- Fix segfault in selinux_restorecon_sb() (#1433577)
- Change matchpathcon usage to match with matchpathcon manpage
- Fix a corner case getsebool return value
libselinux: Rewrite restorecon() python method
When the restorecon method was added to the libselinux swig python
bindings, there was no libselinux restorecon implementation and it
he had to call matchpathcon() which is deprecated in favor of
selabel_lookup().
The new restorecon method uses selinux_restorecon method from libselinux
and which is exported by the previous commit.
https://github.com/SELinuxProject/selinux/issues/29https://github.com/fedora-selinux/selinux/pull/35
Fixes:
>>> selinux.restorecon('/var/lib', recursive=True)
Traceback (most recent call last):
File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 114, in restorecon
status, context = matchpathcon(path, mode)
FileNotFoundError: [Errno 2] No such file or directory
- Fix -Wsign-compare warnings
- Drop unused stdio_ext.h header file
- Kill logging check for selinux_enabled()
- Drop usage of _D_ALLOC_NAMLEN
- Add openrc_contexts functions
- Fix redefinition of XATTR_NAME_SELINUX
- Correct error path to always try text
- Clean up process_file()
- Handle NULL pcre study data
- Fix in tree compilation of utils that depend on libsepol
- Clarify is_selinux_mls_enabled() description
- Explain how to free policy type from selinux_getpolicytype()
- Compare absolute pathname in matchpathcon -V
- Add selinux_snapperd_contexts_path()
There was a change in swig-3.10 to use importlib instead of imp. While
the implementation with imp looked for _selinux.so also in the directory
where __init__.py was, importlib search only standard paths. It means that we
need to move _selinux.so from $(PYLIBDIR)/site-packages/selinux/
to $(PYLIBDIR)/site-packages/
Fixes:
>>> import selinux
Traceback (most recent call last):
File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 18, in swig_import_helper
return importlib.import_module(mname)
File "/usr/lib64/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named '_selinux'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 21, in <module>
_selinux = swig_import_helper()
File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 20, in swig_import_helper
return importlib.import_module('_selinux')
File "/usr/lib64/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
ImportError: No module named '_selinux'
* Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-7
- Modify audit2why analyze function to use loaded policy
- Sort object files for deterministic linking order
- Respect CC and PKG_CONFIG environment variable
- Avoid mounting /proc outside of selinux_init_load_policy()
- Fix location of selinuxfs mount point
- Only mount /proc if necessary
- procattr: return einval for <= 0 pid args
- procattr: return error on invalid pid_t input
Conflict with selinux-policy causes deadlocks in buildroots when
there's no selinux-policy available. selinux-policy-base is provided by
targeted, mls and minimum subpackages which are not installed to
buildroots.
conflicts
- selinux.py - use os.walk() instead of os.path.walk() (#1195004)
- is_selinux_enabled(): drop no-policy-loaded test (#1195074)
- fix -Wformat errors and remove deprecated mudflap option