rpms/libselinux
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update to upstream

Browse Source 
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
This commit is contained in:
Dan Walsh 2010-12-21 16:29:19 -05:00
parent 2542902e06
commit ca9cea7698
4 changed files with 102 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -180,3 +180,4 @@ libselinux-2.0.93.tgz
libselinux-2.0.94.tgz libselinux-2.0.94.tgz
libselinux-2.0.96.tgz libselinux-2.0.96.tgz
/libselinux-2.0.97.tgz /libselinux-2.0.97.tgz
/libselinux-2.0.98.tgz

217
libselinux-rhat.patch
View File

@ -1,6 +1,8 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.96/man/man8/selinuxconlist.8 diff --git a/libselinux/man/man8/selinuxconlist.8 b/libselinux/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 new file mode 100644
+++ libselinux-2.0.96/man/man8/selinuxconlist.8 2010-06-16 09:20:34.000000000 -0400 index 0000000..c698daa
--- /dev/null
+++ b/libselinux/man/man8/selinuxconlist.8
@@ -0,0 +1,18 @@ @@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME" +.SH "NAME"
@ -20,9 +22,11 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib
+ +
+.SH "SEE ALSO" +.SH "SEE ALSO"
+secon(8), selinuxdefcon(8) +secon(8), selinuxdefcon(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.96/man/man8/selinuxdefcon.8 diff --git a/libselinux/man/man8/selinuxdefcon.8 b/libselinux/man/man8/selinuxdefcon.8
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 new file mode 100644
+++ libselinux-2.0.96/man/man8/selinuxdefcon.8 2010-06-16 09:20:34.000000000 -0400 index 0000000..3cbeff2
--- /dev/null
+++ b/libselinux/man/man8/selinuxdefcon.8
@@ -0,0 +1,24 @@ @@ -0,0 +1,24 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME" +.SH "NAME"
@ -48,9 +52,67 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs
+ +
+.SH "SEE ALSO" +.SH "SEE ALSO"
+secon(8), selinuxconlist(8) +secon(8), selinuxconlist(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.96/src/audit2why.c diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
--- nsalibselinux/src/audit2why.c 2010-05-19 14:45:51.000000000 -0400 index bf665ab..8aeb7a1 100644
+++ libselinux-2.0.96/src/audit2why.c 2010-06-25 17:03:37.000000000 -0400 --- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -1,9 +1,10 @@
# Installation directories.
+PYTHON ?= python
PREFIX ?= $(DESTDIR)/usr
LIBDIR ?= $(PREFIX)/lib
SHLIBDIR ?= $(DESTDIR)/lib
INCLUDEDIR ?= $(PREFIX)/include
-PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
PYINC ?= /usr/include/$(PYLIBVER)
PYLIB ?= /usr/lib/$(PYLIBVER)
PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
@@ -23,13 +24,13 @@ SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
SWIGRUBYIF= selinuxswig_ruby.i
SWIGCOUT= selinuxswig_wrap.c
SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
-SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
+SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT))
-SWIGSO=_selinux.so
+SWIGSO=$(PYPREFIX)_selinux.so
SWIGFILES=$(SWIGSO) selinux.py selinuxswig_python_exception.i
SWIGRUBYSO=_rubyselinux.so
LIBSO=$(TARGET).$(LIBVERSION)
-AUDIT2WHYSO=audit2why.so
+AUDIT2WHYSO=$(PYPREFIX)audit2why.so
ifeq ($(DISABLE_AVC),y)
UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c
@@ -91,10 +92,10 @@ $(LIBPC): $(LIBPC).in
selinuxswig_python_exception.i: ../include/selinux/selinux.h
bash exception.sh > $@
-audit2why.lo: audit2why.c
+$(PYPREFIX)audit2why.lo: audit2why.c
$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
-$(AUDIT2WHYSO): audit2why.lo
+$(AUDIT2WHYSO): $(PYPREFIX)audit2why.lo
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
%.o: %.c policy.h
@@ -123,8 +124,8 @@ install: all
install-pywrap: pywrap
test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux
- install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux
- install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux/_selinux.so
+ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux/audit2why.so
install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
install-rubywrap: rubywrap
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
index 691bc67..12e8614 100644
--- a/libselinux/src/audit2why.c
+++ b/libselinux/src/audit2why.c
@@ -1,3 +1,6 @@ @@ -1,3 +1,6 @@
+/* Workaround for http://bugs.python.org/issue4835 */ +/* Workaround for http://bugs.python.org/issue4835 */
+#define SIZEOF_SOCKET_T SIZEOF_INT +#define SIZEOF_SOCKET_T SIZEOF_INT
@ -58,7 +120,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.
#include <Python.h> #include <Python.h>
#include <unistd.h> #include <unistd.h>
#include <stdlib.h> #include <stdlib.h>
@@ -255,6 +258,8 @@ @@ -255,6 +258,8 @@ static int __policy_init(const char *init_path)
fclose(fp); fclose(fp);
sepol_set_policydb(&avc->policydb->p); sepol_set_policydb(&avc->policydb->p);
avc->handle = sepol_handle_create(); avc->handle = sepol_handle_create();
@ -67,7 +129,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.
rc = sepol_bool_count(avc->handle, rc = sepol_bool_count(avc->handle,
avc->policydb, &cnt); avc->policydb, &cnt);
@@ -287,8 +292,10 @@ @@ -287,8 +292,10 @@ static int __policy_init(const char *init_path)
static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) { static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
int result; int result;
char *init_path=NULL; char *init_path=NULL;
@ -80,7 +142,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.
return Py_BuildValue("i", result); return Py_BuildValue("i", result);
} }
@@ -353,7 +360,11 @@ @@ -353,7 +360,11 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
strObj = PyList_GetItem(listObj, i); /* Can't fail */ strObj = PyList_GetItem(listObj, i); /* Can't fail */
/* make it a string */ /* make it a string */
@ -92,7 +154,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.
perm = string_to_av_perm(tclass, permstr); perm = string_to_av_perm(tclass, permstr);
if (!perm) { if (!perm) {
@@ -423,10 +434,39 @@ @@ -423,10 +434,39 @@ static PyMethodDef audit2whyMethods[] = {
{NULL, NULL, 0, NULL} /* Sentinel */ {NULL, NULL, 0, NULL} /* Sentinel */
}; };
@ -133,7 +195,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.
PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN); PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN);
PyModule_AddIntConstant(m,"BADSCON", BADSCON); PyModule_AddIntConstant(m,"BADSCON", BADSCON);
PyModule_AddIntConstant(m,"BADTCON", BADTCON); PyModule_AddIntConstant(m,"BADTCON", BADTCON);
@@ -440,4 +480,8 @@ @@ -440,4 +480,8 @@ initaudit2why(void)
PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN); PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN);
PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT); PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT);
PyModule_AddIntConstant(m,"RBAC", RBAC); PyModule_AddIntConstant(m,"RBAC", RBAC);
@ -142,10 +204,11 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.
+ return m; + return m;
+#endif +#endif
} }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.96/src/callbacks.c diff --git a/libselinux/src/callbacks.c b/libselinux/src/callbacks.c
--- nsalibselinux/src/callbacks.c 2010-05-19 14:45:51.000000000 -0400 index b245364..7c47222 100644
+++ libselinux-2.0.96/src/callbacks.c 2010-06-16 09:20:34.000000000 -0400 --- a/libselinux/src/callbacks.c
@@ -16,6 +16,7 @@ +++ b/libselinux/src/callbacks.c
@@ -16,6 +16,7 @@ default_selinux_log(int type __attribute__((unused)), const char *fmt, ...)
{ {
int rc; int rc;
va_list ap; va_list ap;
@ -153,103 +216,10 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
va_start(ap, fmt); va_start(ap, fmt);
rc = vfprintf(stderr, fmt, ap); rc = vfprintf(stderr, fmt, ap);
va_end(ap); va_end(ap);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/get_context_list.c libselinux-2.0.96/src/get_context_list.c diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
--- nsalibselinux/src/get_context_list.c 2010-05-19 14:45:51.000000000 -0400 index bb4eb9f..c9ae42f 100644
+++ libselinux-2.0.96/src/get_context_list.c 2010-07-27 13:09:08.000000000 -0400 --- a/libselinux/src/matchpathcon.c
@@ -286,7 +286,6 @@ +++ b/libselinux/src/matchpathcon.c
if (buf[plen - 1] == '\n')
buf[plen - 1] = 0;
- retry:
nlen = strlen(user) + 1 + plen + 1;
*newcon = malloc(nlen);
if (!(*newcon))
@@ -306,10 +305,6 @@
if (security_check_context(*newcon) && errno != ENOENT) {
free(*newcon);
*newcon = 0;
- if (strcmp(user, SELINUX_DEFAULTUSER)) {
- user = SELINUX_DEFAULTUSER;
- goto retry;
- }
return -1;
}
@@ -418,13 +413,8 @@
/* Determine the set of reachable contexts for the user. */
rc = security_compute_user(fromcon, user, &reachable);
- if (rc < 0) {
- /* Retry with the default SELinux user identity. */
- user = SELINUX_DEFAULTUSER;
- rc = security_compute_user(fromcon, user, &reachable);
- if (rc < 0)
- goto failsafe;
- }
+ if (rc < 0)
+ goto failsafe;
nreach = 0;
for (ptr = reachable; *ptr; ptr++)
nreach++;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.96/src/Makefile
--- nsalibselinux/src/Makefile 2010-05-19 14:45:51.000000000 -0400
+++ libselinux-2.0.96/src/Makefile 2010-06-16 09:20:39.000000000 -0400
@@ -1,9 +1,10 @@
# Installation directories.
+PYTHON ?= python
PREFIX ?= $(DESTDIR)/usr
LIBDIR ?= $(PREFIX)/lib
SHLIBDIR ?= $(DESTDIR)/lib
INCLUDEDIR ?= $(PREFIX)/include
-PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
PYINC ?= /usr/include/$(PYLIBVER)
PYLIB ?= /usr/lib/$(PYLIBVER)
PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
@@ -23,13 +24,13 @@
SWIGRUBYIF= selinuxswig_ruby.i
SWIGCOUT= selinuxswig_wrap.c
SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
-SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
+SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT))
-SWIGSO=_selinux.so
+SWIGSO=$(PYPREFIX)_selinux.so
SWIGFILES=$(SWIGSO) selinux.py selinuxswig_python_exception.i
SWIGRUBYSO=_rubyselinux.so
LIBSO=$(TARGET).$(LIBVERSION)
-AUDIT2WHYSO=audit2why.so
+AUDIT2WHYSO=$(PYPREFIX)audit2why.so
ifeq ($(DISABLE_AVC),y)
UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c
@@ -91,10 +92,10 @@
selinuxswig_python_exception.i: ../include/selinux/selinux.h
bash exception.sh > $@
-audit2why.lo: audit2why.c
+$(PYPREFIX)audit2why.lo: audit2why.c
$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
-$(AUDIT2WHYSO): audit2why.lo
+$(AUDIT2WHYSO): $(PYPREFIX)audit2why.lo
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
%.o: %.c policy.h
@@ -123,8 +124,8 @@
install-pywrap: pywrap
test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux
- install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux
- install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux/_selinux.so
+ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux/audit2why.so
install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
install-rubywrap: rubywrap
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.96/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2010-05-19 14:45:51.000000000 -0400
+++ libselinux-2.0.96/src/matchpathcon.c 2010-07-26 14:55:18.000000000 -0400
@@ -2,6 +2,7 @@ @@ -2,6 +2,7 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
@ -258,7 +228,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
#include "selinux_internal.h" #include "selinux_internal.h"
#include "label_internal.h" #include "label_internal.h"
#include "callbacks.h" #include "callbacks.h"
@@ -57,7 +58,7 @@ @@ -60,7 +61,7 @@ static void
{ {
va_list ap; va_list ap;
va_start(ap, fmt); va_start(ap, fmt);
@ -267,10 +237,11 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
va_end(ap); va_end(ap);
} }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.96/src/selinuxswig_python.i diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
--- nsalibselinux/src/selinuxswig_python.i 2010-06-16 08:03:38.000000000 -0400 index dea0e80..bb227e9 100644
+++ libselinux-2.0.96/src/selinuxswig_python.i 2010-06-16 09:20:34.000000000 -0400 --- a/libselinux/src/selinuxswig_python.i
@@ -45,7 +45,7 @@ +++ b/libselinux/src/selinuxswig_python.i
@@ -45,7 +45,7 @@ def install(src, dest):
PyObject* list = PyList_New(*$2); PyObject* list = PyList_New(*$2);
int i; int i;
for (i = 0; i < *$2; i++) { for (i = 0; i < *$2; i++) {
@ -279,7 +250,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libs
} }
$result = SWIG_Python_AppendOutput($result, list); $result = SWIG_Python_AppendOutput($result, list);
} }
@@ -74,7 +74,9 @@ @@ -74,7 +74,9 @@ def install(src, dest):
len++; len++;
plist = PyList_New(len); plist = PyList_New(len);
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
@ -290,7 +261,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libs
} }
} else { } else {
plist = PyList_New(0); plist = PyList_New(0);
@@ -91,7 +93,9 @@ @@ -91,7 +93,9 @@ def install(src, dest):
if (*$1) { if (*$1) {
plist = PyList_New(result); plist = PyList_New(result);
for (i = 0; i < result; i++) { for (i = 0; i < result; i++) {
@ -301,7 +272,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libs
} }
} else { } else {
plist = PyList_New(0); plist = PyList_New(0);
@@ -144,16 +148,20 @@ @@ -144,16 +148,20 @@ def install(src, dest):
$1 = (char**) malloc(size + 1); $1 = (char**) malloc(size + 1);
for(i = 0; i < size; i++) { for(i = 0; i < size; i++) {

8
libselinux.spec
View File

@ -6,7 +6,7 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.0.97 Version: 2.0.98
Release: 1%{?dist} Release: 1%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
@ -96,7 +96,7 @@ needed for developing SELinux applications.
%prep %prep
%setup -q %setup -q
%patch1 -p1 -b .rhat %patch1 -p2 -b .rhat
%build %build
# To support building the Python wrapper against multiple Python runtimes # To support building the Python wrapper against multiple Python runtimes
@ -236,6 +236,10 @@ exit 0
%{ruby_sitearch}/selinux.so %{ruby_sitearch}/selinux.so
%changelog %changelog
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.98-1
- Update to upstream
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
* Mon Dec 6 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.97-1 * Mon Dec 6 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.97-1
- Update to upstream - Update to upstream
* Thread local storage fixes from Eamon Walsh. * Thread local storage fixes from Eamon Walsh.

2
sources
View File

@ -1 +1 @@
1f2f5ff4fafddcd557caaac7b551fa27 libselinux-2.0.97.tgz ae5872335424582717bd9d3bd646ef17 libselinux-2.0.98.tgz