From de4d249e8dbf288563ba574c88c67dcd492682e9 Mon Sep 17 00:00:00 2001 From: Jussi Laakkonen Date: Tue, 2 Apr 2019 11:34:16 +0300 Subject: [PATCH] [policycoreutils] Change ausearch path to /usr/sbin. Fixes JB45351 The ausearch path is hardcoded in sepolgen audit.py, this patch (0003-Change-ausearch-path-to-usr-sbin.patch) changes the path to /usr/sbin instead of /sbin. Also renamed other patches to have 000* in front and modified the spec accordingly. --- ...disable_awk_sandbox_policycoreutils.patch} | 0 ...path.patch => 0002-fix_systemd_path.patch} | 0 ...003-Change-ausearch-path-to-usr-sbin.patch | 34 +++++++++++++++++++ rpm/policycoreutils.spec | 6 ++-- 4 files changed, 38 insertions(+), 2 deletions(-) rename rpm/{disable_awk_sandbox_policycoreutils.patch => 0001-disable_awk_sandbox_policycoreutils.patch} (100%) rename rpm/{fix_systemd_path.patch => 0002-fix_systemd_path.patch} (100%) create mode 100644 rpm/0003-Change-ausearch-path-to-usr-sbin.patch diff --git a/rpm/disable_awk_sandbox_policycoreutils.patch b/rpm/0001-disable_awk_sandbox_policycoreutils.patch similarity index 100% rename from rpm/disable_awk_sandbox_policycoreutils.patch rename to rpm/0001-disable_awk_sandbox_policycoreutils.patch diff --git a/rpm/fix_systemd_path.patch b/rpm/0002-fix_systemd_path.patch similarity index 100% rename from rpm/fix_systemd_path.patch rename to rpm/0002-fix_systemd_path.patch diff --git a/rpm/0003-Change-ausearch-path-to-usr-sbin.patch b/rpm/0003-Change-ausearch-path-to-usr-sbin.patch new file mode 100644 index 0000000..1bc0922 --- /dev/null +++ b/rpm/0003-Change-ausearch-path-to-usr-sbin.patch @@ -0,0 +1,34 @@ +From 58b6aa1843874ebea83f986197bece38c71bd28e Mon Sep 17 00:00:00 2001 +From: Jussi Laakkonen +Date: Tue, 2 Apr 2019 11:27:17 +0300 +Subject: [PATCH] Change ausearch path to /usr/sbin + +--- + python/sepolgen/src/sepolgen/audit.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/python/sepolgen/src/sepolgen/audit.py b/python/sepolgen/src/sepolgen/audit.py +index 26ce6c92..1240ab4b 100644 +--- a/python/sepolgen/src/sepolgen/audit.py ++++ b/python/sepolgen/src/sepolgen/audit.py +@@ -41,7 +41,7 @@ def get_audit_boot_msgs(): + s = time.localtime(time.time() - off) + bootdate = time.strftime("%x", s) + boottime = time.strftime("%X", s) +- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime], ++ output = subprocess.Popen(["/usr/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime], + stdout=subprocess.PIPE).communicate()[0] + if util.PY3: + output = util.decode_input(output) +@@ -56,7 +56,7 @@ def get_audit_msgs(): + string contain all of the audit messages returned by ausearch. + """ + import subprocess +- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"], ++ output = subprocess.Popen(["/usr/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"], + stdout=subprocess.PIPE).communicate()[0] + if util.PY3: + output = util.decode_input(output) +-- +2.20.1 + diff --git a/rpm/policycoreutils.spec b/rpm/policycoreutils.spec index 59da270..e88adae 100644 --- a/rpm/policycoreutils.spec +++ b/rpm/policycoreutils.spec @@ -49,8 +49,9 @@ Source16: selinux-autorelabel.service Source17: selinux-autorelabel-mark.service Source18: selinux-autorelabel.target Source19: selinux-autorelabel-generator.sh -Patch0: disable_awk_sandbox_policycoreutils.patch -Patch1: fix_systemd_path.patch +Patch0: 0001-disable_awk_sandbox_policycoreutils.patch +Patch1: 0002-fix_systemd_path.patch +Patch2: 0003-Change-ausearch-path-to-usr-sbin.patch Provides: /sbin/fixfiles Provides: /sbin/restorecon @@ -98,6 +99,7 @@ to switch roles. %setup -q -n %{name}-%{version}/upstream %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build make -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="%{_sbindir}" LIBSEPOLA="%{_libdir}/libsepol.a" all