rpms/libselinux
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update to Upstream

Browse Source 
Handle duplicate file context regexes as a fatal error from Stephen
    Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
This commit is contained in:
Daniel J Walsh 2008-07-29 18:37:01 +00:00
parent d0a06b2c34
commit 0397b472b7
2 changed files with 55 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

173
libselinux-rhat.patch
View File

@ -1,6 +1,29 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.67/man/man8/selinuxconlist.8 diff --exclude-from=exclude -N -u -r nsalibselinux/Makefile libselinux-2.0.69/Makefile
--- nsalibselinux/Makefile 2008-06-12 23:25:14.000000000 -0400
+++ libselinux-2.0.69/Makefile 2008-07-29 14:21:44.000000000 -0400
@@ -29,6 +29,9 @@
pywrap:
$(MAKE) -C src pywrap
+rubywrap:
+ $(MAKE) -C src rubywrap
+
install:
$(MAKE) -C include install
$(MAKE) -C src install
@@ -38,6 +41,9 @@
install-pywrap:
$(MAKE) -C src install-pywrap
+install-rubywrap:
+ $(MAKE) -C src install-rubywrap
+
relabel:
$(MAKE) -C src relabel
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.69/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.67/man/man8/selinuxconlist.8 2008-07-09 16:52:33.000000000 -0400 +++ libselinux-2.0.69/man/man8/selinuxconlist.8 2008-07-29 14:07:37.000000000 -0400
@@ -0,0 +1,18 @@ @@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME" +.SH "NAME"
@ -20,9 +43,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib
+ +
+.SH "SEE ALSO" +.SH "SEE ALSO"
+secon(8), selinuxdefcon(8) +secon(8), selinuxdefcon(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.67/man/man8/selinuxdefcon.8 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.69/man/man8/selinuxdefcon.8
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.67/man/man8/selinuxdefcon.8 2008-07-09 16:52:33.000000000 -0400 +++ libselinux-2.0.69/man/man8/selinuxdefcon.8 2008-07-29 14:07:37.000000000 -0400
@@ -0,0 +1,19 @@ @@ -0,0 +1,19 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME" +.SH "NAME"
@ -43,9 +66,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs
+ +
+.SH "SEE ALSO" +.SH "SEE ALSO"
+secon(8), selinuxconlist(8) +secon(8), selinuxconlist(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.67/src/Makefile diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.69/src/Makefile
--- nsalibselinux/src/Makefile 2008-06-22 09:40:25.000000000 -0400 --- nsalibselinux/src/Makefile 2008-06-22 09:40:25.000000000 -0400
+++ libselinux-2.0.67/src/Makefile 2008-07-09 16:56:37.000000000 -0400 +++ libselinux-2.0.69/src/Makefile 2008-07-29 14:15:39.000000000 -0400
@@ -7,16 +7,24 @@ @@ -7,16 +7,24 @@
PYINC ?= /usr/include/$(PYLIBVER) PYINC ?= /usr/include/$(PYLIBVER)
PYLIB ?= /usr/lib/$(PYLIBVER) PYLIB ?= /usr/lib/$(PYLIBVER)
@ -82,7 +105,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.6
OBJS= $(patsubst %.c,%.o,$(SRCS)) OBJS= $(patsubst %.c,%.o,$(SRCS))
LOBJS= $(patsubst %.c,%.lo,$(SRCS)) LOBJS= $(patsubst %.c,%.lo,$(SRCS))
@@ -44,11 +54,11 @@ @@ -44,12 +54,14 @@
SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
@ -91,12 +114,14 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.6
all: $(LIBA) $(LIBSO) all: $(LIBA) $(LIBSO)
-pywrap: all $(SWIGSO) $(AUDIT2WHYSO) pywrap: all $(SWIGSO) $(AUDIT2WHYSO)
+pywrap: all $(SWIGSO) $(AUDIT2WHYSO) $(SWIGRUBYSO)
+rubywrap: all $(SWIGRUBYSO)
+
$(LIBA): $(OBJS) $(LIBA): $(OBJS)
$(AR) rcs $@ $^ $(AR) rcs $@ $^
@@ -57,8 +67,14 @@ $(RANLIB) $@
@@ -57,9 +69,15 @@
$(SWIGLOBJ): $(SWIGCOUT) $(SWIGLOBJ): $(SWIGCOUT)
$(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
@ -104,15 +129,15 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.6
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $< + $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+ +
$(SWIGSO): $(SWIGLOBJ) $(SWIGSO): $(SWIGLOBJ)
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+
+$(SWIGRUBYSO): $(SWIGRUBYLOBJ) +$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+
$(LIBSO): $(LOBJS) $(LIBSO): $(LOBJS)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
@@ -79,6 +95,9 @@ ln -sf $@ $(TARGET)
@@ -79,6 +97,9 @@
$(SWIGCOUT): $(SWIGIF) $(SWIGCOUT): $(SWIGIF)
$(SWIG) $^ $(SWIG) $^
@ -122,17 +147,18 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.6
swigify: $(SWIGIF) swigify: $(SWIGIF)
$(SWIG) $^ $(SWIG) $^
@@ -95,6 +114,9 @@ @@ -95,6 +116,10 @@
install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
+install-rubywrap: rubywrap
+ test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) + test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so + install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
+ +
relabel: relabel:
/sbin/restorecon $(SHLIBDIR)/$(LIBSO) /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
@@ -102,7 +124,7 @@ @@ -102,7 +127,7 @@
-rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~ -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~
distclean: clean distclean: clean
@ -141,9 +167,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.6
indent: indent:
../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.67/src/callbacks.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.69/src/callbacks.c
--- nsalibselinux/src/callbacks.c 2008-06-12 23:25:14.000000000 -0400 --- nsalibselinux/src/callbacks.c 2008-06-12 23:25:14.000000000 -0400
+++ libselinux-2.0.67/src/callbacks.c 2008-07-18 11:15:56.000000000 -0400 +++ libselinux-2.0.69/src/callbacks.c 2008-07-29 14:07:37.000000000 -0400
@@ -16,6 +16,7 @@ @@ -16,6 +16,7 @@
{ {
int rc; int rc;
@ -152,9 +178,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
va_start(ap, fmt); va_start(ap, fmt);
rc = vfprintf(stderr, fmt, ap); rc = vfprintf(stderr, fmt, ap);
va_end(ap); va_end(ap);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.67/src/matchpathcon.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.69/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2008-06-12 23:25:14.000000000 -0400 --- nsalibselinux/src/matchpathcon.c 2008-06-12 23:25:14.000000000 -0400
+++ libselinux-2.0.67/src/matchpathcon.c 2008-07-09 16:52:33.000000000 -0400 +++ libselinux-2.0.69/src/matchpathcon.c 2008-07-29 14:07:37.000000000 -0400
@@ -2,6 +2,7 @@ @@ -2,6 +2,7 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
@ -172,11 +198,12 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
va_end(ap); va_end(ap);
} }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_ruby.i libselinux-2.0.67/src/selinuxswig_ruby.i diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_ruby.i libselinux-2.0.69/src/selinuxswig_ruby.i
--- nsalibselinux/src/selinuxswig_ruby.i 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/src/selinuxswig_ruby.i 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.67/src/selinuxswig_ruby.i 2008-07-09 16:52:33.000000000 -0400 +++ libselinux-2.0.69/src/selinuxswig_ruby.i 2008-07-29 14:17:14.000000000 -0400
@@ -0,0 +1,147 @@ @@ -0,0 +1,52 @@
+/* Author: James Athey +/* Author: Dan Walsh
+ Based on selinuxswig_python.i by James Athey
+ */ + */
+ +
+%module selinux +%module selinux
@ -184,73 +211,17 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_ruby.i libsel
+ #include "selinux/selinux.h" + #include "selinux/selinux.h"
+%} +%}
+ +
+/* security_get_boolean_names() typemap */
+/*
+%typemap(argout) (char ***names, int *len) {
+ PyObject* list = PyList_New(*$2);
+ int i;
+ for (i = 0; i < *$2; i++) {
+ PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
+ }
+ $result = SWIG_Python_AppendOutput($result, list);
+}
+*/
+/* return a sid along with the result */ +/* return a sid along with the result */
+%typemap(argout) (security_id_t * sid) { +%typemap(argout) (security_id_t * sid) {
+ if (*$1) { + if (*$1) {
+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); + %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
+ } + }
+/* else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+*/
+} +}
+ +
+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) { +%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
+ $1 = &temp; + $1 = &temp;
+} +}
+ +
+/* Makes security_compute_user() return a Python list of contexts */
+/*
+%typemap(argout) (security_context_t **con) {
+ PyObject* plist;
+ int i, len = 0;
+
+ if (*$1) {
+ while((*$1)[len])
+ len++;
+ plist = PyList_New(len);
+ for (i = 0; i < len; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+
+ $result = SWIG_Python_AppendOutput($result, plist);
+}
+*/
+/* Makes functions in get_context_list.h return a Python list of contexts */
+
+#ifdef fixme
+%typemap(argout) (security_context_t **list) {
+ PyObject* plist;
+ int i;
+
+ if (*$1) {
+ plist = PyList_New(result);
+ for (i = 0; i < result; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+ /* Only return the Python list, don't need to return the length anymore */
+ $result = plist;
+}
+#endif
+
+%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { +%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) {
+ $1 = &temp; + $1 = &temp;
+} +}
@ -260,12 +231,6 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_ruby.i libsel
+ %append_output(SWIG_FromCharPtr(*$1)); + %append_output(SWIG_FromCharPtr(*$1));
+ freecon(*$1); + freecon(*$1);
+ } + }
+/*
+ else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+*/
+} +}
+ +
+%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { +%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
@ -277,41 +242,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_ruby.i libsel
+ %append_output(SWIG_FromCharPtr(*$1)); + %append_output(SWIG_FromCharPtr(*$1));
+ free(*$1); + free(*$1);
+ } + }
+/*
+ else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+} +}
+*/
+}
+/*
+%typemap(in) char * const [] {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check($input)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size($input);
+
+ $1 = (char**) malloc(size + 1);
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem($input, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem($input, i);
+ $1[i] = (char*) malloc(PyString_Size(s) + 1);
+ strcpy($1[i], PyString_AsString(s));
+ }
+ $1[size] = NULL;
+}
+*/
+ +
+%typemap(freearg,match="in") char * const [] { +%typemap(freearg,match="in") char * const [] {
+ int i = 0; + int i = 0;

4
libselinux.spec
View File

@ -5,7 +5,7 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.0.69 Version: 2.0.69
Release: 1%{?dist} Release: 2%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@ -76,6 +76,7 @@ needed for developing SELinux applications.
make clean make clean
make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} swigify make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} swigify
make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} all pywrap make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} all pywrap
make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} rubywrap
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
@ -86,6 +87,7 @@ mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}/var/run/setrans mkdir -p %{buildroot}/var/run/setrans
make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_sbindir}" install install-pywrap make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_sbindir}" install install-pywrap
make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_sbindir}" install install-rubywrap
# Nuke the files we don't want to distribute # Nuke the files we don't want to distribute
rm -f %{buildroot}%{_sbindir}/compute_* rm -f %{buildroot}%{_sbindir}/compute_*