libselinux-2.5-9

- Clarify is_selinux_mls_enabled() description
- Explain how to free policy type from selinux_getpolicytype()
- Compare absolute pathname in matchpathcon -V
- Add selinux_snapperd_contexts_path()
This commit is contained in:
Petr Lautrbach 2016-06-27 13:36:37 +02:00
parent b95f8bdd48
commit 27e80a61d2
2 changed files with 125 additions and 6 deletions

View File

@ -1,8 +1,12 @@
diff --git libselinux-2.5/ChangeLog libselinux-2.5/ChangeLog diff --git libselinux-2.5/ChangeLog libselinux-2.5/ChangeLog
index 24673dd..34d0ac7 100644 index 24673dd..2b81053 100644
--- libselinux-2.5/ChangeLog --- libselinux-2.5/ChangeLog
+++ libselinux-2.5/ChangeLog +++ libselinux-2.5/ChangeLog
@@ -1,3 +1,14 @@ @@ -1,3 +1,18 @@
+ * Clarify is_selinux_mls_enabled() description, from David King.
+ * Explain how to free policy type from selinux_getpolicytype(), from David King.
+ * Compare absolute pathname in matchpathcon -V, from Petr Lautrbach.
+ * Add selinux_snapperd_contexts_path(), from Petr Lautrbach.
+ * Modify audit2why analyze function to use loaded policy, from Joshua Brindle. + * Modify audit2why analyze function to use loaded policy, from Joshua Brindle.
+ * Sort object files for deterministic linking order, from Laurent Bigonville. + * Sort object files for deterministic linking order, from Laurent Bigonville.
+ * Respect CC and PKG_CONFIG environment variable, from Julien Pivotto. + * Respect CC and PKG_CONFIG environment variable, from Julien Pivotto.
@ -488,6 +492,18 @@ index 0000000..fed6de8
+func main() { +func main() {
+ selinux.Test() + selinux.Test()
+} +}
diff --git libselinux-2.5/include/selinux/selinux.h libselinux-2.5/include/selinux/selinux.h
index 2262086..3d8673f 100644
--- libselinux-2.5/include/selinux/selinux.h
+++ libselinux-2.5/include/selinux/selinux.h
@@ -544,6 +544,7 @@ extern const char *selinux_lxc_contexts_path(void);
extern const char *selinux_x_context_path(void);
extern const char *selinux_sepgsql_context_path(void);
extern const char *selinux_openssh_contexts_path(void);
+extern const char *selinux_snapperd_contexts_path(void);
extern const char *selinux_systemd_contexts_path(void);
extern const char *selinux_contexts_path(void);
extern const char *selinux_securetty_types_path(void);
diff --git libselinux-2.5/man/man3/avc_add_callback.3 libselinux-2.5/man/man3/avc_add_callback.3 diff --git libselinux-2.5/man/man3/avc_add_callback.3 libselinux-2.5/man/man3/avc_add_callback.3
index dbfe72d..bdbbadf 100644 index dbfe72d..bdbbadf 100644
--- libselinux-2.5/man/man3/avc_add_callback.3 --- libselinux-2.5/man/man3/avc_add_callback.3
@ -524,7 +540,7 @@ index 7353952..3e9fca8 100644
is set appropriately. is set appropriately.
diff --git libselinux-2.5/man/man3/is_selinux_enabled.3 libselinux-2.5/man/man3/is_selinux_enabled.3 diff --git libselinux-2.5/man/man3/is_selinux_enabled.3 libselinux-2.5/man/man3/is_selinux_enabled.3
index f02052c..b2df562 100644 index f02052c..df62c22 100644
--- libselinux-2.5/man/man3/is_selinux_enabled.3 --- libselinux-2.5/man/man3/is_selinux_enabled.3
+++ libselinux-2.5/man/man3/is_selinux_enabled.3 +++ libselinux-2.5/man/man3/is_selinux_enabled.3
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
@ -536,6 +552,17 @@ index f02052c..b2df562 100644
. .
.SH "SYNOPSIS" .SH "SYNOPSIS"
.B #include <selinux/selinux.h> .B #include <selinux/selinux.h>
@@ -18,7 +18,9 @@ returns 1 if SELinux is running or 0 if it is not.
On error, \-1 is returned.
.BR is_selinux_mls_enabled ()
-returns 1 if SELinux is running in MLS mode or 0 if it is not.
+returns 1 if SELinux is capable of running in MLS mode or 0 if it is not. To
+determine the policy in use on the system, use
+.BR selinux_getpolicytype (3).
.
.SH "SEE ALSO"
.BR selinux "(8)"
diff --git libselinux-2.5/man/man3/security_disable.3 libselinux-2.5/man/man3/security_disable.3 diff --git libselinux-2.5/man/man3/security_disable.3 libselinux-2.5/man/man3/security_disable.3
index c75ce0d..072923c 100644 index c75ce0d..072923c 100644
--- libselinux-2.5/man/man3/security_disable.3 --- libselinux-2.5/man/man3/security_disable.3
@ -549,6 +576,22 @@ index c75ce0d..072923c 100644
.sp .sp
This function can only be called at runtime and prior to the initial policy This function can only be called at runtime and prior to the initial policy
load. After the initial policy load, the SELinux kernel code cannot be disabled, load. After the initial policy load, the SELinux kernel code cannot be disabled,
diff --git libselinux-2.5/man/man3/selinux_getpolicytype.3 libselinux-2.5/man/man3/selinux_getpolicytype.3
index c947e2c..b219d42 100644
--- libselinux-2.5/man/man3/selinux_getpolicytype.3
+++ libselinux-2.5/man/man3/selinux_getpolicytype.3
@@ -13,7 +13,10 @@ Reads the contents of the
.I /etc/selinux/config
file to determine the SELinux policy used on the system, and sets
.I \%policytype
-accordinly.
+accordingly. Free
+.I \%policytype
+with
+.BR free (3).
.
.SH "RETURN VALUE"
On success, zero is returned.
diff --git libselinux-2.5/man/man3/selinux_status_open.3 libselinux-2.5/man/man3/selinux_status_open.3 diff --git libselinux-2.5/man/man3/selinux_status_open.3 libselinux-2.5/man/man3/selinux_status_open.3
index f779dd9..2d44be5 100644 index f779dd9..2d44be5 100644
--- libselinux-2.5/man/man3/selinux_status_open.3 --- libselinux-2.5/man/man3/selinux_status_open.3
@ -826,6 +869,18 @@ index b7cff7e..a58bf3f 100755
+${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < ../include/selinux/selinux.h +${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < ../include/selinux/selinux.h
for i in `awk '/<stdin>.*extern int/ { print $6 }' temp.aux`; do except $i ; done for i in `awk '/<stdin>.*extern int/ { print $6 }' temp.aux`; do except $i ; done
rm -f -- temp.aux -.o rm -f -- temp.aux -.o
diff --git libselinux-2.5/src/file_path_suffixes.h libselinux-2.5/src/file_path_suffixes.h
index d1f9b48..95b228b 100644
--- libselinux-2.5/src/file_path_suffixes.h
+++ libselinux-2.5/src/file_path_suffixes.h
@@ -24,6 +24,7 @@ S_(BINPOLICY, "/policy/policy")
S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context")
S_(LXC_CONTEXTS, "/contexts/lxc_contexts")
S_(OPENSSH_CONTEXTS, "/contexts/openssh_contexts")
+ S_(SNAPPERD_CONTEXTS, "/contexts/snapperd_contexts")
S_(SYSTEMD_CONTEXTS, "/contexts/systemd_contexts")
S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs")
S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist")
diff --git libselinux-2.5/src/fsetfilecon.c libselinux-2.5/src/fsetfilecon.c diff --git libselinux-2.5/src/fsetfilecon.c libselinux-2.5/src/fsetfilecon.c
index 52707d0..0cbe12d 100644 index 52707d0..0cbe12d 100644
--- libselinux-2.5/src/fsetfilecon.c --- libselinux-2.5/src/fsetfilecon.c
@ -962,7 +1017,7 @@ index 1d3b28a..ea6d70b 100644
char * ccontext = NULL; char * ccontext = NULL;
int err = errno; int err = errno;
diff --git libselinux-2.5/src/matchpathcon.c libselinux-2.5/src/matchpathcon.c diff --git libselinux-2.5/src/matchpathcon.c libselinux-2.5/src/matchpathcon.c
index 5b495a0..3868711 100644 index 5b495a0..a2f2c3e 100644
--- libselinux-2.5/src/matchpathcon.c --- libselinux-2.5/src/matchpathcon.c
+++ libselinux-2.5/src/matchpathcon.c +++ libselinux-2.5/src/matchpathcon.c
@@ -2,6 +2,7 @@ @@ -2,6 +2,7 @@
@ -982,6 +1037,24 @@ index 5b495a0..3868711 100644
va_end(ap); va_end(ap);
} }
@@ -470,6 +471,17 @@ int selinux_file_context_verify(const char *path, mode_t mode)
char * con = NULL;
char * fcontext = NULL;
int rc = 0;
+ char stackpath[PATH_MAX + 1];
+ char *p = NULL;
+
+ if (S_ISLNK(mode)) {
+ if (!realpath_not_final(path, stackpath))
+ path = stackpath;
+ } else {
+ p = realpath(path, stackpath);
+ if (p)
+ path = p;
+ }
rc = lgetfilecon_raw(path, &con);
if (rc == -1) {
diff --git libselinux-2.5/src/procattr.c libselinux-2.5/src/procattr.c diff --git libselinux-2.5/src/procattr.c libselinux-2.5/src/procattr.c
index 527a0a5..eee4612 100644 index 527a0a5..eee4612 100644
--- libselinux-2.5/src/procattr.c --- libselinux-2.5/src/procattr.c
@ -1032,6 +1105,46 @@ index 527a0a5..eee4612 100644
} }
all_selfattr_def(con, current) all_selfattr_def(con, current)
diff --git libselinux-2.5/src/selinux_config.c libselinux-2.5/src/selinux_config.c
index bec5f3b..c519a77 100644
--- libselinux-2.5/src/selinux_config.c
+++ libselinux-2.5/src/selinux_config.c
@@ -50,7 +50,8 @@
#define BOOLEAN_SUBS 27
#define OPENSSH_CONTEXTS 28
#define SYSTEMD_CONTEXTS 29
-#define NEL 30
+#define SNAPPERD_CONTEXTS 30
+#define NEL 31
/* Part of one-time lazy init */
static pthread_once_t once = PTHREAD_ONCE_INIT;
@@ -499,6 +500,13 @@ const char *selinux_openssh_contexts_path(void)
hidden_def(selinux_openssh_contexts_path)
+const char *selinux_snapperd_contexts_path(void)
+{
+ return get_path(SNAPPERD_CONTEXTS);
+}
+
+hidden_def(selinux_snapperd_contexts_path)
+
const char *selinux_systemd_contexts_path(void)
{
return get_path(SYSTEMD_CONTEXTS);
diff --git libselinux-2.5/src/selinux_internal.h libselinux-2.5/src/selinux_internal.h
index 46566f6..9b9145c 100644
--- libselinux-2.5/src/selinux_internal.h
+++ libselinux-2.5/src/selinux_internal.h
@@ -84,6 +84,7 @@ hidden_proto(selinux_mkload_policy)
hidden_proto(selinux_x_context_path)
hidden_proto(selinux_sepgsql_context_path)
hidden_proto(selinux_openssh_contexts_path)
+ hidden_proto(selinux_snapperd_contexts_path)
hidden_proto(selinux_systemd_contexts_path)
hidden_proto(selinux_path)
hidden_proto(selinux_check_passwd_access)
diff --git libselinux-2.5/src/setfilecon.c libselinux-2.5/src/setfilecon.c diff --git libselinux-2.5/src/setfilecon.c libselinux-2.5/src/setfilecon.c
index d05969c..3f0200e 100644 index d05969c..3f0200e 100644
--- libselinux-2.5/src/setfilecon.c --- libselinux-2.5/src/setfilecon.c

View File

@ -9,7 +9,7 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.5 Version: 2.5
Release: 8%{?dist} Release: 9%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
@ -20,7 +20,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run: # run:
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh libselinux # $ VERSION=2.5 ./make-fedora-selinux-patch.sh libselinux
# HEAD https://github.com/fedora-selinux/selinux/commit/9abe77e2a670f2f2dfb91f9cec46ee37f9c23995 # HEAD https://github.com/fedora-selinux/selinux/commit/bd50d00badba7a148d12879b6c736ea9f2d7ee2d
Patch1: libselinux-fedora.patch Patch1: libselinux-fedora.patch
Patch2: 0001-libselinux-Change-the-location-of-_selinux.so.patch Patch2: 0001-libselinux-Change-the-location-of-_selinux.so.patch
BuildRequires: pkgconfig python python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel BuildRequires: pkgconfig python python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel
@ -257,6 +257,12 @@ rm -rf %{buildroot}
%{ruby_vendorarchdir}/selinux.so %{ruby_vendorarchdir}/selinux.so
%changelog %changelog
* Mon Jun 27 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-9
- Clarify is_selinux_mls_enabled() description
- Explain how to free policy type from selinux_getpolicytype()
- Compare absolute pathname in matchpathcon -V
- Add selinux_snapperd_contexts_path()
* Fri Jun 24 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-8 * Fri Jun 24 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-8
- Move _selinux.so to /usr/lib64/python*/site-packages - Move _selinux.so to /usr/lib64/python*/site-packages