checkpolicy-2.5-3
- Build policy on systems not supporting DCCP protocol - Fail if module name different than output base filename
This commit is contained in:
parent
65b44362fe
commit
43d653f220
@ -1,17 +1,67 @@
|
|||||||
diff --git checkpolicy-2.5/ChangeLog checkpolicy-2.5/ChangeLog
|
diff --git checkpolicy-2.5/ChangeLog checkpolicy-2.5/ChangeLog
|
||||||
index dfe4908..51b99cd 100644
|
index dfe4908..eae775f 100644
|
||||||
--- checkpolicy-2.5/ChangeLog
|
--- checkpolicy-2.5/ChangeLog
|
||||||
+++ checkpolicy-2.5/ChangeLog
|
+++ checkpolicy-2.5/ChangeLog
|
||||||
@@ -1,3 +1,4 @@
|
@@ -1,3 +1,6 @@
|
||||||
|
+ * Build policy on systems not supporting DCCP protocol, from Richard Haines.
|
||||||
|
+ * Fail if module name different than output base filename, from James Carter
|
||||||
+ * Add support for portcon dccp protocol, from Richard Haines
|
+ * Add support for portcon dccp protocol, from Richard Haines
|
||||||
2.5 2016-02-23
|
2.5 2016-02-23
|
||||||
* Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep.
|
* Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep.
|
||||||
* fix double free on name-based type transitions, from Stephen Smalley.
|
* fix double free on name-based type transitions, from Stephen Smalley.
|
||||||
|
diff --git checkpolicy-2.5/checkmodule.c checkpolicy-2.5/checkmodule.c
|
||||||
|
index 5957d29..418f77b 100644
|
||||||
|
--- checkpolicy-2.5/checkmodule.c
|
||||||
|
+++ checkpolicy-2.5/checkmodule.c
|
||||||
|
@@ -19,6 +19,7 @@
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <sys/mman.h>
|
||||||
|
+#include <libgen.h>
|
||||||
|
|
||||||
|
#include <sepol/module_to_cil.h>
|
||||||
|
#include <sepol/policydb/policydb.h>
|
||||||
|
@@ -258,6 +259,25 @@ int main(int argc, char **argv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (policy_type != POLICY_BASE && outfile) {
|
||||||
|
+ char *mod_name = modpolicydb.name;
|
||||||
|
+ char *out_path = strdup(outfile);
|
||||||
|
+ if (out_path == NULL) {
|
||||||
|
+ fprintf(stderr, "%s: out of memory\n", argv[0]);
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ char *out_name = basename(out_path);
|
||||||
|
+ char *separator = strrchr(out_name, '.');
|
||||||
|
+ if (separator) {
|
||||||
|
+ *separator = '\0';
|
||||||
|
+ }
|
||||||
|
+ if (strcmp(mod_name, out_name) != 0) {
|
||||||
|
+ fprintf(stderr, "%s: Module name %s is different than the output base filename %s\n", argv[0], mod_name, out_name);
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ free(out_path);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (modpolicydb.policy_type == POLICY_BASE && !cil) {
|
||||||
|
/* Verify that we can successfully expand the base module. */
|
||||||
|
policydb_t kernpolicydb;
|
||||||
diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c
|
diff --git checkpolicy-2.5/checkpolicy.c checkpolicy-2.5/checkpolicy.c
|
||||||
index 9da661e..ea9ee00 100644
|
index 9da661e..7947c20 100644
|
||||||
--- checkpolicy-2.5/checkpolicy.c
|
--- checkpolicy-2.5/checkpolicy.c
|
||||||
+++ checkpolicy-2.5/checkpolicy.c
|
+++ checkpolicy-2.5/checkpolicy.c
|
||||||
@@ -919,6 +919,8 @@ int main(int argc, char **argv)
|
@@ -64,6 +64,9 @@
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <netinet/in.h>
|
||||||
|
+#ifndef IPPROTO_DCCP
|
||||||
|
+#define IPPROTO_DCCP 33
|
||||||
|
+#endif
|
||||||
|
#include <arpa/inet.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
@@ -919,6 +922,8 @@ int main(int argc, char **argv)
|
||||||
protocol = IPPROTO_TCP;
|
protocol = IPPROTO_TCP;
|
||||||
else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP"))
|
else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP"))
|
||||||
protocol = IPPROTO_UDP;
|
protocol = IPPROTO_UDP;
|
||||||
@ -21,10 +71,20 @@ index 9da661e..ea9ee00 100644
|
|||||||
printf("unknown protocol\n");
|
printf("unknown protocol\n");
|
||||||
break;
|
break;
|
||||||
diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c
|
diff --git checkpolicy-2.5/policy_define.c checkpolicy-2.5/policy_define.c
|
||||||
index ee20fea..7a4d2f1 100644
|
index ee20fea..2068b71 100644
|
||||||
--- checkpolicy-2.5/policy_define.c
|
--- checkpolicy-2.5/policy_define.c
|
||||||
+++ checkpolicy-2.5/policy_define.c
|
+++ checkpolicy-2.5/policy_define.c
|
||||||
@@ -4876,6 +4876,8 @@ int define_port_context(unsigned int low, unsigned int high)
|
@@ -36,6 +36,9 @@
|
||||||
|
#include <string.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <netinet/in.h>
|
||||||
|
+#ifndef IPPROTO_DCCP
|
||||||
|
+#define IPPROTO_DCCP 33
|
||||||
|
+#endif
|
||||||
|
#include <arpa/inet.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <limits.h>
|
||||||
|
@@ -4876,6 +4879,8 @@ int define_port_context(unsigned int low, unsigned int high)
|
||||||
protocol = IPPROTO_TCP;
|
protocol = IPPROTO_TCP;
|
||||||
} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
|
} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
|
||||||
protocol = IPPROTO_UDP;
|
protocol = IPPROTO_UDP;
|
||||||
|
@ -3,14 +3,14 @@
|
|||||||
Summary: SELinux policy compiler
|
Summary: SELinux policy compiler
|
||||||
Name: checkpolicy
|
Name: checkpolicy
|
||||||
Version: 2.5
|
Version: 2.5
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: Development/System
|
Group: Development/System
|
||||||
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz
|
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz
|
||||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||||
# run:
|
# run:
|
||||||
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh checkpolicy
|
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh checkpolicy
|
||||||
# HEAD https://github.com/fedora-selinux/selinux/commit/4bfb84c7ff7b33cf06b9a6b2317d24054b9db562
|
# HEAD https://github.com/fedora-selinux/selinux/commit/f900ff37022119de47d516f103ccfd339d52c861
|
||||||
Patch1: checkpolicy-fedora.patch
|
Patch1: checkpolicy-fedora.patch
|
||||||
Conflicts: selinux-policy-base < 3.13.1-138
|
Conflicts: selinux-policy-base < 3.13.1-138
|
||||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||||
@ -31,7 +31,7 @@ This package contains checkpolicy, the SELinux policy compiler.
|
|||||||
Only required for building policies.
|
Only required for building policies.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n checkpolicy-2.5
|
%autosetup -p 1 -n checkpolicy-2.5
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make clean
|
make clean
|
||||||
@ -61,6 +61,10 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%{_bindir}/sedispol
|
%{_bindir}/sedispol
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Apr 29 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-3
|
||||||
|
- Build policy on systems not supporting DCCP protocol
|
||||||
|
- Fail if module name different than output base filename
|
||||||
|
|
||||||
* Fri Apr 08 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-2
|
* Fri Apr 08 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-2
|
||||||
- Add support for portcon dccp protocol
|
- Add support for portcon dccp protocol
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user