rpms/libselinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to upstream

Browse Source 
* Give correct names to mount points in load_policy by Dan Walsh.
	* Make sure selinux state is reported correctly if selinux is disabled or
	fails to load by Dan Walsh.
	* Fix crash if selinux_key_create was never called by Dan Walsh.
	* Add new file_context.subs_dist for distro specific filecon substitutions
	by Dan Walsh.
	* Update man pages for selinux_color_* functions by Richard Haines.
This commit is contained in:
Dan Walsh 2011-04-12 10:09:47 -04:00
parent 982b2e517d
commit 6db4df3c24
1 changed files with 2 additions and 232 deletions

234
libselinux-rhat.patch
View File

@ -1,25 +1,3 @@
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 0725b57..f110dcf 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -482,6 +482,7 @@ extern const char *selinux_file_context_path(void);
extern const char *selinux_file_context_homedir_path(void);
extern const char *selinux_file_context_local_path(void);
extern const char *selinux_file_context_subs_path(void);
+extern const char *selinux_file_context_subs_dist_path(void);
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
extern const char *selinux_virtual_domain_context_path(void);
@@ -514,6 +515,9 @@ extern int selinux_check_securetty_context(const security_context_t tty_context)
which performs the initial mount of selinuxfs. */
void set_selinuxmnt(char *mnt);
+/* clear selinuxmnt variable and free allocated memory */
+void fini_selinuxmnt(void);
+
/* Execute a helper for rpm in an appropriate security context. */
extern int rpm_execcon(unsigned int verified,
const char *filename,
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index bf665ab..ccd08ae 100644
--- a/libselinux/src/Makefile
@ -196,99 +174,8 @@ index b245364..7c47222 100644
va_start(ap, fmt);
rc = vfprintf(stderr, fmt, ap);
va_end(ap);
diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h
index ccf43e1..0b00156 100644
--- a/libselinux/src/file_path_suffixes.h
+++ b/libselinux/src/file_path_suffixes.h
@@ -23,4 +23,5 @@ S_(BINPOLICY, "/policy/policy")
S_(VIRTUAL_DOMAIN, "/contexts/virtual_domain_context")
S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context")
S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs")
+ S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist")
S_(SEPGSQL_CONTEXTS, "/contexts/sepgsql_contexts")
diff --git a/libselinux/src/init.c b/libselinux/src/init.c
index 1dd9838..a948920 100644
--- a/libselinux/src/init.c
+++ b/libselinux/src/init.c
@@ -96,12 +96,14 @@ static void init_selinuxmnt(void)
return;
}
-static void fini_selinuxmnt(void)
+void fini_selinuxmnt(void)
{
free(selinux_mnt);
selinux_mnt = NULL;
}
+hidden_def(fini_selinuxmnt)
+
void set_selinuxmnt(char *mnt)
{
selinux_mnt = strdup(mnt);
diff --git a/libselinux/src/label.c b/libselinux/src/label.c
index 2fd19c5..ba316df 100644
--- a/libselinux/src/label.c
+++ b/libselinux/src/label.c
@@ -56,12 +56,11 @@ static char *selabel_sub(struct selabel_sub *ptr, const char *src)
return NULL;
}
-static struct selabel_sub *selabel_subs_init(void)
+static struct selabel_sub *selabel_subs_init(const char *path,struct selabel_sub *list)
{
char buf[1024];
- FILE *cfg = fopen(selinux_file_context_subs_path(), "r");
+ FILE *cfg = fopen(path, "r");
struct selabel_sub *sub;
- struct selabel_sub *list = NULL;
if (cfg) {
while (fgets_unlocked(buf, sizeof(buf) - 1, cfg)) {
@@ -160,7 +159,10 @@ struct selabel_handle *selabel_open(unsigned int backend,
memset(rec, 0, sizeof(*rec));
rec->backend = backend;
rec->validating = selabel_is_validate_set(opts, nopts);
- rec->subs = selabel_subs_init();
+
+ rec->subs = NULL;
+ rec->subs = selabel_subs_init(selinux_file_context_subs_dist_path(), rec->subs);
+ rec->subs = selabel_subs_init(selinux_file_context_subs_path(), rec->subs);
if ((*initfuncs[backend])(rec, opts, nopts)) {
free(rec);
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index 36ce029..83d2143 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -329,7 +329,7 @@ int selinux_init_load_policy(int *enforce)
selinux_getenforcemode(&seconfig);
/* Check for an override of the mode via the kernel command line. */
- rc = mount("none", "/proc", "proc", 0, 0);
+ rc = mount("proc", "/proc", "proc", 0, 0);
cfg = fopen("/proc/cmdline", "r");
if (cfg) {
char *tmp;
@@ -369,7 +369,7 @@ int selinux_init_load_policy(int *enforce)
* Check for the existence of SELinux via selinuxfs, and
* mount it if present for use in the calls below.
*/
- if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0 && errno != EBUSY) {
+ if (mount("selinuxfs", SELINUXMNT, "selinuxfs", 0, 0) < 0 && errno != EBUSY) {
if (errno == ENODEV) {
/*
* SELinux was disabled in the kernel, either
@@ -398,6 +398,7 @@ int selinux_init_load_policy(int *enforce)
if (rc == 0) {
/* Successfully disabled, so umount selinuxfs too. */
umount(SELINUXMNT);
+ fini_selinuxmnt();
}
/*
* If we failed to disable, SELinux will still be
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
index f3e45af..da5cab9 100644
index 5fd8fe4..da5cab9 100644
--- a/libselinux/src/matchpathcon.c
+++ b/libselinux/src/matchpathcon.c
@@ -2,6 +2,7 @@
@ -299,15 +186,7 @@ index f3e45af..da5cab9 100644
#include "selinux_internal.h"
#include "label_internal.h"
#include "callbacks.h"
@@ -17,6 +18,7 @@ static __thread int con_array_used;
static pthread_once_t once = PTHREAD_ONCE_INIT;
static pthread_key_t destructor_key;
+static int destructor_key_initialized = 0;
static int add_array_elt(char *con)
{
@@ -60,7 +62,7 @@ static void
@@ -61,7 +62,7 @@ static void
{
va_list ap;
va_start(ap, fmt);
@ -316,23 +195,6 @@ index f3e45af..da5cab9 100644
va_end(ap);
}
@@ -292,12 +294,14 @@ static void matchpathcon_thread_destructor(void __attribute__((unused)) *ptr)
void __attribute__((destructor)) matchpathcon_lib_destructor(void)
{
- __selinux_key_delete(destructor_key);
+ if (destructor_key_initialized)
+ __selinux_key_delete(destructor_key);
}
static void matchpathcon_init_once(void)
{
- __selinux_key_create(&destructor_key, matchpathcon_thread_destructor);
+ if (__selinux_key_create(&destructor_key, matchpathcon_thread_destructor) == 0)
+ destructor_key_initialized = 1;
}
int matchpathcon_init_prefix(const char *path, const char *subset)
diff --git a/libselinux/src/selinux.py b/libselinux/src/selinux.py
index fd63a4f..705012c 100644
--- a/libselinux/src/selinux.py
@ -394,65 +256,6 @@ index fd63a4f..705012c 100644
def selinux_contexts_path():
return _selinux.selinux_contexts_path()
selinux_contexts_path = _selinux.selinux_contexts_path
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
index e040959..f4c33df 100644
--- a/libselinux/src/selinux_config.c
+++ b/libselinux/src/selinux_config.c
@@ -45,7 +45,8 @@
#define VIRTUAL_IMAGE 22
#define FILE_CONTEXT_SUBS 23
#define SEPGSQL_CONTEXTS 24
-#define NEL 25
+#define FILE_CONTEXT_SUBS_DIST 25
+#define NEL 26
/* Part of one-time lazy init */
static pthread_once_t once = PTHREAD_ONCE_INIT;
@@ -423,6 +424,12 @@ const char * selinux_file_context_subs_path(void) {
hidden_def(selinux_file_context_subs_path)
+const char * selinux_file_context_subs_dist_path(void) {
+ return get_path(FILE_CONTEXT_SUBS_DIST);
+}
+
+hidden_def(selinux_file_context_subs_dist_path)
+
const char *selinux_sepgsql_context_path()
{
return get_path(SEPGSQL_CONTEXTS);
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
index fdddfaf..806e87c 100644
--- a/libselinux/src/selinux_internal.h
+++ b/libselinux/src/selinux_internal.h
@@ -3,6 +3,7 @@
#include "dso.h"
hidden_proto(selinux_mkload_policy)
+ hidden_proto(fini_selinuxmnt)
hidden_proto(set_selinuxmnt)
hidden_proto(security_disable)
hidden_proto(security_policyvers)
@@ -65,6 +66,7 @@ hidden_proto(selinux_mkload_policy)
hidden_proto(selinux_file_context_path)
hidden_proto(selinux_file_context_homedir_path)
hidden_proto(selinux_file_context_local_path)
+ hidden_proto(selinux_file_context_subs_dist_path)
hidden_proto(selinux_file_context_subs_path)
hidden_proto(selinux_netfilter_context_path)
hidden_proto(selinux_homedir_context_path)
@@ -114,10 +116,7 @@ extern int selinux_page_size hidden;
/* Pthread key macros */
#define __selinux_key_create(KEY, DESTRUCTOR) \
- do { \
- if (pthread_key_create != NULL) \
- pthread_key_create(KEY, DESTRUCTOR); \
- } while (0)
+ (pthread_key_create != NULL ? pthread_key_create(KEY, DESTRUCTOR) : -1)
#define __selinux_key_delete(KEY) \
do { \
diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
index dea0e80..bb227e9 100644
--- a/libselinux/src/selinuxswig_python.i
@ -1537,36 +1340,3 @@ index e0884f6..b131d2e 100644
SWIG_Python_SetConstant(d, "SELINUX_AVD_FLAGS_PERMISSIVE",SWIG_From_int((int)(0x0001)));
SWIG_Python_SetConstant(d, "SELINUX_CB_LOG",SWIG_From_int((int)(0)));
SWIG_Python_SetConstant(d, "SELINUX_CB_AUDIT",SWIG_From_int((int)(1)));
diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c
index 4bdbe08..e074142 100644
--- a/libselinux/src/setrans_client.c
+++ b/libselinux/src/setrans_client.c
@@ -35,6 +35,7 @@ static __thread security_context_t prev_r2c_raw = NULL;
static pthread_once_t once = PTHREAD_ONCE_INIT;
static pthread_key_t destructor_key;
+static int destructor_key_initialized = 0;
static __thread char destructor_initialized;
/*
@@ -254,7 +255,8 @@ static void setrans_thread_destructor(void __attribute__((unused)) *unused)
void __attribute__((destructor)) setrans_lib_destructor(void)
{
- __selinux_key_delete(destructor_key);
+ if (destructor_key_initialized)
+ __selinux_key_delete(destructor_key);
}
static inline void init_thread_destructor(void)
@@ -267,7 +269,9 @@ static inline void init_thread_destructor(void)
static void init_context_translations(void)
{
- __selinux_key_create(&destructor_key, setrans_thread_destructor);
+ if (__selinux_key_create(&destructor_key, setrans_thread_destructor) == 0)
+ destructor_key_initialized = 1;
+
mls_enabled = is_selinux_mls_enabled();
}