rpms/libselinux
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update to upstream

Browse Source 
Add per-service seuser support from Dan Walsh.
Let load_policy gracefully handle selinuxfs being mounted from Stephen
    Smalley.
Check /proc/filesystems before /proc/mounts for selinuxfs from Eric Paris.
This commit is contained in:
Daniel J Walsh 2009-07-07 16:26:11 +00:00
parent 94187eeda7
commit 23660c5dba
4 changed files with 42 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -166,3 +166,5 @@ libselinux-2.0.79.tgz
libselinux-2.0.80.tgz libselinux-2.0.80.tgz
libselinux-2.0.81.tgz libselinux-2.0.81.tgz
libselinux-2.0.82.tgz libselinux-2.0.82.tgz
libselinux-2.0.83.tgz
libselinux-2.0.84.tgz

149
libselinux-rhat.patch
View File

@ -1,24 +1,6 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-2.0.82/include/selinux/selinux.h diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.83/man/man8/selinuxconlist.8
--- nsalibselinux/include/selinux/selinux.h 2009-06-23 15:36:07.000000000 -0400
+++ libselinux-2.0.82/include/selinux/selinux.h 2009-06-23 15:49:12.000000000 -0400
@@ -547,6 +547,14 @@
Caller must free the returned strings via free. */
extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
+/* Get the SELinux username and level to use for a given Linux username and service.
+ These values may then be passed into the get_ordered_context_list*
+ and get_default_context* functions to obtain a context for the user.
+ Returns 0 on success or -1 otherwise.
+ Caller must free the returned strings via free. */
+extern int getseuser(const char *username, const char *service,
+ char **r_seuser, char **r_level);
+
/* Compare two file contexts, return 0 if equivalent. */
int selinux_file_context_cmp(const security_context_t a,
const security_context_t b);
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.82/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.82/man/man8/selinuxconlist.8 2009-06-23 15:49:12.000000000 -0400 +++ libselinux-2.0.83/man/man8/selinuxconlist.8 2009-07-07 12:22:39.298209000 -0400
@@ -0,0 +1,18 @@ @@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME" +.SH "NAME"
@ -38,9 +20,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib
+ +
+.SH "SEE ALSO" +.SH "SEE ALSO"
+secon(8), selinuxdefcon(8) +secon(8), selinuxdefcon(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.82/man/man8/selinuxdefcon.8 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.83/man/man8/selinuxdefcon.8
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.82/man/man8/selinuxdefcon.8 2009-06-23 15:49:12.000000000 -0400 +++ libselinux-2.0.83/man/man8/selinuxdefcon.8 2009-07-07 12:22:39.309211000 -0400
@@ -0,0 +1,19 @@ @@ -0,0 +1,19 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME" +.SH "NAME"
@ -61,9 +43,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs
+ +
+.SH "SEE ALSO" +.SH "SEE ALSO"
+secon(8), selinuxconlist(8) +secon(8), selinuxconlist(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.82/src/callbacks.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.83/src/callbacks.c
--- nsalibselinux/src/callbacks.c 2009-04-08 09:06:23.000000000 -0400 --- nsalibselinux/src/callbacks.c 2009-07-07 11:10:42.003951000 -0400
+++ libselinux-2.0.82/src/callbacks.c 2009-06-23 15:49:12.000000000 -0400 +++ libselinux-2.0.83/src/callbacks.c 2009-07-07 12:22:39.312210000 -0400
@@ -16,6 +16,7 @@ @@ -16,6 +16,7 @@
{ {
int rc; int rc;
@ -72,9 +54,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
va_start(ap, fmt); va_start(ap, fmt);
rc = vfprintf(stderr, fmt, ap); rc = vfprintf(stderr, fmt, ap);
va_end(ap); va_end(ap);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2.0.82/src/exception.sh diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2.0.83/src/exception.sh
--- nsalibselinux/src/exception.sh 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/src/exception.sh 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.82/src/exception.sh 2009-06-23 15:49:12.000000000 -0400 +++ libselinux-2.0.83/src/exception.sh 2009-07-07 12:22:39.318209000 -0400
@@ -0,0 +1,12 @@ @@ -0,0 +1,12 @@
+function except() { +function except() {
+echo " +echo "
@ -88,9 +70,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2
+" +"
+} +}
+for i in `grep "extern *int" ../include/selinux/selinux.h | awk '{ print $3 }' | cut -d '(' -f 1`; do except $i ; done +for i in `grep "extern *int" ../include/selinux/selinux.h | awk '{ print $3 }' | cut -d '(' -f 1`; do except $i ; done
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.82/src/Makefile diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.83/src/Makefile
--- nsalibselinux/src/Makefile 2009-06-23 15:36:07.000000000 -0400 --- nsalibselinux/src/Makefile 2009-07-07 11:10:41.995958000 -0400
+++ libselinux-2.0.82/src/Makefile 2009-06-23 15:50:58.000000000 -0400 +++ libselinux-2.0.83/src/Makefile 2009-07-07 12:22:39.322212000 -0400
@@ -82,6 +82,9 @@ @@ -82,6 +82,9 @@
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -lpthread -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -lpthread -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET) ln -sf $@ $(TARGET)
@ -121,9 +103,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.8
distclean: clean distclean: clean
rm -f $(GENERATED) $(SWIGFILES) rm -f $(GENERATED) $(SWIGFILES)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.82/src/matchpathcon.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.83/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500 --- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
+++ libselinux-2.0.82/src/matchpathcon.c 2009-06-23 15:49:12.000000000 -0400 +++ libselinux-2.0.83/src/matchpathcon.c 2009-07-07 12:22:39.328209000 -0400
@@ -2,6 +2,7 @@ @@ -2,6 +2,7 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
@ -141,9 +123,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
va_end(ap); va_end(ap);
} }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.82/src/selinux.py diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.83/src/selinux.py
--- nsalibselinux/src/selinux.py 2009-03-06 14:41:45.000000000 -0500 --- nsalibselinux/src/selinux.py 2009-01-13 08:09:54.000000000 -0500
+++ libselinux-2.0.82/src/selinux.py 2009-06-23 15:49:12.000000000 -0400 +++ libselinux-2.0.83/src/selinux.py 2009-07-07 12:22:39.337212000 -0400
@@ -1,12 +1,26 @@ @@ -1,12 +1,26 @@
# This file was automatically generated by SWIG (http://www.swig.org). # This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.35 -# Version 1.3.35
@ -2355,9 +2337,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0
+selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default +selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.82/src/selinuxswig.i diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.83/src/selinuxswig.i
--- nsalibselinux/src/selinuxswig.i 2009-03-12 08:48:48.000000000 -0400 --- nsalibselinux/src/selinuxswig.i 2009-07-07 11:10:42.024956000 -0400
+++ libselinux-2.0.82/src/selinuxswig.i 2009-06-23 15:49:12.000000000 -0400 +++ libselinux-2.0.83/src/selinuxswig.i 2009-07-07 12:22:39.343210000 -0400
@@ -4,11 +4,14 @@ @@ -4,11 +4,14 @@
%module selinux %module selinux
@ -2391,9 +2373,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-
+%include "../include/selinux/get_default_type.h" +%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/label.h" +%include "../include/selinux/label.h"
+%include "../include/selinux/selinux.h" +%include "../include/selinux/selinux.h"
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.82/src/selinuxswig_python.i diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.83/src/selinuxswig_python.i
--- nsalibselinux/src/selinuxswig_python.i 2009-03-06 14:41:45.000000000 -0500 --- nsalibselinux/src/selinuxswig_python.i 2009-01-13 08:09:54.000000000 -0500
+++ libselinux-2.0.82/src/selinuxswig_python.i 2009-06-23 15:49:12.000000000 -0400 +++ libselinux-2.0.83/src/selinuxswig_python.i 2009-07-07 12:22:39.355211000 -0400
@@ -21,6 +21,15 @@ @@ -21,6 +21,15 @@
map(restorecon, [os.path.join(dirname, fname) map(restorecon, [os.path.join(dirname, fname)
for fname in fnames]), None) for fname in fnames]), None)
@ -2416,9 +2398,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libs
+%include "selinuxswig_exception.i" +%include "selinuxswig_exception.i"
%include "selinuxswig.i" %include "selinuxswig.i"
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.82/src/selinuxswig_wrap.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.83/src/selinuxswig_wrap.c
--- nsalibselinux/src/selinuxswig_wrap.c 2009-03-06 14:41:45.000000000 -0500 --- nsalibselinux/src/selinuxswig_wrap.c 2009-01-13 08:09:54.000000000 -0500
+++ libselinux-2.0.82/src/selinuxswig_wrap.c 2009-06-23 15:49:12.000000000 -0400 +++ libselinux-2.0.83/src/selinuxswig_wrap.c 2009-07-07 12:22:39.385216000 -0400
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
/* ---------------------------------------------------------------------------- /* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org). * This file was automatically generated by SWIG (http://www.swig.org).
@ -16804,80 +16786,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
+#endif +#endif
} }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.82/src/seusers.c diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.83/utils/matchpathcon.c
--- nsalibselinux/src/seusers.c 2009-03-06 14:41:45.000000000 -0500 --- nsalibselinux/utils/matchpathcon.c 2009-07-07 11:10:42.033956000 -0400
+++ libselinux-2.0.82/src/seusers.c 2009-06-23 15:49:12.000000000 -0400 +++ libselinux-2.0.83/utils/matchpathcon.c 2009-07-07 12:22:39.395209000 -0400
@@ -243,3 +243,67 @@
*r_level = NULL;
return 0;
}
+
+int getseuser(const char *username, const char *service,
+ char **r_seuser, char **r_level) {
+ int ret = -1;
+ int len = 0;
+ char *seuser = NULL;
+ char *level = NULL;
+ char *buffer = NULL;
+ size_t size = 0;
+ size_t lineno = 0;
+ char *rec = NULL;
+ char *path=NULL;
+ if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), username) < 0)
+ goto err;
+ FILE *fp = fopen(path, "r");
+ free(path);
+ if (fp == NULL) goto err;
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ while (getline(&buffer, &size, fp) > 0) {
+ ++lineno;
+
+ if (strncmp(buffer, "*:", 2) == 0) {
+ free(rec);
+ rec = strdup(buffer);
+ continue;
+ }
+ len = strlen(service);
+ if ((strncmp(buffer, service, len) == 0) &&
+ (buffer[len] == ':')) {
+ free(rec);
+ rec = strdup(buffer);
+ break;
+ }
+ }
+
+ if (! rec) goto err;
+ seuser = strchr(rec, ':');
+ if (! seuser) goto err;
+
+ seuser++;
+ level = strchr(seuser, ':');
+ *level = 0;
+ level++;
+ *r_seuser = strdup(seuser);
+ if (! *r_seuser) goto err;
+
+ len = strlen(level);
+ if (len && level[len-1] == '\n')
+ level[len-1] = 0;
+
+ *r_level = strdup(level);
+ if (! *r_level) {
+ free(*r_seuser);
+ goto err;
+ }
+ ret = 0;
+
+ err:
+ free(buffer);
+ if (fp) fclose(fp);
+ free(rec);
+
+ return (ret ? getseuserbyname(username, r_seuser, r_level) : ret);
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.82/utils/matchpathcon.c
--- nsalibselinux/utils/matchpathcon.c 2009-05-18 13:53:14.000000000 -0400
+++ libselinux-2.0.82/utils/matchpathcon.c 2009-06-23 15:49:12.000000000 -0400
@@ -22,9 +22,13 @@ @@ -22,9 +22,13 @@
char *buf; char *buf;
int rc = matchpathcon(path, mode, &buf); int rc = matchpathcon(path, mode, &buf);

11
libselinux.spec
View File

@ -4,8 +4,8 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.0.82 Version: 2.0.84
Release: 2%{?dist} Release: 1%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
@ -165,6 +165,13 @@ exit 0
%{ruby_sitearch}/selinux.so %{ruby_sitearch}/selinux.so
%changelog %changelog
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.84-1
- Update to upstream
* Add per-service seuser support from Dan Walsh.
* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.
* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
Paris.
* Wed Jun 24 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.82-2 * Wed Jun 24 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.82-2
- Add provices ruby(selinux) - Add provices ruby(selinux)

2
sources
View File

@ -1 +1 @@
d5539180258f0a66bceb466aab806589 libselinux-2.0.82.tgz 952674efe604477d00b787c262da17e2 libselinux-2.0.84.tgz