329 lines
10 KiB
Diff
329 lines
10 KiB
Diff
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.96/man/man8/selinuxconlist.8
|
|
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
|
|
+++ libselinux-2.0.96/man/man8/selinuxconlist.8 2010-06-16 09:20:34.000000000 -0400
|
|
@@ -0,0 +1,18 @@
|
|
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
+.SH "NAME"
|
|
+selinuxconlist \- list all SELinux context reachable for user
|
|
+.SH "SYNOPSIS"
|
|
+.B selinuxconlist [-l level] user [context]
|
|
+
|
|
+.SH "DESCRIPTION"
|
|
+.B selinuxconlist
|
|
+reports the list of context reachable for user from the current context or specified context
|
|
+
|
|
+.B \-l level
|
|
+mcs/mls level
|
|
+
|
|
+.SH AUTHOR
|
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
+
|
|
+.SH "SEE ALSO"
|
|
+secon(8), selinuxdefcon(8)
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.96/man/man8/selinuxdefcon.8
|
|
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
|
|
+++ libselinux-2.0.96/man/man8/selinuxdefcon.8 2010-06-16 09:20:34.000000000 -0400
|
|
@@ -0,0 +1,24 @@
|
|
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
+.SH "NAME"
|
|
+selinuxdefcon \- report default SELinux context for user
|
|
+
|
|
+.SH "SYNOPSIS"
|
|
+.B selinuxdefcon [-l level] user fromcon
|
|
+
|
|
+.SH "DESCRIPTION"
|
|
+.B selinuxdefcon
|
|
+reports the default context for the specified user from the specified context
|
|
+
|
|
+.B \-l level
|
|
+mcs/mls level
|
|
+
|
|
+.SH EXAMPLE
|
|
+# selinuxdefcon jsmith system_u:system_r:sshd_t:s0
|
|
+.br
|
|
+unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
|
|
+
|
|
+.SH AUTHOR
|
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
+
|
|
+.SH "SEE ALSO"
|
|
+secon(8), selinuxconlist(8)
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.96/src/audit2why.c
|
|
--- nsalibselinux/src/audit2why.c 2010-05-19 14:45:51.000000000 -0400
|
|
+++ libselinux-2.0.96/src/audit2why.c 2010-06-25 17:03:37.000000000 -0400
|
|
@@ -1,3 +1,6 @@
|
|
+/* Workaround for http://bugs.python.org/issue4835 */
|
|
+#define SIZEOF_SOCKET_T SIZEOF_INT
|
|
+
|
|
#include <Python.h>
|
|
#include <unistd.h>
|
|
#include <stdlib.h>
|
|
@@ -255,6 +258,8 @@
|
|
fclose(fp);
|
|
sepol_set_policydb(&avc->policydb->p);
|
|
avc->handle = sepol_handle_create();
|
|
+ /* Turn off messages */
|
|
+ sepol_msg_set_callback(avc->handle, NULL, NULL);
|
|
|
|
rc = sepol_bool_count(avc->handle,
|
|
avc->policydb, &cnt);
|
|
@@ -287,8 +292,10 @@
|
|
static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
|
|
int result;
|
|
char *init_path=NULL;
|
|
- if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
|
|
- result = __policy_init(init_path);
|
|
+ if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) {
|
|
+ return NULL;
|
|
+ }
|
|
+ result = __policy_init(init_path);
|
|
return Py_BuildValue("i", result);
|
|
}
|
|
|
|
@@ -353,7 +360,11 @@
|
|
strObj = PyList_GetItem(listObj, i); /* Can't fail */
|
|
|
|
/* make it a string */
|
|
+#if PY_MAJOR_VERSION >= 3
|
|
+ permstr = _PyUnicode_AsString( strObj );
|
|
+#else
|
|
permstr = PyString_AsString( strObj );
|
|
+#endif
|
|
|
|
perm = string_to_av_perm(tclass, permstr);
|
|
if (!perm) {
|
|
@@ -423,10 +434,39 @@
|
|
{NULL, NULL, 0, NULL} /* Sentinel */
|
|
};
|
|
|
|
+#if PY_MAJOR_VERSION >= 3
|
|
+/* Module-initialization logic specific to Python 3 */
|
|
+struct module_state {
|
|
+ /* empty for now */
|
|
+};
|
|
+static struct PyModuleDef moduledef = {
|
|
+ PyModuleDef_HEAD_INIT,
|
|
+ "audit2why",
|
|
+ NULL,
|
|
+ sizeof(struct module_state),
|
|
+ audit2whyMethods,
|
|
+ NULL,
|
|
+ NULL,
|
|
+ NULL,
|
|
+ NULL
|
|
+};
|
|
+
|
|
+PyMODINIT_FUNC
|
|
+PyInit_audit2why(void)
|
|
+#else
|
|
PyMODINIT_FUNC
|
|
initaudit2why(void)
|
|
+#endif
|
|
{
|
|
- PyObject *m = Py_InitModule("audit2why", audit2whyMethods);
|
|
+ PyObject *m;
|
|
+#if PY_MAJOR_VERSION >= 3
|
|
+ m = PyModule_Create(&moduledef);
|
|
+ if (m == NULL) {
|
|
+ return NULL;
|
|
+ }
|
|
+#else
|
|
+ m = Py_InitModule("audit2why", audit2whyMethods);
|
|
+#endif
|
|
PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN);
|
|
PyModule_AddIntConstant(m,"BADSCON", BADSCON);
|
|
PyModule_AddIntConstant(m,"BADTCON", BADTCON);
|
|
@@ -440,4 +480,8 @@
|
|
PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN);
|
|
PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT);
|
|
PyModule_AddIntConstant(m,"RBAC", RBAC);
|
|
+
|
|
+#if PY_MAJOR_VERSION >= 3
|
|
+ return m;
|
|
+#endif
|
|
}
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.96/src/callbacks.c
|
|
--- nsalibselinux/src/callbacks.c 2010-05-19 14:45:51.000000000 -0400
|
|
+++ libselinux-2.0.96/src/callbacks.c 2010-06-16 09:20:34.000000000 -0400
|
|
@@ -16,6 +16,7 @@
|
|
{
|
|
int rc;
|
|
va_list ap;
|
|
+ if (is_selinux_enabled() == 0) return 0;
|
|
va_start(ap, fmt);
|
|
rc = vfprintf(stderr, fmt, ap);
|
|
va_end(ap);
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/get_context_list.c libselinux-2.0.96/src/get_context_list.c
|
|
--- nsalibselinux/src/get_context_list.c 2010-05-19 14:45:51.000000000 -0400
|
|
+++ libselinux-2.0.96/src/get_context_list.c 2010-07-27 13:09:08.000000000 -0400
|
|
@@ -286,7 +286,6 @@
|
|
if (buf[plen - 1] == '\n')
|
|
buf[plen - 1] = 0;
|
|
|
|
- retry:
|
|
nlen = strlen(user) + 1 + plen + 1;
|
|
*newcon = malloc(nlen);
|
|
if (!(*newcon))
|
|
@@ -306,10 +305,6 @@
|
|
if (security_check_context(*newcon) && errno != ENOENT) {
|
|
free(*newcon);
|
|
*newcon = 0;
|
|
- if (strcmp(user, SELINUX_DEFAULTUSER)) {
|
|
- user = SELINUX_DEFAULTUSER;
|
|
- goto retry;
|
|
- }
|
|
return -1;
|
|
}
|
|
|
|
@@ -418,13 +413,8 @@
|
|
|
|
/* Determine the set of reachable contexts for the user. */
|
|
rc = security_compute_user(fromcon, user, &reachable);
|
|
- if (rc < 0) {
|
|
- /* Retry with the default SELinux user identity. */
|
|
- user = SELINUX_DEFAULTUSER;
|
|
- rc = security_compute_user(fromcon, user, &reachable);
|
|
- if (rc < 0)
|
|
- goto failsafe;
|
|
- }
|
|
+ if (rc < 0)
|
|
+ goto failsafe;
|
|
nreach = 0;
|
|
for (ptr = reachable; *ptr; ptr++)
|
|
nreach++;
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.96/src/Makefile
|
|
--- nsalibselinux/src/Makefile 2010-05-19 14:45:51.000000000 -0400
|
|
+++ libselinux-2.0.96/src/Makefile 2010-06-16 09:20:39.000000000 -0400
|
|
@@ -1,9 +1,10 @@
|
|
# Installation directories.
|
|
+PYTHON ?= python
|
|
PREFIX ?= $(DESTDIR)/usr
|
|
LIBDIR ?= $(PREFIX)/lib
|
|
SHLIBDIR ?= $(DESTDIR)/lib
|
|
INCLUDEDIR ?= $(PREFIX)/include
|
|
-PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
|
|
+PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
|
|
PYINC ?= /usr/include/$(PYLIBVER)
|
|
PYLIB ?= /usr/lib/$(PYLIBVER)
|
|
PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
|
|
@@ -23,13 +24,13 @@
|
|
SWIGRUBYIF= selinuxswig_ruby.i
|
|
SWIGCOUT= selinuxswig_wrap.c
|
|
SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
|
|
-SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
|
|
+SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
|
|
SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT))
|
|
-SWIGSO=_selinux.so
|
|
+SWIGSO=$(PYPREFIX)_selinux.so
|
|
SWIGFILES=$(SWIGSO) selinux.py selinuxswig_python_exception.i
|
|
SWIGRUBYSO=_rubyselinux.so
|
|
LIBSO=$(TARGET).$(LIBVERSION)
|
|
-AUDIT2WHYSO=audit2why.so
|
|
+AUDIT2WHYSO=$(PYPREFIX)audit2why.so
|
|
|
|
ifeq ($(DISABLE_AVC),y)
|
|
UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c
|
|
@@ -91,10 +92,10 @@
|
|
selinuxswig_python_exception.i: ../include/selinux/selinux.h
|
|
bash exception.sh > $@
|
|
|
|
-audit2why.lo: audit2why.c
|
|
+$(PYPREFIX)audit2why.lo: audit2why.c
|
|
$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
|
|
|
|
-$(AUDIT2WHYSO): audit2why.lo
|
|
+$(AUDIT2WHYSO): $(PYPREFIX)audit2why.lo
|
|
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
|
|
|
|
%.o: %.c policy.h
|
|
@@ -123,8 +124,8 @@
|
|
|
|
install-pywrap: pywrap
|
|
test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux
|
|
- install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux
|
|
- install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
|
|
+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux/_selinux.so
|
|
+ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux/audit2why.so
|
|
install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
|
|
|
|
install-rubywrap: rubywrap
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.96/src/matchpathcon.c
|
|
--- nsalibselinux/src/matchpathcon.c 2010-05-19 14:45:51.000000000 -0400
|
|
+++ libselinux-2.0.96/src/matchpathcon.c 2010-07-26 14:55:18.000000000 -0400
|
|
@@ -2,6 +2,7 @@
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
+#include <syslog.h>
|
|
#include "selinux_internal.h"
|
|
#include "label_internal.h"
|
|
#include "callbacks.h"
|
|
@@ -57,7 +58,7 @@
|
|
{
|
|
va_list ap;
|
|
va_start(ap, fmt);
|
|
- vfprintf(stderr, fmt, ap);
|
|
+ vsyslog(LOG_ERR, fmt, ap);
|
|
va_end(ap);
|
|
}
|
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.96/src/selinuxswig_python.i
|
|
--- nsalibselinux/src/selinuxswig_python.i 2010-06-16 08:03:38.000000000 -0400
|
|
+++ libselinux-2.0.96/src/selinuxswig_python.i 2010-06-16 09:20:34.000000000 -0400
|
|
@@ -45,7 +45,7 @@
|
|
PyObject* list = PyList_New(*$2);
|
|
int i;
|
|
for (i = 0; i < *$2; i++) {
|
|
- PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
|
|
+ PyList_SetItem(list, i, PyBytes_FromString((*$1)[i]));
|
|
}
|
|
$result = SWIG_Python_AppendOutput($result, list);
|
|
}
|
|
@@ -74,7 +74,9 @@
|
|
len++;
|
|
plist = PyList_New(len);
|
|
for (i = 0; i < len; i++) {
|
|
- PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
|
|
+ PyList_SetItem(plist, i,
|
|
+ PyBytes_FromString((*$1)[i])
|
|
+ );
|
|
}
|
|
} else {
|
|
plist = PyList_New(0);
|
|
@@ -91,7 +93,9 @@
|
|
if (*$1) {
|
|
plist = PyList_New(result);
|
|
for (i = 0; i < result; i++) {
|
|
- PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
|
|
+ PyList_SetItem(plist, i,
|
|
+ PyBytes_FromString((*$1)[i])
|
|
+ );
|
|
}
|
|
} else {
|
|
plist = PyList_New(0);
|
|
@@ -144,16 +148,20 @@
|
|
$1 = (char**) malloc(size + 1);
|
|
|
|
for(i = 0; i < size; i++) {
|
|
- if (!PyString_Check(PySequence_GetItem($input, i))) {
|
|
- PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
|
|
+ if (!PyBytes_Check(PySequence_GetItem($input, i))) {
|
|
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only bytes");
|
|
+
|
|
return NULL;
|
|
}
|
|
+
|
|
}
|
|
|
|
for(i = 0; i < size; i++) {
|
|
s = PySequence_GetItem($input, i);
|
|
- $1[i] = (char*) malloc(PyString_Size(s) + 1);
|
|
- strcpy($1[i], PyString_AsString(s));
|
|
+
|
|
+ $1[i] = (char*) malloc(PyBytes_Size(s) + 1);
|
|
+ strcpy($1[i], PyBytes_AsString(s));
|
|
+
|
|
}
|
|
$1[size] = NULL;
|
|
}
|