- Add James Antill patch for login verification of MLS Levels

- MLS ragnes need to be checked, Eg. login/cron. This patch adds infrastructure.
2006-11-03 21:36:28 +00:00 · 2006-11-03 21:36:28 +00:00 · 9d61c9c320
commit 9d61c9c320
parent c27fc16cad
1 changed files with 39 additions and 18 deletions
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@ -1,19 +1,40 @@
-diff -ur libselinux-1.30.28.orig/include/selinux/av_permissions.h libselinux-1.30.28/include/selinux/av_permissions.h
--- libselinux-1.30.28.orig/include/selinux/av_permissions.h	2006-09-25 09:44:13.000000000 -0400
-+++ libselinux-1.30.28/include/selinux/av_permissions.h	2006-09-25 09:44:47.000000000 -0400
-@@ -468,6 +468,7 @@
- #define PROCESS__EXECSTACK                        0x04000000UL
- #define PROCESS__EXECHEAP                         0x08000000UL
- #define PROCESS__SETKEYCREATE                     0x10000000UL
-+#define PROCESS__SETSOCKCREATE                    0x20000000UL
+diff -rup libselinux-1.30.29-orig/include/selinux/av_permissions.h libselinux-1.30.29/include/selinux/av_permissions.h
+--- libselinux-1.30.29-orig/include/selinux/av_permissions.h	2006-09-29 11:50:24.000000000 -0400
+++ libselinux-1.30.29/include/selinux/av_permissions.h	2006-10-31 11:58:39.000000000 -0500
+@@ -970,3 +970,6 @@
+ #define KEY__LINK                                 0x00000010UL
+ #define KEY__SETATTR                              0x00000020UL
+ #define KEY__CREATE                               0x00000040UL
+
+#define CONTEXT__TRANSLATE                        0x00000001UL
+#define CONTEXT__CONTAINS                         0x00000002UL
+Only in libselinux-1.30.29/include/selinux: av_permissions.h~
+diff -rup libselinux-1.30.29-orig/include/selinux/flask.h libselinux-1.30.29/include/selinux/flask.h
+--- libselinux-1.30.29-orig/include/selinux/flask.h	2006-09-29 11:50:24.000000000 -0400
+++ libselinux-1.30.29/include/selinux/flask.h	2006-10-31 11:57:52.000000000 -0500
+@@ -63,6 +63,7 @@
+ #define SECCLASS_APPLETALK_SOCKET                        56
+ #define SECCLASS_PACKET                                  57
+ #define SECCLASS_KEY                                     58
+#define SECCLASS_CONTEXT                                 59
 
- #define IPC__CREATE                               0x00000001UL
- #define IPC__DESTROY                              0x00000002UL
-@@ -910,6 +911,7 @@
- #define ASSOCIATION__SENDTO                       0x00000001UL
- #define ASSOCIATION__RECVFROM                     0x00000002UL
- #define ASSOCIATION__SETCONTEXT                   0x00000004UL
-+#define ASSOCIATION__POLMATCH                     0x00000008UL
- 
- #define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL      0x00000001UL
- #define NETLINK_KOBJECT_UEVENT_SOCKET__READ       0x00000002UL
+ /*
+  * Security identifier indices for initial entities
+diff -rup libselinux-1.30.29-orig/src/av_perm_to_string.h libselinux-1.30.29/src/av_perm_to_string.h
+--- libselinux-1.30.29-orig/src/av_perm_to_string.h	2006-09-29 11:50:23.000000000 -0400
+++ libselinux-1.30.29/src/av_perm_to_string.h	2006-10-31 11:58:21.000000000 -0500
+@@ -263,3 +263,5 @@ S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUN
+     S_(SECCLASS_KEY, KEY__LINK, "link")
+     S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
+     S_(SECCLASS_KEY, KEY__CREATE, "create")
+    S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
+    S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
+Only in libselinux-1.30.29/src: av_perm_to_string.h~
+diff -rup libselinux-1.30.29-orig/src/class_to_string.h libselinux-1.30.29/src/class_to_string.h
+--- libselinux-1.30.29-orig/src/class_to_string.h	2006-09-29 11:50:23.000000000 -0400
+++ libselinux-1.30.29/src/class_to_string.h	2006-10-31 11:57:52.000000000 -0500
+@@ -61,3 +61,4 @@ S_("null")
+     S_("appletalk_socket")
+     S_("packet")
+     S_("key")
+    S_("context")