public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/pcp] f43: Cleanup of old patches
@ 2026-07-01 20:44 Jan Kurik
  0 siblings, 0 replies; only message in thread
From: Jan Kurik @ 2026-07-01 20:44 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/pcp
Branch : f43
Commit : 06a0749232c3004bb208e677a746a2ee80dfeddc
Author : Jan Kurik <jkurik@redhat.com>
Date   : 2026-05-25T08:41:38+02:00
Stats  : +1/-165 in 7 file(s)
URL    : https://src.fedoraproject.org/rpms/pcp/c/06a0749232c3004bb208e677a746a2ee80dfeddc?branch=f43

Log:
Cleanup of old patches

---
diff --git a/.gitignore b/.gitignore
index 005dbbd..0cbf601 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,2 @@
 pcp-*.src.rpm
 pcp-*.tar.gz
-pcp-testsuite.sysusers
-pcp.sysusers

diff --git a/pcp-avc-nvidia.patch b/pcp-avc-nvidia.patch
deleted file mode 100644
index e1a4a4f..0000000
--- a/pcp-avc-nvidia.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-commit e84ee24823548ce92c1e222d034e5600f4d3a10a
-Author: William Cohen <wcohen@redhat.com>
-Date:   Tue Feb 10 04:00:26 2026 +0000
-
-    selinux: Update nvidia pmda policy
-    
-    RHEL-133519
-
-diff --git a/src/selinux/pcp.te b/src/selinux/pcp.te
-index 54f4e96877..69ee2b2957 100644
---- a/src/selinux/pcp.te
-+++ b/src/selinux/pcp.te
-@@ -1051,7 +1051,7 @@ optional_policy(`
- # type=AVC msg=audit(N): avc: denied { read } for pid=PID comm="pmdanvidia" name="nvidia-cap2" dev="devtmpfs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file permissive=0
- #RHEL-83594
- allow pcp_pmcd_t default_t:file { execute };
--allow pcp_pmcd_t device_t:chr_file { create open read setattr write };
-+allow pcp_pmcd_t device_t:chr_file { create ioctl open read setattr write };
- allow pcp_pmcd_t device_t:dir { add_name remove_name write };
- allow pcp_pmcd_t device_t:lnk_file { create unlink };
- allow pcp_pmcd_t self:capability mknod;
-@@ -1059,7 +1059,7 @@ allow pcp_pmcd_t dri_device_t:chr_file { ioctl open read write };
- allow pcp_pmcd_t device_t:dir write;
- allow pcp_pmcd_t device_t:dir { create setattr };
- allow pcp_pmcd_t sysctl_vm_t:file read;
--allow pcp_pmcd_t xserver_misc_device_t:chr_file { ioctl open read write };
-+allow pcp_pmcd_t xserver_misc_device_t:chr_file { ioctl map open read write };
- 
- # type=AVC msg=audit(N): avc: denied { sys_rawio } for pid=PID comm="pmdaX" name="/" dev="tracefs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:pcp_pmcd_t:s0 tclass=capability permissive=0
- allow pcp_pmcd_t self:capability sys_rawio;

diff --git a/pcp-avc-rocestat.patch b/pcp-avc-rocestat.patch
deleted file mode 100644
index c286791..0000000
--- a/pcp-avc-rocestat.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-commit 082ff6beb14420c04af74f37d2ae8c1628182ae2
-Author: William Cohen <wcohen@redhat.com>
-Date:   Tue Feb 10 02:19:21 2026 +0000
-
-    selinux: AVC denial fix for rocestat pmda
-    
-    Resolves: RHEL-132402
-
-diff --git a/src/selinux/pcp.te b/src/selinux/pcp.te
-index 59cf1fb630..54f4e96877 100644
---- a/src/selinux/pcp.te
-+++ b/src/selinux/pcp.te
-@@ -1036,6 +1036,16 @@ allow pcp_pmproxy_t pcp_log_t:lnk_file read;
- allow pcp_pmcd_t fsadm_exec_t:file { execute execute_no_trans getattr open read };
- allow pcp_pmcd_t fixed_disk_device_t:blk_file { open read ioctl };
- 
-+#============= pmda-rocestat ==============
-+optional_policy(`
-+    require {
-+	type ifconfig_exec_t;
-+    }
-+   # type=AVC msg=audit(N): avc:  denied  { execute_no_trans } for  pid=PID comm="python3" path="/usr/sbin/ethtool" dev=DEV ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0
-+   # RHEL-132402
-+   allow pcp_pmcd_t ifconfig_exec_t:file { execute execute_no_trans };
-+')
-+
- #============= pmda-nvidia ==============
- # type=AVC msg=audit(N): avc: denied { execute } for pid=PID comm="pmdanvidia" path="/usr/lib64/libnvidia-ml.so" dev="dm-2" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=0
- # type=AVC msg=audit(N): avc: denied { read } for pid=PID comm="pmdanvidia" name="nvidia-cap2" dev="devtmpfs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file permissive=0

diff --git a/pcp-qa-avc-check.patch b/pcp-qa-avc-check.patch
deleted file mode 100644
index 5b29501..0000000
--- a/pcp-qa-avc-check.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-commit c1d85e50a537302c10ef38bbfa173497281e5f5d
-Author: Ken McDonell <kenj@kenj.id.au>
-Date:   Thu Feb 12 07:25:50 2026 +1100
-
-    qa/check.callback.sample: AVC checks were being missed
-    
-    Normal mortals cannot access /var/log/audit/audit.log but on some
-    systems (vm39, RHEL 8), the parent directory's permissions prevent
-    test -f from even knowing the file exists, and thus the AVC checks
-    were not being done.
-    
-    A small amount of $sudo love will fix this.
-
-diff --git a/qa/check.callback.sample b/qa/check.callback.sample
-index b5fd4fab3a..4ed2c127f8 100755
---- a/qa/check.callback.sample
-+++ b/qa/check.callback.sample
-@@ -101,7 +101,7 @@ then
-     echo "--- start pre-check ---"
-     ./941 --check $1
-     ./870 --check $1
--    if [ -f "$audit" ]
-+    if $sudo test -f "$audit"
-     then
- 	$sudo grep -E '^type=(AVC|SELINUX).*pcp' "$audit" \
- 	| _suppress_avc >$1.pre-avc 2>/dev/null
-@@ -306,7 +306,7 @@ then
-     $abort && status=1
- fi
- 
--if [ -f "$audit" ]
-+if $sudo test -f "$audit"
- then
-     # Check audit log for any Security Enhanced Linux access denials
-     # related to PCP ...

diff --git a/pcp-selinux.patch b/pcp-selinux.patch
deleted file mode 100644
index ef62b1d..0000000
--- a/pcp-selinux.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-commit ed0c9f04c13689a814ea3a2ab6712afff4409364
-Author: Ken McDonell <kenj@kenj.id.au>
-Date:   Thu Feb 12 07:22:29 2026 +1100
-
-    src/selinux/pcp.fc: rework fix for unconfined_t PCP daemons
-    
-    Commit 5ce65bc97b was close but NQR.
-    
-    Adjust the type to be pcp_pm<foo>_initrc_exec_t not pcp_pm<foo>_exec_t
-    for the "new" services scripts.
-    
-    Verified on vm39 (RHEL 8).
-
-diff --git a/src/selinux/pcp.fc b/src/selinux/pcp.fc
-index 1ab786a36b..b2cc6c5c32 100644
---- a/src/selinux/pcp.fc
-+++ b/src/selinux/pcp.fc
-@@ -5,6 +5,9 @@
- 
- /usr/libexec/pcp/bin/pmcd	--	gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
- /usr/libexec/pcp/bin/pmproxy    --      gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
-+/usr/libexec/pcp/services/pmproxy  --   gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
-+/usr/libexec/pcp/services/pmlogger --   gen_context(system_u:object_r:pcp_pmlogger_exec_t,s0)
-+/usr/libexec/pcp/services/pmie     --   gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
- 
- /usr/libexec/pcp/bin/pmie_check --      gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
- /usr/libexec/pcp/bin/pmie_daily --      gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
-@@ -15,8 +18,11 @@
- 
- /usr/libexec/pcp/lib/pmcd	--	gen_context(system_u:object_r:pcp_pmcd_initrc_exec_t,s0)
- /usr/libexec/pcp/lib/pmlogger	--	gen_context(system_u:object_r:pcp_pmlogger_initrc_exec_t,s0)
-+/usr/libexec/pcp/services/pmlogger --   gen_context(system_u:object_r:pcp_pmlogger_initrc_exec_t,s0)
- /usr/libexec/pcp/lib/pmproxy	--	gen_context(system_u:object_r:pcp_pmproxy_initrc_exec_t,s0)
-+/usr/libexec/pcp/services/pmproxy  --   gen_context(system_u:object_r:pcp_pmproxy_initrc_exec_t,s0)
- /usr/libexec/pcp/lib/pmie	--	gen_context(system_u:object_r:pcp_pmie_initrc_exec_t,s0)
-+/usr/libexec/pcp/services/pmie     --   gen_context(system_u:object_r:pcp_pmie_initrc_exec_t,s0)
- 
- /usr/share/pcp/lib/pmcd         --      gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
- /usr/share/pcp/lib/pmproxy      --      gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)

diff --git a/pcp-selinux2.patch b/pcp-selinux2.patch
deleted file mode 100644
index 2b0e68c..0000000
--- a/pcp-selinux2.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-commit 5e489373bee49ad40e424304fff16d693867ebcd
-Author: Ken McDonell <kenj@kenj.id.au>
-Date:   Fri Feb 13 14:28:35 2026 +1100
-
-    src/selinux/pcp.fc: one more try for services script
-    
-    Previous commit had left behind both the old (bad) and new (good)
-    lines for the /usr/libexec/pcp/services scripts.
-    
-    Because the good ones came second, they won on RHEL 8 where I was
-    testing this.
-    
-    On CentOS Stream 10, semodule is smarter and detects the duplicate
-    (and conflicting) labelling requests, and barfs.
-
-diff --git a/src/selinux/pcp.fc b/src/selinux/pcp.fc
-index b2cc6c5c32..9a4fd48ab9 100644
---- a/src/selinux/pcp.fc
-+++ b/src/selinux/pcp.fc
-@@ -5,9 +5,6 @@
- 
- /usr/libexec/pcp/bin/pmcd	--	gen_context(system_u:object_r:pcp_pmcd_exec_t,s0)
- /usr/libexec/pcp/bin/pmproxy    --      gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
--/usr/libexec/pcp/services/pmproxy  --   gen_context(system_u:object_r:pcp_pmproxy_exec_t,s0)
--/usr/libexec/pcp/services/pmlogger --   gen_context(system_u:object_r:pcp_pmlogger_exec_t,s0)
--/usr/libexec/pcp/services/pmie     --   gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
- 
- /usr/libexec/pcp/bin/pmie_check --      gen_context(system_u:object_r:pcp_pmie_exec_t,s0)
- /usr/libexec/pcp/bin/pmie_daily --      gen_context(system_u:object_r:pcp_pmie_exec_t,s0)

diff --git a/sources b/sources
index d32d859..17e4de5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (pcp-7.1.2.tar.gz) = 50dd331adad56c1296285316c8252f7ba7d27dbd513be99275b055df5572513c2cd9868fd7d1dddd6b64c493fec8e693c0ab75d654503aeb2a0fdec7305a1a7f
+SHA512 (pcp-7.1.4.tar.gz) = 0c6e09b5ee43e7537aefd192c88ce909042a1f0ee71dbce2e03419ae278bb33e1e8631223d459a36cb4c3eaf0d454ddc57b8a82804f8722fda929779c64c61d6

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-07-01 20:44 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-07-01 20:44 [rpms/pcp] f43: Cleanup of old patches Jan Kurik

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox