||
depends on BR2_PACKAGE_PYTHON
|
||||
endif
|
||||
|
||||
comment "selinux-python packages needs a toolchain w/ wchar, threads, dynamic library"
|
||||
depends on BR2_USE_MMU
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
sha256 770855ea8120ef23007fdb9db94b1ed6e8cd77917b584ed8877bbee9c16e74fb selinux-python-3.2.tar.gz
|
||||
sha256 8245bb4dae59333461f19ca0c79a829081f07972fa5e3ad4c2b2b917dd71d96b selinux-python-3.5.tar.gz
|
||||
|
||||
# Hash for license file
|
||||
sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
|
||||
sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 LICENSE
|
||||
|
||||
@@ -4,10 +4,10 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
SELINUX_PYTHON_VERSION = 3.2
|
||||
SELINUX_PYTHON_VERSION = 3.5
|
||||
SELINUX_PYTHON_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(SELINUX_PYTHON_VERSION)
|
||||
SELINUX_PYTHON_LICENSE = GPL-2.0
|
||||
SELINUX_PYTHON_LICENSE_FILES = COPYING
|
||||
SELINUX_PYTHON_LICENSE_FILES = LICENSE
|
||||
SELINUX_PYTHON_DEPENDENCIES = python3
|
||||
|
||||
SELINUX_PYTHON_MAKE_OPTS += \
|
||||
|
||||
Reference in New Issue
Block a user