- Update to latest from NSA
Added security_canonicalize_context() interface and set_matchpathcon_canoncon() interface for obtaining canonical contexts. Changed matchpathcon internals to obtain canonical contexts by default. Provided fallback for kernels that lack extended selinuxfs context interface. - Patch to not translate mls when calling setfiles
This commit is contained in:
parent
70810f17e4
commit
e6236defe6
@ -60,3 +60,4 @@ libselinux-1.27.14.tgz
|
|||||||
libselinux-1.27.17.tgz
|
libselinux-1.27.17.tgz
|
||||||
libselinux-1.27.18.tgz
|
libselinux-1.27.18.tgz
|
||||||
libselinux-1.27.19.tgz
|
libselinux-1.27.19.tgz
|
||||||
|
libselinux-1.27.20.tgz
|
||||||
|
@ -39,37 +39,4 @@ diff -u -p -r1.32 matchpathcon.c
|
|||||||
if (myinvalidcon) {
|
if (myinvalidcon) {
|
||||||
/* Old-style validation of context. */
|
/* Old-style validation of context. */
|
||||||
if (myinvalidcon(path, lineno, context))
|
if (myinvalidcon(path, lineno, context))
|
||||||
Index: policycoreutils/setfiles/setfiles.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /nfshome/pal/CVS/selinux-usr/policycoreutils/setfiles/setfiles.c,v
|
|
||||||
retrieving revision 1.38
|
|
||||||
diff -u -p -r1.38 setfiles.c
|
|
||||||
--- policycoreutils/setfiles/setfiles.c 7 Nov 2005 19:31:55 -0000 1.38
|
|
||||||
+++ policycoreutils/setfiles/setfiles.c 8 Nov 2005 19:12:31 -0000
|
|
||||||
@@ -388,13 +388,7 @@ int canoncon(const char *path, unsigned
|
|
||||||
int valid = 1;
|
|
||||||
|
|
||||||
if (policyfile) {
|
|
||||||
- char *raw;
|
|
||||||
- if (selinux_trans_to_raw_context(context, &raw))
|
|
||||||
- valid = 0;
|
|
||||||
- if (valid) {
|
|
||||||
- valid = (sepol_check_context (raw) >= 0);
|
|
||||||
- freecon(raw);
|
|
||||||
- }
|
|
||||||
+ valid = (sepol_check_context (context) >= 0);
|
|
||||||
} else if (security_canonicalize_context(context, &tmpcon) < 0) {
|
|
||||||
if (errno != ENOENT) {
|
|
||||||
valid = 0;
|
|
||||||
@@ -447,8 +441,9 @@ int main(int argc, char **argv)
|
|
||||||
fclose(policystream);
|
|
||||||
|
|
||||||
/* Only process the specified file_contexts file, not
|
|
||||||
- any .homedirs or .local files. */
|
|
||||||
- set_matchpathcon_flags(MATCHPATHCON_BASEONLY);
|
|
||||||
+ any .homedirs or .local files, and do not perform
|
|
||||||
+ context translations. */
|
|
||||||
+ set_matchpathcon_flags(MATCHPATHCON_BASEONLY|MATCHPATHCON_NOTRANS);
|
|
||||||
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
%define libsepolver 1.9.37-1
|
%define libsepolver 1.9.38-1
|
||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
Name: libselinux
|
Name: libselinux
|
||||||
Version: 1.27.19
|
Version: 1.27.20
|
||||||
Release: 2
|
Release: 1
|
||||||
License: Public domain (uncopyrighted)
|
License: Public domain (uncopyrighted)
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||||
@ -92,7 +92,14 @@ exit 0
|
|||||||
%{_mandir}/man8/*
|
%{_mandir}/man8/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-2
|
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.20-1
|
||||||
|
- Update to latest from NSA
|
||||||
|
* Added security_canonicalize_context() interface and
|
||||||
|
set_matchpathcon_canoncon() interface for obtaining
|
||||||
|
canonical contexts. Changed matchpathcon internals
|
||||||
|
to obtain canonical contexts by default. Provided
|
||||||
|
fallback for kernels that lack extended selinuxfs context
|
||||||
|
interface.
|
||||||
- Patch to not translate mls when calling setfiles
|
- Patch to not translate mls when calling setfiles
|
||||||
|
|
||||||
* Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-1
|
* Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-1
|
||||||
|
Loading…
Reference in New Issue
Block a user