public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/pcp] f43: Cleanup of old patches
@ 2026-07-01 20:44 Jan Kurik
0 siblings, 0 replies; only message in thread
From: Jan Kurik @ 2026-07-01 20:44 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/pcp
Branch : f43
Commit : 06a0749232c3004bb208e677a746a2ee80dfeddc
Author : Jan Kurik <jkurik@redhat.com>
Date : 2026-05-25T08:41:38+02:00
Stats : +1/-165 in 7 file(s)
URL : https://src.fedoraproject.org/rpms/pcp/c/06a0749232c3004bb208e677a746a2ee80dfeddc?branch=f43
Log:
Cleanup of old patches
---
diff --git a/.gitignore b/.gitignore
index 005dbbd..0cbf601 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,2 @@
pcp-*.src.rpm
pcp-*.tar.gz
-pcp-testsuite.sysusers
-pcp.sysusers
diff --git a/pcp-avc-nvidia.patch b/pcp-avc-nvidia.patch
deleted file mode 100644
index e1a4a4f..0000000
--- a/pcp-avc-nvidia.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-commit e84ee24823548ce92c1e222d034e5600f4d3a10a
-Author: William Cohen <wcohen@redhat.com>
-Date: Tue Feb 10 04:00:26 2026 +0000
-
- selinux: Update nvidia pmda policy
-
- RHEL-133519
-
-diff --git a/src/selinux/pcp.te b/src/selinux/pcp.te
-index 54f4e96877..69ee2b2957 100644
---- a/src/selinux/pcp.te
-+++ b/src/selinux/pcp.te
-@@ -1051,7 +1051,7 @@ optional_policy(`
- # type=AVC msg=audit(N): avc: denied { read } for pid=PID comm="pmdanvidia" name="nvidia-cap2" dev="devtmpfs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file permissive=0
- #RHEL-83594
- allow pcp_pmcd_t default_t:file { execute };
--allow pcp_pmcd_t device_t:chr_file { create open read setattr write };
-+allow pcp_pmcd_t device_t:chr_file { create ioctl open read setattr write };
- allow pcp_pmcd_t device_t:dir { add_name remove_name write };
- allow pcp_pmcd_t device_t:lnk_file { create unlink };
- allow pcp_pmcd_t self:capability mknod;
-@@ -1059,7 +1059,7 @@ allow pcp_pmcd_t dri_device_t:chr_file { ioctl open read write };
- allow pcp_pmcd_t device_t:dir write;
- allow pcp_pmcd_t device_t:dir { create setattr };
- allow pcp_pmcd_t sysctl_vm_t:file read;
--allow pcp_pmcd_t xserver_misc_device_t:chr_file { ioctl open read write };
-+allow pcp_pmcd_t xserver_misc_device_t:chr_file { ioctl map open read write };
-
- # type=AVC msg=audit(N): avc: denied { sys_rawio } for pid=PID comm="pmdaX" name="/" dev="tracefs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:pcp_pmcd_t:s0 tclass=capability permissive=0
- allow pcp_pmcd_t self:capability sys_rawio;
diff --git a/pcp-avc-rocestat.patch b/pcp-avc-rocestat.patch
deleted file mode 100644
index c286791..0000000
--- a/pcp-avc-rocestat.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-commit 082ff6beb14420c04af74f37d2ae8c1628182ae2
-Author: William Cohen <wcohen@redhat.com>
-Date: Tue Feb 10 02:19:21 2026 +0000
-
- selinux: AVC denial fix for rocestat pmda
-
- Resolves: RHEL-132402
-
-diff --git a/src/selinux/pcp.te b/src/selinux/pcp.te
-index 59cf1fb630..54f4e96877 100644
---- a/src/selinux/pcp.te
-+++ b/src/selinux/pcp.te
-@@ -1036,6 +1036,16 @@ allow pcp_pmproxy_t pcp_log_t:lnk_file read;
- allow pcp_pmcd_t fsadm_exec_t:file { execute execute_no_trans getattr open read };
- allow pcp_pmcd_t fixed_disk_device_t:blk_file { open read ioctl };
-
-+#============= pmda-rocestat ==============
-+optional_policy(`
-+ require {
-+ type ifconfig_exec_t;
-+ }
-+ # type=AVC msg=audit(N): avc: denied { execute_no_trans } for pid=PID comm="python3" path="/usr/sbin/ethtool" dev=DEV ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0
-+ # RHEL-132402
-+ allow pcp_pmcd_t ifconfig_exec_t:file { execute execute_no_trans };
-+')
-+
- #============= pmda-nvidia ==============
- # type=AVC msg=audit(N): avc: denied { execute } for pid=PID comm="pmdanvidia" path="/usr/lib64/libnvidia-ml.so" dev="dm-2" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=0
- # type=AVC msg=audit(N): avc: denied { read } for pid=PID comm="pmdanvidia" name="nvidia-cap2" dev="devtmpfs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file permissive=0
diff --git a/pcp-qa-avc-check.patch b/pcp-qa-avc-check.patch
deleted file mode 100644
index 5b29501..0000000
--- a/pcp-qa-avc-check.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-commit c1d85e50a537302c10ef38bbfa173497281e5f5d
-Author: Ken McDonell <kenj@kenj.id.au>
-Date: Thu Feb 12 07:25:50 2026 +1100
-
- qa/check.callback.sample: AVC checks were being missed
-
- Normal mortals cannot access /var/log/audit/audit.log but on some
- systems (vm39, RHEL 8), the parent directory's permissions prevent
- test -f from even knowing the file exists, and thus the AVC checks
- were not being done.
-
- A small amount of $sudo love will fix this.
-
-diff --git a/qa/check.callback.sample b/qa/check.callback.sample
-index b5fd4fab3a..4ed2c127f8 100755
---- a/qa/check.callback.sample
-+++ b/qa/check.callback.sample
-@@ -101,7 +101,7 @@ then
- echo "--- start pre-check ---"
- ./941 --check $1
- ./870 --check $1
-- if [ -f "$audit" ]
-+ if $sudo test -f "$audit"
- then
- $sudo grep -E '^type=(AVC|SELINUX).*pcp' "$audit" \
- | _suppress_avc >$1.pre-avc 2>/dev/null
-@@ -306,7 +306,7 @@ then
- $abort && status=1
- fi
-
--if [ -f "$audit" ]
-+if $sudo test -f "$audit"
- then
- # Check audit log for any Security Enhanced Linux access denials
- # related to PCP ...
diff --git a/pcp-selinux.patch b/pcp-selinux.patch
deleted file mode 100644
index ef62b1d..0000000
--- a/pcp-selinux.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-commit ed0c9f04c13689a814ea3a2ab6712afff4409364
-Author: Ken McDonell <kenj@kenj.id.au>
-Date: Thu Feb 12 07:22:29 2026 +1100
-
- src/selinux/pcp.fc: rework fix for unconfined_t PCP daemons
-
- Commit 5ce65bc97b was close but NQR.
-
- Adjust the type to be pcp_pm<foo>_initrc_exec_t not pcp_pm<foo>_exec_t
- for the "new" services scripts.
-
- Verified on vm39 (RHEL 8).
-
-diff --git a/src/selinux/pcp.fc b/src/selinux/pcp.fc
-index 1ab786a36b..b2cc6c5c32 100644
---- a/src/selinux/pcp.fc
-+++ b/src/selinux/pcp.fc
-@@ -5,6 +5,9 @@
-
- /usr/libexec/pcp/bin/pmcd -- gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
- /usr/libexec/pcp/bin/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
-+/usr/libexec/pcp/services/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
-+/usr/libexec/pcp/services/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_exec_t,s0)
-+/usr/libexec/pcp/services/pmie -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
-
- /usr/libexec/pcp/bin/pmie_check -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
- /usr/libexec/pcp/bin/pmie_daily -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
-@@ -15,8 +18,11 @@
-
- /usr/libexec/pcp/lib/pmcd -- gen_context(system_u:object_r:pcp_pmcd_initrc_exec_t,s0)
- /usr/libexec/pcp/lib/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_initrc_exec_t,s0)
-+/usr/libexec/pcp/services/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_initrc_exec_t,s0)
- /usr/libexec/pcp/lib/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_initrc_exec_t,s0)
-+/usr/libexec/pcp/services/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_initrc_exec_t,s0)
- /usr/libexec/pcp/lib/pmie -- gen_context(system_u:object_r:pcp_pmie_initrc_exec_t,s0)
-+/usr/libexec/pcp/services/pmie -- gen_context(system_u:object_r:pcp_pmie_initrc_exec_t,s0)
-
- /usr/share/pcp/lib/pmcd -- gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
- /usr/share/pcp/lib/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
diff --git a/pcp-selinux2.patch b/pcp-selinux2.patch
deleted file mode 100644
index 2b0e68c..0000000
--- a/pcp-selinux2.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-commit 5e489373bee49ad40e424304fff16d693867ebcd
-Author: Ken McDonell <kenj@kenj.id.au>
-Date: Fri Feb 13 14:28:35 2026 +1100
-
- src/selinux/pcp.fc: one more try for services script
-
- Previous commit had left behind both the old (bad) and new (good)
- lines for the /usr/libexec/pcp/services scripts.
-
- Because the good ones came second, they won on RHEL 8 where I was
- testing this.
-
- On CentOS Stream 10, semodule is smarter and detects the duplicate
- (and conflicting) labelling requests, and barfs.
-
-diff --git a/src/selinux/pcp.fc b/src/selinux/pcp.fc
-index b2cc6c5c32..9a4fd48ab9 100644
---- a/src/selinux/pcp.fc
-+++ b/src/selinux/pcp.fc
-@@ -5,9 +5,6 @@
-
- /usr/libexec/pcp/bin/pmcd -- gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
- /usr/libexec/pcp/bin/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
--/usr/libexec/pcp/services/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
--/usr/libexec/pcp/services/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_exec_t,s0)
--/usr/libexec/pcp/services/pmie -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
-
- /usr/libexec/pcp/bin/pmie_check -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
- /usr/libexec/pcp/bin/pmie_daily -- gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
diff --git a/sources b/sources
index d32d859..17e4de5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (pcp-7.1.2.tar.gz) = 50dd331adad56c1296285316c8252f7ba7d27dbd513be99275b055df5572513c2cd9868fd7d1dddd6b64c493fec8e693c0ab75d654503aeb2a0fdec7305a1a7f
+SHA512 (pcp-7.1.4.tar.gz) = 0c6e09b5ee43e7537aefd192c88ce909042a1f0ee71dbce2e03419ae278bb33e1e8631223d459a36cb4c3eaf0d454ddc57b8a82804f8722fda929779c64c61d6
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-07-01 20:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-07-01 20:44 [rpms/pcp] f43: Cleanup of old patches Jan Kurik
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox