rpms/libselinux
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update to Upstream

Browse Source 
Add group support to seusers using %groupname syntax from Dan Walsh.
Mark setrans socket close-on-exec from Stephen Smalley.
Only apply nodups checking to base file contexts from Stephen Smalley.
This commit is contained in:
Daniel J Walsh 2008-08-05 14:05:15 +00:00
parent 86ce8d44b1
commit 7918b2858e
4 changed files with 18 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -155,3 +155,4 @@ libselinux-2.0.65.tgz
libselinux-2.0.67.tgz libselinux-2.0.67.tgz
libselinux-2.0.69.tgz libselinux-2.0.69.tgz
libselinux-2.0.70.tgz libselinux-2.0.70.tgz
libselinux-2.0.71.tgz

152
libselinux-rhat.patch
View File

@ -1,7 +1,12 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/ChangeLog libselinux-2.0.70/ChangeLog diff --exclude-from=exclude -N -u -r nsalibselinux/ChangeLog libselinux-2.0.70/ChangeLog
--- nsalibselinux/ChangeLog 2008-08-01 06:48:06.000000000 -0400 --- nsalibselinux/ChangeLog 2008-08-05 09:58:25.000000000 -0400
+++ libselinux-2.0.70/ChangeLog 2008-08-01 06:51:25.000000000 -0400 +++ libselinux-2.0.70/ChangeLog 2008-08-01 06:51:25.000000000 -0400
@@ -1,6 +1,3 @@ @@ -1,11 +1,3 @@
-2.0.71 2008-08-05
- * Add group support to seusers using %groupname syntax from Dan Walsh.
- * Mark setrans socket close-on-exec from Stephen Smalley.
- * Only apply nodups checking to base file contexts from Stephen Smalley.
-
-2.0.70 2008-07-30 -2.0.70 2008-07-30
- * Merge ruby bindings from Dan Walsh. - * Merge ruby bindings from Dan Walsh.
- -
@ -9,10 +14,10 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/ChangeLog libselinux-2.0.70/C
* Handle duplicate file context regexes as a fatal error from Stephen Smalley. * Handle duplicate file context regexes as a fatal error from Stephen Smalley.
This prevents adding them via semanage. This prevents adding them via semanage.
diff --exclude-from=exclude -N -u -r nsalibselinux/VERSION libselinux-2.0.70/VERSION diff --exclude-from=exclude -N -u -r nsalibselinux/VERSION libselinux-2.0.70/VERSION
--- nsalibselinux/VERSION 2008-08-01 06:48:06.000000000 -0400 --- nsalibselinux/VERSION 2008-08-05 09:58:25.000000000 -0400
+++ libselinux-2.0.70/VERSION 2008-08-01 06:51:25.000000000 -0400 +++ libselinux-2.0.70/VERSION 2008-08-01 06:51:25.000000000 -0400
@@ -1 +1 @@ @@ -1 +1 @@
-2.0.70 -2.0.71
+2.0.69 +2.0.69
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.70/man/man8/selinuxconlist.8 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.70/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
@ -90,142 +95,3 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
va_end(ap); va_end(ap);
} }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.70/src/seusers.c
--- nsalibselinux/src/seusers.c 2008-06-12 23:25:14.000000000 -0400
+++ libselinux-2.0.70/src/seusers.c 2008-08-01 06:53:03.000000000 -0400
@@ -89,6 +89,62 @@
int require_seusers hidden = 0;
+#include <pwd.h>
+#include <grp.h>
+
+static gid_t get_default_gid(const char *name) {
+ struct passwd pwstorage, *pwent = NULL;
+ gid_t gid = -1;
+ /* Allocate space for the getpwnam_r buffer */
+ long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (rbuflen <= 0) return -1;
+ char *rbuf = malloc(rbuflen);
+ if (rbuf == NULL) return -1;
+
+ int retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+ if (retval == 0 || pwent != NULL) {
+ gid = pwent->pw_gid;
+ }
+ free(rbuf);
+ return gid;
+}
+
+static int check_group(const char *group, const char *name, const gid_t gid) {
+ int match = 0;
+ int i, ng = 0;
+ gid_t *groups = NULL;
+ struct group gbuf, *grent = NULL;
+
+ long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+ if (rbuflen <= 0)
+ return 0;
+ char *rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ return 0;
+
+ if (getgrnam_r(group, &gbuf, rbuf, rbuflen,
+ &grent) != 0)
+ goto done;
+
+ if (getgrouplist(name, gid, NULL, &ng) < 0) {
+ groups = (gid_t *) malloc(sizeof (gid_t) * ng);
+ if (!groups) goto done;
+ if (getgrouplist(name, gid, groups, &ng) < 0) goto done;
+ }
+
+ for (i = 0; i < ng; i++) {
+ if (grent->gr_gid == groups[i]) {
+ match = 1;
+ goto done;
+ }
+ }
+
+ done:
+ free(groups);
+ free(rbuf);
+ return match;
+}
+
int getseuserbyname(const char *name, char **r_seuser, char **r_level)
{
FILE *cfg = NULL;
@@ -101,9 +157,14 @@
char *username = NULL;
char *seuser = NULL;
char *level = NULL;
+ char *groupseuser = NULL;
+ char *grouplevel = NULL;
char *defaultseuser = NULL;
char *defaultlevel = NULL;
+ gid_t gid = get_default_gid(name);
+ if ( gid == (gid_t) -1 ) goto nomatch;
+
cfg = fopen(selinux_usersconf_path(), "r");
if (!cfg)
goto nomatch;
@@ -124,31 +185,48 @@
if (!strcmp(username, name))
break;
- if (!defaultseuser && !strcmp(username, "__default__")) {
- free(username);
- defaultseuser = seuser;
- defaultlevel = level;
+ if (username[0] == '%' &&
+ !groupseuser &&
+ check_group(&username[1], name, gid)) {
+ groupseuser = seuser;
+ grouplevel = level;
} else {
- free(username);
- free(seuser);
- free(level);
+ if (!defaultseuser &&
+ !strcmp(username, "__default__")) {
+ defaultseuser = seuser;
+ defaultlevel = level;
+ } else {
+ free(seuser);
+ free(level);
+ }
}
+ free(username);
+ username = NULL;
seuser = NULL;
}
- if (buffer)
- free(buffer);
+ free(buffer);
fclose(cfg);
if (seuser) {
free(username);
free(defaultseuser);
free(defaultlevel);
+ free(groupseuser);
+ free(grouplevel);
*r_seuser = seuser;
*r_level = level;
return 0;
}
+ if (groupseuser) {
+ free(defaultseuser);
+ free(defaultlevel);
+ *r_seuser = groupseuser;
+ *r_level = grouplevel;
+ return 0;
+ }
+
if (defaultseuser) {
*r_seuser = defaultseuser;
*r_level = defaultlevel;

8
libselinux.spec
View File

@ -4,7 +4,7 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.0.70 Version: 2.0.71
Release: 1%{?dist} Release: 1%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
@ -152,6 +152,12 @@ exit 0
%{ruby_sitearch}/selinux.so %{ruby_sitearch}/selinux.so
%changelog %changelog
* Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-1
- Update to Upstream
* Add group support to seusers using %groupname syntax from Dan Walsh.
* Mark setrans socket close-on-exec from Stephen Smalley.
* Only apply nodups checking to base file contexts from Stephen Smalley.
* Fri Aug 1 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.70-1 * Fri Aug 1 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.70-1
- Update to Upstream - Update to Upstream
* Merge ruby bindings from Dan Walsh. * Merge ruby bindings from Dan Walsh.

2
sources
View File

@ -1 +1 @@
46464eff4dd1d432d9f74cebebe222c5 libselinux-2.0.70.tgz 5d59c1105c777f8520978ee00ab46656 libselinux-2.0.71.tgz