From ee778682f8b32c08d683142a3483aa3d6bd241bb Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 9 Jul 2008 20:57:21 +0000 Subject: [PATCH] - Add ruby support for puppet --- libselinux-rhat.patch | 297 +++++++++++++++++++++++++++++++++++++++++- libselinux.spec | 21 ++- 2 files changed, 312 insertions(+), 6 deletions(-) diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index c3a1481..4715d98 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.67/man/man3/freecon.3 --- nsalibselinux/man/man3/freecon.3 2008-06-12 23:25:12.000000000 -0400 -+++ libselinux-2.0.67/man/man3/freecon.3 2008-06-29 08:28:37.000000000 -0400 ++++ libselinux-2.0.67/man/man3/freecon.3 2008-07-09 16:52:33.000000000 -0400 @@ -15,6 +15,11 @@ .B freeconary frees the memory allocated for a context array. @@ -15,7 +15,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.67/man/man8/selinuxconlist.8 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.67/man/man8/selinuxconlist.8 2008-06-29 08:27:30.000000000 -0400 ++++ libselinux-2.0.67/man/man8/selinuxconlist.8 2008-07-09 16:52:33.000000000 -0400 @@ -0,0 +1,18 @@ +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -37,7 +37,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib +secon(8), selinuxdefcon(8) diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.67/man/man8/selinuxdefcon.8 --- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.67/man/man8/selinuxdefcon.8 2008-06-29 08:27:30.000000000 -0400 ++++ libselinux-2.0.67/man/man8/selinuxdefcon.8 2008-07-09 16:52:33.000000000 -0400 @@ -0,0 +1,19 @@ +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -58,9 +58,147 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs + +.SH "SEE ALSO" +secon(8), selinuxconlist(8) +diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.67/src/Makefile +--- nsalibselinux/src/Makefile 2008-06-22 09:40:25.000000000 -0400 ++++ libselinux-2.0.67/src/Makefile 2008-07-09 16:56:37.000000000 -0400 +@@ -7,16 +7,24 @@ + PYINC ?= /usr/include/$(PYLIBVER) + PYLIB ?= /usr/lib/$(PYLIBVER) + PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) ++RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")') ++RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM') ++RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) ++RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) + + LIBVERSION = 1 + + LIBA=libselinux.a + TARGET=libselinux.so + SWIGIF= selinuxswig_python.i ++SWIGRUBYIF= selinuxswig_ruby.i + SWIGCOUT= selinuxswig_wrap.c ++SWIGRUBYCOUT= selinuxswig_ruby_wrap.c + SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) ++SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) + SWIGSO=_selinux.so + SWIGFILES=$(SWIGSO) selinux.py ++SWIGRUBYSO=_rubyselinux.so + LIBSO=$(TARGET).$(LIBVERSION) + AUDIT2WHYSO=audit2why.so + +@@ -29,7 +37,9 @@ + ifeq ($(DISABLE_RPM),y) + UNUSED_SRCS+=rpm.c + endif +-SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(SWIGCOUT),$(wildcard *.c))) ++ ++GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) ++SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(GENERATED),$(wildcard *.c))) + + OBJS= $(patsubst %.c,%.o,$(SRCS)) + LOBJS= $(patsubst %.c,%.lo,$(SRCS)) +@@ -44,11 +54,11 @@ + + SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ + +-GENERATED=$(SWIGCOUT) ++SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ + + all: $(LIBA) $(LIBSO) + +-pywrap: all $(SWIGSO) $(AUDIT2WHYSO) ++pywrap: all $(SWIGSO) $(AUDIT2WHYSO) $(SWIGRUBYSO) + + $(LIBA): $(OBJS) + $(AR) rcs $@ $^ +@@ -57,8 +67,14 @@ + $(SWIGLOBJ): $(SWIGCOUT) + $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< + ++$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) ++ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $< ++ + $(SWIGSO): $(SWIGLOBJ) +- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ ++ ++$(SWIGRUBYSO): $(SWIGRUBYLOBJ) ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ + + $(LIBSO): $(LOBJS) + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro +@@ -79,6 +95,9 @@ + $(SWIGCOUT): $(SWIGIF) + $(SWIG) $^ + ++$(SWIGRUBYCOUT): $(SWIGRUBYIF) ++ $(SWIGRUBY) $^ ++ + swigify: $(SWIGIF) + $(SWIG) $^ + +@@ -95,6 +114,9 @@ + install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux + install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py + ++ test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) ++ install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so ++ + relabel: + /sbin/restorecon $(SHLIBDIR)/$(LIBSO) + +@@ -102,7 +124,7 @@ + -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~ + + distclean: clean +- rm -f $(SWIGCOUT) $(SWIGFILES) ++ rm -f $(GENERATED) $(SWIGFILES) + + indent: + ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) +diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.67/src/audit2why.c +--- nsalibselinux/src/audit2why.c 2008-06-12 23:25:14.000000000 -0400 ++++ libselinux-2.0.67/src/audit2why.c 2008-07-09 16:52:33.000000000 -0400 +@@ -55,7 +55,7 @@ + return 0; + } + +-static int check_booleans(struct avc_t *avc, struct boolean_t **bools) ++static int check_booleans(struct boolean_t **bools) + { + char errormsg[PATH_MAX]; + struct sepol_av_decision avd; +@@ -376,7 +376,7 @@ + avc->tsid = tsid; + avc->tclass = tclass; + avc->av = av; +- if (check_booleans(avc, &bools) == 0) { ++ if (check_booleans(&bools) == 0) { + if (av & ~avd.auditdeny) { + RETURN(DONTAUDIT) + } else { +@@ -390,15 +390,15 @@ + len++; b++; + } + b = bools; +- PyObject *boollist = PyTuple_New(len); ++ PyObject *outboollist = PyTuple_New(len); + len=0; + while(b->name) { + PyObject *bool = Py_BuildValue("(si)", b->name, b->active); +- PyTuple_SetItem(boollist, len++, bool); ++ PyTuple_SetItem(outboollist, len++, bool); + b++; + } + free(bools); +- PyTuple_SetItem(result, 1, boollist); ++ PyTuple_SetItem(result, 1, outboollist); + return result; + } + } diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.67/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2008-06-12 23:25:14.000000000 -0400 -+++ libselinux-2.0.67/src/matchpathcon.c 2008-06-29 08:27:30.000000000 -0400 ++++ libselinux-2.0.67/src/matchpathcon.c 2008-07-09 16:52:33.000000000 -0400 @@ -2,6 +2,7 @@ #include #include @@ -78,3 +216,154 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux va_end(ap); } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_ruby.i libselinux-2.0.67/src/selinuxswig_ruby.i +--- nsalibselinux/src/selinuxswig_ruby.i 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-2.0.67/src/selinuxswig_ruby.i 2008-07-09 16:52:33.000000000 -0400 +@@ -0,0 +1,147 @@ ++/* Author: James Athey ++ */ ++ ++%module selinux ++%{ ++ #include "selinux/selinux.h" ++%} ++ ++/* security_get_boolean_names() typemap */ ++/* ++%typemap(argout) (char ***names, int *len) { ++ PyObject* list = PyList_New(*$2); ++ int i; ++ for (i = 0; i < *$2; i++) { ++ PyList_SetItem(list, i, PyString_FromString((*$1)[i])); ++ } ++ $result = SWIG_Python_AppendOutput($result, list); ++} ++*/ ++/* return a sid along with the result */ ++%typemap(argout) (security_id_t * sid) { ++ if (*$1) { ++ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); ++ } ++/* else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++*/ ++} ++ ++%typemap(in,numinputs=0) security_id_t *(security_id_t temp) { ++ $1 = &temp; ++} ++ ++/* Makes security_compute_user() return a Python list of contexts */ ++/* ++%typemap(argout) (security_context_t **con) { ++ PyObject* plist; ++ int i, len = 0; ++ ++ if (*$1) { ++ while((*$1)[len]) ++ len++; ++ plist = PyList_New(len); ++ for (i = 0; i < len; i++) { ++ PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); ++ } ++ } else { ++ plist = PyList_New(0); ++ } ++ ++ $result = SWIG_Python_AppendOutput($result, plist); ++} ++*/ ++/* Makes functions in get_context_list.h return a Python list of contexts */ ++ ++#ifdef fixme ++%typemap(argout) (security_context_t **list) { ++ PyObject* plist; ++ int i; ++ ++ if (*$1) { ++ plist = PyList_New(result); ++ for (i = 0; i < result; i++) { ++ PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); ++ } ++ } else { ++ plist = PyList_New(0); ++ } ++ /* Only return the Python list, don't need to return the length anymore */ ++ $result = plist; ++} ++#endif ++ ++%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { ++ $1 = &temp; ++} ++%typemap(freearg,match="in") security_context_t * ""; ++%typemap(argout,noblock=1) security_context_t * { ++ if (*$1) { ++ %append_output(SWIG_FromCharPtr(*$1)); ++ freecon(*$1); ++ } ++/* ++ else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++*/ ++} ++ ++%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { ++ $1 = &temp; ++} ++%typemap(freearg,match="in") char ** ""; ++%typemap(argout,noblock=1) char ** { ++ if (*$1) { ++ %append_output(SWIG_FromCharPtr(*$1)); ++ free(*$1); ++ } ++/* ++ else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++*/ ++} ++/* ++%typemap(in) char * const [] { ++ int i, size; ++ PyObject * s; ++ ++ if (!PySequence_Check($input)) { ++ PyErr_SetString(PyExc_ValueError, "Expected a sequence"); ++ return NULL; ++ } ++ ++ size = PySequence_Size($input); ++ ++ $1 = (char**) malloc(size + 1); ++ for(i = 0; i < size; i++) { ++ if (!PyString_Check(PySequence_GetItem($input, i))) { ++ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings"); ++ return NULL; ++ } ++ } ++ ++ for(i = 0; i < size; i++) { ++ s = PySequence_GetItem($input, i); ++ $1[i] = (char*) malloc(PyString_Size(s) + 1); ++ strcpy($1[i], PyString_AsString(s)); ++ } ++ $1[size] = NULL; ++} ++*/ ++ ++%typemap(freearg,match="in") char * const [] { ++ int i = 0; ++ while($1[i]) { ++ free($1[i]); ++ i++; ++ } ++ free($1); ++} ++ ++%include "selinuxswig.i" diff --git a/libselinux.spec b/libselinux.spec index ccc875d..3b5257c 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,17 +1,18 @@ +%define ruby_sitearch %(ruby -rrbconfig -e "puts Config::CONFIG['sitearchdir']") %define libsepolver 2.0.32-1 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} Summary: SELinux library and simple utilities Name: libselinux Version: 2.0.67 -Release: 3%{?dist} +Release: 4%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Patch: libselinux-rhat.patch URL: http://www.nsa.gov/selinux -BuildRequires: python-devel libsepol-static >= %{libsepolver} swig +BuildRequires: python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig Requires: libsepol >= %{libsepolver} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -39,6 +40,15 @@ Requires: libselinux = %{version}-%{release} The libselinux-python package contains the python bindings for developing SELinux applications. +%package ruby +Summary: SELinux ruby bindings for libselinux +Group: Development/Libraries +Requires: libselinux = %{version}-%{release} + +%description ruby +The libselinux-ruby package contains the ruby bindings for developing +SELinux applications. + %package devel Summary: Header files and libraries used to build SELinux Group: Development/Libraries @@ -135,7 +145,14 @@ exit 0 %dir %{python_sitearch}/selinux %{python_sitearch}/selinux/* +%files ruby +%defattr(-,root,root,-) +%{ruby_sitearch}/selinux.so + %changelog +* Wed Jul 9 2008 Dan Walsh - 2.0.67-4 +- Add ruby support for puppet + * Tue Jul 8 2008 Dan Walsh - 2.0.67-3 - Rebuild for new libsepol