From cca6a80b71744975f83f342c8c5786beadd72e99 Mon Sep 17 00:00:00 2001 From: cvsdist Date: Thu, 9 Sep 2004 07:42:50 +0000 Subject: [PATCH] auto-import changelog data from libselinux-1.13.1-1.src.rpm Thu May 27 2004 Dan Walsh 1.13.1-1 - Change to use new policy mechanism --- .cvsignore | 2 +- libselinux-rhat.patch | 323 ------------------------------------------ libselinux.spec | 7 +- sources | 2 +- 4 files changed, 6 insertions(+), 328 deletions(-) delete mode 100644 libselinux-rhat.patch diff --git a/.cvsignore b/.cvsignore index 652bee1..73f74cb 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -libselinux-1.13.tgz +libselinux-1.13.1.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch deleted file mode 100644 index 444a18a..0000000 --- a/libselinux-rhat.patch +++ /dev/null @@ -1,323 +0,0 @@ ---- /dev/null 2004-02-23 16:02:56.000000000 -0500 -+++ libselinux-1.13/src/selinux_config.c 2004-05-26 15:03:15.506622384 -0400 -@@ -0,0 +1,119 @@ -+#include -+#include -+#include -+#include -+#include -+ -+#define SELINUXDIR "/etc/selinux/" -+#define SELINUXDEFAULT "targeted" -+#define SELINUXTYPETAG "SELINUXTYPE=" -+#define SELINUXTAG "SELINUX=" -+ -+static char *file_context=NULL; -+static char *default_type=NULL; -+static char *default_policy=NULL; -+static char *default_context=NULL; -+static char *failsafe_context=NULL; -+ -+int selinux_getenforcemode(int *enforce) { -+ int ret=-1; -+ FILE *cfg = fopen("/etc/sysconfig/selinux","r"); -+ char buf[4097]; -+ int len=sizeof(SELINUXTAG)-1; -+ if (cfg) { -+ while (fgets(buf, 4096, cfg)) { -+ if (strncmp(buf,SELINUXTAG,len)) -+ continue; -+ if (!strncmp(buf+len,"enforcing",sizeof("enforcing")-1)) { -+ *enforce = 1; -+ ret=0; -+ break; -+ } else if (!strncmp(buf+len,"permissive",sizeof("permissive")-1)) { -+ *enforce = 0; -+ ret=0; -+ break; -+ } else if (!strncmp(buf+len,"disabled",sizeof("disabled")-1)) { -+ *enforce = -1; -+ ret=0; -+ break; -+ } -+ } -+ fclose(cfg); -+ } -+ return ret; -+} -+ -+static char *selinux_policyroot = NULL; -+ -+static void init_selinux_policyroot(void) __attribute__ ((constructor)); -+ -+static void init_selinux_policyroot(void) -+{ -+ char *type=SELINUXDEFAULT; -+ int i=0, len=sizeof(SELINUXTYPETAG)-1; -+ char buf[4097]; -+ FILE *cfg; -+ if (selinux_policyroot) return; -+ cfg = fopen("/etc/sysconfig/selinux","r"); -+ if (cfg) { -+ while (fgets(buf, 4096, cfg)) { -+ if (strncmp(buf,SELINUXTYPETAG,len)) -+ continue; -+ type=buf+len; -+ } -+ fclose(cfg); -+ } -+ i=strlen(type)-1; -+ while ((i>=0) && -+ (isspace(type[i]) || iscntrl(type[i]))) { -+ type[i]=0; -+ i--; -+ } -+ len=sizeof(SELINUXDIR) + strlen(type); -+ selinux_policyroot=malloc(len); -+ snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type); -+} -+ -+char *selinux_default_type_path() { -+ if (!default_type) { -+ default_type=malloc(PATH_MAX); -+ snprintf(default_type, PATH_MAX, "%s/contexts/default_type", selinux_policyroot); -+ } -+ return default_type; -+} -+ -+char *selinux_policy_root() { -+ return selinux_policyroot; -+} -+ -+char *selinux_default_context_path() { -+ if (!default_context) { -+ default_context=malloc(PATH_MAX); -+ snprintf(default_context, PATH_MAX, "%s/contexts/default_contexts", selinux_policyroot); -+ } -+ return default_context; -+} -+ -+char *selinux_failsafe_context_path() { -+ if (!failsafe_context) { -+ failsafe_context=malloc(PATH_MAX); -+ snprintf(failsafe_context, PATH_MAX, "%s/contexts/failsafe_contexts", selinux_policyroot); -+ } -+ return failsafe_context; -+} -+ -+char *selinux_binary_policy_path() { -+ if (!default_policy) { -+ default_policy=malloc(PATH_MAX); -+ snprintf(default_policy, PATH_MAX, "%s/policy/policy", selinux_policyroot); -+ } -+ return default_policy; -+} -+ -+char *selinux_file_context_path() { -+ if (!file_context) { -+ file_context=malloc(PATH_MAX); -+ snprintf(file_context, PATH_MAX-1, "%s/contexts/file_contexts", selinux_policyroot); -+ } -+ return file_context; -+} ---- libselinux-1.13/src/matchpathcon.c.rhat 2004-05-25 08:52:21.000000000 -0400 -+++ libselinux-1.13/src/matchpathcon.c 2004-05-26 14:36:00.588167768 -0400 -@@ -196,7 +196,7 @@ - spec_t *spec_copy; - - /* Open the specification file. */ -- if ((fp = fopen(FILECONTEXTS, "r")) == NULL) -+ if ((fp = fopen(selinux_file_context_path(), "r")) == NULL) - return -1; - - /* ---- libselinux-1.13/src/get_context_list.c.rhat 2004-05-25 08:52:21.000000000 -0400 -+++ libselinux-1.13/src/get_context_list.c 2004-05-26 14:36:00.591167312 -0400 -@@ -255,7 +255,7 @@ - } - else if (which == SYSTEMPRIORITY) - { -- config_file = fopen (_DEFCONTEXT_PATH, "r"); -+ config_file = fopen (selinux_default_context_path(), "r"); - } - else - { -@@ -390,7 +390,7 @@ - size_t plen, nlen; - int rc; - -- fp = fopen(_FAILSAFECONTEXT_PATH, "r"); -+ fp = fopen(selinux_failsafe_context_path(), "r"); - if (!fp) - return -1; - ---- libselinux-1.13/src/get_default_type.c.rhat 2004-05-25 08:52:21.000000000 -0400 -+++ libselinux-1.13/src/get_default_type.c 2004-05-26 14:36:00.593167008 -0400 -@@ -10,7 +10,7 @@ - { - FILE* fp=NULL; - -- fp = fopen (_DEFTYPE_PATH, "r"); -+ fp = fopen (selinux_default_type_path(), "r"); - if (!fp) - return -1; - ---- libselinux-1.13/include/selinux/get_default_type.h.rhat 2004-05-25 08:52:21.000000000 -0400 -+++ libselinux-1.13/include/selinux/get_default_type.h 2004-05-26 14:37:35.995663624 -0400 -@@ -5,7 +5,7 @@ - #ifndef _SELINUX_GET_DEFAULT_TYPE_H_ - #define _SELINUX_GET_DEFAULT_TYPE_H_ - --#define _DEFTYPE_PATH "/etc/security/default_type" -+char *selinux_default_type_path(); - - /* Get the default type (domain) for 'role' and set 'type' to refer to it. - Caller must free via free(). ---- libselinux-1.13/include/selinux/selinux.h.rhat 2004-05-25 08:52:21.000000000 -0400 -+++ libselinux-1.13/include/selinux/selinux.h 2004-05-26 15:06:05.799733896 -0400 -@@ -72,12 +72,6 @@ - - /* Wrappers for the selinuxfs (policy) API. */ - --/* Mount point for selinuxfs. */ --#define SELINUXMNT "/selinux/" -- --/* Default pathname for policy configuration, without version number. */ --#define SELINUXPOLICY "/etc/security/selinux/policy" -- - typedef unsigned int access_vector_t; - typedef unsigned short security_class_t; - -@@ -168,4 +162,22 @@ - mode_t mode, - security_context_t *con); - -+/* -+ selinux_getenforcemode reads the /etc/sysconfig/selinux file and determines -+ whether the machine should be started in enforcing (1), permissive (0) or -+ disabled (-1) mode. -+ */ -+int selinux_getenforcemode(int *enforce); -+ -+/* -+ selinux_policy_root is set within the init_selinux_policyroot constructor -+ which reads the /etc/sysconfig/selinux file and determines -+ where the compiled policy file and contexts files exist. -+ */ -+char *selinux_policy_root(); -+char *selinux_binary_policy_path(); -+char *selinux_failsafe_context_path(); -+char *selinux_default_context_path(); -+char *selinux_file_context_path(); -+ - #endif ---- libselinux-1.13/include/selinux/get_context_list.h.rhat 2004-05-25 08:52:21.000000000 -0400 -+++ libselinux-1.13/include/selinux/get_context_list.h 2004-05-26 14:36:00.595166704 -0400 -@@ -3,8 +3,6 @@ - - #include - --#define _DEFCONTEXT_PATH "/etc/security/default_contexts" --#define _FAILSAFECONTEXT_PATH "/etc/security/failsafe_context" - #define SELINUX_DEFAULTUSER "user_u" - - /* Get an ordered list of authorized security contexts for a user session ---- /dev/null 2004-02-23 16:02:56.000000000 -0500 -+++ libselinux-1.13/man/man3/selinux_policyroot.3 2004-05-26 14:36:00.596166552 -0400 -@@ -0,0 +1,17 @@ -+.TH "selinux_policyroot" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation" -+.SH "NAME" -+selinux_policyroot \- return the path of the SELinux policy files for this machine. -+.SH "SYNOPSIS" -+.B #include -+.sp -+.B char *selinux_policyroot(); -+.br -+ -+.SH "DESCRIPTION" -+.B selinux_policyroot -+Reads the contents of the /etc/sysconfig/selinux file to determine which policy files should be used for this machine. -+.SH "RETURN VALUE" -+On success, returns a directory path containing the SELinux policy files. -+On failure, NULL is returned. -+ -+ ---- /dev/null 2004-02-23 16:02:56.000000000 -0500 -+++ libselinux-1.13/man/man3/selinux_getenforcemode.3 2004-05-26 14:36:00.597166400 -0400 -@@ -0,0 +1,22 @@ -+.TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation" -+.SH "NAME" -+selinux_getenforcemode \- get the enforcing state of SE Linux -+.SH "SYNOPSIS" -+.B #include -+.sp -+.B int selinux_getenforcemode(int *enforce); -+.br -+ -+.SH "DESCRIPTION" -+.B selinux_getenforcemode -+Reads the contents of the /etc/sysconfig/selinux file to determine how the -+system was setup to run SELinux. -+.br -+Sets the value of enforce to 1 if SELinux should be run in enforcing mode. -+Sets the value of enforce to 0 if SELinux should be run in permissive mode. -+Sets the value of enforce to -1 if SELinux should be disabled. -+.SH "RETURN VALUE" -+On success, zero is returned. -+On failure, -1 is returned. -+ -+ ---- /dev/null 2004-02-23 16:02:56.000000000 -0500 -+++ libselinux-1.13/utils/getenforcemode.c 2004-05-26 14:36:00.598166248 -0400 -@@ -0,0 +1,31 @@ -+#include -+#include -+#include -+#include -+ -+int main(int argc __attribute__ ((unused)), char **argv) -+{ -+ int ret; -+ int enforce; -+ ret = selinux_getenforcemode(&enforce); -+ if (ret) { -+ fprintf(stderr, "%s: selinux_getenforcemode() failed\n", argv[0]); -+ exit(2); -+ } -+ -+ switch(enforce) { -+ case 1: -+ printf("Enforcing\n"); -+ break; -+ -+ case 0: -+ printf("Permissive\n"); -+ break; -+ -+ case -1: -+ printf("Disabled\n"); -+ break; -+ -+ } -+ exit(0); -+} ---- /dev/null 2004-02-23 16:02:56.000000000 -0500 -+++ libselinux-1.13/utils/selinuxconfig.c 2004-05-26 15:05:07.827547008 -0400 -@@ -0,0 +1,17 @@ -+#include -+#include -+#include -+#include -+#include -+ -+int main(int argc __attribute__ ((unused)), char **argv) -+{ -+ printf("policypath=\"%s\"\n", selinux_policy_root()); -+ printf("default_type_path=\"%s\"\n", selinux_default_type_path()); -+ printf("default_context_path=\"%s\"\n", selinux_default_context_path()); -+ printf("default_failsafe_context_path=\"%s\"\n", selinux_failsafe_context_path()); -+ printf("binary_policy_path=\"%s\"\n", selinux_binary_policy_path()); -+ printf("file_contexts_path=\"%s\"\n", selinux_file_context_path()); -+ exit(0); -+ -+} diff --git a/libselinux.spec b/libselinux.spec index 9b9a462..27ec0cb 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,6 +1,6 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 1.13 +Version: 1.13.1 Release: 1 License: Public domain (uncopyrighted) Group: System Environment/Libraries @@ -8,7 +8,6 @@ Source: http://www.nsa.gov/selinux/archives/libselinux-%{version}.tgz Prefix: %{_prefix} BuildRoot: %{_tmppath}/%{name}-buildroot Provides: libselinux.so -Patch1: libselinux-rhat.patch %description Security-enhanced Linux is a patch of the Linux® kernel and a number @@ -36,7 +35,6 @@ needed for developing SELinux applications. %prep %setup -q -%patch1 -p1 -b .rhat %build make @@ -71,6 +69,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man8/* %changelog +* Thu May 27 2004 Dan Walsh 1.13.1-1 +- Change to use new policy mechanism + * Mon May 17 2004 Dan Walsh 1.12-2 - add man patch diff --git a/sources b/sources index ae14879..8899340 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3ad90bbd46814325ee76b691b677804d libselinux-1.13.tgz +b304325b9ea6b705bbcbae8ebea4ffe0 libselinux-1.13.1.tgz