From e3bd599d8e8917fb93aec7869c7515eed4cf0b21 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 9 Jan 2007 15:02:46 +0000 Subject: [PATCH] - Cleanup patch --- libselinux-rhat.patch | 99 +++++++++++++++++++++++++++++-------------- libselinux.spec | 5 ++- 2 files changed, 71 insertions(+), 33 deletions(-) diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index bc2ea65..7d50ad0 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.33.3/include/selinux/selinux.h --- nsalibselinux/include/selinux/selinux.h 2006-11-16 17:15:18.000000000 -0500 -+++ libselinux-1.33.3/include/selinux/selinux.h 2007-01-05 11:57:44.000000000 -0500 ++++ libselinux-1.33.3/include/selinux/selinux.h 2007-01-09 09:49:51.000000000 -0500 @@ -406,6 +406,7 @@ extern const char *selinux_homedir_context_path(void); extern const char *selinux_media_context_path(void); @@ -9,7 +9,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib extern const char *selinux_booleans_path(void); extern const char *selinux_customizable_types_path(void); extern const char *selinux_users_path(void); -@@ -413,12 +414,14 @@ +@@ -413,12 +414,15 @@ extern const char *selinux_translations_path(void); extern const char *selinux_netfilter_context_path(void); extern const char *selinux_path(void); @@ -21,13 +21,14 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib +/* Check if the tty_context is defined as a securetty + Return 1 if secure, 0 if not, or -1 if otherwise. */ -+ extern int selinux_check_securetty_context(security_context_t tty_context); ++ extern int selinux_check_securetty_context(security_context_t ++ tty_context); /* Set the path to the selinuxfs mount point explicitly. Normally, this is determined automatically during libselinux initialization, but this is not always possible, e.g. for /sbin/init diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 --- nsalibselinux/man/man3/selinux_binary_policy_path.3 2006-11-16 17:15:30.000000000 -0500 -+++ libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 2007-01-05 11:57:44.000000000 -0500 ++++ libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 2007-01-09 09:49:51.000000000 -0500 @@ -27,6 +27,8 @@ .br extern const char *selinux_media_context_path(void); @@ -48,7 +49,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_polic .SH AUTHOR diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_securetty_context.3 libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 --- nsalibselinux/man/man3/selinux_check_securetty_context.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 2007-01-05 11:57:44.000000000 -0500 ++++ libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 2007-01-09 09:49:51.000000000 -0500 @@ -0,0 +1,13 @@ +.TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh@redhat.com" "SE Linux API documentation" +.SH "NAME" @@ -65,12 +66,12 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_secure +returns -1 on error. diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_securetty_context_path.3 libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 --- nsalibselinux/man/man3/selinux_securetty_context_path.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 2007-01-05 11:57:44.000000000 -0500 ++++ libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 2007-01-09 09:49:51.000000000 -0500 @@ -0,0 +1 @@ +.so man3/selinux_binary_policy_path.3 diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-1.33.3/src/file_path_suffixes.h --- nsalibselinux/src/file_path_suffixes.h 2006-11-16 17:15:25.000000000 -0500 -+++ libselinux-1.33.3/src/file_path_suffixes.h 2007-01-05 11:57:44.000000000 -0500 ++++ libselinux-1.33.3/src/file_path_suffixes.h 2007-01-09 09:49:51.000000000 -0500 @@ -7,6 +7,7 @@ S_(USER_CONTEXTS, "/contexts/users/") S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context") @@ -81,8 +82,8 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libs S_(REMOVABLE_CONTEXT, "/contexts/removable_context") diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_context.c libselinux-1.33.3/src/selinux_check_securetty_context.c --- nsalibselinux/src/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.33.3/src/selinux_check_securetty_context.c 2007-01-05 11:57:44.000000000 -0500 -@@ -0,0 +1,49 @@ ++++ libselinux-1.33.3/src/selinux_check_securetty_context.c 2007-01-09 10:00:58.000000000 -0500 +@@ -0,0 +1,54 @@ +#include +#include +#include @@ -93,36 +94,41 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_c + +int selinux_check_securetty_context(security_context_t tty_context) +{ -+ char buf[250]; -+ char *ptr = "", *end; ++ char *line = NULL; ++ char *start, *end = NULL; ++ size_t line_len = 0; + size_t len; + int found = -1; + FILE *fp; + fp = fopen(selinux_securetty_context_path(), "r"); + if (fp) { -+ context_t con =context_new(tty_context); ++ context_t con = context_new(tty_context); + if (con) { -+ char *type=context_type_get(con); ++ const char *type = context_type_get(con); + found = 0; -+ len = strlen(type); -+ while (!feof_unlocked(fp)) { -+ if (!fgets_unlocked(buf, sizeof buf, fp)) -+ break; ++ while ((len = getline(&line, &line_len, fp)) != -1) { + -+ if (buf[strlen(buf) - 1]) -+ buf[strlen(buf) - 1] = 0; ++ if (line[len - 1] == '\n') ++ line[len - 1] = 0; + -+ ptr = buf; -+ while (*ptr && isspace(*ptr)) -+ ptr++; -+ if (!(*ptr)) ++ /* Skip leading whitespace. */ ++ start = line; ++ while (*start && isspace(*start)) ++ start++; ++ if (!(*start)) + continue; + -+ if (!strncmp(type, ptr, len)) { ++ end = start; ++ while (*end && !isspace(*end)) ++ end++; ++ if (*end) ++ *end++ = 0; ++ if (!strcmp(type, start)) { + found = 1; + break; + } + } ++ free(line); + context_free(con); + } + fclose(fp); @@ -134,7 +140,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_c +hidden_def(selinux_check_securetty_context) diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.33.3/src/selinux_config.c --- nsalibselinux/src/selinux_config.c 2006-11-16 17:15:25.000000000 -0500 -+++ libselinux-1.33.3/src/selinux_config.c 2007-01-05 11:57:44.000000000 -0500 ++++ libselinux-1.33.3/src/selinux_config.c 2007-01-09 09:49:51.000000000 -0500 @@ -38,7 +38,8 @@ #define NETFILTER_CONTEXTS 15 #define FILE_CONTEXTS_HOMEDIR 16 @@ -145,7 +151,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin /* New layout is relative to SELINUXDIR/policytype. */ static char *file_paths[NEL]; -@@ -299,6 +300,12 @@ +@@ -299,6 +300,13 @@ hidden_def(selinux_default_context_path) @@ -153,6 +159,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin +{ + return get_path(SECURETTY_CONTEXTS); +} ++ +hidden_def(selinux_securetty_context_path) + const char *selinux_failsafe_context_path() @@ -160,7 +167,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin return get_path(FAILSAFE_CONTEXT); diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.33.3/src/selinux_internal.h --- nsalibselinux/src/selinux_internal.h 2006-11-16 17:15:25.000000000 -0500 -+++ libselinux-1.33.3/src/selinux_internal.h 2007-01-05 11:57:44.000000000 -0500 ++++ libselinux-1.33.3/src/selinux_internal.h 2007-01-09 09:49:51.000000000 -0500 @@ -53,6 +53,7 @@ hidden_proto(security_setenforce) hidden_proto(selinux_binary_policy_path) @@ -177,10 +184,40 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libsel hidden_proto(matchpathcon_init_prefix) hidden_proto(selinux_users_path) hidden_proto(selinux_usersconf_path); +diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-1.33.3/utils/matchpathcon.c +--- nsalibselinux/utils/matchpathcon.c 2007-01-04 17:01:41.000000000 -0500 ++++ libselinux-1.33.3/utils/matchpathcon.c 2007-01-09 09:49:51.000000000 -0500 +@@ -95,7 +95,7 @@ + } + } + for (i = optind; i < argc; i++) { +- int mode=0; ++ int mode = 0; + struct stat buf; + if (lstat(argv[i], &buf) == 0) + mode = buf.st_mode; +@@ -114,13 +114,15 @@ + if (rc >= 0) { + printf("%s has context %s, should be ", + argv[i], con); +- error += printmatchpathcon(argv[i], 0, mode); ++ error += ++ printmatchpathcon(argv[i], 0, mode); + freecon(con); + } else { + printf + ("actual context unknown: %s, should be ", + strerror(errno)); +- error += printmatchpathcon(argv[i], 0,mode); ++ error += ++ printmatchpathcon(argv[i], 0, mode); + } + } + } else { diff --exclude-from=exclude -N -u -r nsalibselinux/utils/selinux_check_securetty_context.c libselinux-1.33.3/utils/selinux_check_securetty_context.c --- nsalibselinux/utils/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-1.33.3/utils/selinux_check_securetty_context.c 2007-01-05 11:57:44.000000000 -0500 -@@ -0,0 +1,40 @@ ++++ libselinux-1.33.3/utils/selinux_check_securetty_context.c 2007-01-09 09:49:51.000000000 -0500 +@@ -0,0 +1,38 @@ +#include +#include +#include @@ -194,9 +231,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/utils/selinux_check_securetty + +void usage(const char *progname) +{ -+ fprintf(stderr, -+ "usage: %s tty_context...\n", -+ progname); ++ fprintf(stderr, "usage: %s tty_context...\n", progname); + exit(1); +} + diff --git a/libselinux.spec b/libselinux.spec index 26fd603..136d5a2 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -2,7 +2,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 1.33.3 -Release: 2%{?dist} +Release: 3%{?dist} License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -120,6 +120,9 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Fri Jan 5 2007 Dan Walsh - 1.33.3-3 +- Cleanup patch + * Fri Jan 5 2007 Dan Walsh - 1.33.3-2 - Add securetty handling Resolves: #200110