Rebuild with latest libsepol
This commit is contained in:
parent
edd5aaafc0
commit
e7604b157b
@ -126,7 +126,7 @@ index 9f16f77..4835f2f 100644
|
|||||||
.SH FILES
|
.SH FILES
|
||||||
/etc/selinux/config
|
/etc/selinux/config
|
||||||
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
|
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
|
||||||
index 02483a3..647ea4c 100644
|
index 02483a3..d2de4d5 100644
|
||||||
--- a/libselinux/src/audit2why.c
|
--- a/libselinux/src/audit2why.c
|
||||||
+++ b/libselinux/src/audit2why.c
|
+++ b/libselinux/src/audit2why.c
|
||||||
@@ -164,6 +164,9 @@ static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args)
|
@@ -164,6 +164,9 @@ static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args)
|
||||||
@ -191,32 +191,132 @@ index 02483a3..647ea4c 100644
|
|||||||
if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
|
if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
|
||||||
return NULL;
|
return NULL;
|
||||||
result = __policy_init(init_path);
|
result = __policy_init(init_path);
|
||||||
@@ -306,6 +298,7 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
|
@@ -302,10 +294,12 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
|
||||||
return result;
|
}
|
||||||
|
|
||||||
|
#define RETURN(X) \
|
||||||
|
- PyTuple_SetItem(result, 0, Py_BuildValue("i", X)); \
|
||||||
|
- return result;
|
||||||
|
+ { \
|
||||||
|
+ return Py_BuildValue("iO", (X), Py_None); \
|
||||||
|
+ }
|
||||||
|
|
||||||
static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args) {
|
static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args) {
|
||||||
+ char *reason_buf = NULL;
|
+ char *reason_buf = NULL;
|
||||||
security_context_t scon;
|
security_context_t scon;
|
||||||
security_context_t tcon;
|
security_context_t tcon;
|
||||||
char *tclassstr;
|
char *tclassstr;
|
||||||
@@ -376,7 +369,7 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
|
@@ -320,10 +314,6 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
|
||||||
|
struct sepol_av_decision avd;
|
||||||
|
int rc;
|
||||||
|
int i=0;
|
||||||
|
- PyObject *result = PyTuple_New(2);
|
||||||
|
- if (!result) return NULL;
|
||||||
|
- Py_INCREF(Py_None);
|
||||||
|
- PyTuple_SetItem(result, 1, Py_None);
|
||||||
|
|
||||||
|
if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj))
|
||||||
|
return NULL;
|
||||||
|
@@ -334,22 +324,21 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
|
||||||
|
/* should raise an error here. */
|
||||||
|
if (numlines < 0) return NULL; /* Not a list */
|
||||||
|
|
||||||
|
- if (!avc) {
|
||||||
|
+ if (!avc)
|
||||||
|
RETURN(NOPOLICY)
|
||||||
|
- }
|
||||||
|
|
||||||
|
rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
|
||||||
|
- if (rc < 0) {
|
||||||
|
+ if (rc < 0)
|
||||||
|
RETURN(BADSCON)
|
||||||
|
- }
|
||||||
|
+
|
||||||
|
rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
|
||||||
|
- if (rc < 0) {
|
||||||
|
+ if (rc < 0)
|
||||||
|
RETURN(BADTCON)
|
||||||
|
- }
|
||||||
|
+
|
||||||
|
tclass = string_to_security_class(tclassstr);
|
||||||
|
- if (!tclass) {
|
||||||
|
+ if (!tclass)
|
||||||
|
RETURN(BADTCLASS)
|
||||||
|
- }
|
||||||
|
+
|
||||||
|
/* Convert the permission list to an AV. */
|
||||||
|
av = 0;
|
||||||
|
|
||||||
|
@@ -369,21 +358,20 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
|
||||||
|
#endif
|
||||||
|
|
||||||
|
perm = string_to_av_perm(tclass, permstr);
|
||||||
|
- if (!perm) {
|
||||||
|
+ if (!perm)
|
||||||
|
RETURN(BADPERM)
|
||||||
|
- }
|
||||||
|
+
|
||||||
|
av |= perm;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Reproduce the computation. */
|
/* Reproduce the computation. */
|
||||||
- rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd, &reason);
|
- rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd, &reason);
|
||||||
|
- if (rc < 0) {
|
||||||
+ rc = sepol_compute_av_reason_buffer(ssid, tsid, tclass, av, &avd, &reason, &reason_buf);
|
+ rc = sepol_compute_av_reason_buffer(ssid, tsid, tclass, av, &avd, &reason, &reason_buf);
|
||||||
if (rc < 0) {
|
+ if (rc < 0)
|
||||||
RETURN(BADCOMPUTE)
|
RETURN(BADCOMPUTE)
|
||||||
|
- }
|
||||||
|
|
||||||
|
- if (!reason) {
|
||||||
|
+ if (!reason)
|
||||||
|
RETURN(ALLOW)
|
||||||
|
- }
|
||||||
|
+
|
||||||
|
if (reason & SEPOL_COMPUTEAV_TE) {
|
||||||
|
avc->ssid = ssid;
|
||||||
|
avc->tsid = tsid;
|
||||||
|
@@ -396,28 +384,34 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
|
||||||
|
RETURN(TERULE)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
- PyTuple_SetItem(result, 0, Py_BuildValue("i", BOOLEAN));
|
||||||
|
+ PyObject *outboollist;
|
||||||
|
struct boolean_t *b = bools;
|
||||||
|
int len=0;
|
||||||
|
while (b->name) {
|
||||||
|
len++; b++;
|
||||||
|
}
|
||||||
|
b = bools;
|
||||||
|
- PyObject *outboollist = PyTuple_New(len);
|
||||||
|
+ outboollist = PyList_New(len);
|
||||||
|
len=0;
|
||||||
|
while(b->name) {
|
||||||
|
- PyObject *bool = Py_BuildValue("(si)", b->name, b->active);
|
||||||
|
- PyTuple_SetItem(outboollist, len++, bool);
|
||||||
|
+ PyObject *bool_ = Py_BuildValue("(si)", b->name, b->active);
|
||||||
|
+ PyList_SetItem(outboollist, len++, bool_);
|
||||||
|
b++;
|
||||||
|
}
|
||||||
|
free(bools);
|
||||||
|
- PyTuple_SetItem(result, 1, outboollist);
|
||||||
|
- return result;
|
||||||
|
+ /* 'N' steals the reference to outboollist */
|
||||||
|
+ return Py_BuildValue("iN", BOOLEAN, outboollist);
|
||||||
}
|
}
|
||||||
@@ -417,6 +410,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (reason & SEPOL_COMPUTEAV_CONS) {
|
if (reason & SEPOL_COMPUTEAV_CONS) {
|
||||||
+ printf("%s\n", reason_buf);
|
- RETURN(CONSTRAINT);
|
||||||
|
+ if (reason_buf) {
|
||||||
|
+ PyObject *result = NULL;
|
||||||
|
+ result = Py_BuildValue("is", CONSTRAINT, reason_buf);
|
||||||
+ free(reason_buf);
|
+ free(reason_buf);
|
||||||
RETURN(CONSTRAINT);
|
+ return result;
|
||||||
|
+ }
|
||||||
|
+ RETURN(CONSTRAINT)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (reason & SEPOL_COMPUTEAV_RBAC) {
|
||||||
diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
|
diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
|
||||||
index 802a07f..6ff83a7 100644
|
index 802a07f..6ff83a7 100644
|
||||||
--- a/libselinux/src/avc.c
|
--- a/libselinux/src/avc.c
|
||||||
|
@ -4,13 +4,13 @@
|
|||||||
|
|
||||||
%define ruby_inc %(pkg-config --cflags ruby-1.9)
|
%define ruby_inc %(pkg-config --cflags ruby-1.9)
|
||||||
%define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
|
%define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
|
||||||
%define libsepolver 2.1.7-4
|
%define libsepolver 2.1.8-3
|
||||||
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
||||||
|
|
||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
Name: libselinux
|
Name: libselinux
|
||||||
Version: 2.1.12
|
Version: 2.1.12
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: %{name}-%{version}.tgz
|
Source: %{name}-%{version}.tgz
|
||||||
@ -241,6 +241,9 @@ rm -rf %{buildroot}
|
|||||||
%{ruby_sitearch}/selinux.so
|
%{ruby_sitearch}/selinux.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-9
|
||||||
|
- Rebuild with latest libsepol
|
||||||
|
|
||||||
* Fri Nov 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-8
|
* Fri Nov 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-8
|
||||||
- Return EPERM if login program can not reach default label for user
|
- Return EPERM if login program can not reach default label for user
|
||||||
- Attempt to return container info from audit2why
|
- Attempt to return container info from audit2why
|
||||||
|
Loading…
Reference in New Issue
Block a user