From baab9d46ead30be743485a24f09771c992042c82 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 28 Feb 2008 16:58:02 +0000 Subject: [PATCH] - Reload library on loading of policy to handle chroot --- libselinux-rhat.patch | 75 +++++++++++++++++++++++++++++++++++++++++-- libselinux.spec | 5 ++- 2 files changed, 77 insertions(+), 3 deletions(-) diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 25f552d..caaa86b 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,6 +1,23 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.49/src/matchpathcon.c +diff --exclude-from=exclude -N -u -r nsalibselinux/src/load_policy.c libselinux-2.0.57/src/load_policy.c +--- nsalibselinux/src/load_policy.c 2008-02-13 11:16:14.000000000 -0500 ++++ libselinux-2.0.57/src/load_policy.c 2008-02-28 11:11:20.000000000 -0500 +@@ -308,6 +308,13 @@ + FILE *cfg; + char *buf; + ++ ++ /* ++ Reinitialize the library, so chroot will work correctly. ++ */ ++ fini_selinux_policyroot(); ++ init_selinux_config(); ++ + /* + * Get desired mode (disabled, permissive, enforcing) from + * /etc/selinux/config. +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.57/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2007-09-28 09:48:58.000000000 -0400 -+++ libselinux-2.0.49/src/matchpathcon.c 2008-01-25 10:31:28.000000000 -0500 ++++ libselinux-2.0.57/src/matchpathcon.c 2008-02-28 10:50:12.000000000 -0500 @@ -2,6 +2,7 @@ #include #include @@ -18,3 +35,57 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux va_end(ap); } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-2.0.57/src/selinux_config.c +--- nsalibselinux/src/selinux_config.c 2007-08-03 16:02:56.000000000 -0400 ++++ libselinux-2.0.57/src/selinux_config.c 2008-02-28 11:10:01.000000000 -0500 +@@ -127,9 +127,9 @@ + static char *selinux_policyroot = NULL; + static char *selinux_rootpath = NULL; + +-static void init_selinux_config(void) __attribute__ ((constructor)); ++void init_selinux_config(void) __attribute__ ((constructor)); + +-static void init_selinux_config(void) ++void init_selinux_config(void) + { + int i, *intptr; + size_t line_len; +@@ -207,10 +207,11 @@ + == -1) + return; + } ++hidden_def(init_selinux_config) + +-static void fini_selinux_policyroot(void) __attribute__ ((destructor)); ++void fini_selinux_policyroot(void) __attribute__ ((destructor)); + +-static void fini_selinux_policyroot(void) ++void fini_selinux_policyroot(void) + { + int i; + free(selinux_policyroot); +@@ -222,6 +223,7 @@ + free(selinux_policytype); + selinux_policytype = NULL; + } ++hidden_def(fini_selinux_policyroot) + + static const char *get_path(int idx) + { +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-2.0.57/src/selinux_internal.h +--- nsalibselinux/src/selinux_internal.h 2007-08-03 16:02:56.000000000 -0400 ++++ libselinux-2.0.57/src/selinux_internal.h 2008-02-28 11:11:04.000000000 -0500 +@@ -80,6 +80,13 @@ + hidden_proto(security_get_initial_context); + hidden_proto(security_get_initial_context_raw); + ++extern void init_selinux_config(void) hidden; ++extern void fini_selinux_policyroot(void) hidden; ++ ++hidden_proto(init_selinux_config); ++hidden_proto(fini_selinux_policyroot); ++ + extern int load_setlocaldefs hidden; + extern int require_seusers hidden; + extern int selinux_page_size hidden; ++ diff --git a/libselinux.spec b/libselinux.spec index 7545871..2e5a930 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -4,7 +4,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.0.57 -Release: 1%{?dist} +Release: 2%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -137,6 +137,9 @@ exit 0 %{python_sitearch}/selinux/* %changelog +* Thu Feb 28 2008 Dan Walsh - 2.0.57-2 +- Reload library on loading of policy to handle chroot + * Mon Feb 25 2008 Dan Walsh - 2.0.57-1 - Update to Upstream * Merged avc_has_perm() errno fix from Eamon Walsh.