rpms/libselinux
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Cleanup patch

Browse Source
This commit is contained in:
Daniel J Walsh 2007-01-09 15:02:46 +00:00
parent e6bab37d57
commit e3bd599d8e
2 changed files with 71 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
libselinux-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.33.3/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h 2006-11-16 17:15:18.000000000 -0500
+++ libselinux-1.33.3/include/selinux/selinux.h 2007-01-05 11:57:44.000000000 -0500
+++ libselinux-1.33.3/include/selinux/selinux.h 2007-01-09 09:49:51.000000000 -0500
@@ -406,6 +406,7 @@
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
@ -9,7 +9,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib
extern const char *selinux_booleans_path(void);
extern const char *selinux_customizable_types_path(void);
extern const char *selinux_users_path(void);
@@ -413,12 +414,14 @@
@@ -413,12 +414,15 @@
extern const char *selinux_translations_path(void);
extern const char *selinux_netfilter_context_path(void);
extern const char *selinux_path(void);
@ -21,13 +21,14 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib
+/* Check if the tty_context is defined as a securetty
+ Return 1 if secure, 0 if not, or -1 if otherwise. */
+ extern int selinux_check_securetty_context(security_context_t tty_context);
+ extern int selinux_check_securetty_context(security_context_t
+ tty_context);
/* Set the path to the selinuxfs mount point explicitly.
Normally, this is determined automatically during libselinux
initialization, but this is not always possible, e.g. for /sbin/init
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-1.33.3/man/man3/selinux_binary_policy_path.3
--- nsalibselinux/man/man3/selinux_binary_policy_path.3 2006-11-16 17:15:30.000000000 -0500
+++ libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 2007-01-05 11:57:44.000000000 -0500
+++ libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 2007-01-09 09:49:51.000000000 -0500
@@ -27,6 +27,8 @@
.br
extern const char *selinux_media_context_path(void);
@ -48,7 +49,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_polic
.SH AUTHOR
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_securetty_context.3 libselinux-1.33.3/man/man3/selinux_check_securetty_context.3
--- nsalibselinux/man/man3/selinux_check_securetty_context.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 2007-01-05 11:57:44.000000000 -0500
+++ libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 2007-01-09 09:49:51.000000000 -0500
@@ -0,0 +1,13 @@
+.TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh@redhat.com" "SE Linux API documentation"
+.SH "NAME"
@ -65,12 +66,12 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_secure
+returns -1 on error.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_securetty_context_path.3 libselinux-1.33.3/man/man3/selinux_securetty_context_path.3
--- nsalibselinux/man/man3/selinux_securetty_context_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 2007-01-05 11:57:44.000000000 -0500
+++ libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 2007-01-09 09:49:51.000000000 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-1.33.3/src/file_path_suffixes.h
--- nsalibselinux/src/file_path_suffixes.h 2006-11-16 17:15:25.000000000 -0500
+++ libselinux-1.33.3/src/file_path_suffixes.h 2007-01-05 11:57:44.000000000 -0500
+++ libselinux-1.33.3/src/file_path_suffixes.h 2007-01-09 09:49:51.000000000 -0500
@@ -7,6 +7,7 @@
S_(USER_CONTEXTS, "/contexts/users/")
S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
@ -81,8 +82,8 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libs
S_(REMOVABLE_CONTEXT, "/contexts/removable_context")
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_context.c libselinux-1.33.3/src/selinux_check_securetty_context.c
--- nsalibselinux/src/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.33.3/src/selinux_check_securetty_context.c 2007-01-05 11:57:44.000000000 -0500
@@ -0,0 +1,49 @@
+++ libselinux-1.33.3/src/selinux_check_securetty_context.c 2007-01-09 10:00:58.000000000 -0500
@@ -0,0 +1,54 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
@ -93,36 +94,41 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_c
+
+int selinux_check_securetty_context(security_context_t tty_context)
+{
+ char buf[250];
+ char *ptr = "", *end;
+ char *line = NULL;
+ char *start, *end = NULL;
+ size_t line_len = 0;
+ size_t len;
+ int found = -1;
+ FILE *fp;
+ fp = fopen(selinux_securetty_context_path(), "r");
+ if (fp) {
+ context_t con =context_new(tty_context);
+ context_t con = context_new(tty_context);
+ if (con) {
+ char *type=context_type_get(con);
+ const char *type = context_type_get(con);
+ found = 0;
+ len = strlen(type);
+ while (!feof_unlocked(fp)) {
+ if (!fgets_unlocked(buf, sizeof buf, fp))
+ break;
+ while ((len = getline(&line, &line_len, fp)) != -1) {
+
+ if (buf[strlen(buf) - 1])
+ buf[strlen(buf) - 1] = 0;
+ if (line[len - 1] == '\n')
+ line[len - 1] = 0;
+
+ ptr = buf;
+ while (*ptr && isspace(*ptr))
+ ptr++;
+ if (!(*ptr))
+ /* Skip leading whitespace. */
+ start = line;
+ while (*start && isspace(*start))
+ start++;
+ if (!(*start))
+ continue;
+
+ if (!strncmp(type, ptr, len)) {
+ end = start;
+ while (*end && !isspace(*end))
+ end++;
+ if (*end)
+ *end++ = 0;
+ if (!strcmp(type, start)) {
+ found = 1;
+ break;
+ }
+ }
+ free(line);
+ context_free(con);
+ }
+ fclose(fp);
@ -134,7 +140,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_c
+hidden_def(selinux_check_securetty_context)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.33.3/src/selinux_config.c
--- nsalibselinux/src/selinux_config.c 2006-11-16 17:15:25.000000000 -0500
+++ libselinux-1.33.3/src/selinux_config.c 2007-01-05 11:57:44.000000000 -0500
+++ libselinux-1.33.3/src/selinux_config.c 2007-01-09 09:49:51.000000000 -0500
@@ -38,7 +38,8 @@
#define NETFILTER_CONTEXTS 15
#define FILE_CONTEXTS_HOMEDIR 16
@ -145,7 +151,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin
/* New layout is relative to SELINUXDIR/policytype. */
static char *file_paths[NEL];
@@ -299,6 +300,12 @@
@@ -299,6 +300,13 @@
hidden_def(selinux_default_context_path)
@ -153,6 +159,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin
+{
+ return get_path(SECURETTY_CONTEXTS);
+}
+
+hidden_def(selinux_securetty_context_path)
+
const char *selinux_failsafe_context_path()
@ -160,7 +167,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin
return get_path(FAILSAFE_CONTEXT);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.33.3/src/selinux_internal.h
--- nsalibselinux/src/selinux_internal.h 2006-11-16 17:15:25.000000000 -0500
+++ libselinux-1.33.3/src/selinux_internal.h 2007-01-05 11:57:44.000000000 -0500
+++ libselinux-1.33.3/src/selinux_internal.h 2007-01-09 09:49:51.000000000 -0500
@@ -53,6 +53,7 @@
hidden_proto(security_setenforce)
hidden_proto(selinux_binary_policy_path)
@ -177,10 +184,40 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libsel
hidden_proto(matchpathcon_init_prefix)
hidden_proto(selinux_users_path)
hidden_proto(selinux_usersconf_path);
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-1.33.3/utils/matchpathcon.c
--- nsalibselinux/utils/matchpathcon.c 2007-01-04 17:01:41.000000000 -0500
+++ libselinux-1.33.3/utils/matchpathcon.c 2007-01-09 09:49:51.000000000 -0500
@@ -95,7 +95,7 @@
}
}
for (i = optind; i < argc; i++) {
- int mode=0;
+ int mode = 0;
struct stat buf;
if (lstat(argv[i], &buf) == 0)
mode = buf.st_mode;
@@ -114,13 +114,15 @@
if (rc >= 0) {
printf("%s has context %s, should be ",
argv[i], con);
- error += printmatchpathcon(argv[i], 0, mode);
+ error +=
+ printmatchpathcon(argv[i], 0, mode);
freecon(con);
} else {
printf
("actual context unknown: %s, should be ",
strerror(errno));
- error += printmatchpathcon(argv[i], 0,mode);
+ error +=
+ printmatchpathcon(argv[i], 0, mode);
}
}
} else {
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/selinux_check_securetty_context.c libselinux-1.33.3/utils/selinux_check_securetty_context.c
--- nsalibselinux/utils/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.33.3/utils/selinux_check_securetty_context.c 2007-01-05 11:57:44.000000000 -0500
@@ -0,0 +1,40 @@
+++ libselinux-1.33.3/utils/selinux_check_securetty_context.c 2007-01-09 09:49:51.000000000 -0500
@@ -0,0 +1,38 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
@ -194,9 +231,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/utils/selinux_check_securetty
+
+void usage(const char *progname)
+{
+ fprintf(stderr,
+ "usage: %s tty_context...\n",
+ progname);
+ fprintf(stderr, "usage: %s tty_context...\n", progname);
+ exit(1);
+}
+

5
libselinux.spec
View File

@ -2,7 +2,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 1.33.3
Release: 2%{?dist}
Release: 3%{?dist}
License: Public domain (uncopyrighted)
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@ -120,6 +120,9 @@ exit 0
%{_libdir}/python*/site-packages/selinux.py*
%changelog
* Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.3-3
- Cleanup patch
* Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.3-2
- Add securetty handling
Resolves: #200110