diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index f002ef2..4562238 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,42 +1,187 @@ -Index: libselinux/include/selinux/selinux.h -=================================================================== -RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/include/selinux/selinux.h,v -retrieving revision 1.50 -diff -u -p -r1.50 selinux.h ---- libselinux/include/selinux/selinux.h 7 Nov 2005 19:30:36 -0000 1.50 -+++ libselinux/include/selinux/selinux.h 8 Nov 2005 19:04:31 -0000 -@@ -292,6 +292,7 @@ extern void set_matchpathcon_canoncon(in +diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-1.27.22/src/Makefile +--- nsalibselinux/src/Makefile 2005-11-16 21:39:52.000000000 -0500 ++++ libselinux-1.27.22/src/Makefile 2005-11-17 12:05:02.000000000 -0500 +@@ -3,25 +3,41 @@ + LIBDIR ?= $(PREFIX)/lib + SHLIBDIR ?= $(DESTDIR)/lib + INCLUDEDIR ?= $(PREFIX)/include ++PYINC ?= /usr/include/python2.4 ++PYLIB ?= /usr/lib/python2.4 ++PYLIBVER ?= python2.4 ++PYTHONLIBDIR ?= $(LIBDIR)/python2.4 - /* Set flags controlling operation of matchpathcon_init or matchpathcon. */ - #define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ + LIBVERSION = 1 + +- + LIBA=libselinux.a + TARGET=libselinux.so ++SWIGIF= selinuxswig.i ++SWIGCOUT= selinuxswig_wrap.c ++SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) ++SWIGSO=_selinux.so ++SWIGFILES=$(SWIGSO) selinux.py + LIBSO=$(TARGET).$(LIBVERSION) +-OBJS= $(patsubst %.c,%.o,$(wildcard *.c)) +-LOBJS= $(patsubst %.c,%.lo,$(wildcard *.c)) ++OBJS= $(patsubst %.c,%.o,$(filter-out $(SWIGCOUT),$(wildcard *.c))) ++LOBJS= $(patsubst %.c,%.lo,$(filter-out $(SWIGCOUT),$(wildcard *.c))) + CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute + override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 + RANLIB=ranlib + +-all: $(LIBA) $(LIBSO) ++SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ ++ ++all: $(LIBA) $(LIBSO) $(SWIGSO) + + $(LIBA): $(OBJS) + $(AR) rcs $@ $^ + $(RANLIB) $@ + ++$(SWIGLOBJ): $(SWIGCOUT) ++ $(CC) $(CFLAGS) -I$(PYINC) -fpic -DSHARED -c -o $@ $< ++ ++$(SWIGSO): $(SWIGLOBJ) ++ $(CC) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs ++ + $(LIBSO): $(LOBJS) + $(CC) $(LDFLAGS) -shared -o $@ $^ -ldl -lsepol -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs + ln -sf $@ $(TARGET) +@@ -32,16 +48,26 @@ + %.lo: %.c policy.h + $(CC) $(CFLAGS) -fpic -DSHARED -c -o $@ $< + +-install: all ++$(SWIGCOUT): $(SWIGIF) ++ $(SWIG) $^ ++ ++swigify: $(SWIGIF) ++ $(SWIG) $^ ++ ++install: all install-pywrap + test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) + install -m 644 $(LIBA) $(LIBDIR) + test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) + install -m 755 $(LIBSO) $(SHLIBDIR) + cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET) + ++install-pywrap: ++ test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages ++ install -m 755 $(SWIGFILES) $(PYTHONLIBDIR)/site-packages ++ + relabel: + /sbin/restorecon $(SHLIBDIR)/$(LIBSO) + + clean: +- -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) ++ -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) + +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-1.27.22/src/selinuxswig.i +--- nsalibselinux/src/selinuxswig.i 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-1.27.22/src/selinuxswig.i 2005-11-17 12:02:28.000000000 -0500 +@@ -0,0 +1,105 @@ ++/* Author: Dan Walsh ++ * ++ * Copyright (C) 2004-2005 Red Hat ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ */ ++ ++ ++%module selinux ++%{ ++ #include "selinux/selinux.h" ++%} ++ ++extern int is_selinux_enabled(void); ++extern int is_selinux_mls_enabled(void); ++extern int getcon(security_context_t *con); ++extern int setcon(security_context_t con); ++extern int getpidcon(pid_t pid, security_context_t *con); ++extern int getprevcon(security_context_t *con); ++extern int getexeccon(security_context_t *con); ++extern int setexeccon(security_context_t con); ++extern int getfscreatecon(security_context_t *con); ++extern int setfscreatecon(security_context_t context); ++extern int getfilecon(const char *path, security_context_t *con); ++extern int lgetfilecon(const char *path, security_context_t *con); ++extern int fgetfilecon(int fd, security_context_t *con); ++extern int setfilecon(const char *path, security_context_t con); ++extern int lsetfilecon(const char *path, security_context_t con); ++extern int fsetfilecon(int fd, security_context_t con); ++extern int getpeercon(int fd, security_context_t *con); ++extern int selinux_mkload_policy(int preservebools); ++extern int selinux_init_load_policy(int *enforce); ++extern int security_set_boolean_list(size_t boolcnt, ++ SELboolean *boollist, ++ int permanent); ++extern int security_load_booleans(char *path); ++extern int security_check_context(security_context_t con); ++extern int security_canonicalize_context(security_context_t con, ++ security_context_t *canoncon); ++extern int security_getenforce(void); ++extern int security_setenforce(int value); ++extern int security_disable(void); ++extern int security_policyvers(void); ++extern int security_get_boolean_names(char ***names, int *len); ++extern int security_get_boolean_pending(const char *name); ++extern int security_get_boolean_active(const char *name); ++extern int security_set_boolean(const char *name, int value); ++extern int security_commit_booleans(void); ++ ++/* Set flags controlling operation of matchpathcon_init or matchpathcon. */ ++#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ +#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ - extern void set_matchpathcon_flags(unsigned int flags); - - /* Load the file contexts configuration specified by 'path' -Index: libselinux/src/matchpathcon.c -=================================================================== -RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/matchpathcon.c,v -retrieving revision 1.32 -diff -u -p -r1.32 matchpathcon.c ---- libselinux/src/matchpathcon.c 7 Nov 2005 19:30:37 -0000 1.32 -+++ libselinux/src/matchpathcon.c 8 Nov 2005 19:08:05 -0000 -@@ -570,6 +570,10 @@ static int process_line( const char *pat - skip_type: - if (strcmp(context, "<>")) { - char *tmpcon = NULL; ++extern void set_matchpathcon_flags(unsigned int flags); ++extern int matchpathcon_init(const char *path); ++extern int matchpathcon(const char *path, ++ mode_t mode, ++ security_context_t *con); + -+ if (myflags & MATCHPATHCON_NOTRANS) -+ goto skip_trans; ++extern int matchmediacon(const char *media, ++ security_context_t *con); ++ ++extern int selinux_getenforcemode(int *enforce); ++extern const char *selinux_policy_root(void); ++extern const char *selinux_binary_policy_path(void); ++extern const char *selinux_failsafe_context_path(void); ++extern const char *selinux_removable_context_path(void); ++extern const char *selinux_default_context_path(void); ++extern const char *selinux_user_contexts_path(void); ++extern const char *selinux_file_context_path(void); ++extern const char *selinux_homedir_context_path(void); ++extern const char *selinux_media_context_path(void); ++extern const char *selinux_contexts_path(void); ++extern const char *selinux_booleans_path(void); ++extern const char *selinux_customizable_types_path(void); ++extern const char *selinux_users_path(void); ++extern const char *selinux_usersconf_path(void); ++extern const char *selinux_translations_path(void); ++extern const char *selinux_path(void); ++extern int selinux_check_passwd_access(access_vector_t requested); ++extern int checkPasswdAccess(access_vector_t requested); ++extern int rpm_execcon(unsigned int verified, ++ const char *filename, ++ char *const argv[], char *const envp[]); ++ ++extern int is_context_customizable (security_context_t scontext); ++ ++extern int selinux_trans_to_raw_context(security_context_t trans, ++ security_context_t *rawp); ++extern int selinux_raw_to_trans_context(security_context_t raw, ++ security_context_t *transp); ++ ++extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); + - if (context_translations) { - if (raw_to_trans_context(context, &tmpcon)) { - myprintf("%s: line %u has invalid " -@@ -584,6 +588,7 @@ static int process_line( const char *pat - return -1; - } - -+skip_trans: - if (myinvalidcon) { - /* Old-style validation of context. */ - if (myinvalidcon(path, lineno, context)) - } diff --git a/libselinux.spec b/libselinux.spec index 6980a70..79a694c 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -2,10 +2,11 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 1.27.22 -Release: 1 +Release: 2 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: libselinux-rhat.patch Requires: libsepol >= %{libsepolver} @@ -37,6 +38,7 @@ needed for developing SELinux applications. %prep %setup -q +%patch -p1 -b .rhat %build make CFLAGS="-g %{optflags}" @@ -87,8 +89,13 @@ exit 0 /%{_lib}/libselinux.so.* %{_sbindir}/* %{_mandir}/man8/* +%{_libdir}/python2.4/site-packages/_selinux.so +%{_libdir}/python2.4/site-packages/selinux.py* %changelog +* Thu Nov 17 2005 Dan Walsh 1.27.22-2 +- Add python bindings + * Wed Nov 16 2005 Dan Walsh 1.27.22-1 - Update to latest from NSA * Merged make failure in rpm_execcon non-fatal in permissive mode