Update to upstream
* fd leak reading policy * check return code on ebitmap_set_bit
This commit is contained in:
rhatdan
parent
1796244eeb
commit
1057df92ca
1
.gitignore
vendored
1
.gitignore
vendored
@ -87,3 +87,4 @@ checkpolicy-2.0.22.tgz
|
|||||||
/checkpolicy-2.1.8.tgz
|
/checkpolicy-2.1.8.tgz
|
||||||
/checkpolicy-2.1.9.tgz
|
/checkpolicy-2.1.9.tgz
|
||||||
/checkpolicy-2.1.10.tgz
|
/checkpolicy-2.1.10.tgz
|
||||||
|
/checkpolicy-2.1.11.tgz
|
||||||
|
|||||||
@ -1,65 +0,0 @@
|
|||||||
policy_parse.y | 14 ++++++++++----
|
|
||||||
policy_scan.l | 1 +
|
|
||||||
2 files changed, 11 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
|
|
||||||
index 8d1bc37..0777238 100644
|
|
||||||
--- a/checkpolicy/policy_parse.y
|
|
||||||
+++ b/checkpolicy/policy_parse.y
|
|
||||||
@@ -138,6 +138,7 @@ typedef int (* require_func_t)();
|
|
||||||
%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
|
|
||||||
%token POLICYCAP
|
|
||||||
%token PERMISSIVE
|
|
||||||
+%token FILESYSTEM
|
|
||||||
|
|
||||||
%left OR
|
|
||||||
%left XOR
|
|
||||||
@@ -637,7 +638,7 @@ opt_fs_uses : fs_uses
|
|
||||||
fs_uses : fs_use_def
|
|
||||||
| fs_uses fs_use_def
|
|
||||||
;
|
|
||||||
-fs_use_def : FSUSEXATTR identifier security_context_def ';'
|
|
||||||
+fs_use_def : FSUSEXATTR filesystem security_context_def ';'
|
|
||||||
{if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;}
|
|
||||||
| FSUSETASK identifier security_context_def ';'
|
|
||||||
{if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;}
|
|
||||||
@@ -650,11 +651,11 @@ opt_genfs_contexts : genfs_contexts
|
|
||||||
genfs_contexts : genfs_context_def
|
|
||||||
| genfs_contexts genfs_context_def
|
|
||||||
;
|
|
||||||
-genfs_context_def : GENFSCON identifier path '-' identifier security_context_def
|
|
||||||
+genfs_context_def : GENFSCON filesystem path '-' identifier security_context_def
|
|
||||||
{if (define_genfs_context(1)) return -1;}
|
|
||||||
- | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
|
|
||||||
+ | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
|
|
||||||
{if (define_genfs_context(1)) return -1;}
|
|
||||||
- | GENFSCON identifier path security_context_def
|
|
||||||
+ | GENFSCON filesystem path security_context_def
|
|
||||||
{if (define_genfs_context(0)) return -1;}
|
|
||||||
;
|
|
||||||
ipv4_addr_def : IPV4_ADDR
|
|
||||||
@@ -728,6 +729,11 @@ nested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; }
|
|
||||||
identifier : IDENTIFIER
|
|
||||||
{ if (insert_id(yytext,0)) return -1; }
|
|
||||||
;
|
|
||||||
+filesystem : FILESYSTEM
|
|
||||||
+ { if (insert_id(yytext,0)) return -1; }
|
|
||||||
+ | IDENTIFIER
|
|
||||||
+ { if (insert_id(yytext,0)) return -1; }
|
|
||||||
+ ;
|
|
||||||
path : PATH
|
|
||||||
{ if (insert_id(yytext,0)) return -1; }
|
|
||||||
;
|
|
||||||
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
|
|
||||||
index 48128a8..65aff8d 100644
|
|
||||||
--- a/checkpolicy/policy_scan.l
|
|
||||||
+++ b/checkpolicy/policy_scan.l
|
|
||||||
@@ -217,6 +217,7 @@ permissive |
|
|
||||||
PERMISSIVE { return(PERMISSIVE); }
|
|
||||||
"/"({alnum}|[_\.\-/])* { return(PATH); }
|
|
||||||
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
|
|
||||||
+{alnum}*{letter}{alnum}* { return(FILESYSTEM); }
|
|
||||||
{digit}+|0x{hexval}+ { return(NUMBER); }
|
|
||||||
{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
|
|
||||||
{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
|
|
||||||
|
|
||||||
@ -1,13 +1,12 @@
|
|||||||
%define libselinuxver 2.1.10-1
|
%define libselinuxver 2.1.11-1
|
||||||
%define libsepolver 2.1.7-4
|
%define libsepolver 2.1.8-1
|
||||||
Summary: SELinux policy compiler
|
Summary: SELinux policy compiler
|
||||||
Name: checkpolicy
|
Name: checkpolicy
|
||||||
Version: 2.1.10
|
Version: 2.1.11
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: Development/System
|
Group: Development/System
|
||||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||||
Patch: checkpolicy-rhat.patch
|
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||||
BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel >= %{libselinuxver}
|
BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel >= %{libselinuxver}
|
||||||
@ -28,7 +27,6 @@ Only required for building policies.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch -p2 -b .rhat
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make clean
|
make clean
|
||||||
@ -56,6 +54,11 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%{_bindir}/sedispol
|
%{_bindir}/sedispol
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
|
||||||
|
- Update to upstream
|
||||||
|
* fd leak reading policy
|
||||||
|
* check return code on ebitmap_set_bit
|
||||||
|
|
||||||
* Mon Jul 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
|
* Mon Jul 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
|
||||||
- Rebuild to grab latest libsepol
|
- Rebuild to grab latest libsepol
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user