- Update to Upstream
Fixed selinux_set_callback man page. Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. Fix memory leaks in matchpathcon from Eamon Walsh.
This commit is contained in:
parent
d87adcfe95
commit
1209c857ab
@ -150,3 +150,4 @@ libselinux-2.0.58.tgz
|
||||
libselinux-2.0.59.tgz
|
||||
libselinux-2.0.60.tgz
|
||||
libselinux-2.0.61.tgz
|
||||
libselinux-2.0.64.tgz
|
||||
|
@ -1,65 +1,6 @@
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.61/src/label.c
|
||||
--- nsalibselinux/src/label.c 2007-07-16 14:20:46.000000000 -0400
|
||||
+++ libselinux-2.0.61/src/label.c 2008-04-09 08:54:15.000000000 -0400
|
||||
@@ -95,7 +95,7 @@
|
||||
if (compat_validate(rec, lr, "file_contexts", 0))
|
||||
return NULL;
|
||||
|
||||
- if (translating &&
|
||||
+ if (translating && (! lr->ctx_trans) &&
|
||||
selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
|
||||
return NULL;
|
||||
|
||||
@@ -131,6 +131,7 @@
|
||||
void selabel_close(struct selabel_handle *rec)
|
||||
{
|
||||
rec->func_close(rec);
|
||||
+ free(rec->data);
|
||||
free(rec);
|
||||
}
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/load_policy.c libselinux-2.0.61/src/load_policy.c
|
||||
--- nsalibselinux/src/load_policy.c 2008-04-08 09:37:21.000000000 -0400
|
||||
+++ libselinux-2.0.61/src/load_policy.c 2008-04-09 09:02:16.000000000 -0400
|
||||
@@ -43,6 +43,9 @@
|
||||
|
||||
int load_setlocaldefs hidden = 1;
|
||||
|
||||
+#undef max
|
||||
+#define max(a, b) (((a) > (b)) ? (a) : (b))
|
||||
+
|
||||
int selinux_mkload_policy(int preservebools)
|
||||
{
|
||||
int kernvers = security_policyvers();
|
||||
@@ -127,11 +130,6 @@
|
||||
|
||||
#endif
|
||||
|
||||
- if (usesepol) {
|
||||
- maxvers = vers_max();
|
||||
- minvers = vers_min();
|
||||
- }
|
||||
-
|
||||
/*
|
||||
* Check whether we need to support local boolean and user definitions.
|
||||
*/
|
||||
@@ -157,6 +155,13 @@
|
||||
if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0)
|
||||
preservebools = 0;
|
||||
|
||||
+ if (usesepol) {
|
||||
+ maxvers = vers_max();
|
||||
+ minvers = vers_min();
|
||||
+ if (!setlocaldefs && !preservebools)
|
||||
+ maxvers = max(kernvers, maxvers);
|
||||
+ }
|
||||
+
|
||||
vers = maxvers;
|
||||
search:
|
||||
snprintf(path, sizeof(path), "%s.%d",
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.61/src/matchpathcon.c
|
||||
--- nsalibselinux/src/matchpathcon.c 2007-09-28 09:48:58.000000000 -0400
|
||||
+++ libselinux-2.0.61/src/matchpathcon.c 2008-04-09 08:54:15.000000000 -0400
|
||||
+++ libselinux-2.0.61/src/matchpathcon.c 2008-04-16 13:25:25.000000000 -0400
|
||||
@@ -2,6 +2,7 @@
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
@ -79,7 +20,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.61/src/selinux.py
|
||||
--- nsalibselinux/src/selinux.py 2008-01-23 14:36:29.000000000 -0500
|
||||
+++ libselinux-2.0.61/src/selinux.py 2008-04-10 16:21:08.000000000 -0400
|
||||
+++ libselinux-2.0.61/src/selinux.py 2008-04-16 13:25:25.000000000 -0400
|
||||
@@ -300,6 +300,204 @@
|
||||
selinux_file_context_cmp = _selinux.selinux_file_context_cmp
|
||||
selinux_file_context_verify = _selinux.selinux_file_context_verify
|
||||
@ -287,7 +228,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0
|
||||
SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.61/src/selinuxswig.i
|
||||
--- nsalibselinux/src/selinuxswig.i 2008-01-23 14:36:29.000000000 -0500
|
||||
+++ libselinux-2.0.61/src/selinuxswig.i 2008-04-10 16:20:59.000000000 -0400
|
||||
+++ libselinux-2.0.61/src/selinuxswig.i 2008-04-16 13:25:25.000000000 -0400
|
||||
@@ -5,6 +5,7 @@
|
||||
%module selinux
|
||||
%{
|
||||
@ -307,9 +248,33 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-
|
||||
%include "../include/selinux/get_default_type.h"
|
||||
%include "../include/selinux/get_context_list.h"
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.61/src/selinuxswig_python.i
|
||||
--- nsalibselinux/src/selinuxswig_python.i 2007-10-01 09:54:35.000000000 -0400
|
||||
+++ libselinux-2.0.61/src/selinuxswig_python.i 2008-04-16 13:25:25.000000000 -0400
|
||||
@@ -16,6 +16,20 @@
|
||||
$result = SWIG_Python_AppendOutput($result, list);
|
||||
}
|
||||
|
||||
+/* return a sid along with the result */
|
||||
+%typemap(argout) (security_id_t * sid) {
|
||||
+ if (*$1) {
|
||||
+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
|
||||
+ } else {
|
||||
+ Py_INCREF(Py_None);
|
||||
+ %append_output(Py_None);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
|
||||
+ $1 = &temp;
|
||||
+}
|
||||
+
|
||||
/* Makes security_compute_user() return a Python list of contexts */
|
||||
%typemap(argout) (security_context_t **con) {
|
||||
PyObject* plist;
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.61/src/selinuxswig_wrap.c
|
||||
--- nsalibselinux/src/selinuxswig_wrap.c 2008-01-23 14:36:29.000000000 -0500
|
||||
+++ libselinux-2.0.61/src/selinuxswig_wrap.c 2008-04-10 16:21:08.000000000 -0400
|
||||
+++ libselinux-2.0.61/src/selinuxswig_wrap.c 2008-04-16 13:25:25.000000000 -0400
|
||||
@@ -2458,21 +2458,36 @@
|
||||
|
||||
#define SWIGTYPE_p_SELboolean swig_types[0]
|
||||
|
@ -3,8 +3,8 @@
|
||||
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 2.0.61
|
||||
Release: 3%{?dist}
|
||||
Version: 2.0.64
|
||||
Release: 1%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Libraries
|
||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||
@ -137,6 +137,15 @@ exit 0
|
||||
%{python_sitearch}/selinux/*
|
||||
|
||||
%changelog
|
||||
* Tue Apr 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.64-1
|
||||
- Update to Upstream
|
||||
* Fixed selinux_set_callback man page.
|
||||
* Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.
|
||||
* Fix memory leaks in matchpathcon from Eamon Walsh.
|
||||
|
||||
* Wed Apr 16 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-4
|
||||
- Add Xavior Toth patch for security_id_t in swig
|
||||
|
||||
* Thu Apr 10 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-3
|
||||
- Add avc.h to swig code
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user