rpms/libselinux
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update to upstream

Browse Source 
Change the AVC to only audit the permissions specified by the policy,
    excluding any permissions specified via dontaudit or not specified via
    auditallow.
Fix compilation of label_file.c with latest glibc headers.
This commit is contained in:
Daniel J Walsh 2010-02-24 19:12:12 +00:00
parent de078cb3d5
commit 68c8d967fd
4 changed files with 83 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -174,3 +174,4 @@ libselinux-2.0.87.tgz
libselinux-2.0.88.tgz libselinux-2.0.88.tgz
libselinux-2.0.89.tgz libselinux-2.0.89.tgz
libselinux-2.0.90.tgz libselinux-2.0.90.tgz
libselinux-2.0.91.tgz

85
libselinux-rhat.patch
View File

@ -61,32 +61,79 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
va_end(ap); va_end(ap);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-2.0.90/src/init.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-2.0.90/src/init.c
--- nsalibselinux/src/init.c 2009-07-14 11:16:03.000000000 -0400 --- nsalibselinux/src/init.c 2009-07-14 11:16:03.000000000 -0400
+++ libselinux-2.0.90/src/init.c 2010-01-18 16:52:28.000000000 -0500 +++ libselinux-2.0.90/src/init.c 2010-02-22 11:04:16.000000000 -0500
@@ -59,8 +59,10 @@ @@ -23,7 +23,7 @@
static void init_selinuxmnt(void)
{
char *buf=NULL, *p;
- FILE *fp;
+ FILE *fp=NULL;
struct statfs sfbuf;
int rc;
size_t len;
@@ -57,16 +57,17 @@
break;
} }
fclose(fp); }
- fclose(fp);
- if (!exists) - if (!exists)
+ if (!exists) { - return;
+ free(buf); + if (!exists)
return; + goto out;
+ } +
+ fclose(fp);
/* At this point, the usual spot doesn't have an selinuxfs so /* At this point, the usual spot doesn't have an selinuxfs so
* we look around for it */ * we look around for it */
diff --exclude-from=exclude -N -u -r nsalibselinux/src/label_file.c libselinux-2.0.90/src/label_file.c fp = fopen("/proc/mounts", "r");
--- nsalibselinux/src/label_file.c 2009-05-18 13:53:14.000000000 -0400 if (!fp)
+++ libselinux-2.0.90/src/label_file.c 2010-01-18 16:53:54.000000000 -0500 - return;
@@ -20,6 +20,9 @@ + goto out;
#include "callbacks.h"
#include "label_internal.h"
+#include <sys/types.h> __fsetlocking(fp, FSETLOCKING_BYCALLER);
+#include <sys/stat.h> while ((num = getline(&buf, &len, fp)) != -1) {
+ @@ -90,7 +91,8 @@
/*
* Internals, mostly moved over from matchpathcon.c out:
*/ free(buf);
- fclose(fp);
+ if (fp)
+ fclose(fp);
return;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/libselinux.pc.in libselinux-2.0.90/src/libselinux.pc.in
--- nsalibselinux/src/libselinux.pc.in 2009-11-02 12:58:30.000000000 -0500
+++ libselinux-2.0.90/src/libselinux.pc.in 2010-02-18 10:02:46.000000000 -0500
@@ -1,6 +1,6 @@
prefix=@prefix@
exec_prefix=${prefix}
-libdir=${exec_prefix}/lib
+libdir=${exec_prefix}/@libdir@
includedir=@includedir@
Name: libselinux
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.90/src/Makefile
--- nsalibselinux/src/Makefile 2009-12-01 15:46:50.000000000 -0500
+++ libselinux-2.0.90/src/Makefile 2010-02-18 10:20:27.000000000 -0500
@@ -11,6 +11,7 @@
RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM')
RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+LIBBASE=$(shell basename $(LIBDIR))
VERSION = $(shell cat ../VERSION)
LIBVERSION = 1
@@ -85,7 +86,7 @@
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in
- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
selinuxswig_python_exception.i: ../include/selinux/selinux.h
bash exception.sh > $@
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.90/src/matchpathcon.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.90/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500 --- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.90/src/matchpathcon.c 2010-01-18 16:52:28.000000000 -0500 +++ libselinux-2.0.90/src/matchpathcon.c 2010-01-18 16:52:28.000000000 -0500

17
libselinux.spec
View File

@ -4,8 +4,8 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.0.90 Version: 2.0.91
Release: 3%{?dist} Release: 1%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
@ -166,6 +166,19 @@ exit 0
%{ruby_sitearch}/selinux.so %{ruby_sitearch}/selinux.so
%changelog %changelog
* Wed Feb 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.91-1
- Update to upstream
* Change the AVC to only audit the permissions specified by the
policy, excluding any permissions specified via dontaudit or not
specified via auditallow.
* Fix compilation of label_file.c with latest glibc headers.
* Mon Feb 22 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-5
- Fix potential doublefree on init
* Thu Feb 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-4
- Fix libselinux.pc
* Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-3 * Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-3
- Fix man page for selinuxdefcon - Fix man page for selinuxdefcon

2
sources
View File

@ -1 +1 @@
87c744d919d632502ca91ca213c2168f libselinux-2.0.90.tgz 17f7d791eba17ded16177dcb710ac7b9 libselinux-2.0.91.tgz