libselinux-2.5-9
- Clarify is_selinux_mls_enabled() description - Explain how to free policy type from selinux_getpolicytype() - Compare absolute pathname in matchpathcon -V - Add selinux_snapperd_contexts_path()
This commit is contained in:
Petr Lautrbach
parent
b95f8bdd48
commit
27e80a61d2
@ -1,8 +1,12 @@
|
||||
diff --git libselinux-2.5/ChangeLog libselinux-2.5/ChangeLog
|
||||
index 24673dd..34d0ac7 100644
|
||||
index 24673dd..2b81053 100644
|
||||
--- libselinux-2.5/ChangeLog
|
||||
+++ libselinux-2.5/ChangeLog
|
||||
@@ -1,3 +1,14 @@
|
||||
@@ -1,3 +1,18 @@
|
||||
+ * Clarify is_selinux_mls_enabled() description, from David King.
|
||||
+ * Explain how to free policy type from selinux_getpolicytype(), from David King.
|
||||
+ * Compare absolute pathname in matchpathcon -V, from Petr Lautrbach.
|
||||
+ * Add selinux_snapperd_contexts_path(), from Petr Lautrbach.
|
||||
+ * Modify audit2why analyze function to use loaded policy, from Joshua Brindle.
|
||||
+ * Sort object files for deterministic linking order, from Laurent Bigonville.
|
||||
+ * Respect CC and PKG_CONFIG environment variable, from Julien Pivotto.
|
||||
@ -488,6 +492,18 @@ index 0000000..fed6de8
|
||||
+func main() {
|
||||
+ selinux.Test()
|
||||
+}
|
||||
diff --git libselinux-2.5/include/selinux/selinux.h libselinux-2.5/include/selinux/selinux.h
|
||||
index 2262086..3d8673f 100644
|
||||
--- libselinux-2.5/include/selinux/selinux.h
|
||||
+++ libselinux-2.5/include/selinux/selinux.h
|
||||
@@ -544,6 +544,7 @@ extern const char *selinux_lxc_contexts_path(void);
|
||||
extern const char *selinux_x_context_path(void);
|
||||
extern const char *selinux_sepgsql_context_path(void);
|
||||
extern const char *selinux_openssh_contexts_path(void);
|
||||
+extern const char *selinux_snapperd_contexts_path(void);
|
||||
extern const char *selinux_systemd_contexts_path(void);
|
||||
extern const char *selinux_contexts_path(void);
|
||||
extern const char *selinux_securetty_types_path(void);
|
||||
diff --git libselinux-2.5/man/man3/avc_add_callback.3 libselinux-2.5/man/man3/avc_add_callback.3
|
||||
index dbfe72d..bdbbadf 100644
|
||||
--- libselinux-2.5/man/man3/avc_add_callback.3
|
||||
@ -524,7 +540,7 @@ index 7353952..3e9fca8 100644
|
||||
is set appropriately.
|
||||
|
||||
diff --git libselinux-2.5/man/man3/is_selinux_enabled.3 libselinux-2.5/man/man3/is_selinux_enabled.3
|
||||
index f02052c..b2df562 100644
|
||||
index f02052c..df62c22 100644
|
||||
--- libselinux-2.5/man/man3/is_selinux_enabled.3
|
||||
+++ libselinux-2.5/man/man3/is_selinux_enabled.3
|
||||
@@ -3,7 +3,7 @@
|
||||
@ -536,6 +552,17 @@ index f02052c..b2df562 100644
|
||||
.
|
||||
.SH "SYNOPSIS"
|
||||
.B #include <selinux/selinux.h>
|
||||
@@ -18,7 +18,9 @@ returns 1 if SELinux is running or 0 if it is not.
|
||||
On error, \-1 is returned.
|
||||
|
||||
.BR is_selinux_mls_enabled ()
|
||||
-returns 1 if SELinux is running in MLS mode or 0 if it is not.
|
||||
+returns 1 if SELinux is capable of running in MLS mode or 0 if it is not. To
|
||||
+determine the policy in use on the system, use
|
||||
+.BR selinux_getpolicytype (3).
|
||||
.
|
||||
.SH "SEE ALSO"
|
||||
.BR selinux "(8)"
|
||||
diff --git libselinux-2.5/man/man3/security_disable.3 libselinux-2.5/man/man3/security_disable.3
|
||||
index c75ce0d..072923c 100644
|
||||
--- libselinux-2.5/man/man3/security_disable.3
|
||||
@ -549,6 +576,22 @@ index c75ce0d..072923c 100644
|
||||
.sp
|
||||
This function can only be called at runtime and prior to the initial policy
|
||||
load. After the initial policy load, the SELinux kernel code cannot be disabled,
|
||||
diff --git libselinux-2.5/man/man3/selinux_getpolicytype.3 libselinux-2.5/man/man3/selinux_getpolicytype.3
|
||||
index c947e2c..b219d42 100644
|
||||
--- libselinux-2.5/man/man3/selinux_getpolicytype.3
|
||||
+++ libselinux-2.5/man/man3/selinux_getpolicytype.3
|
||||
@@ -13,7 +13,10 @@ Reads the contents of the
|
||||
.I /etc/selinux/config
|
||||
file to determine the SELinux policy used on the system, and sets
|
||||
.I \%policytype
|
||||
-accordinly.
|
||||
+accordingly. Free
|
||||
+.I \%policytype
|
||||
+with
|
||||
+.BR free (3).
|
||||
.
|
||||
.SH "RETURN VALUE"
|
||||
On success, zero is returned.
|
||||
diff --git libselinux-2.5/man/man3/selinux_status_open.3 libselinux-2.5/man/man3/selinux_status_open.3
|
||||
index f779dd9..2d44be5 100644
|
||||
--- libselinux-2.5/man/man3/selinux_status_open.3
|
||||
@ -826,6 +869,18 @@ index b7cff7e..a58bf3f 100755
|
||||
+${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < ../include/selinux/selinux.h
|
||||
for i in `awk '/<stdin>.*extern int/ { print $6 }' temp.aux`; do except $i ; done
|
||||
rm -f -- temp.aux -.o
|
||||
diff --git libselinux-2.5/src/file_path_suffixes.h libselinux-2.5/src/file_path_suffixes.h
|
||||
index d1f9b48..95b228b 100644
|
||||
--- libselinux-2.5/src/file_path_suffixes.h
|
||||
+++ libselinux-2.5/src/file_path_suffixes.h
|
||||
@@ -24,6 +24,7 @@ S_(BINPOLICY, "/policy/policy")
|
||||
S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context")
|
||||
S_(LXC_CONTEXTS, "/contexts/lxc_contexts")
|
||||
S_(OPENSSH_CONTEXTS, "/contexts/openssh_contexts")
|
||||
+ S_(SNAPPERD_CONTEXTS, "/contexts/snapperd_contexts")
|
||||
S_(SYSTEMD_CONTEXTS, "/contexts/systemd_contexts")
|
||||
S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs")
|
||||
S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist")
|
||||
diff --git libselinux-2.5/src/fsetfilecon.c libselinux-2.5/src/fsetfilecon.c
|
||||
index 52707d0..0cbe12d 100644
|
||||
--- libselinux-2.5/src/fsetfilecon.c
|
||||
@ -962,7 +1017,7 @@ index 1d3b28a..ea6d70b 100644
|
||||
char * ccontext = NULL;
|
||||
int err = errno;
|
||||
diff --git libselinux-2.5/src/matchpathcon.c libselinux-2.5/src/matchpathcon.c
|
||||
index 5b495a0..3868711 100644
|
||||
index 5b495a0..a2f2c3e 100644
|
||||
--- libselinux-2.5/src/matchpathcon.c
|
||||
+++ libselinux-2.5/src/matchpathcon.c
|
||||
@@ -2,6 +2,7 @@
|
||||
@ -982,6 +1037,24 @@ index 5b495a0..3868711 100644
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
@@ -470,6 +471,17 @@ int selinux_file_context_verify(const char *path, mode_t mode)
|
||||
char * con = NULL;
|
||||
char * fcontext = NULL;
|
||||
int rc = 0;
|
||||
+ char stackpath[PATH_MAX + 1];
|
||||
+ char *p = NULL;
|
||||
+
|
||||
+ if (S_ISLNK(mode)) {
|
||||
+ if (!realpath_not_final(path, stackpath))
|
||||
+ path = stackpath;
|
||||
+ } else {
|
||||
+ p = realpath(path, stackpath);
|
||||
+ if (p)
|
||||
+ path = p;
|
||||
+ }
|
||||
|
||||
rc = lgetfilecon_raw(path, &con);
|
||||
if (rc == -1) {
|
||||
diff --git libselinux-2.5/src/procattr.c libselinux-2.5/src/procattr.c
|
||||
index 527a0a5..eee4612 100644
|
||||
--- libselinux-2.5/src/procattr.c
|
||||
@ -1032,6 +1105,46 @@ index 527a0a5..eee4612 100644
|
||||
}
|
||||
|
||||
all_selfattr_def(con, current)
|
||||
diff --git libselinux-2.5/src/selinux_config.c libselinux-2.5/src/selinux_config.c
|
||||
index bec5f3b..c519a77 100644
|
||||
--- libselinux-2.5/src/selinux_config.c
|
||||
+++ libselinux-2.5/src/selinux_config.c
|
||||
@@ -50,7 +50,8 @@
|
||||
#define BOOLEAN_SUBS 27
|
||||
#define OPENSSH_CONTEXTS 28
|
||||
#define SYSTEMD_CONTEXTS 29
|
||||
-#define NEL 30
|
||||
+#define SNAPPERD_CONTEXTS 30
|
||||
+#define NEL 31
|
||||
|
||||
/* Part of one-time lazy init */
|
||||
static pthread_once_t once = PTHREAD_ONCE_INIT;
|
||||
@@ -499,6 +500,13 @@ const char *selinux_openssh_contexts_path(void)
|
||||
|
||||
hidden_def(selinux_openssh_contexts_path)
|
||||
|
||||
+const char *selinux_snapperd_contexts_path(void)
|
||||
+{
|
||||
+ return get_path(SNAPPERD_CONTEXTS);
|
||||
+}
|
||||
+
|
||||
+hidden_def(selinux_snapperd_contexts_path)
|
||||
+
|
||||
const char *selinux_systemd_contexts_path(void)
|
||||
{
|
||||
return get_path(SYSTEMD_CONTEXTS);
|
||||
diff --git libselinux-2.5/src/selinux_internal.h libselinux-2.5/src/selinux_internal.h
|
||||
index 46566f6..9b9145c 100644
|
||||
--- libselinux-2.5/src/selinux_internal.h
|
||||
+++ libselinux-2.5/src/selinux_internal.h
|
||||
@@ -84,6 +84,7 @@ hidden_proto(selinux_mkload_policy)
|
||||
hidden_proto(selinux_x_context_path)
|
||||
hidden_proto(selinux_sepgsql_context_path)
|
||||
hidden_proto(selinux_openssh_contexts_path)
|
||||
+ hidden_proto(selinux_snapperd_contexts_path)
|
||||
hidden_proto(selinux_systemd_contexts_path)
|
||||
hidden_proto(selinux_path)
|
||||
hidden_proto(selinux_check_passwd_access)
|
||||
diff --git libselinux-2.5/src/setfilecon.c libselinux-2.5/src/setfilecon.c
|
||||
index d05969c..3f0200e 100644
|
||||
--- libselinux-2.5/src/setfilecon.c
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 2.5
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Libraries
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
@ -20,7 +20,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
|
||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||
# run:
|
||||
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh libselinux
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/9abe77e2a670f2f2dfb91f9cec46ee37f9c23995
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/bd50d00badba7a148d12879b6c736ea9f2d7ee2d
|
||||
Patch1: libselinux-fedora.patch
|
||||
Patch2: 0001-libselinux-Change-the-location-of-_selinux.so.patch
|
||||
BuildRequires: pkgconfig python python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel
|
||||
@ -257,6 +257,12 @@ rm -rf %{buildroot}
|
||||
%{ruby_vendorarchdir}/selinux.so
|
||||
|
||||
%changelog
|
||||
* Mon Jun 27 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-9
|
||||
- Clarify is_selinux_mls_enabled() description
|
||||
- Explain how to free policy type from selinux_getpolicytype()
|
||||
- Compare absolute pathname in matchpathcon -V
|
||||
- Add selinux_snapperd_contexts_path()
|
||||
|
||||
* Fri Jun 24 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-8
|
||||
- Move _selinux.so to /usr/lib64/python*/site-packages
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user