auto-import changelog data from libselinux-1.13.1-1.src.rpm
Thu May 27 2004 Dan Walsh <dwalsh@redhat.com> 1.13.1-1 - Change to use new policy mechanism
This commit is contained in:
parent
f9343ddbdd
commit
cca6a80b71
@ -1 +1 @@
|
||||
libselinux-1.13.tgz
|
||||
libselinux-1.13.1.tgz
|
||||
|
@ -1,323 +0,0 @@
|
||||
--- /dev/null 2004-02-23 16:02:56.000000000 -0500
|
||||
+++ libselinux-1.13/src/selinux_config.c 2004-05-26 15:03:15.506622384 -0400
|
||||
@@ -0,0 +1,119 @@
|
||||
+#include <stdio.h>
|
||||
+#include <string.h>
|
||||
+#include <ctype.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <limits.h>
|
||||
+
|
||||
+#define SELINUXDIR "/etc/selinux/"
|
||||
+#define SELINUXDEFAULT "targeted"
|
||||
+#define SELINUXTYPETAG "SELINUXTYPE="
|
||||
+#define SELINUXTAG "SELINUX="
|
||||
+
|
||||
+static char *file_context=NULL;
|
||||
+static char *default_type=NULL;
|
||||
+static char *default_policy=NULL;
|
||||
+static char *default_context=NULL;
|
||||
+static char *failsafe_context=NULL;
|
||||
+
|
||||
+int selinux_getenforcemode(int *enforce) {
|
||||
+ int ret=-1;
|
||||
+ FILE *cfg = fopen("/etc/sysconfig/selinux","r");
|
||||
+ char buf[4097];
|
||||
+ int len=sizeof(SELINUXTAG)-1;
|
||||
+ if (cfg) {
|
||||
+ while (fgets(buf, 4096, cfg)) {
|
||||
+ if (strncmp(buf,SELINUXTAG,len))
|
||||
+ continue;
|
||||
+ if (!strncmp(buf+len,"enforcing",sizeof("enforcing")-1)) {
|
||||
+ *enforce = 1;
|
||||
+ ret=0;
|
||||
+ break;
|
||||
+ } else if (!strncmp(buf+len,"permissive",sizeof("permissive")-1)) {
|
||||
+ *enforce = 0;
|
||||
+ ret=0;
|
||||
+ break;
|
||||
+ } else if (!strncmp(buf+len,"disabled",sizeof("disabled")-1)) {
|
||||
+ *enforce = -1;
|
||||
+ ret=0;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ fclose(cfg);
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static char *selinux_policyroot = NULL;
|
||||
+
|
||||
+static void init_selinux_policyroot(void) __attribute__ ((constructor));
|
||||
+
|
||||
+static void init_selinux_policyroot(void)
|
||||
+{
|
||||
+ char *type=SELINUXDEFAULT;
|
||||
+ int i=0, len=sizeof(SELINUXTYPETAG)-1;
|
||||
+ char buf[4097];
|
||||
+ FILE *cfg;
|
||||
+ if (selinux_policyroot) return;
|
||||
+ cfg = fopen("/etc/sysconfig/selinux","r");
|
||||
+ if (cfg) {
|
||||
+ while (fgets(buf, 4096, cfg)) {
|
||||
+ if (strncmp(buf,SELINUXTYPETAG,len))
|
||||
+ continue;
|
||||
+ type=buf+len;
|
||||
+ }
|
||||
+ fclose(cfg);
|
||||
+ }
|
||||
+ i=strlen(type)-1;
|
||||
+ while ((i>=0) &&
|
||||
+ (isspace(type[i]) || iscntrl(type[i]))) {
|
||||
+ type[i]=0;
|
||||
+ i--;
|
||||
+ }
|
||||
+ len=sizeof(SELINUXDIR) + strlen(type);
|
||||
+ selinux_policyroot=malloc(len);
|
||||
+ snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type);
|
||||
+}
|
||||
+
|
||||
+char *selinux_default_type_path() {
|
||||
+ if (!default_type) {
|
||||
+ default_type=malloc(PATH_MAX);
|
||||
+ snprintf(default_type, PATH_MAX, "%s/contexts/default_type", selinux_policyroot);
|
||||
+ }
|
||||
+ return default_type;
|
||||
+}
|
||||
+
|
||||
+char *selinux_policy_root() {
|
||||
+ return selinux_policyroot;
|
||||
+}
|
||||
+
|
||||
+char *selinux_default_context_path() {
|
||||
+ if (!default_context) {
|
||||
+ default_context=malloc(PATH_MAX);
|
||||
+ snprintf(default_context, PATH_MAX, "%s/contexts/default_contexts", selinux_policyroot);
|
||||
+ }
|
||||
+ return default_context;
|
||||
+}
|
||||
+
|
||||
+char *selinux_failsafe_context_path() {
|
||||
+ if (!failsafe_context) {
|
||||
+ failsafe_context=malloc(PATH_MAX);
|
||||
+ snprintf(failsafe_context, PATH_MAX, "%s/contexts/failsafe_contexts", selinux_policyroot);
|
||||
+ }
|
||||
+ return failsafe_context;
|
||||
+}
|
||||
+
|
||||
+char *selinux_binary_policy_path() {
|
||||
+ if (!default_policy) {
|
||||
+ default_policy=malloc(PATH_MAX);
|
||||
+ snprintf(default_policy, PATH_MAX, "%s/policy/policy", selinux_policyroot);
|
||||
+ }
|
||||
+ return default_policy;
|
||||
+}
|
||||
+
|
||||
+char *selinux_file_context_path() {
|
||||
+ if (!file_context) {
|
||||
+ file_context=malloc(PATH_MAX);
|
||||
+ snprintf(file_context, PATH_MAX-1, "%s/contexts/file_contexts", selinux_policyroot);
|
||||
+ }
|
||||
+ return file_context;
|
||||
+}
|
||||
--- libselinux-1.13/src/matchpathcon.c.rhat 2004-05-25 08:52:21.000000000 -0400
|
||||
+++ libselinux-1.13/src/matchpathcon.c 2004-05-26 14:36:00.588167768 -0400
|
||||
@@ -196,7 +196,7 @@
|
||||
spec_t *spec_copy;
|
||||
|
||||
/* Open the specification file. */
|
||||
- if ((fp = fopen(FILECONTEXTS, "r")) == NULL)
|
||||
+ if ((fp = fopen(selinux_file_context_path(), "r")) == NULL)
|
||||
return -1;
|
||||
|
||||
/*
|
||||
--- libselinux-1.13/src/get_context_list.c.rhat 2004-05-25 08:52:21.000000000 -0400
|
||||
+++ libselinux-1.13/src/get_context_list.c 2004-05-26 14:36:00.591167312 -0400
|
||||
@@ -255,7 +255,7 @@
|
||||
}
|
||||
else if (which == SYSTEMPRIORITY)
|
||||
{
|
||||
- config_file = fopen (_DEFCONTEXT_PATH, "r");
|
||||
+ config_file = fopen (selinux_default_context_path(), "r");
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -390,7 +390,7 @@
|
||||
size_t plen, nlen;
|
||||
int rc;
|
||||
|
||||
- fp = fopen(_FAILSAFECONTEXT_PATH, "r");
|
||||
+ fp = fopen(selinux_failsafe_context_path(), "r");
|
||||
if (!fp)
|
||||
return -1;
|
||||
|
||||
--- libselinux-1.13/src/get_default_type.c.rhat 2004-05-25 08:52:21.000000000 -0400
|
||||
+++ libselinux-1.13/src/get_default_type.c 2004-05-26 14:36:00.593167008 -0400
|
||||
@@ -10,7 +10,7 @@
|
||||
{
|
||||
FILE* fp=NULL;
|
||||
|
||||
- fp = fopen (_DEFTYPE_PATH, "r");
|
||||
+ fp = fopen (selinux_default_type_path(), "r");
|
||||
if (!fp)
|
||||
return -1;
|
||||
|
||||
--- libselinux-1.13/include/selinux/get_default_type.h.rhat 2004-05-25 08:52:21.000000000 -0400
|
||||
+++ libselinux-1.13/include/selinux/get_default_type.h 2004-05-26 14:37:35.995663624 -0400
|
||||
@@ -5,7 +5,7 @@
|
||||
#ifndef _SELINUX_GET_DEFAULT_TYPE_H_
|
||||
#define _SELINUX_GET_DEFAULT_TYPE_H_
|
||||
|
||||
-#define _DEFTYPE_PATH "/etc/security/default_type"
|
||||
+char *selinux_default_type_path();
|
||||
|
||||
/* Get the default type (domain) for 'role' and set 'type' to refer to it.
|
||||
Caller must free via free().
|
||||
--- libselinux-1.13/include/selinux/selinux.h.rhat 2004-05-25 08:52:21.000000000 -0400
|
||||
+++ libselinux-1.13/include/selinux/selinux.h 2004-05-26 15:06:05.799733896 -0400
|
||||
@@ -72,12 +72,6 @@
|
||||
|
||||
/* Wrappers for the selinuxfs (policy) API. */
|
||||
|
||||
-/* Mount point for selinuxfs. */
|
||||
-#define SELINUXMNT "/selinux/"
|
||||
-
|
||||
-/* Default pathname for policy configuration, without version number. */
|
||||
-#define SELINUXPOLICY "/etc/security/selinux/policy"
|
||||
-
|
||||
typedef unsigned int access_vector_t;
|
||||
typedef unsigned short security_class_t;
|
||||
|
||||
@@ -168,4 +162,22 @@
|
||||
mode_t mode,
|
||||
security_context_t *con);
|
||||
|
||||
+/*
|
||||
+ selinux_getenforcemode reads the /etc/sysconfig/selinux file and determines
|
||||
+ whether the machine should be started in enforcing (1), permissive (0) or
|
||||
+ disabled (-1) mode.
|
||||
+ */
|
||||
+int selinux_getenforcemode(int *enforce);
|
||||
+
|
||||
+/*
|
||||
+ selinux_policy_root is set within the init_selinux_policyroot constructor
|
||||
+ which reads the /etc/sysconfig/selinux file and determines
|
||||
+ where the compiled policy file and contexts files exist.
|
||||
+ */
|
||||
+char *selinux_policy_root();
|
||||
+char *selinux_binary_policy_path();
|
||||
+char *selinux_failsafe_context_path();
|
||||
+char *selinux_default_context_path();
|
||||
+char *selinux_file_context_path();
|
||||
+
|
||||
#endif
|
||||
--- libselinux-1.13/include/selinux/get_context_list.h.rhat 2004-05-25 08:52:21.000000000 -0400
|
||||
+++ libselinux-1.13/include/selinux/get_context_list.h 2004-05-26 14:36:00.595166704 -0400
|
||||
@@ -3,8 +3,6 @@
|
||||
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
-#define _DEFCONTEXT_PATH "/etc/security/default_contexts"
|
||||
-#define _FAILSAFECONTEXT_PATH "/etc/security/failsafe_context"
|
||||
#define SELINUX_DEFAULTUSER "user_u"
|
||||
|
||||
/* Get an ordered list of authorized security contexts for a user session
|
||||
--- /dev/null 2004-02-23 16:02:56.000000000 -0500
|
||||
+++ libselinux-1.13/man/man3/selinux_policyroot.3 2004-05-26 14:36:00.596166552 -0400
|
||||
@@ -0,0 +1,17 @@
|
||||
+.TH "selinux_policyroot" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
|
||||
+.SH "NAME"
|
||||
+selinux_policyroot \- return the path of the SELinux policy files for this machine.
|
||||
+.SH "SYNOPSIS"
|
||||
+.B #include <selinux/selinux.h>
|
||||
+.sp
|
||||
+.B char *selinux_policyroot();
|
||||
+.br
|
||||
+
|
||||
+.SH "DESCRIPTION"
|
||||
+.B selinux_policyroot
|
||||
+Reads the contents of the /etc/sysconfig/selinux file to determine which policy files should be used for this machine.
|
||||
+.SH "RETURN VALUE"
|
||||
+On success, returns a directory path containing the SELinux policy files.
|
||||
+On failure, NULL is returned.
|
||||
+
|
||||
+
|
||||
--- /dev/null 2004-02-23 16:02:56.000000000 -0500
|
||||
+++ libselinux-1.13/man/man3/selinux_getenforcemode.3 2004-05-26 14:36:00.597166400 -0400
|
||||
@@ -0,0 +1,22 @@
|
||||
+.TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
|
||||
+.SH "NAME"
|
||||
+selinux_getenforcemode \- get the enforcing state of SE Linux
|
||||
+.SH "SYNOPSIS"
|
||||
+.B #include <selinux/selinux.h>
|
||||
+.sp
|
||||
+.B int selinux_getenforcemode(int *enforce);
|
||||
+.br
|
||||
+
|
||||
+.SH "DESCRIPTION"
|
||||
+.B selinux_getenforcemode
|
||||
+Reads the contents of the /etc/sysconfig/selinux file to determine how the
|
||||
+system was setup to run SELinux.
|
||||
+.br
|
||||
+Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
|
||||
+Sets the value of enforce to 0 if SELinux should be run in permissive mode.
|
||||
+Sets the value of enforce to -1 if SELinux should be disabled.
|
||||
+.SH "RETURN VALUE"
|
||||
+On success, zero is returned.
|
||||
+On failure, -1 is returned.
|
||||
+
|
||||
+
|
||||
--- /dev/null 2004-02-23 16:02:56.000000000 -0500
|
||||
+++ libselinux-1.13/utils/getenforcemode.c 2004-05-26 14:36:00.598166248 -0400
|
||||
@@ -0,0 +1,31 @@
|
||||
+#include <unistd.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <selinux/selinux.h>
|
||||
+
|
||||
+int main(int argc __attribute__ ((unused)), char **argv)
|
||||
+{
|
||||
+ int ret;
|
||||
+ int enforce;
|
||||
+ ret = selinux_getenforcemode(&enforce);
|
||||
+ if (ret) {
|
||||
+ fprintf(stderr, "%s: selinux_getenforcemode() failed\n", argv[0]);
|
||||
+ exit(2);
|
||||
+ }
|
||||
+
|
||||
+ switch(enforce) {
|
||||
+ case 1:
|
||||
+ printf("Enforcing\n");
|
||||
+ break;
|
||||
+
|
||||
+ case 0:
|
||||
+ printf("Permissive\n");
|
||||
+ break;
|
||||
+
|
||||
+ case -1:
|
||||
+ printf("Disabled\n");
|
||||
+ break;
|
||||
+
|
||||
+ }
|
||||
+ exit(0);
|
||||
+}
|
||||
--- /dev/null 2004-02-23 16:02:56.000000000 -0500
|
||||
+++ libselinux-1.13/utils/selinuxconfig.c 2004-05-26 15:05:07.827547008 -0400
|
||||
@@ -0,0 +1,17 @@
|
||||
+#include <unistd.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/get_default_type.h>
|
||||
+
|
||||
+int main(int argc __attribute__ ((unused)), char **argv)
|
||||
+{
|
||||
+ printf("policypath=\"%s\"\n", selinux_policy_root());
|
||||
+ printf("default_type_path=\"%s\"\n", selinux_default_type_path());
|
||||
+ printf("default_context_path=\"%s\"\n", selinux_default_context_path());
|
||||
+ printf("default_failsafe_context_path=\"%s\"\n", selinux_failsafe_context_path());
|
||||
+ printf("binary_policy_path=\"%s\"\n", selinux_binary_policy_path());
|
||||
+ printf("file_contexts_path=\"%s\"\n", selinux_file_context_path());
|
||||
+ exit(0);
|
||||
+
|
||||
+}
|
@ -1,6 +1,6 @@
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 1.13
|
||||
Version: 1.13.1
|
||||
Release: 1
|
||||
License: Public domain (uncopyrighted)
|
||||
Group: System Environment/Libraries
|
||||
@ -8,7 +8,6 @@ Source: http://www.nsa.gov/selinux/archives/libselinux-%{version}.tgz
|
||||
Prefix: %{_prefix}
|
||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||
Provides: libselinux.so
|
||||
Patch1: libselinux-rhat.patch
|
||||
|
||||
%description
|
||||
Security-enhanced Linux is a patch of the Linux® kernel and a number
|
||||
@ -36,7 +35,6 @@ needed for developing SELinux applications.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1 -b .rhat
|
||||
|
||||
%build
|
||||
make
|
||||
@ -71,6 +69,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Thu May 27 2004 Dan Walsh <dwalsh@redhat.com> 1.13.1-1
|
||||
- Change to use new policy mechanism
|
||||
|
||||
* Mon May 17 2004 Dan Walsh <dwalsh@redhat.com> 1.12-2
|
||||
- add man patch
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user