- Update from NSA
Merged modified form of patch to avoid dlopen/dlclose by the static libselinux from Dan Walsh. Users of the static libselinux will not have any context translation by default.
This commit is contained in:
parent
99ddec8d69
commit
017ea0e76c
@ -45,3 +45,4 @@ libselinux-1.25.4.tgz
|
|||||||
libselinux-1.25.5.tgz
|
libselinux-1.25.5.tgz
|
||||||
libselinux-1.25.6.tgz
|
libselinux-1.25.6.tgz
|
||||||
libselinux-1.25.7.tgz
|
libselinux-1.25.7.tgz
|
||||||
|
libselinux-1.26.tgz
|
||||||
|
@ -1,19 +1,122 @@
|
|||||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.25.6/src/init.c
|
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.25.7/include/selinux/selinux.h
|
||||||
--- nsalibselinux/src/init.c 2005-08-25 16:18:01.000000000 -0400
|
--- nsalibselinux/include/selinux/selinux.h 2005-09-01 11:17:40.000000000 -0400
|
||||||
+++ libselinux-1.25.6/src/init.c 2005-09-01 11:23:11.000000000 -0400
|
+++ libselinux-1.25.7/include/selinux/selinux.h 2005-09-12 11:33:32.000000000 -0400
|
||||||
@@ -86,6 +86,7 @@
|
@@ -304,6 +304,12 @@
|
||||||
{
|
extern int selinux_getenforcemode(int *enforce);
|
||||||
int (*lib_trans_init)(void) = NULL;
|
|
||||||
|
|
||||||
+#ifdef __PIC__
|
/*
|
||||||
translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);
|
+ selinux_gettype reads the /etc/selinux/config file and determines
|
||||||
|
+ whether the policy tyep for this machine, type must be freed.
|
||||||
|
+ */
|
||||||
|
+extern void selinux_gettype(char **type);
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
selinux_policy_root reads the /etc/selinux/config file and returns
|
||||||
|
the directory path under which the compiled policy file and context
|
||||||
|
configuration files exist.
|
||||||
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.25.7/src/init.c
|
||||||
|
--- nsalibselinux/src/init.c 2005-09-01 13:21:11.000000000 -0400
|
||||||
|
+++ libselinux-1.25.7/src/init.c 2005-09-12 11:36:33.000000000 -0400
|
||||||
|
@@ -8,6 +8,7 @@
|
||||||
|
#include <asm/page.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <dlfcn.h>
|
||||||
|
+#include <limits.h>
|
||||||
|
|
||||||
|
#include "dso.h"
|
||||||
|
#include "policy.h"
|
||||||
|
@@ -85,9 +86,14 @@
|
||||||
|
static void init_translations(void)
|
||||||
|
{
|
||||||
|
#ifdef SHARED
|
||||||
|
+ char *path[PATH_MAX];
|
||||||
|
+ char *type=NULL;
|
||||||
|
int (*lib_trans_init)(void) = NULL;
|
||||||
|
-
|
||||||
|
- translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);
|
||||||
|
+ selinux_gettype(&type);
|
||||||
|
+ if (!type) return;
|
||||||
|
+ snprintf(path, PATH_MAX-1, "/lib/selinux/lib%s.so.0", type);
|
||||||
|
+ free(type);
|
||||||
|
+ translation_lib_handle = dlopen(path, RTLD_NOW);
|
||||||
if (!translation_lib_handle)
|
if (!translation_lib_handle)
|
||||||
return;
|
return;
|
||||||
@@ -108,6 +109,7 @@
|
|
||||||
return;
|
|
||||||
|
|
||||||
context_translations = 1;
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.25.7/src/selinux_config.c
|
||||||
+#endif
|
--- nsalibselinux/src/selinux_config.c 2005-03-17 14:56:21.000000000 -0500
|
||||||
}
|
+++ libselinux-1.25.7/src/selinux_config.c 2005-09-12 11:35:35.000000000 -0400
|
||||||
|
@@ -85,6 +85,28 @@
|
||||||
|
|
||||||
static void fini_translations(void)
|
static int use_compat_file_path;
|
||||||
|
|
||||||
|
+void selinux_gettype(char **rtype) {
|
||||||
|
+ char *type=SELINUXDEFAULT;
|
||||||
|
+ char buf[4097];
|
||||||
|
+ int len, i;
|
||||||
|
+ FILE *cfg = fopen(SELINUXCONFIG,"r");
|
||||||
|
+ if (cfg) {
|
||||||
|
+ while (fgets_unlocked(buf, 4096, cfg)) {
|
||||||
|
+ if (strncmp(buf,SELINUXTYPETAG,len)==0) {
|
||||||
|
+ type=buf+len;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ fclose(cfg);
|
||||||
|
+ }
|
||||||
|
+ i=strlen(type)-1;
|
||||||
|
+ while ((i>=0) &&
|
||||||
|
+ (isspace(type[i]) || iscntrl(type[i]))) {
|
||||||
|
+ type[i]=0;
|
||||||
|
+ i--;
|
||||||
|
+ }
|
||||||
|
+ *rtype=strdup(type);
|
||||||
|
+}
|
||||||
|
int selinux_getenforcemode(int *enforce) {
|
||||||
|
int ret=-1;
|
||||||
|
FILE *cfg = fopen(SELINUXCONFIG,"r");
|
||||||
|
@@ -122,38 +144,24 @@
|
||||||
|
|
||||||
|
static void init_selinux_policyroot(void)
|
||||||
|
{
|
||||||
|
- char *type=SELINUXDEFAULT;
|
||||||
|
+ char *type=NULL;
|
||||||
|
int i=0, len=sizeof(SELINUXTYPETAG)-1, len2;
|
||||||
|
- char buf[4097];
|
||||||
|
- FILE *cfg;
|
||||||
|
if (selinux_policyroot) return;
|
||||||
|
if (access(SELINUXDIR, F_OK) != 0) {
|
||||||
|
selinux_policyroot = SECURITYDIR;
|
||||||
|
use_compat_file_path = 1;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
- cfg = fopen(SELINUXCONFIG,"r");
|
||||||
|
- if (cfg) {
|
||||||
|
- while (fgets_unlocked(buf, 4096, cfg)) {
|
||||||
|
- if (strncmp(buf,SELINUXTYPETAG,len)==0) {
|
||||||
|
- type=buf+len;
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- fclose(cfg);
|
||||||
|
- }
|
||||||
|
- i=strlen(type)-1;
|
||||||
|
- while ((i>=0) &&
|
||||||
|
- (isspace(type[i]) || iscntrl(type[i]))) {
|
||||||
|
- type[i]=0;
|
||||||
|
- i--;
|
||||||
|
- }
|
||||||
|
+ selinux_gettype(&type);
|
||||||
|
+ if (!type) return;
|
||||||
|
len=sizeof(SELINUXDIR) + strlen(type);
|
||||||
|
selinux_policyroot=malloc(len);
|
||||||
|
- if (!selinux_policyroot)
|
||||||
|
+ if (!selinux_policyroot) {
|
||||||
|
+ free(type);
|
||||||
|
return;
|
||||||
|
+ }
|
||||||
|
snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type);
|
||||||
|
-
|
||||||
|
+ free(type);
|
||||||
|
for (i = 0; i < NEL; i++) {
|
||||||
|
len2 = len + strlen(file_path_suffixes_data.str
|
||||||
|
+ file_path_suffixes_idx[i])+1;
|
||||||
|
@ -1,11 +1,12 @@
|
|||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
Name: libselinux
|
Name: libselinux
|
||||||
Version: 1.25.7
|
Version: 1.26
|
||||||
Release: 1
|
Release: 1
|
||||||
License: Public domain (uncopyrighted)
|
License: Public domain (uncopyrighted)
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||||
#Patch: libselinux-rhat.patch
|
Prereq: libsetrans >= 0.1.4-2
|
||||||
|
Patch: libselinux-rhat.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
||||||
|
|
||||||
@ -35,6 +36,7 @@ needed for developing SELinux applications.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%patch -p1 -b .rhat
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make CFLAGS="-g %{optflags}"
|
make CFLAGS="-g %{optflags}"
|
||||||
|
Loading…
Reference in New Issue
Block a user