From 73bed069d2d2af7e9e1edb704a9149047c1942d2 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 13 Apr 2011 16:51:22 -0400 Subject: [PATCH] Fix restorecon python binding to accept relative paths --- libselinux-rhat.patch | 55 +++++++++++++++++++++++++++++++++++-------- libselinux.spec | 7 ++++-- 2 files changed, 50 insertions(+), 12 deletions(-) diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 990a59b..3051b12 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -196,7 +196,7 @@ index 5fd8fe4..da5cab9 100644 } diff --git a/libselinux/src/selinux.py b/libselinux/src/selinux.py -index fd63a4f..705012c 100644 +index fd63a4f..248048a 100644 --- a/libselinux/src/selinux.py +++ b/libselinux/src/selinux.py @@ -1,5 +1,5 @@ @@ -206,7 +206,24 @@ index fd63a4f..705012c 100644 # # Do not make changes to this file unless you know what you are doing--modify # the SWIG interface file instead. -@@ -79,6 +79,14 @@ def restorecon(path, recursive=False): +@@ -70,8 +70,14 @@ import shutil, os, stat + + def restorecon(path, recursive=False): + """ Restore SELinux context on a given path """ +- mode = os.lstat(path)[stat.ST_MODE] +- status, context = matchpathcon(path, mode) ++ try: ++ mode = os.lstat(path)[stat.ST_MODE] ++ status, context = matchpathcon(path, mode) ++ except OSError: ++ path = os.path.realpath(os.path.expanduser(path)) ++ mode = os.lstat(path)[stat.ST_MODE] ++ status, context = matchpathcon(path, mode) ++ + if status == 0: + lsetfilecon(path, context) + if recursive: +@@ -79,6 +85,14 @@ def restorecon(path, recursive=False): map(restorecon, [os.path.join(dirname, fname) for fname in fnames]), None) @@ -221,7 +238,7 @@ index fd63a4f..705012c 100644 def copytree(src, dest): """ An SELinux-friendly shutil.copytree method """ shutil.copytree(src, dest) -@@ -1588,6 +1596,7 @@ get_default_type = _selinux.get_default_type +@@ -1588,6 +1602,7 @@ get_default_type = _selinux.get_default_type SELABEL_CTX_FILE = _selinux.SELABEL_CTX_FILE SELABEL_CTX_MEDIA = _selinux.SELABEL_CTX_MEDIA SELABEL_CTX_X = _selinux.SELABEL_CTX_X @@ -229,7 +246,7 @@ index fd63a4f..705012c 100644 SELABEL_OPT_UNUSED = _selinux.SELABEL_OPT_UNUSED SELABEL_OPT_VALIDATE = _selinux.SELABEL_OPT_VALIDATE SELABEL_OPT_BASEONLY = _selinux.SELABEL_OPT_BASEONLY -@@ -1621,6 +1630,15 @@ SELABEL_X_EVENT = _selinux.SELABEL_X_EVENT +@@ -1621,6 +1636,15 @@ SELABEL_X_EVENT = _selinux.SELABEL_X_EVENT SELABEL_X_SELN = _selinux.SELABEL_X_SELN SELABEL_X_POLYPROP = _selinux.SELABEL_X_POLYPROP SELABEL_X_POLYSELN = _selinux.SELABEL_X_POLYSELN @@ -245,7 +262,7 @@ index fd63a4f..705012c 100644 def is_selinux_enabled(): return _selinux.is_selinux_enabled() -@@ -2201,6 +2219,10 @@ def selinux_x_context_path(): +@@ -2201,6 +2225,10 @@ def selinux_x_context_path(): return _selinux.selinux_x_context_path() selinux_x_context_path = _selinux.selinux_x_context_path @@ -257,10 +274,28 @@ index fd63a4f..705012c 100644 return _selinux.selinux_contexts_path() selinux_contexts_path = _selinux.selinux_contexts_path diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i -index dea0e80..bb227e9 100644 +index dea0e80..12fba6d 100644 --- a/libselinux/src/selinuxswig_python.i +++ b/libselinux/src/selinuxswig_python.i -@@ -45,7 +45,7 @@ def install(src, dest): +@@ -12,8 +12,15 @@ import shutil, os, stat + + def restorecon(path, recursive=False): + """ Restore SELinux context on a given path """ +- mode = os.lstat(path)[stat.ST_MODE] +- status, context = matchpathcon(path, mode) ++ ++ try: ++ mode = os.lstat(path)[stat.ST_MODE] ++ status, context = matchpathcon(path, mode) ++ except OSError: ++ path = os.path.realpath(os.path.expanduser(path)) ++ mode = os.lstat(path)[stat.ST_MODE] ++ status, context = matchpathcon(path, mode) ++ + if status == 0: + lsetfilecon(path, context) + if recursive: +@@ -45,7 +52,7 @@ def install(src, dest): PyObject* list = PyList_New(*$2); int i; for (i = 0; i < *$2; i++) { @@ -269,7 +304,7 @@ index dea0e80..bb227e9 100644 } $result = SWIG_Python_AppendOutput($result, list); } -@@ -74,7 +74,9 @@ def install(src, dest): +@@ -74,7 +81,9 @@ def install(src, dest): len++; plist = PyList_New(len); for (i = 0; i < len; i++) { @@ -280,7 +315,7 @@ index dea0e80..bb227e9 100644 } } else { plist = PyList_New(0); -@@ -91,7 +93,9 @@ def install(src, dest): +@@ -91,7 +100,9 @@ def install(src, dest): if (*$1) { plist = PyList_New(result); for (i = 0; i < result; i++) { @@ -291,7 +326,7 @@ index dea0e80..bb227e9 100644 } } else { plist = PyList_New(0); -@@ -144,16 +148,20 @@ def install(src, dest): +@@ -144,16 +155,20 @@ def install(src, dest): $1 = (char**) malloc(size + 1); for(i = 0; i < size; i++) { diff --git a/libselinux.spec b/libselinux.spec index b9bfcb1..06ed755 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,13 +1,13 @@ %global with_python3 1 %define ruby_sitearch %(ruby -rrbconfig -e "puts Config::CONFIG['sitearchdir']") -%define libsepolver 2.0.42-3 +%define libsepolver 2.0.43-2 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} Summary: SELinux library and simple utilities Name: libselinux Version: 2.0.102 -Release: 1%{?dist} +Release: 2%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz @@ -236,6 +236,9 @@ exit 0 %{ruby_sitearch}/selinux.so %changelog +* Wed Apr 13 2011 Dan Walsh - 2.0.102-2 +- Fix restorecon python binding to accept relative paths + * Tue Apr 12 2011 Dan Walsh - 2.0.102-1 -Update to upstream * Give correct names to mount points in load_policy by Dan Walsh.