public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Jan Kurik <jkurik@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/pcp] f44: Cleanup of old patches
Date: Wed, 01 Jul 2026 20:14:08 GMT [thread overview]
Message-ID: <178293684861.1.11587596288513308300.rpms-pcp-06a0749232c3@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/pcp
Branch : f44
Commit : 06a0749232c3004bb208e677a746a2ee80dfeddc
Author : Jan Kurik <jkurik@redhat.com>
Date : 2026-05-25T08:41:38+02:00
Stats : +1/-165 in 7 file(s)
URL : https://src.fedoraproject.org/rpms/pcp/c/06a0749232c3004bb208e677a746a2ee80dfeddc?branch=f44
Log:
Cleanup of old patches
---
diff --git a/.gitignore b/.gitignore
index 005dbbd..0cbf601 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,2 @@
pcp-*.src.rpm
pcp-*.tar.gz
-pcp-testsuite.sysusers
-pcp.sysusers
diff --git a/pcp-avc-nvidia.patch b/pcp-avc-nvidia.patch
deleted file mode 100644
index e1a4a4f..0000000
--- a/pcp-avc-nvidia.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-commit e84ee24823548ce92c1e222d034e5600f4d3a10a
-Author: William Cohen <wcohen@redhat.com>
-Date: Tue Feb 10 04:00:26 2026 +0000
-
- selinux: Update nvidia pmda policy
-
- RHEL-133519
-
-diff --git a/src/selinux/pcp.te b/src/selinux/pcp.te
-index 54f4e96877..69ee2b2957 100644
---- a/src/selinux/pcp.te
-+++ b/src/selinux/pcp.te
-@@ -1051,7 +1051,7 @@ optional_policy(`
- # type=AVC msg=audit(N): avc: denied { read } for pid=PID comm="pmdanvidia" name="nvidia-cap2" dev="devtmpfs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file permissive=0
- #RHEL-83594
- allow pcp_pmcd_t default_t:file { execute };
--allow pcp_pmcd_t device_t:chr_file { create open read setattr write };
-+allow pcp_pmcd_t device_t:chr_file { create ioctl open read setattr write };
- allow pcp_pmcd_t device_t:dir { add_name remove_name write };
- allow pcp_pmcd_t device_t:lnk_file { create unlink };
- allow pcp_pmcd_t self:capability mknod;
-@@ -1059,7 +1059,7 @@ allow pcp_pmcd_t dri_device_t:chr_file { ioctl open read write };
- allow pcp_pmcd_t device_t:dir write;
- allow pcp_pmcd_t device_t:dir { create setattr };
- allow pcp_pmcd_t sysctl_vm_t:file read;
--allow pcp_pmcd_t xserver_misc_device_t:chr_file { ioctl open read write };
-+allow pcp_pmcd_t xserver_misc_device_t:chr_file { ioctl map open read write };
-
- # type=AVC msg=audit(N): avc: denied { sys_rawio } for pid=PID comm="pmdaX" name="/" dev="tracefs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:pcp_pmcd_t:s0 tclass=capability permissive=0
- allow pcp_pmcd_t self:capability sys_rawio;
diff --git a/pcp-avc-rocestat.patch b/pcp-avc-rocestat.patch
deleted file mode 100644
index c286791..0000000
--- a/pcp-avc-rocestat.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-commit 082ff6beb14420c04af74f37d2ae8c1628182ae2
-Author: William Cohen <wcohen@redhat.com>
-Date: Tue Feb 10 02:19:21 2026 +0000
-
- selinux: AVC denial fix for rocestat pmda
-
- Resolves: RHEL-132402
-
-diff --git a/src/selinux/pcp.te b/src/selinux/pcp.te
-index 59cf1fb630..54f4e96877 100644
---- a/src/selinux/pcp.te
-+++ b/src/selinux/pcp.te
-@@ -1036,6 +1036,16 @@ allow pcp_pmproxy_t pcp_log_t:lnk_file read;
- allow pcp_pmcd_t fsadm_exec_t:file { execute execute_no_trans getattr open read };
- allow pcp_pmcd_t fixed_disk_device_t:blk_file { open read ioctl };
-
-+#============= pmda-rocestat ==============
-+optional_policy(`
-+ require {
-+ type ifconfig_exec_t;
-+ }
-+ # type=AVC msg=audit(N): avc: denied { execute_no_trans } for pid=PID comm="python3" path="/usr/sbin/ethtool" dev=DEV ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0
-+ # RHEL-132402
-+ allow pcp_pmcd_t ifconfig_exec_t:file { execute execute_no_trans };
-+')
-+
- #============= pmda-nvidia ==============
- # type=AVC msg=audit(N): avc: denied { execute } for pid=PID comm="pmdanvidia" path="/usr/lib64/libnvidia-ml.so" dev="dm-2" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=0
- # type=AVC msg=audit(N): avc: denied { read } for pid=PID comm="pmdanvidia" name="nvidia-cap2" dev="devtmpfs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file permissive=0
diff --git a/pcp-qa-avc-check.patch b/pcp-qa-avc-check.patch
deleted file mode 100644
index 5b29501..0000000
--- a/pcp-qa-avc-check.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-commit c1d85e50a537302c10ef38bbfa173497281e5f5d
-Author: Ken McDonell <kenj@kenj.id.au>
-Date: Thu Feb 12 07:25:50 2026 +1100
-
- qa/check.callback.sample: AVC checks were being missed
-
- Normal mortals cannot access /var/log/audit/audit.log but on some
- systems (vm39, RHEL 8), the parent directory's permissions prevent
- test -f from even knowing the file exists, and thus the AVC checks
- were not being done.
-
- A small amount of $sudo love will fix this.
-
-diff --git a/qa/check.callback.sample b/qa/check.callback.sample
-index b5fd4fab3a..4ed2c127f8 100755
---- a/qa/check.callback.sample
-+++ b/qa/check.callback.sample
-@@ -101,7 +101,7 @@ then
- echo "--- start pre-check ---"
- ./941 --check $1
- ./870 --check $1
-- if [ -f "$audit" ]
-+ if $sudo test -f "$audit"
- then
- $sudo grep -E '^type=(AVC|SELINUX).*pcp' "$audit" \
- | _suppress_avc >$1.pre-avc 2>/dev/null
-@@ -306,7 +306,7 @@ then
- $abort && status=1
- fi
-
--if [ -f "$audit" ]
-+if $sudo test -f "$audit"
- then
- # Check audit log for any Security Enhanced Linux access denials
- # related to PCP ...
diff --git a/pcp-selinux.patch b/pcp-selinux.patch
deleted file mode 100644
index ef62b1d..0000000
--- a/pcp-selinux.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-commit ed0c9f04c13689a814ea3a2ab6712afff4409364
-Author: Ken McDonell <kenj@kenj.id.au>
-Date: Thu Feb 12 07:22:29 2026 +1100
-
- src/selinux/pcp.fc: rework fix for unconfined_t PCP daemons
-
- Commit 5ce65bc97b was close but NQR.
-
- Adjust the type to be pcp_pm<foo>_initrc_exec_t not pcp_pm<foo>_exec_t
- for the "new" services scripts.
-
- Verified on vm39 (RHEL 8).
-
-diff --git a/src/selinux/pcp.fc b/src/selinux/pcp.fc
-index 1ab786a36b..b2cc6c5c32 100644
---- a/src/selinux/pcp.fc
-+++ b/src/selinux/pcp.fc
-@@ -5,6 +5,9 @@
-
- /usr/libexec/pcp/bin/pmcd -- gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
- /usr/libexec/pcp/bin/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
-+/usr/libexec/pcp/services/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
-+/usr/libexec/pcp/services/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_exec_t,s0)
-+/usr/libexec/pcp/services/pmie -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
-
- /usr/libexec/pcp/bin/pmie_check -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
- /usr/libexec/pcp/bin/pmie_daily -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
-@@ -15,8 +18,11 @@
-
- /usr/libexec/pcp/lib/pmcd -- gen_context(system_u:object_r:pcp_pmcd_initrc_exec_t,s0)
- /usr/libexec/pcp/lib/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_initrc_exec_t,s0)
-+/usr/libexec/pcp/services/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_initrc_exec_t,s0)
- /usr/libexec/pcp/lib/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_initrc_exec_t,s0)
-+/usr/libexec/pcp/services/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_initrc_exec_t,s0)
- /usr/libexec/pcp/lib/pmie -- gen_context(system_u:object_r:pcp_pmie_initrc_exec_t,s0)
-+/usr/libexec/pcp/services/pmie -- gen_context(system_u:object_r:pcp_pmie_initrc_exec_t,s0)
-
- /usr/share/pcp/lib/pmcd -- gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
- /usr/share/pcp/lib/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
diff --git a/pcp-selinux2.patch b/pcp-selinux2.patch
deleted file mode 100644
index 2b0e68c..0000000
--- a/pcp-selinux2.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-commit 5e489373bee49ad40e424304fff16d693867ebcd
-Author: Ken McDonell <kenj@kenj.id.au>
-Date: Fri Feb 13 14:28:35 2026 +1100
-
- src/selinux/pcp.fc: one more try for services script
-
- Previous commit had left behind both the old (bad) and new (good)
- lines for the /usr/libexec/pcp/services scripts.
-
- Because the good ones came second, they won on RHEL 8 where I was
- testing this.
-
- On CentOS Stream 10, semodule is smarter and detects the duplicate
- (and conflicting) labelling requests, and barfs.
-
-diff --git a/src/selinux/pcp.fc b/src/selinux/pcp.fc
-index b2cc6c5c32..9a4fd48ab9 100644
---- a/src/selinux/pcp.fc
-+++ b/src/selinux/pcp.fc
-@@ -5,9 +5,6 @@
-
- /usr/libexec/pcp/bin/pmcd -- gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
- /usr/libexec/pcp/bin/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
--/usr/libexec/pcp/services/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
--/usr/libexec/pcp/services/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_exec_t,s0)
--/usr/libexec/pcp/services/pmie -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
-
- /usr/libexec/pcp/bin/pmie_check -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
- /usr/libexec/pcp/bin/pmie_daily -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
diff --git a/sources b/sources
index d32d859..17e4de5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (pcp-7.1.2.tar.gz) = 50dd331adad56c1296285316c8252f7ba7d27dbd513be99275b055df5572513c2cd9868fd7d1dddd6b64c493fec8e693c0ab75d654503aeb2a0fdec7305a1a7f
+SHA512 (pcp-7.1.4.tar.gz) = 0c6e09b5ee43e7537aefd192c88ce909042a1f0ee71dbce2e03419ae278bb33e1e8631223d459a36cb4c3eaf0d454ddc57b8a82804f8722fda929779c64c61d6
reply other threads:[~2026-07-01 20:14 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178293684861.1.11587596288513308300.rpms-pcp-06a0749232c3@fedoraproject.org \
--to=jkurik@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox