- Cleanup patch

This commit is contained in:
Daniel J Walsh 2007-01-09 15:02:46 +00:00
parent e6bab37d57
commit e3bd599d8e
2 changed files with 71 additions and 33 deletions

View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.33.3/include/selinux/selinux.h diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.33.3/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h 2006-11-16 17:15:18.000000000 -0500 --- nsalibselinux/include/selinux/selinux.h 2006-11-16 17:15:18.000000000 -0500
+++ libselinux-1.33.3/include/selinux/selinux.h 2007-01-05 11:57:44.000000000 -0500 +++ libselinux-1.33.3/include/selinux/selinux.h 2007-01-09 09:49:51.000000000 -0500
@@ -406,6 +406,7 @@ @@ -406,6 +406,7 @@
extern const char *selinux_homedir_context_path(void); extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void); extern const char *selinux_media_context_path(void);
@ -9,7 +9,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib
extern const char *selinux_booleans_path(void); extern const char *selinux_booleans_path(void);
extern const char *selinux_customizable_types_path(void); extern const char *selinux_customizable_types_path(void);
extern const char *selinux_users_path(void); extern const char *selinux_users_path(void);
@@ -413,12 +414,14 @@ @@ -413,12 +414,15 @@
extern const char *selinux_translations_path(void); extern const char *selinux_translations_path(void);
extern const char *selinux_netfilter_context_path(void); extern const char *selinux_netfilter_context_path(void);
extern const char *selinux_path(void); extern const char *selinux_path(void);
@ -21,13 +21,14 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib
+/* Check if the tty_context is defined as a securetty +/* Check if the tty_context is defined as a securetty
+ Return 1 if secure, 0 if not, or -1 if otherwise. */ + Return 1 if secure, 0 if not, or -1 if otherwise. */
+ extern int selinux_check_securetty_context(security_context_t tty_context); + extern int selinux_check_securetty_context(security_context_t
+ tty_context);
/* Set the path to the selinuxfs mount point explicitly. /* Set the path to the selinuxfs mount point explicitly.
Normally, this is determined automatically during libselinux Normally, this is determined automatically during libselinux
initialization, but this is not always possible, e.g. for /sbin/init initialization, but this is not always possible, e.g. for /sbin/init
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-1.33.3/man/man3/selinux_binary_policy_path.3
--- nsalibselinux/man/man3/selinux_binary_policy_path.3 2006-11-16 17:15:30.000000000 -0500 --- nsalibselinux/man/man3/selinux_binary_policy_path.3 2006-11-16 17:15:30.000000000 -0500
+++ libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 2007-01-05 11:57:44.000000000 -0500 +++ libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 2007-01-09 09:49:51.000000000 -0500
@@ -27,6 +27,8 @@ @@ -27,6 +27,8 @@
.br .br
extern const char *selinux_media_context_path(void); extern const char *selinux_media_context_path(void);
@ -48,7 +49,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_polic
.SH AUTHOR .SH AUTHOR
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_securetty_context.3 libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_securetty_context.3 libselinux-1.33.3/man/man3/selinux_check_securetty_context.3
--- nsalibselinux/man/man3/selinux_check_securetty_context.3 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/man/man3/selinux_check_securetty_context.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 2007-01-05 11:57:44.000000000 -0500 +++ libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 2007-01-09 09:49:51.000000000 -0500
@@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
+.TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh@redhat.com" "SE Linux API documentation" +.TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh@redhat.com" "SE Linux API documentation"
+.SH "NAME" +.SH "NAME"
@ -65,12 +66,12 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_secure
+returns -1 on error. +returns -1 on error.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_securetty_context_path.3 libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_securetty_context_path.3 libselinux-1.33.3/man/man3/selinux_securetty_context_path.3
--- nsalibselinux/man/man3/selinux_securetty_context_path.3 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/man/man3/selinux_securetty_context_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 2007-01-05 11:57:44.000000000 -0500 +++ libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 2007-01-09 09:49:51.000000000 -0500
@@ -0,0 +1 @@ @@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3 +.so man3/selinux_binary_policy_path.3
diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-1.33.3/src/file_path_suffixes.h diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-1.33.3/src/file_path_suffixes.h
--- nsalibselinux/src/file_path_suffixes.h 2006-11-16 17:15:25.000000000 -0500 --- nsalibselinux/src/file_path_suffixes.h 2006-11-16 17:15:25.000000000 -0500
+++ libselinux-1.33.3/src/file_path_suffixes.h 2007-01-05 11:57:44.000000000 -0500 +++ libselinux-1.33.3/src/file_path_suffixes.h 2007-01-09 09:49:51.000000000 -0500
@@ -7,6 +7,7 @@ @@ -7,6 +7,7 @@
S_(USER_CONTEXTS, "/contexts/users/") S_(USER_CONTEXTS, "/contexts/users/")
S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context") S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
@ -81,8 +82,8 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libs
S_(REMOVABLE_CONTEXT, "/contexts/removable_context") S_(REMOVABLE_CONTEXT, "/contexts/removable_context")
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_context.c libselinux-1.33.3/src/selinux_check_securetty_context.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_context.c libselinux-1.33.3/src/selinux_check_securetty_context.c
--- nsalibselinux/src/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/src/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.33.3/src/selinux_check_securetty_context.c 2007-01-05 11:57:44.000000000 -0500 +++ libselinux-1.33.3/src/selinux_check_securetty_context.c 2007-01-09 10:00:58.000000000 -0500
@@ -0,0 +1,49 @@ @@ -0,0 +1,54 @@
+#include <unistd.h> +#include <unistd.h>
+#include <stdlib.h> +#include <stdlib.h>
+#include <string.h> +#include <string.h>
@ -93,36 +94,41 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_c
+ +
+int selinux_check_securetty_context(security_context_t tty_context) +int selinux_check_securetty_context(security_context_t tty_context)
+{ +{
+ char buf[250]; + char *line = NULL;
+ char *ptr = "", *end; + char *start, *end = NULL;
+ size_t line_len = 0;
+ size_t len; + size_t len;
+ int found = -1; + int found = -1;
+ FILE *fp; + FILE *fp;
+ fp = fopen(selinux_securetty_context_path(), "r"); + fp = fopen(selinux_securetty_context_path(), "r");
+ if (fp) { + if (fp) {
+ context_t con =context_new(tty_context); + context_t con = context_new(tty_context);
+ if (con) { + if (con) {
+ char *type=context_type_get(con); + const char *type = context_type_get(con);
+ found = 0; + found = 0;
+ len = strlen(type); + while ((len = getline(&line, &line_len, fp)) != -1) {
+ while (!feof_unlocked(fp)) {
+ if (!fgets_unlocked(buf, sizeof buf, fp))
+ break;
+ +
+ if (buf[strlen(buf) - 1]) + if (line[len - 1] == '\n')
+ buf[strlen(buf) - 1] = 0; + line[len - 1] = 0;
+ +
+ ptr = buf; + /* Skip leading whitespace. */
+ while (*ptr && isspace(*ptr)) + start = line;
+ ptr++; + while (*start && isspace(*start))
+ if (!(*ptr)) + start++;
+ if (!(*start))
+ continue; + continue;
+ +
+ if (!strncmp(type, ptr, len)) { + end = start;
+ while (*end && !isspace(*end))
+ end++;
+ if (*end)
+ *end++ = 0;
+ if (!strcmp(type, start)) {
+ found = 1; + found = 1;
+ break; + break;
+ } + }
+ } + }
+ free(line);
+ context_free(con); + context_free(con);
+ } + }
+ fclose(fp); + fclose(fp);
@ -134,7 +140,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_c
+hidden_def(selinux_check_securetty_context) +hidden_def(selinux_check_securetty_context)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.33.3/src/selinux_config.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.33.3/src/selinux_config.c
--- nsalibselinux/src/selinux_config.c 2006-11-16 17:15:25.000000000 -0500 --- nsalibselinux/src/selinux_config.c 2006-11-16 17:15:25.000000000 -0500
+++ libselinux-1.33.3/src/selinux_config.c 2007-01-05 11:57:44.000000000 -0500 +++ libselinux-1.33.3/src/selinux_config.c 2007-01-09 09:49:51.000000000 -0500
@@ -38,7 +38,8 @@ @@ -38,7 +38,8 @@
#define NETFILTER_CONTEXTS 15 #define NETFILTER_CONTEXTS 15
#define FILE_CONTEXTS_HOMEDIR 16 #define FILE_CONTEXTS_HOMEDIR 16
@ -145,7 +151,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin
/* New layout is relative to SELINUXDIR/policytype. */ /* New layout is relative to SELINUXDIR/policytype. */
static char *file_paths[NEL]; static char *file_paths[NEL];
@@ -299,6 +300,12 @@ @@ -299,6 +300,13 @@
hidden_def(selinux_default_context_path) hidden_def(selinux_default_context_path)
@ -153,6 +159,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin
+{ +{
+ return get_path(SECURETTY_CONTEXTS); + return get_path(SECURETTY_CONTEXTS);
+} +}
+
+hidden_def(selinux_securetty_context_path) +hidden_def(selinux_securetty_context_path)
+ +
const char *selinux_failsafe_context_path() const char *selinux_failsafe_context_path()
@ -160,7 +167,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin
return get_path(FAILSAFE_CONTEXT); return get_path(FAILSAFE_CONTEXT);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.33.3/src/selinux_internal.h diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.33.3/src/selinux_internal.h
--- nsalibselinux/src/selinux_internal.h 2006-11-16 17:15:25.000000000 -0500 --- nsalibselinux/src/selinux_internal.h 2006-11-16 17:15:25.000000000 -0500
+++ libselinux-1.33.3/src/selinux_internal.h 2007-01-05 11:57:44.000000000 -0500 +++ libselinux-1.33.3/src/selinux_internal.h 2007-01-09 09:49:51.000000000 -0500
@@ -53,6 +53,7 @@ @@ -53,6 +53,7 @@
hidden_proto(security_setenforce) hidden_proto(security_setenforce)
hidden_proto(selinux_binary_policy_path) hidden_proto(selinux_binary_policy_path)
@ -177,10 +184,40 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libsel
hidden_proto(matchpathcon_init_prefix) hidden_proto(matchpathcon_init_prefix)
hidden_proto(selinux_users_path) hidden_proto(selinux_users_path)
hidden_proto(selinux_usersconf_path); hidden_proto(selinux_usersconf_path);
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-1.33.3/utils/matchpathcon.c
--- nsalibselinux/utils/matchpathcon.c 2007-01-04 17:01:41.000000000 -0500
+++ libselinux-1.33.3/utils/matchpathcon.c 2007-01-09 09:49:51.000000000 -0500
@@ -95,7 +95,7 @@
}
}
for (i = optind; i < argc; i++) {
- int mode=0;
+ int mode = 0;
struct stat buf;
if (lstat(argv[i], &buf) == 0)
mode = buf.st_mode;
@@ -114,13 +114,15 @@
if (rc >= 0) {
printf("%s has context %s, should be ",
argv[i], con);
- error += printmatchpathcon(argv[i], 0, mode);
+ error +=
+ printmatchpathcon(argv[i], 0, mode);
freecon(con);
} else {
printf
("actual context unknown: %s, should be ",
strerror(errno));
- error += printmatchpathcon(argv[i], 0,mode);
+ error +=
+ printmatchpathcon(argv[i], 0, mode);
}
}
} else {
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/selinux_check_securetty_context.c libselinux-1.33.3/utils/selinux_check_securetty_context.c diff --exclude-from=exclude -N -u -r nsalibselinux/utils/selinux_check_securetty_context.c libselinux-1.33.3/utils/selinux_check_securetty_context.c
--- nsalibselinux/utils/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500 --- nsalibselinux/utils/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.33.3/utils/selinux_check_securetty_context.c 2007-01-05 11:57:44.000000000 -0500 +++ libselinux-1.33.3/utils/selinux_check_securetty_context.c 2007-01-09 09:49:51.000000000 -0500
@@ -0,0 +1,40 @@ @@ -0,0 +1,38 @@
+#include <unistd.h> +#include <unistd.h>
+#include <stdio.h> +#include <stdio.h>
+#include <stdlib.h> +#include <stdlib.h>
@ -194,9 +231,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/utils/selinux_check_securetty
+ +
+void usage(const char *progname) +void usage(const char *progname)
+{ +{
+ fprintf(stderr, + fprintf(stderr, "usage: %s tty_context...\n", progname);
+ "usage: %s tty_context...\n",
+ progname);
+ exit(1); + exit(1);
+} +}
+ +

View File

@ -2,7 +2,7 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 1.33.3 Version: 1.33.3
Release: 2%{?dist} Release: 3%{?dist}
License: Public domain (uncopyrighted) License: Public domain (uncopyrighted)
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@ -120,6 +120,9 @@ exit 0
%{_libdir}/python*/site-packages/selinux.py* %{_libdir}/python*/site-packages/selinux.py*
%changelog %changelog
* Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.3-3
- Cleanup patch
* Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.3-2 * Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.3-2
- Add securetty handling - Add securetty handling
Resolves: #200110 Resolves: #200110