rpms/libselinux
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to latest patches from eparis/Upstream

Browse Source
This commit is contained in:
Dan Walsh 2013-01-25 09:35:30 -05:00
parent 0a9b6f58d0
commit 976da17c28
2 changed files with 80 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
libselinux-rhat.patch
View File

@ -6258,7 +6258,7 @@ index 79bf923..e11ccf8 100644
if ((fp = fopen(path, "r")) == NULL) if ((fp = fopen(path, "r")) == NULL)
return -1; return -1;
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 02b3cd2..7f140dd 100644 index 02b3cd2..5f697f3 100644
--- a/libselinux/src/label_file.c --- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c
@@ -8,6 +8,7 @@ @@ -8,6 +8,7 @@
@ -6282,7 +6282,7 @@ index 02b3cd2..7f140dd 100644
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <unistd.h> #include <unistd.h>
@@ -229,6 +235,176 @@ static int process_line(struct selabel_handle *rec, @@ -229,6 +235,190 @@ static int process_line(struct selabel_handle *rec,
return 0; return 0;
} }
@ -6296,6 +6296,7 @@ index 02b3cd2..7f140dd 100644
+ char *addr; + char *addr;
+ size_t len; + size_t len;
+ int stem_map_len, *stem_map; + int stem_map_len, *stem_map;
+ struct mmap_area *mmap_area;
+ +
+ uint32_t *magic; + uint32_t *magic;
+ uint32_t *section_len; + uint32_t *section_len;
@ -6332,13 +6333,26 @@ index 02b3cd2..7f140dd 100644
+ len += (sysconf(_SC_PAGE_SIZE) - 1); + len += (sysconf(_SC_PAGE_SIZE) - 1);
+ len &= ~(sysconf(_SC_PAGE_SIZE) - 1); + len &= ~(sysconf(_SC_PAGE_SIZE) - 1);
+ +
+ mmap_area = malloc(sizeof(*mmap_area));
+ if (!mmap_area) {
+ close(mmapfd);
+ return -1;
+ }
+
+ addr = mmap(NULL, len, PROT_READ, MAP_PRIVATE, mmapfd, 0); + addr = mmap(NULL, len, PROT_READ, MAP_PRIVATE, mmapfd, 0);
+ close(mmapfd); + close(mmapfd);
+ if (addr == MAP_FAILED) { + if (addr == MAP_FAILED) {
+ free(mmap_area);
+ perror("mmap"); + perror("mmap");
+ return -1; + return -1;
+ } + }
+ +
+ /* save where we mmap'd the file to cleanup on close() */
+ mmap_area->addr = addr;
+ mmap_area->len = len;
+ mmap_area->next = data->mmap_areas;
+ data->mmap_areas = mmap_area;
+
+ /* check if this looks like an fcontext file */ + /* check if this looks like an fcontext file */
+ magic = (uint32_t *)addr; + magic = (uint32_t *)addr;
+ if (*magic != SELINUX_MAGIC_COMPILED_FCONTEXT) + if (*magic != SELINUX_MAGIC_COMPILED_FCONTEXT)
@ -6459,7 +6473,7 @@ index 02b3cd2..7f140dd 100644
static int process_file(const char *path, const char *suffix, struct selabel_handle *rec, const char *prefix) static int process_file(const char *path, const char *suffix, struct selabel_handle *rec, const char *prefix)
{ {
FILE *fp; FILE *fp;
@@ -261,6 +437,10 @@ static int process_file(const char *path, const char *suffix, struct selabel_han @@ -261,6 +451,10 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
return -1; return -1;
} }
@ -6470,7 +6484,7 @@ index 02b3cd2..7f140dd 100644
/* /*
* The do detailed validation of the input and fill the spec array * The do detailed validation of the input and fill the spec array
*/ */
@@ -270,6 +450,7 @@ static int process_file(const char *path, const char *suffix, struct selabel_han @@ -270,6 +464,7 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
if (rc) if (rc)
return rc; return rc;
} }
@ -6478,16 +6492,29 @@ index 02b3cd2..7f140dd 100644
free(line_buf); free(line_buf);
fclose(fp); fclose(fp);
@@ -357,6 +538,8 @@ static void closef(struct selabel_handle *rec) @@ -351,16 +546,19 @@ finish:
static void closef(struct selabel_handle *rec)
{
struct saved_data *data = (struct saved_data *)rec->data;
+ struct mmap_area *area, *last_area;
struct spec *spec;
struct stem *stem;
unsigned int i;
for (i = 0; i < data->nspec; i++) { for (i = 0; i < data->nspec; i++) {
spec = &data->spec_arr[i]; spec = &data->spec_arr[i];
+ free(spec->lr.ctx_trans);
+ free(spec->lr.ctx_raw);
+ if (spec->from_mmap) + if (spec->from_mmap)
+ continue; + continue;
free(spec->regex_str); free(spec->regex_str);
free(spec->type_str); free(spec->type_str);
free(spec->lr.ctx_raw); - free(spec->lr.ctx_raw);
@@ -369,6 +552,8 @@ static void closef(struct selabel_handle *rec) - free(spec->lr.ctx_trans);
if (spec->regcomp) {
pcre_free(spec->regex);
pcre_free_study(spec->sd);
@@ -369,6 +567,8 @@ static void closef(struct selabel_handle *rec)
for (i = 0; i < (unsigned int)data->num_stems; i++) { for (i = 0; i < (unsigned int)data->num_stems; i++) {
stem = &data->stem_arr[i]; stem = &data->stem_arr[i];
@ -6496,11 +6523,27 @@ index 02b3cd2..7f140dd 100644
free(stem->buf); free(stem->buf);
} }
@@ -376,7 +576,14 @@ static void closef(struct selabel_handle *rec)
free(data->spec_arr);
if (data->stem_arr)
free(data->stem_arr);
-
+
+ area = data->mmap_areas;
+ while (area) {
+ munmap(area->addr, area->len);
+ last_area = area;
+ area = area->next;
+ free(last_area);
+ }
free(data);
}
diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h
index cb5633b..9799bbb 100644 index cb5633b..bf0c9e2 100644
--- a/libselinux/src/label_file.h --- a/libselinux/src/label_file.h
+++ b/libselinux/src/label_file.h +++ b/libselinux/src/label_file.h
@@ -5,24 +5,32 @@ @@ -5,24 +5,39 @@
#include "label_internal.h" #include "label_internal.h"
@ -6531,10 +6574,22 @@ index cb5633b..9799bbb 100644
char *buf; char *buf;
int len; int len;
+ char from_mmap; + char from_mmap;
+};
+
+/* Where we map the file in during selabel_open() */
+struct mmap_area {
+ void *addr;
+ size_t len;
+ struct mmap_area *next;
}; };
/* Our stored configuration */ /* Our stored configuration */
@@ -45,7 +53,10 @@ struct saved_data { @@ -41,11 +56,15 @@ struct saved_data {
struct stem *stem_arr;
int num_stems;
int alloc_stems;
+ struct mmap_area *mmap_areas;
};
static inline pcre_extra *get_pcre_extra(struct spec *spec) static inline pcre_extra *get_pcre_extra(struct spec *spec)
{ {
@ -6700,7 +6755,7 @@ index 2d7369e..2a00807 100644
} }
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index 83381e4..c1d4990 100644 index 83381e4..6c5b45a 100644
--- a/libselinux/src/procattr.c --- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c +++ b/libselinux/src/procattr.c
@@ -1,6 +1,7 @@ @@ -1,6 +1,7 @@
@ -6711,7 +6766,7 @@ index 83381e4..c1d4990 100644
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
@@ -8,33 +9,135 @@ @@ -8,32 +9,137 @@
#include "selinux_internal.h" #include "selinux_internal.h"
#include "policy.h" #include "policy.h"
@ -6785,6 +6840,9 @@ index 83381e4..c1d4990 100644
- pid_t tid; - pid_t tid;
- int errno_hold; - int errno_hold;
+ char *path; + char *path;
+
+ if (cpid != getpid())
+ free_procattr();
if (pid > 0) if (pid > 0)
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
@ -6798,9 +6856,8 @@ index 83381e4..c1d4990 100644
return -1; return -1;
- fd = open(path, O_RDONLY); - fd = open(path, O_RDONLY);
+ fd = open(path, flags); + fd = open(path, flags | O_CLOEXEC);
free(path); free(path);
- if (fd < 0)
+ return fd; + return fd;
+} +}
+ +
@ -6853,11 +6910,10 @@ index 83381e4..c1d4990 100644
+ } + }
+ +
+ fd = openattr(pid, attr, O_RDONLY); + fd = openattr(pid, attr, O_RDONLY);
+ if (fd < 0) if (fd < 0)
return -1; return -1;
size = selinux_page_size; @@ -90,40 +196,70 @@ static int getprocattrcon(security_context_t * context,
@@ -90,40 +193,70 @@ static int getprocattrcon(security_context_t * context,
static int setprocattrcon_raw(security_context_t context, static int setprocattrcon_raw(security_context_t context,
pid_t pid, const char *attr) pid_t pid, const char *attr)
{ {

7
libselinux.spec
View File

@ -4,13 +4,13 @@
%define ruby_inc %(pkg-config --cflags ruby) %define ruby_inc %(pkg-config --cflags ruby)
%define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']") %define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
%define libsepolver 2.1.8-6 %define libsepolver 2.1.8-7
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.1.12 Version: 2.1.12
Release: 18%{?dist} Release: 19%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
Source: %{name}-%{version}.tgz Source: %{name}-%{version}.tgz
@ -241,6 +241,9 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so %{ruby_sitearch}/selinux.so
%changelog %changelog
* Fri Jan 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
- Update to latest patches from eparis/Upstream
* Wed Jan 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18 * Wed Jan 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
- Try procatt speedup patch again - Try procatt speedup patch again