- Upgrade to upstream

Merged userspace AVC patch to follow kernel's behavior for permissive mode
    in caching previous denials from Eamon Walsh.
Merged sidput(NULL) patch from Eamon Walsh.
This commit is contained in:
Daniel J Walsh 2007-04-09 19:50:05 +00:00
parent ff4b4da61f
commit 47b511b094
4 changed files with 49 additions and 123 deletions

View File

@ -114,3 +114,4 @@ libselinux-2.0.5.tgz
libselinux-2.0.7.tgz
libselinux-2.0.8.tgz
libselinux-2.0.9.tgz
libselinux-2.0.11.tgz

View File

@ -1,18 +1,31 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-2.0.9/man/man8/matchpathcon.8
--- nsalibselinux/man/man8/matchpathcon.8 2007-01-17 11:11:35.000000000 -0500
+++ libselinux-2.0.9/man/man8/matchpathcon.8 2007-04-05 13:20:43.000000000 -0400
@@ -28,4 +28,4 @@
.SH "SEE ALSO"
.BR selinux "(8), "
-.BR mathpathcon "(3), "
+.BR matchpathcon "(3), "
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.9/src/selinuxswig.i
--- nsalibselinux/src/selinuxswig.i 2007-02-22 08:53:23.000000000 -0500
+++ libselinux-2.0.9/src/selinuxswig.i 2007-04-05 11:53:17.000000000 -0400
@@ -115,9 +115,34 @@
+++ libselinux-2.0.9/src/selinuxswig.i 2007-04-05 16:47:42.000000000 -0400
@@ -115,9 +115,38 @@
extern const char *selinux_path(void);
extern int selinux_check_passwd_access(access_vector_t requested);
extern int checkPasswdAccess(access_vector_t requested);
+
+// This tells SWIG to treat char ** as a special case
+%typemap(in) char ** {
+%typemap(python,in) char ** {
+ /* Check if is a list */
+ if (PyList_Check($input)) {
+ int size = PyList_Size($input);
+ int i = 0;
+ $1 = (char **) malloc((size+1)*sizeof(char *));
+ if ($1 == NULL) {
+ PyErr_SetString(PyExc_MemoryError,"Out of memory");
+ return NULL;
+ }
+ for (i = 0; i < size; i++) {
+ PyObject *o = PyList_GetItem($input,i);
+ if (PyString_Check(o))
@ -37,125 +50,32 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-
extern int is_context_customizable (security_context_t scontext);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.9/src/selinuxswig_wrap.c
--- nsalibselinux/src/selinuxswig_wrap.c 2007-02-22 08:53:23.000000000 -0500
+++ libselinux-2.0.9/src/selinuxswig_wrap.c 2007-04-05 11:45:04.000000000 -0400
@@ -4145,18 +4145,14 @@
PyObject *resultobj = 0;
unsigned int arg1 ;
char *arg2 = (char *) 0 ;
- char **arg3 ;
- char **arg4 ;
+ char **arg3 = (char **) 0 ;
+ char **arg4 = (char **) 0 ;
int result;
unsigned int val1 ;
int ecode1 = 0 ;
int res2 ;
char *buf2 = 0 ;
int alloc2 = 0 ;
- void *argp3 = 0 ;
- int res3 = 0 ;
- void *argp4 = 0 ;
- int res4 = 0 ;
PyObject * obj0 = 0 ;
PyObject * obj1 = 0 ;
PyObject * obj2 = 0 ;
@@ -4173,17 +4169,51 @@
SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'");
}
arg2 = (char *)(buf2);
- res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_p_char, 0 | 0 );
- if (!SWIG_IsOK(res3)) {
- SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "rpm_execcon" "', argument " "3"" of type '" "char *const []""'");
- }
- arg3 = (char **)(argp3);
- res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_p_char, 0 | 0 );
- if (!SWIG_IsOK(res4)) {
- SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "rpm_execcon" "', argument " "4"" of type '" "char *const []""'");
- }
- arg4 = (char **)(argp4);
- result = (int)rpm_execcon(arg1,(char const *)arg2,(char *const (*))arg3,(char *const (*))arg4);
+ {
+ /* Check if is a list */
+ if (PyList_Check(obj2)) {
+ int size = PyList_Size(obj2);
+ int i = 0;
+ arg3 = (char **) malloc((size+1)*sizeof(char *));
+ for (i = 0; i < size; i++) {
+ PyObject *o = PyList_GetItem(obj2,i);
+ if (PyString_Check(o))
+ arg3[i] = PyString_AsString(PyList_GetItem(obj2,i));
+ else {
+ PyErr_SetString(PyExc_TypeError,"list must contain strings");
+ free(arg3);
+ return NULL;
+ }
+ }
+ arg3[i] = 0;
+ } else {
+ PyErr_SetString(PyExc_TypeError,"not a list");
+ return NULL;
+ }
+ }
+ {
+ /* Check if is a list */
+ if (PyList_Check(obj3)) {
+ int size = PyList_Size(obj3);
+ int i = 0;
+ arg4 = (char **) malloc((size+1)*sizeof(char *));
+ for (i = 0; i < size; i++) {
+ PyObject *o = PyList_GetItem(obj3,i);
+ if (PyString_Check(o))
+ arg4[i] = PyString_AsString(PyList_GetItem(obj3,i));
+ else {
+ PyErr_SetString(PyExc_TypeError,"list must contain strings");
+ free(arg4);
+ return NULL;
+ }
+ }
+ arg4[i] = 0;
+ } else {
+ PyErr_SetString(PyExc_TypeError,"not a list");
+ return NULL;
+ }
+ }
+ result = (int)rpm_execcon(arg1,(char const *)arg2,arg3,arg4);
resultobj = SWIG_From_int((int)(result));
if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
return resultobj;
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getsebool.c libselinux-2.0.9/utils/getsebool.c
--- nsalibselinux/utils/getsebool.c 2006-11-16 17:15:17.000000000 -0500
+++ libselinux-2.0.9/utils/getsebool.c 2007-04-05 10:53:29.000000000 -0400
@@ -72,17 +72,23 @@
+++ libselinux-2.0.9/utils/getsebool.c 2007-04-05 16:57:51.000000000 -0400
@@ -14,7 +14,7 @@
int main(int argc, char **argv)
{
- int i, rc = 0, active, pending, len = 0, opt;
+ int i, get_all = 0, rc = 0, active, pending, len = 0, opt;
char **names;
while ((opt = getopt(argc, argv, "a")) > 0) {
@@ -39,6 +39,7 @@
printf("No booleans\n");
return 0;
}
+ get_all = 1;
break;
default:
usage(argv[0]);
@@ -72,6 +73,8 @@
for (i = 0; i < len; i++) {
active = security_get_boolean_active(names[i]);
if (active < 0) {
- fprintf(stderr, "Error getting active value for %s\n",
- names[i]);
- rc = -1;
- goto out;
+ if (errno != EACCES) {
+ fprintf(stderr, "Error getting active value for %s\n",
+ names[i]);
+ rc = -1;
+ goto out;
+ }
+ continue;
}
pending = security_get_boolean_pending(names[i]);
if (pending < 0) {
- fprintf(stderr, "Error getting pending value for %s\n",
- names[i]);
- rc = -1;
- goto out;
+ if (errno != EACCES) {
+ fprintf(stderr, "Error getting pending value for %s\n",
+ names[i]);
+ rc = -1;
+ goto out;
+ }
+ continue;
}
if (pending != active) {
printf("%s --> %s pending: %s\n", names[i],
+ if (get_all && errno == EACCES)
+ continue;
fprintf(stderr, "Error getting active value for %s\n",
names[i]);
rc = -1;

View File

@ -1,8 +1,8 @@
%define libsepolver 2.0.1-1
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.0.9
Release: 2%{?dist}
Version: 2.0.11
Release: 1%{?dist}
License: Public domain (uncopyrighted)
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@ -121,6 +121,11 @@ exit 0
%{_libdir}/python*/site-packages/selinux.py*
%changelog
* Mon Apr 9 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.11-1
- Upgrade to upstream
* Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh.
* Merged sidput(NULL) patch from Eamon Walsh.
* Thu Apr 5 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.9-2
- Make rpm_exec swig work

View File

@ -1 +1 @@
7db5494cb311293ac526bdd631fb6a45 libselinux-2.0.9.tgz
1ba54e7ad81fd4589bf4897260ee2071 libselinux-2.0.11.tgz