*** empty log message ***

This commit is contained in:
Daniel J Walsh 2007-08-03 20:06:53 +00:00
parent 44ef5d5d9f
commit 6e60f16b98
4 changed files with 16 additions and 916 deletions

View File

@ -124,3 +124,4 @@ libselinux-2.0.21.tgz
libselinux-2.0.22.tgz libselinux-2.0.22.tgz
libselinux-2.0.23.tgz libselinux-2.0.23.tgz
libselinux-2.0.24.tgz libselinux-2.0.24.tgz
libselinux-2.0.29.tgz

View File

@ -1,894 +1,3 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.24/include/selinux/av_permissions.h
--- nsalibselinux/include/selinux/av_permissions.h 2007-07-16 14:20:45.000000000 -0400
+++ libselinux-2.0.24/include/selinux/av_permissions.h 2007-07-23 10:21:34.000000000 -0400
@@ -290,12 +290,16 @@
#define NODE__RAWIP_RECV 0x00000010UL
#define NODE__RAWIP_SEND 0x00000020UL
#define NODE__ENFORCE_DEST 0x00000040UL
+#define NODE__DCCP_RECV 0x00000080UL
+#define NODE__DCCP_SEND 0x00000100UL
#define NETIF__TCP_RECV 0x00000001UL
#define NETIF__TCP_SEND 0x00000002UL
#define NETIF__UDP_RECV 0x00000004UL
#define NETIF__UDP_SEND 0x00000008UL
#define NETIF__RAWIP_RECV 0x00000010UL
#define NETIF__RAWIP_SEND 0x00000020UL
+#define NETIF__DCCP_RECV 0x00000040UL
+#define NETIF__DCCP_SEND 0x00000080UL
#define NETLINK_SOCKET__IOCTL 0x00000001UL
#define NETLINK_SOCKET__READ 0x00000002UL
#define NETLINK_SOCKET__WRITE 0x00000004UL
@@ -837,6 +841,8 @@
#define NSCD__SHMEMPWD 0x00000020UL
#define NSCD__SHMEMGRP 0x00000040UL
#define NSCD__SHMEMHOST 0x00000080UL
+#define NSCD__GETSERV 0x00000100UL
+#define NSCD__SHMEMSERV 0x00000200UL
#define ASSOCIATION__SENDTO 0x00000001UL
#define ASSOCIATION__RECVFROM 0x00000002UL
#define ASSOCIATION__SETCONTEXT 0x00000004UL
@@ -897,3 +903,28 @@
#define KEY__CREATE 0x00000040UL
#define CONTEXT__TRANSLATE 0x00000001UL
#define CONTEXT__CONTAINS 0x00000002UL
+#define DCCP_SOCKET__IOCTL 0x00000001UL
+#define DCCP_SOCKET__READ 0x00000002UL
+#define DCCP_SOCKET__WRITE 0x00000004UL
+#define DCCP_SOCKET__CREATE 0x00000008UL
+#define DCCP_SOCKET__GETATTR 0x00000010UL
+#define DCCP_SOCKET__SETATTR 0x00000020UL
+#define DCCP_SOCKET__LOCK 0x00000040UL
+#define DCCP_SOCKET__RELABELFROM 0x00000080UL
+#define DCCP_SOCKET__RELABELTO 0x00000100UL
+#define DCCP_SOCKET__APPEND 0x00000200UL
+#define DCCP_SOCKET__BIND 0x00000400UL
+#define DCCP_SOCKET__CONNECT 0x00000800UL
+#define DCCP_SOCKET__LISTEN 0x00001000UL
+#define DCCP_SOCKET__ACCEPT 0x00002000UL
+#define DCCP_SOCKET__GETOPT 0x00004000UL
+#define DCCP_SOCKET__SETOPT 0x00008000UL
+#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
+#define DCCP_SOCKET__RECVFROM 0x00020000UL
+#define DCCP_SOCKET__SENDTO 0x00040000UL
+#define DCCP_SOCKET__RECV_MSG 0x00080000UL
+#define DCCP_SOCKET__SEND_MSG 0x00100000UL
+#define DCCP_SOCKET__NAME_BIND 0x00200000UL
+#define DCCP_SOCKET__NODE_BIND 0x00400000UL
+#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
+#define MEMPROTECT__MMAP_ZERO 0x00000001UL
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libselinux-2.0.24/include/selinux/flask.h
--- nsalibselinux/include/selinux/flask.h 2007-07-16 14:20:45.000000000 -0400
+++ libselinux-2.0.24/include/selinux/flask.h 2007-07-23 10:21:34.000000000 -0400
@@ -64,6 +64,8 @@
#define SECCLASS_PACKET 57
#define SECCLASS_KEY 58
#define SECCLASS_CONTEXT 59
+#define SECCLASS_DCCP_SOCKET 60
+#define SECCLASS_MEMPROTECT 61
/*
* Security identifier indices for initial entities
diff --exclude-from=exclude -N -u -r nsalibselinux/Makefile libselinux-2.0.24/Makefile
--- nsalibselinux/Makefile 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/Makefile 2007-07-23 10:21:34.000000000 -0400
@@ -20,6 +20,9 @@
$(MAKE) -C src
$(MAKE) -C utils
+swigify: all
+ $(MAKE) -C src swigify
+
pywrap:
$(MAKE) -C src pywrap
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_add_callback.3 libselinux-2.0.24/man/man3/avc_add_callback.3
--- nsalibselinux/man/man3/avc_add_callback.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_add_callback.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,26 +6,26 @@
avc_add_callback \- additional event notification for SELinux userspace object managers.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_add_callback(int (*" callback ")(uint32_t " event ,
.in +\w'int avc_add_callback(int (*callback)('u
.BI "security_id_t " ssid ,
-.br
+
.BI "security_id_t " tsid ,
-.br
+
.BI "security_class_t " tclass ,
-.br
+
.BI "access_vector_t " perms ,
-.br
+
.BI "access_vector_t *" out_retained "),"
.in
.in +\w'int avc_add_callback('u
.BI "uint32_t " events ", security_id_t " ssid ,
-.br
+
.BI "security_id_t " tsid ", security_class_t " tclass ,
-.br
+
.BI "access_vector_t " perms ");"
.in
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_cache_stats.3 libselinux-2.0.24/man/man3/avc_cache_stats.3
--- nsalibselinux/man/man3/avc_cache_stats.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_cache_stats.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "void avc_av_stats(void);"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_compute_create.3 libselinux-2.0.24/man/man3/avc_compute_create.3
--- nsalibselinux/man/man3/avc_compute_create.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_compute_create.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
avc_compute_create \- obtain SELinux label for new object.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid ,
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_context_to_sid.3 libselinux-2.0.24/man/man3/avc_context_to_sid.3
--- nsalibselinux/man/man3/avc_context_to_sid.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_context_to_sid.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_has_perm.3 libselinux-2.0.24/man/man3/avc_has_perm.3
--- nsalibselinux/man/man3/avc_has_perm.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_has_perm.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");"
@@ -14,21 +14,21 @@
.BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid ,
.in +\w'int avc_has_perm('u
.BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
.BI "struct avc_entry_ref *" aeref ", void *" auditdata ");"
.in
.sp
.BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid ,
.in +\w'int avc_has_perm('u
.BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
.BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");"
.in
.sp
.BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid ,
.in +\w'void avc_audit('u
.BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
.BI "struct av_decision *" avd ", int " result ", void *" auditdata ");"
.in
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_init.3 libselinux-2.0.24/man/man3/avc_init.3
--- nsalibselinux/man/man3/avc_init.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/avc_init.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,17 +6,17 @@
avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_init(const char *" msgprefix ,
.in +\w'int avc_init('u
.BI "const struct avc_memory_callback *" mem_callbacks ,
-.br
+
.BI "const struct avc_log_callback *" log_callbacks ,
-.br
+
.BI "const struct avc_thread_callback *" thread_callbacks ,
-.br
+
.BI "const struct avc_lock_callback *" lock_callbacks ");"
.in
.sp
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_new.3 libselinux-2.0.24/man/man3/context_new.3
--- nsalibselinux/man/man3/context_new.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/context_new.3 2007-07-23 10:21:34.000000000 -0400
@@ -4,27 +4,27 @@
.SH "SYNOPSIS"
.B #include <selinux/context.h>
-.br
+
.B "context_t context_new(const char *" context_str );
-.br
+
.B "const char * context_str(context_t " con );
-.br
+
.B "void context_free(context_t " con );
-.br
+
.B "const char * context_type_get(context_t " con );
-.br
+
.B "const char * context_range_get(context_t " con );
-.br
+
.B "const char * context_role_get(context_t " con );
-.br
+
.B "const char * context_user_get(context_t " con );
-.br
+
.B "const char * context_type_set(context_t " con ", const char* " type);
-.br
+
.B "const char * context_range_set(context_t " con ", const char* " range);
-.br
+
.B "const char * context_role_set(context_t " con ", const char* " role );
-.br
+
.B "const char * context_user_set(context_t " con ", const char* " user );
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.24/man/man3/freecon.3
--- nsalibselinux/man/man3/freecon.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/freecon.3 2007-07-23 10:21:34.000000000 -0400
@@ -5,7 +5,7 @@
.B #include <selinux/selinux.h>
.sp
.BI "void freecon(security_context_t "con );
-.br
+
.BI "void freeconary(security_context_t *" con );
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getcon.3 libselinux-2.0.24/man/man3/getcon.3
--- nsalibselinux/man/man3/getcon.3 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man3/getcon.3 2007-07-23 10:21:34.000000000 -0400
@@ -1,21 +1,21 @@
.TH "getcon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
.SH "NAME"
getcon, getprevcon, getpidcon \- get SELinux security context of a process.
-.br
+
getpeercon - get security context of a peer socket.
-.br
+
setcon - set current security context of a process.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.BI "int getcon(security_context_t *" context );
-.br
+
.BI "int getprevcon(security_context_t *" context );
-.br
+
.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
-.br
+
.BI "int getpeercon(int " fd ", security_context_t *" context);
-.br
+
.BI "int setcon(security_context_t " context);
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libselinux-2.0.24/man/man3/getexeccon.3
--- nsalibselinux/man/man3/getexeccon.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/getexeccon.3 2007-07-23 10:21:34.000000000 -0400
@@ -1,16 +1,16 @@
.TH "getexeccon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
.SH "NAME"
getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
-.br
+
rpm_execcon \- run a helper for rpm in an appropriate security context
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.BI "int getexeccon(security_context_t *" context );
-.br
+
.BI "int setexeccon(security_context_t "context );
-.br
+
.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
.SH "DESCRIPTION"
@@ -26,16 +26,16 @@
setexeccon to reset to the default policy behavior.
The exec context is automatically reset after the next execve, so a
program doesn't need to explicitly sanitize it upon startup.
-.br
+
setexeccon can be applied prior to library
functions that internally perform an execve, e.g. execl*, execv*, popen,
in order to set an exec context for that operation.
-.br
+
Note: Signal handlers that perform an execve must take care to
save, reset, and restore the exec context to avoid unexpected behaviors.
-.br
+
.B rpm_execcon
runs a helper for rpm in an appropriate security context. The
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libselinux-2.0.24/man/man3/getfilecon.3
--- nsalibselinux/man/man3/getfilecon.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/getfilecon.3 2007-07-23 10:21:34.000000000 -0400
@@ -5,9 +5,9 @@
.B #include <selinux/selinux.h>
.sp
.BI "int getfilecon(const char *" path ", security_context_t *" con );
-.br
+
.BI "int lgetfilecon(const char *" path ", security_context_t *" con );
-.br
+
.BI "int fgetfilecon(int "fd ", security_context_t *" con );
.SH "DESCRIPTION"
.B getfilecon
@@ -22,7 +22,6 @@
is identical to getfilecon, only the open file pointed to by filedes (as
returned by open(2)) is interrogated in place of path.
-.br
The returned context should be freed with freecon if non-NULL.
.SH "RETURN VALUE"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 libselinux-2.0.24/man/man3/getfscreatecon.3
--- nsalibselinux/man/man3/getfscreatecon.3 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man3/getfscreatecon.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
.B #include <selinux/selinux.h>
.sp
.BI "int getfscreatecon(security_context_t *" con );
-.br
+
.BI "int setfscreatecon(security_context_t "context );
.SH "DESCRIPTION"
@@ -22,11 +22,11 @@
setfscreatecon to reset to the default policy behavior.
The fscreate context is automatically reset after the next execve, so a
program doesn't need to explicitly sanitize it upon startup.
-.br
+
setfscreatecon can be applied prior to library
functions that internally perform an file creation,
in order to set an file context on the objects.
-.br
+
Note: Signal handlers that perform an setfscreate must take care to
save, reset, and restore the fscreate context to avoid unexpected behaviors.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-2.0.24/man/man3/get_ordered_context_list.3
--- nsalibselinux/man/man3/get_ordered_context_list.3 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man3/get_ordered_context_list.3 2007-07-23 10:21:34.000000000 -0400
@@ -4,7 +4,7 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/get_context_list.h>
.sp
.BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getseuserbyname.3 libselinux-2.0.24/man/man3/getseuserbyname.3
--- nsalibselinux/man/man3/getseuserbyname.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/getseuserbyname.3 2007-07-23 10:21:34.000000000 -0400
@@ -12,7 +12,7 @@
then be passed to other libselinux functions such as
get_ordered_context_list_with_level and get_default_context_with_level.
-.br
+
The returned SELinux username and level should be freed by the caller
using free.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_context_customizable.3 libselinux-2.0.24/man/man3/is_context_customizable.3
--- nsalibselinux/man/man3/is_context_customizable.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/is_context_customizable.3 2007-07-23 10:21:34.000000000 -0400
@@ -8,7 +8,7 @@
.SH "DESCRIPTION"
.B is_context_customizable
-.br
+
This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that
administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libselinux-2.0.24/man/man3/matchmediacon.3
--- nsalibselinux/man/man3/matchmediacon.3 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man3/matchmediacon.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,14 +6,14 @@
.B #include <selinux/selinux.h>
.sp
.BI "int matchmediacon(const char *" media ", security_context_t *" con);"
-.br
+
.SH "DESCRIPTION"
-.br
+
.B matchmediacon
matches the specified media type with the media contexts configuration and sets the security context "con" to refer to the resulting context.
.sp
-.br
+
.B Note:
Caller must free returned security context "con" using freecon.
.SH "RETURN VALUE"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.24/man/man3/matchpathcon.3
--- nsalibselinux/man/man3/matchpathcon.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/matchpathcon.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,18 +6,18 @@
.B #include <selinux/selinux.h>
.sp
.BI "int matchpathcon_init(const char *" path ");"
-.br
+
.BI "int matchpathcon_fini(void);"
-.br
+
.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);
.sp
-.br
+
.BI "void set_matchpathcon_printf(void (*" f ")(const char *" fmt ", ...));"
-.br
+
.BI "void set_matchpathcon_invalidcon(int (*" f ")(const char *"path ", unsigned " lineno ", char * " context "));"
-.br
+
.BI "void set_matchpathcon_flags(unsigned int " flags ");"
-.br
+
.SH "DESCRIPTION"
.B matchpathcon_init
loads the file contexts configuration specified by
@@ -40,7 +40,7 @@
suffix are also looked up and loaded if present. These files provide
dynamically generated entries for user home directories and for local
customizations.
-.br
+
.sp
.B matchpathcon_fini
frees the memory allocated by a prior call to
@@ -49,7 +49,7 @@
.B matchpathcon_init
calls, or to free memory when finished using
.B matchpathcon.
-.br
+
.sp
.B matchpathcon
matches the specified pathname and mode against the file contexts
@@ -72,14 +72,14 @@
.I path,
defaulting to the active file contexts configuration.
.sp
-.br
+
.B set_matchpathcon_printf
sets the function used by
.B matchpathcon_init
when displaying errors about the file contexts configuration. If not set,
then this defaults to fprintf(stderr, fmt, ...). This can be set to redirect
error reporting to a different destination.
-.br
+
.sp
.B set_matchpathcon_invalidcon
sets the function used by
@@ -100,7 +100,7 @@
and
.I lineno
in such error messages.
-.br
+
.sp
.B set_matchpathcon_flags
sets flags controlling the operation of
@@ -111,7 +111,7 @@
.B MATCHPATHCON_BASEONLY
flag is set, then only the base file contexts configuration file
will be processed, not any dynamically generated entries or local customizations.
-.br
+
.sp
.SH "RETURN VALUE"
Returns 0 on success or -1 otherwise.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_class_to_string.3 libselinux-2.0.24/man/man3/security_class_to_string.3
--- nsalibselinux/man/man3/security_class_to_string.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/security_class_to_string.3 2007-07-23 10:21:34.000000000 -0400
@@ -8,7 +8,7 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/flask.h>
.sp
.BI "const char * security_class_to_string(security_class_t " tclass ");"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_compute_av.3 libselinux-2.0.24/man/man3/security_compute_av.3
--- nsalibselinux/man/man3/security_compute_av.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/security_compute_av.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/flask.h>
.sp
.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_getenforce.3 libselinux-2.0.24/man/man3/security_getenforce.3
--- nsalibselinux/man/man3/security_getenforce.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/security_getenforce.3 2007-07-23 10:21:34.000000000 -0400
@@ -5,7 +5,7 @@
.B #include <selinux/selinux.h>
.sp
.B int security_getenforce();
-.br
+
.BI "int security_setenforce(int "value );
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_booleans.3 libselinux-2.0.24/man/man3/security_load_booleans.3
--- nsalibselinux/man/man3/security_load_booleans.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/security_load_booleans.3 2007-07-23 10:21:34.000000000 -0400
@@ -7,15 +7,15 @@
.B #include <selinux/selinux.h>
.sp
extern int security_load_booleans(char *path);
-.br
+
extern int security_get_boolean_names(char ***names, int *len);
-.br
+
extern int security_get_boolean_pending(const char *name);
-.br
+
extern int security_get_boolean_active(const char *name);
-.br
+
extern int security_set_boolean(const char *name, int value);
-.br
+
extern int security_commit_booleans(void);
@@ -29,27 +29,27 @@
The SELinux API allows for a transaction based update. So you can set several boolean values and the commit them all at once.
security_load_booleans
-.br
+
Load policy boolean settings. Path may be NULL, in which case the booleans are loaded from the active policy boolean configuration file.
security_get_boolean_names
-.br
+
Returns a list of boolean names, currently supported by the loaded policy.
security_set_boolean
-.br
+
Sets the pending value for boolean
security_get_boolean_pending
-.br
+
Return pending value for boolean
security_get_boolean_active
-.br
+
Return active value for boolean
security_commit_booleans
-.br
+
Commit all pending values for the booleans.
.SH AUTHOR
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_lookup.3 libselinux-2.0.24/man/man3/selabel_lookup.3
--- nsalibselinux/man/man3/selabel_lookup.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/selabel_lookup.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,20 +6,20 @@
selabel_lookup \- obtain SELinux security context from a string label.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup('u
.BI "security_context_t *" context ,
-.br
+
.BI "const char *" key ", int " type ");"
.in
.sp
.BI "int selabel_lookup_raw(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup_raw('u
.BI "security_context_t *" context ,
-.br
+
.BI "const char *" key ", int " type ");"
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_open.3 libselinux-2.0.24/man/man3/selabel_open.3
--- nsalibselinux/man/man3/selabel_open.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/selabel_open.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,13 +6,13 @@
selabel_open, selabel_close \- userspace SELinux labeling interface.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "struct selabel_handle *selabel_open(int " backend ,
.in +\w'struct selabel_handle *selabel_open('u
.BI "struct selinux_opt *" options ,
-.br
+
.BI "unsigned " nopt ");"
.in
.sp
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_stats.3 libselinux-2.0.24/man/man3/selabel_stats.3
--- nsalibselinux/man/man3/selabel_stats.3 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man3/selabel_stats.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,7 +6,7 @@
selabel_stats \- obtain SELinux labeling statistics.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "void selabel_lookup(struct selabel_handle *" hnd ");"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-2.0.24/man/man3/selinux_binary_policy_path.3
--- nsalibselinux/man/man3/selinux_binary_policy_path.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/selinux_binary_policy_path.3 2007-07-23 10:21:34.000000000 -0400
@@ -10,27 +10,27 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-.br
+
extern const char *selinux_policy_root(void);
-.br
+
extern const char *selinux_binary_policy_path(void);
-.br
+
extern const char *selinux_failsafe_context_path(void);
-.br
+
extern const char *selinux_removable_context_path(void);
-.br
+
extern const char *selinux_default_context_path(void);
-.br
+
extern const char *selinux_user_contexts_path(void);
-.br
+
extern const char *selinux_file_context_path(void);
-.br
+
extern const char *selinux_media_context_path(void);
-.br
+
extern const char *selinux_securetty_types_path(void);
-.br
+
extern const char *selinux_contexts_path(void);
-.br
+
extern const char *selinux_booleans_path(void);
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getenforcemode.3 libselinux-2.0.24/man/man3/selinux_getenforcemode.3
--- nsalibselinux/man/man3/selinux_getenforcemode.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/selinux_getenforcemode.3 2007-07-23 10:21:34.000000000 -0400
@@ -5,13 +5,13 @@
.B #include <selinux/selinux.h>
.sp
.B int selinux_getenforcemode(int *enforce);
-.br
+
.SH "DESCRIPTION"
.B selinux_getenforcemode
Reads the contents of the /etc/selinux/config file to determine how the
system was setup to run SELinux.
-.br
+
Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
Sets the value of enforce to 0 if SELinux should be run in permissive mode.
Sets the value of enforce to -1 if SELinux should be disabled.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_policy_root.3 libselinux-2.0.24/man/man3/selinux_policy_root.3
--- nsalibselinux/man/man3/selinux_policy_root.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/selinux_policy_root.3 2007-07-23 10:21:34.000000000 -0400
@@ -5,7 +5,7 @@
.B #include <selinux/selinux.h>
.sp
.B char *selinux_policy_root();
-.br
+
.SH "DESCRIPTION"
.B selinux_policy_root
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_set_callback.3 libselinux-2.0.24/man/man3/selinux_set_callback.3
--- nsalibselinux/man/man3/selinux_set_callback.3 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man3/selinux_set_callback.3 2007-07-23 10:21:34.000000000 -0400
@@ -39,11 +39,11 @@
argument indicates the type of message and will be set to one of the following:
.B SELINUX_ERROR
-.br
+
.B SELINUX_WARNING
-.br
+
.B SELINUX_INFO
-.br
+
.B SELINUX_AVC
.TP
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setfilecon.3 libselinux-2.0.24/man/man3/setfilecon.3
--- nsalibselinux/man/man3/setfilecon.3 2007-07-16 14:20:47.000000000 -0400
+++ libselinux-2.0.24/man/man3/setfilecon.3 2007-07-23 10:21:34.000000000 -0400
@@ -6,9 +6,9 @@
.B #include <selinux/selinux.h>
.sp
.BI "int setfilecon(const char *" path ", security_context_t "con );
-.br
+
.BI "int lsetfilecon(const char *" path ", security_context_t "con );
-.br
+
.BI "int fsetfilecon(int "fd ", security_context_t "con );
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_file.5 libselinux-2.0.24/man/man5/selabel_file.5
--- nsalibselinux/man/man5/selabel_file.5 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man5/selabel_file.5 2007-07-23 10:21:34.000000000 -0400
@@ -6,13 +6,13 @@
selabel_file \- userspace SELinux labeling interface: file contexts backend.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup('u
.BI "security_context_t *" context ,
-.br
+
.BI "const char *" path ", int " mode ");"
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_media.5 libselinux-2.0.24/man/man5/selabel_media.5
--- nsalibselinux/man/man5/selabel_media.5 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man5/selabel_media.5 2007-07-23 10:21:34.000000000 -0400
@@ -6,13 +6,13 @@
selabel_media \- userspace SELinux labeling interface: media contexts backend.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup('u
.BI "security_context_t *" context ,
-.br
+
.BI "const char *" device_name ", int " unused ");"
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_x.5 libselinux-2.0.24/man/man5/selabel_x.5
--- nsalibselinux/man/man5/selabel_x.5 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man5/selabel_x.5 2007-07-23 10:21:34.000000000 -0400
@@ -6,13 +6,13 @@
selabel_x \- userspace SELinux labeling interface: X Window System contexts backend.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup('u
.BI "security_context_t *" context ,
-.br
+
.BI "const char *" object_name ", int " object_type ");"
.SH "DESCRIPTION"
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-2.0.24/man/man8/matchpathcon.8
--- nsalibselinux/man/man8/matchpathcon.8 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man8/matchpathcon.8 2007-07-23 10:21:34.000000000 -0400
@@ -10,16 +10,16 @@
.SH OPTIONS
.B \-n
Do not display path.
-.br
+
.B \-N
Do not use translations.
-.br
+
.B \-f file_context_file
Use alternate file_context file
-.br
+
.B \-p prefix
Use prefix to speed translations
-.br
+
.B \-V
Verify file context on disk matches defaults
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-2.0.24/man/man8/selinux.8
--- nsalibselinux/man/man8/selinux.8 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/man/man8/selinux.8 2007-07-23 10:21:34.000000000 -0400
@@ -62,14 +62,13 @@
.B system-config-securitylevel
allows customization of these booleans and tunables.
-.br
Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
.SH FILE LABELING
All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
-.br
+
The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
.SH AUTHOR
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.24/src/matchpathcon.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.24/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2007-07-16 14:20:46.000000000 -0400 --- nsalibselinux/src/matchpathcon.c 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/src/matchpathcon.c 2007-07-23 10:21:34.000000000 -0400 +++ libselinux-2.0.24/src/matchpathcon.c 2007-07-23 10:21:34.000000000 -0400
@ -901,24 +10,3 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
void set_matchpathcon_printf(void (*f) (const char *fmt, ...)) void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
{ {
diff --exclude-from=exclude -N -u -r nsalibselinux/src/stringrep.c libselinux-2.0.24/src/stringrep.c
--- nsalibselinux/src/stringrep.c 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/src/stringrep.c 2007-07-23 10:21:54.000000000 -0400
@@ -236,7 +236,7 @@
dentry = readdir(dir);
while (dentry != NULL) {
- size_t value;
+ unsigned int value;
struct stat m;
snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
@@ -258,7 +258,7 @@
if (ret < 0)
goto err4;
- if (sscanf(buf, "%u", (unsigned int *)&value) != 1)
+ if (sscanf(buf, "%u", &value) != 1)
goto err4;
node->perms[value-1] = strdup(dentry->d_name);

View File

@ -1,8 +1,8 @@
%define libsepolver 2.0.1-1 %define libsepolver 2.0.1-1
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.0.24 Version: 2.0.29
Release: 3%{?dist} Release: 1%{?dist}
License: Public domain (uncopyrighted) License: Public domain (uncopyrighted)
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@ -123,10 +123,21 @@ exit 0
%{_libdir}/python*/site-packages/selinux.py* %{_libdir}/python*/site-packages/selinux.py*
%changelog %changelog
* Fri Aug 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.29-1
- Upgrade to upstream
* Updated version for stable branch.
* Added x_contexts path function patch from Eamon Walsh.
* Fix build for EMBEDDED=y from Yuichi Nakamura.
* Fix markup problems in selinux man pages from Dan Walsh.
* Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.
* Added swigify to top-level Makefile from Dan Walsh.
* Fix for string_to_security_class segfault on x86_64 from Stephen
Smalley.
* Mon Jul 23 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.24-3 * Mon Jul 23 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.24-3
- Apply Steven Smalley patch to fix segfault in string_to_security_class - Apply Steven Smalley patch to fix segfault in string_to_security_class
* Wed Jul 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.24-2 * Wed Jul 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.24-2
- Fix matchpathcon to set default myprintf - Fix matchpathcon to set default myprintf

View File

@ -1 +1 @@
b413d84d6f156e1ca28fd1652caf425c libselinux-2.0.24.tgz 48296c41f563cc445ecdc9644e5a0483 libselinux-2.0.29.tgz