- Update to Upstream
Handle duplicate file context regexes as a fatal error from Stephen
Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
This commit is contained in:
Daniel J Walsh
parent
ee778682f8
commit
d0a06b2c34
@ -153,3 +153,4 @@ libselinux-2.0.61.tgz
|
||||
libselinux-2.0.64.tgz
|
||||
libselinux-2.0.65.tgz
|
||||
libselinux-2.0.67.tgz
|
||||
libselinux-2.0.69.tgz
|
||||
|
||||
@ -1,18 +1,3 @@
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.67/man/man3/freecon.3
|
||||
--- nsalibselinux/man/man3/freecon.3 2008-06-12 23:25:12.000000000 -0400
|
||||
+++ libselinux-2.0.67/man/man3/freecon.3 2008-07-09 16:52:33.000000000 -0400
|
||||
@@ -15,6 +15,11 @@
|
||||
.B freeconary
|
||||
frees the memory allocated for a context array.
|
||||
|
||||
+If
|
||||
+.I con
|
||||
+is NULL, no operation is performed.
|
||||
+
|
||||
+
|
||||
.SH "SEE ALSO"
|
||||
.BR selinux "(8)"
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.67/man/man8/selinuxconlist.8
|
||||
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ libselinux-2.0.67/man/man8/selinuxconlist.8 2008-07-09 16:52:33.000000000 -0400
|
||||
@ -156,46 +141,17 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.6
|
||||
|
||||
indent:
|
||||
../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.67/src/audit2why.c
|
||||
--- nsalibselinux/src/audit2why.c 2008-06-12 23:25:14.000000000 -0400
|
||||
+++ libselinux-2.0.67/src/audit2why.c 2008-07-09 16:52:33.000000000 -0400
|
||||
@@ -55,7 +55,7 @@
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static int check_booleans(struct avc_t *avc, struct boolean_t **bools)
|
||||
+static int check_booleans(struct boolean_t **bools)
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.67/src/callbacks.c
|
||||
--- nsalibselinux/src/callbacks.c 2008-06-12 23:25:14.000000000 -0400
|
||||
+++ libselinux-2.0.67/src/callbacks.c 2008-07-18 11:15:56.000000000 -0400
|
||||
@@ -16,6 +16,7 @@
|
||||
{
|
||||
char errormsg[PATH_MAX];
|
||||
struct sepol_av_decision avd;
|
||||
@@ -376,7 +376,7 @@
|
||||
avc->tsid = tsid;
|
||||
avc->tclass = tclass;
|
||||
avc->av = av;
|
||||
- if (check_booleans(avc, &bools) == 0) {
|
||||
+ if (check_booleans(&bools) == 0) {
|
||||
if (av & ~avd.auditdeny) {
|
||||
RETURN(DONTAUDIT)
|
||||
} else {
|
||||
@@ -390,15 +390,15 @@
|
||||
len++; b++;
|
||||
}
|
||||
b = bools;
|
||||
- PyObject *boollist = PyTuple_New(len);
|
||||
+ PyObject *outboollist = PyTuple_New(len);
|
||||
len=0;
|
||||
while(b->name) {
|
||||
PyObject *bool = Py_BuildValue("(si)", b->name, b->active);
|
||||
- PyTuple_SetItem(boollist, len++, bool);
|
||||
+ PyTuple_SetItem(outboollist, len++, bool);
|
||||
b++;
|
||||
}
|
||||
free(bools);
|
||||
- PyTuple_SetItem(result, 1, boollist);
|
||||
+ PyTuple_SetItem(result, 1, outboollist);
|
||||
return result;
|
||||
}
|
||||
}
|
||||
int rc;
|
||||
va_list ap;
|
||||
+ if (is_selinux_enabled() == 0) return 0;
|
||||
va_start(ap, fmt);
|
||||
rc = vfprintf(stderr, fmt, ap);
|
||||
va_end(ap);
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.67/src/matchpathcon.c
|
||||
--- nsalibselinux/src/matchpathcon.c 2008-06-12 23:25:14.000000000 -0400
|
||||
+++ libselinux-2.0.67/src/matchpathcon.c 2008-07-09 16:52:33.000000000 -0400
|
||||
|
||||
@ -4,8 +4,8 @@
|
||||
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 2.0.67
|
||||
Release: 4%{?dist}
|
||||
Version: 2.0.69
|
||||
Release: 1%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Libraries
|
||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||
@ -150,6 +150,13 @@ exit 0
|
||||
%{ruby_sitearch}/selinux.so
|
||||
|
||||
%changelog
|
||||
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.69-1
|
||||
- Update to Upstream
|
||||
* Handle duplicate file context regexes as a fatal error from Stephen Smalley.
|
||||
This prevents adding them via semanage.
|
||||
* Fix audit2why shadowed variables from Stephen Smalley.
|
||||
* Note that freecon NULL is legal in man page from Karel Zak.
|
||||
|
||||
* Wed Jul 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.67-4
|
||||
- Add ruby support for puppet
|
||||
|
||||
|
||||
6
rubytest.rb
Normal file
6
rubytest.rb
Normal file
@ -0,0 +1,6 @@
|
||||
require 'selinux'
|
||||
print "selinux\n"
|
||||
print "Is selinux enabled? " + Selinux.is_selinux_enabled().to_s + "\n"
|
||||
print "Is selinux enforce? " + Selinux.security_getenforce().to_s + "\n"
|
||||
print "Setfscreatecon? " + Selinux.setfscreatecon("system_u:object_r:etc_t:s0").to_s + "\n"
|
||||
print "/etc -> " + Selinux.matchpathcon("/etc", 0)[1] + "\n"
|
||||
Loading…
Reference in New Issue
Block a user