libsemanage-2.7-12

- build: Replace PYSITEDIR with PYTHONLIBDIR
- direct_api.c: Fix iterating over array (#1557468)
This commit is contained in:
Petr Lautrbach 2018-03-21 16:37:35 +01:00
parent 84ddaa3113
commit 2ce185aded
2 changed files with 343 additions and 33 deletions

View File

@ -56,7 +56,7 @@ index 852043d..8667c9b 100644
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR) + install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
diff --git libsemanage-2.7/src/Makefile libsemanage-2.7/src/Makefile diff --git libsemanage-2.7/src/Makefile libsemanage-2.7/src/Makefile
index fdb178f..e98d876 100644 index fdb178f..dea751e 100644
--- libsemanage-2.7/src/Makefile --- libsemanage-2.7/src/Makefile
+++ libsemanage-2.7/src/Makefile +++ libsemanage-2.7/src/Makefile
@@ -8,21 +8,18 @@ RUBYPREFIX ?= $(notdir $(RUBY)) @@ -8,21 +8,18 @@ RUBYPREFIX ?= $(notdir $(RUBY))
@ -71,7 +71,7 @@ index fdb178f..e98d876 100644
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])') -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])') +PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])') PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]') RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]') RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
@ -117,9 +117,9 @@ index fdb178f..e98d876 100644
- test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR) - test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR)
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT) - install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT)
- install -m 644 semanage.py $(PYSITEDIR) - install -m 644 semanage.py $(PYSITEDIR)
+ test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d $(DESTDIR)$(PYSITEDIR) + test -d $(DESTDIR)$(PYTHONLIBDIR) || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)
+ install -m 755 $(SWIGSO) $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT) + install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_semanage$(PYCEXT)
+ install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR) + install -m 644 semanage.py $(DESTDIR)$(PYTHONLIBDIR)
install-rubywrap: rubywrap install-rubywrap: rubywrap
@ -169,10 +169,26 @@ index 8ce2e2c..c8f4ff0 100644
} }
diff --git libsemanage-2.7/src/direct_api.c libsemanage-2.7/src/direct_api.c diff --git libsemanage-2.7/src/direct_api.c libsemanage-2.7/src/direct_api.c
index 65842df..92d7517 100644 index 65842df..e7ec952 100644
--- libsemanage-2.7/src/direct_api.c --- libsemanage-2.7/src/direct_api.c
+++ libsemanage-2.7/src/direct_api.c +++ libsemanage-2.7/src/direct_api.c
@@ -148,9 +148,6 @@ int semanage_direct_connect(semanage_handle_t * sh) @@ -60,6 +60,7 @@
#define PIPE_READ 0
#define PIPE_WRITE 1
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
static void semanage_direct_destroy(semanage_handle_t * sh);
static int semanage_direct_disconnect(semanage_handle_t * sh);
@@ -140,6 +141,7 @@ int semanage_direct_is_managed(semanage_handle_t * sh)
int semanage_direct_connect(semanage_handle_t * sh)
{
const char *path;
+ struct stat sb;
if (semanage_check_init(sh, sh->conf->store_root_path))
goto err;
@@ -148,9 +150,6 @@ int semanage_direct_connect(semanage_handle_t * sh)
if (semanage_create_store(sh, 1)) if (semanage_create_store(sh, 1))
goto err; goto err;
@ -182,7 +198,7 @@ index 65842df..92d7517 100644
sh->u.direct.translock_file_fd = -1; sh->u.direct.translock_file_fd = -1;
sh->u.direct.activelock_file_fd = -1; sh->u.direct.activelock_file_fd = -1;
@@ -210,6 +207,12 @@ int semanage_direct_connect(semanage_handle_t * sh) @@ -210,6 +209,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
semanage_fcontext_dbase_local(sh)) < 0) semanage_fcontext_dbase_local(sh)) < 0)
goto err; goto err;
@ -195,7 +211,26 @@ index 65842df..92d7517 100644
if (seuser_file_dbase_init(sh, if (seuser_file_dbase_init(sh,
semanage_path(SEMANAGE_ACTIVE, semanage_path(SEMANAGE_ACTIVE,
SEMANAGE_SEUSERS_LOCAL), SEMANAGE_SEUSERS_LOCAL),
@@ -317,25 +320,43 @@ static void semanage_direct_destroy(semanage_handle_t * sh @@ -299,10 +304,16 @@ int semanage_direct_connect(semanage_handle_t * sh)
/* set the disable dontaudit value */
path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_DISABLE_DONTAUDIT);
- if (access(path, F_OK) == 0)
+
+ if (stat(path, &sb) == 0)
sepol_set_disable_dontaudit(sh->sepolh, 1);
- else
+ else if (errno == ENOENT) {
+ /* The file does not exist */
sepol_set_disable_dontaudit(sh->sepolh, 0);
+ } else {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ goto err;
+ }
return STATUS_SUCCESS;
@@ -317,25 +328,43 @@ static void semanage_direct_destroy(semanage_handle_t * sh
/* do nothing */ /* do nothing */
} }
@ -248,7 +283,7 @@ index 65842df..92d7517 100644
semanage_release_trans_lock(sh); semanage_release_trans_lock(sh);
} }
@@ -349,6 +370,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh) @@ -349,6 +378,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
iface_file_dbase_release(semanage_iface_dbase_local(sh)); iface_file_dbase_release(semanage_iface_dbase_local(sh));
bool_file_dbase_release(semanage_bool_dbase_local(sh)); bool_file_dbase_release(semanage_bool_dbase_local(sh));
fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh)); fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh));
@ -256,7 +291,7 @@ index 65842df..92d7517 100644
seuser_file_dbase_release(semanage_seuser_dbase_local(sh)); seuser_file_dbase_release(semanage_seuser_dbase_local(sh));
node_file_dbase_release(semanage_node_dbase_local(sh)); node_file_dbase_release(semanage_node_dbase_local(sh));
@@ -368,15 +390,11 @@ static int semanage_direct_disconnect(semanage_handle_t * sh) @@ -368,15 +398,11 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
/* Release object databases: active kernel policy */ /* Release object databases: active kernel policy */
bool_activedb_dbase_release(semanage_bool_dbase_active(sh)); bool_activedb_dbase_release(semanage_bool_dbase_active(sh));
@ -273,7 +308,30 @@ index 65842df..92d7517 100644
if (semanage_get_trans_lock(sh) < 0) { if (semanage_get_trans_lock(sh) < 0) {
return -1; return -1;
} }
@@ -1153,6 +1171,14 @@ cleanup: @@ -1121,6 +1147,7 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh,
int status = 0;
int i;
char cil_path[PATH_MAX];
+ struct stat sb;
assert(sh);
assert(modinfos);
@@ -1137,9 +1164,13 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh,
}
if (semanage_get_ignore_module_cache(sh) == 0 &&
- access(cil_path, F_OK) == 0) {
+ (status = stat(cil_path, &sb)) == 0) {
continue;
}
+ if (status != 0 && errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", cil_path, strerror(errno));
+ goto cleanup; //an error in the "stat" call
+ }
status = semanage_compile_module(sh, &modinfos[i]);
if (status < 0) {
@@ -1153,6 +1184,14 @@ cleanup:
return status; return status;
} }
@ -288,15 +346,158 @@ index 65842df..92d7517 100644
/********************* direct API functions ********************/ /********************* direct API functions ********************/
/* Commits all changes in sandbox to the actual kernel policy. /* Commits all changes in sandbox to the actual kernel policy.
@@ -1169,6 +1195,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) @@ -1169,6 +1208,8 @@ static int semanage_direct_commit(semanage_handle_t * sh)
sepol_policydb_t *out = NULL; sepol_policydb_t *out = NULL;
struct cil_db *cildb = NULL; struct cil_db *cildb = NULL;
semanage_module_info_t *modinfos = NULL; semanage_module_info_t *modinfos = NULL;
+ mode_t mask = umask(0077); + mode_t mask = umask(0077);
+ struct stat sb;
int do_rebuild, do_write_kernel, do_install; int do_rebuild, do_write_kernel, do_install;
int fcontexts_modified, ports_modified, seusers_modified, int fcontexts_modified, ports_modified, seusers_modified,
@@ -1544,44 +1571,44 @@ rebuild: @@ -1207,10 +1248,16 @@ static int semanage_direct_commit(semanage_handle_t * sh)
/* Create or remove the disable_dontaudit flag file. */
path = semanage_path(SEMANAGE_TMP, SEMANAGE_DISABLE_DONTAUDIT);
- if (access(path, F_OK) == 0)
+ if (stat(path, &sb) == 0)
do_rebuild |= !(sepol_get_disable_dontaudit(sh->sepolh) == 1);
- else
+ else if (errno == ENOENT) {
+ /* The file does not exist */
do_rebuild |= (sepol_get_disable_dontaudit(sh->sepolh) == 1);
+ } else {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ retval = -1;
+ goto cleanup;
+ }
if (sepol_get_disable_dontaudit(sh->sepolh) == 1) {
FILE *touch;
touch = fopen(path, "w");
@@ -1232,10 +1279,17 @@ static int semanage_direct_commit(semanage_handle_t * sh)
/* Create or remove the preserve_tunables flag file. */
path = semanage_path(SEMANAGE_TMP, SEMANAGE_PRESERVE_TUNABLES);
- if (access(path, F_OK) == 0)
+ if (stat(path, &sb) == 0)
do_rebuild |= !(sepol_get_preserve_tunables(sh->sepolh) == 1);
- else
+ else if (errno == ENOENT) {
+ /* The file does not exist */
do_rebuild |= (sepol_get_preserve_tunables(sh->sepolh) == 1);
+ } else {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ retval = -1;
+ goto cleanup;
+ }
+
if (sepol_get_preserve_tunables(sh->sepolh) == 1) {
FILE *touch;
touch = fopen(path, "w");
@@ -1272,40 +1326,25 @@ static int semanage_direct_commit(semanage_handle_t * sh)
* a rebuild.
*/
if (!do_rebuild) {
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
- }
-
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
- }
-
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
- }
-
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
- }
-
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
- }
+ int files[] = {SEMANAGE_STORE_KERNEL,
+ SEMANAGE_STORE_FC,
+ SEMANAGE_STORE_SEUSERS,
+ SEMANAGE_LINKED,
+ SEMANAGE_SEUSERS_LINKED,
+ SEMANAGE_USERS_EXTRA_LINKED};
+
+ for (i = 0; i < (int) ARRAY_SIZE(files); i++) {
+ path = semanage_path(SEMANAGE_TMP, files[i]);
+ if (stat(path, &sb) != 0) {
+ if (errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ retval = -1;
+ goto cleanup;
+ }
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
+ do_rebuild = 1;
+ goto rebuild;
+ }
}
}
@@ -1438,7 +1477,7 @@ rebuild:
goto cleanup;
path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED);
- if (access(path, F_OK) == 0) {
+ if (stat(path, &sb) == 0) {
retval = semanage_copy_file(path,
semanage_path(SEMANAGE_TMP,
SEMANAGE_STORE_SEUSERS),
@@ -1446,12 +1485,17 @@ rebuild:
if (retval < 0)
goto cleanup;
pseusers->dtable->drop_cache(pseusers->dbase);
- } else {
+ } else if (errno == ENOENT) {
+ /* The file does not exist */
pseusers->dtable->clear(sh, pseusers->dbase);
+ } else {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ retval = -1;
+ goto cleanup;
}
path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED);
- if (access(path, F_OK) == 0) {
+ if (stat(path, &sb) == 0) {
retval = semanage_copy_file(path,
semanage_path(SEMANAGE_TMP,
SEMANAGE_USERS_EXTRA),
@@ -1459,8 +1503,13 @@ rebuild:
if (retval < 0)
goto cleanup;
pusers_extra->dtable->drop_cache(pusers_extra->dbase);
- } else {
+ } else if (errno == ENOENT) {
+ /* The file does not exist */
pusers_extra->dtable->clear(sh, pusers_extra->dbase);
+ } else {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ retval = -1;
+ goto cleanup;
}
}
@@ -1544,44 +1593,44 @@ rebuild:
goto cleanup; goto cleanup;
} }
@ -370,7 +571,7 @@ index 65842df..92d7517 100644
} }
} else { } else {
WARN(sh, "WARNING: genhomedircon is disabled. \ WARN(sh, "WARNING: genhomedircon is disabled. \
@@ -1618,17 +1645,21 @@ cleanup: @@ -1618,17 +1667,21 @@ cleanup:
free(mod_filenames); free(mod_filenames);
sepol_policydb_free(out); sepol_policydb_free(out);
cil_db_destroy(&cildb); cil_db_destroy(&cildb);
@ -400,7 +601,54 @@ index 65842df..92d7517 100644
return retval; return retval;
} }
@@ -2000,6 +2031,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, @@ -1786,6 +1839,7 @@ static int semanage_direct_extract(semanage_handle_t * sh,
ssize_t _data_len;
char *_data;
int compressed;
+ struct stat sb;
/* get path of module */
rc = semanage_module_get_path(
@@ -1798,8 +1852,8 @@ static int semanage_direct_extract(semanage_handle_t * sh,
goto cleanup;
}
- if (access(module_path, F_OK) != 0) {
- ERR(sh, "Module does not exist: %s", module_path);
+ if (stat(module_path, &sb) != 0) {
+ ERR(sh, "Unable to access %s: %s\n", module_path, strerror(errno));
rc = -1;
goto cleanup;
}
@@ -1828,7 +1882,13 @@ static int semanage_direct_extract(semanage_handle_t * sh,
goto cleanup;
}
- if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && access(input_file, F_OK) != 0) {
+ if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && stat(input_file, &sb) != 0) {
+ if (errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", input_file, strerror(errno));
+ rc = -1;
+ goto cleanup;
+ }
+
rc = semanage_compile_module(sh, _modinfo);
if (rc < 0) {
goto cleanup;
@@ -1973,6 +2033,12 @@ static int semanage_direct_get_enabled(semanage_handle_t *sh,
}
if (stat(path, &sb) < 0) {
+ if (errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ status = -1;
+ goto cleanup;
+ }
+
*enabled = 1;
}
else {
@@ -2000,6 +2066,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh,
const char *path = NULL; const char *path = NULL;
FILE *fp = NULL; FILE *fp = NULL;
semanage_module_info_t *modinfo = NULL; semanage_module_info_t *modinfo = NULL;
@ -408,7 +656,7 @@ index 65842df..92d7517 100644
/* check transaction */ /* check transaction */
if (!sh->is_in_transaction) { if (!sh->is_in_transaction) {
@@ -2060,7 +2092,9 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, @@ -2060,7 +2127,9 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh,
switch (enabled) { switch (enabled) {
case 0: /* disable the module */ case 0: /* disable the module */
@ -418,15 +666,31 @@ index 65842df..92d7517 100644
if (fp == NULL) { if (fp == NULL) {
ERR(sh, ERR(sh,
@@ -2706,6 +2740,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, @@ -2296,6 +2365,12 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
/* set enabled/disabled status */
if (stat(fn, &sb) < 0) {
+ if (errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", fn, strerror(errno));
+ status = -1;
+ goto cleanup;
+ }
+
ret = semanage_module_info_set_enabled(sh, *modinfo, 1);
if (ret != 0) {
status = -1;
@@ -2704,8 +2779,10 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
int status = 0;
int ret = 0;
int type; int type;
+ struct stat sb;
char path[PATH_MAX]; char path[PATH_MAX];
+ mode_t mask = umask(0077); + mode_t mask = umask(0077);
semanage_module_info_t *higher_info = NULL; semanage_module_info_t *higher_info = NULL;
semanage_module_key_t higher_key; semanage_module_key_t higher_key;
@@ -2754,7 +2789,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, @@ -2754,7 +2831,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
if (higher_info->enabled == 0 && modinfo->enabled == -1) { if (higher_info->enabled == 0 && modinfo->enabled == -1) {
errno = 0; errno = 0;
WARN(sh, WARN(sh,
@ -435,7 +699,16 @@ index 65842df..92d7517 100644
modinfo->name); modinfo->name);
} }
} }
@@ -2817,6 +2852,7 @@ cleanup: @@ -2803,7 +2880,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
goto cleanup;
}
- if (access(path, F_OK) == 0) {
+ if (stat(path, &sb) == 0) {
ret = unlink(path);
if (ret != 0) {
ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno));
@@ -2817,6 +2894,7 @@ cleanup:
semanage_module_key_destroy(sh, &higher_key); semanage_module_key_destroy(sh, &higher_key);
semanage_module_info_destroy(sh, higher_info); semanage_module_info_destroy(sh, higher_info);
free(higher_info); free(higher_info);
@ -568,7 +841,7 @@ index d3eaa06..43681dd 100644
Name: libsemanage Name: libsemanage
diff --git libsemanage-2.7/src/semanage_store.c libsemanage-2.7/src/semanage_store.c diff --git libsemanage-2.7/src/semanage_store.c libsemanage-2.7/src/semanage_store.c
index 6158d08..4bd1d65 100644 index 6158d08..14ad99c 100644
--- libsemanage-2.7/src/semanage_store.c --- libsemanage-2.7/src/semanage_store.c
+++ libsemanage-2.7/src/semanage_store.c +++ libsemanage-2.7/src/semanage_store.c
@@ -116,6 +116,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = { @@ -116,6 +116,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
@ -579,7 +852,24 @@ index 6158d08..4bd1d65 100644
"/file_contexts", "/file_contexts",
"/seusers" "/seusers"
}; };
@@ -537,7 +538,6 @@ char *semanage_conf_path(void) @@ -513,6 +514,7 @@ char *semanage_conf_path(void)
{
char *semanage_conf = NULL;
int len;
+ struct stat sb;
len = strlen(semanage_root()) + strlen(selinux_path()) + strlen(SEMANAGE_CONF_FILE);
semanage_conf = calloc(len + 1, sizeof(char));
@@ -521,7 +523,7 @@ char *semanage_conf_path(void)
snprintf(semanage_conf, len + 1, "%s%s%s", semanage_root(), selinux_path(),
SEMANAGE_CONF_FILE);
- if (access(semanage_conf, R_OK) != 0) {
+ if (stat(semanage_conf, &sb) != 0 && errno == ENOENT) {
snprintf(semanage_conf, len + 1, "%s%s", selinux_path(), SEMANAGE_CONF_FILE);
}
@@ -537,7 +539,6 @@ char *semanage_conf_path(void)
int semanage_create_store(semanage_handle_t * sh, int create) int semanage_create_store(semanage_handle_t * sh, int create)
{ {
struct stat sb; struct stat sb;
@ -587,7 +877,7 @@ index 6158d08..4bd1d65 100644
const char *path = semanage_files[SEMANAGE_ROOT]; const char *path = semanage_files[SEMANAGE_ROOT];
int fd; int fd;
@@ -556,9 +556,9 @@ int semanage_create_store(semanage_handle_t * sh, int create) @@ -556,9 +557,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1; return -1;
} }
} else { } else {
@ -599,7 +889,7 @@ index 6158d08..4bd1d65 100644
path); path);
return -1; return -1;
} }
@@ -579,9 +579,9 @@ int semanage_create_store(semanage_handle_t * sh, int create) @@ -579,9 +580,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1; return -1;
} }
} else { } else {
@ -611,7 +901,7 @@ index 6158d08..4bd1d65 100644
path); path);
return -1; return -1;
} }
@@ -602,9 +602,9 @@ int semanage_create_store(semanage_handle_t * sh, int create) @@ -602,9 +603,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1; return -1;
} }
} else { } else {
@ -623,7 +913,7 @@ index 6158d08..4bd1d65 100644
path); path);
return -1; return -1;
} }
@@ -623,8 +623,8 @@ int semanage_create_store(semanage_handle_t * sh, int create) @@ -623,8 +624,8 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1; return -1;
} }
} else { } else {
@ -634,7 +924,23 @@ index 6158d08..4bd1d65 100644
return -1; return -1;
} }
} }
@@ -1739,9 +1739,9 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) @@ -1508,8 +1509,14 @@ int semanage_split_fc(semanage_handle_t * sh)
static int sefcontext_compile(semanage_handle_t * sh, const char *path) {
int r;
+ struct stat sb;
+
+ if (stat(path, &sb) < 0) {
+ if (errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ return -1;
+ }
- if (access(path, F_OK) != 0) {
return 0;
}
@@ -1739,9 +1746,9 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
if (!sh->conf->save_previous) { if (!sh->conf->save_previous) {
int errsv = errno; int errsv = errno;
@ -646,7 +952,7 @@ index 6158d08..4bd1d65 100644
goto cleanup; goto cleanup;
} }
errno = errsv; errno = errsv;
@@ -2098,6 +2098,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, @@ -2098,6 +2105,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out,
const char *kernel_filename = NULL; const char *kernel_filename = NULL;
struct sepol_policy_file *pf = NULL; struct sepol_policy_file *pf = NULL;
FILE *outfile = NULL; FILE *outfile = NULL;
@ -654,7 +960,7 @@ index 6158d08..4bd1d65 100644
if ((kernel_filename = if ((kernel_filename =
semanage_path(SEMANAGE_TMP, file)) == NULL) { semanage_path(SEMANAGE_TMP, file)) == NULL) {
@@ -2126,6 +2127,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, @@ -2126,6 +2134,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out,
if (outfile != NULL) { if (outfile != NULL) {
fclose(outfile); fclose(outfile);
} }

View File

@ -1,16 +1,16 @@
%define libsepolver 2.7-5 %define libsepolver 2.7-6
%define libselinuxver 2.7-12 %define libselinuxver 2.7-13
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsemanage Name: libsemanage
Version: 2.7 Version: 2.7
Release: 11%{?dist} Release: 12%{?dist}
License: LGPLv2+ License: LGPLv2+
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsemanage-2.7.tar.gz Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsemanage-2.7.tar.gz
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run: # run:
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh libsemanage # $ VERSION=2.7 ./make-fedora-selinux-patch.sh libsemanage
# HEAD https://github.com/fedora-selinux/selinux/commit/7888343a2885bbf9739503055dfa6fa69f8b7213 # HEAD https://github.com/fedora-selinux/selinux/commit/0a28664012ec7383cf5cbdef4ad2dbedf1f70707
Patch1: libsemanage-fedora.patch Patch1: libsemanage-fedora.patch
URL: https://github.com/SELinuxProject/selinux/wiki URL: https://github.com/SELinuxProject/selinux/wiki
Source1: semanage.conf Source1: semanage.conf
@ -179,6 +179,10 @@ sed -i '1s%\(#! */usr/bin/python\)\([^3].*\|\)$%\13\2%' %{buildroot}%{_libexecdi
%{_libexecdir}/selinux/semanage_migrate_store %{_libexecdir}/selinux/semanage_migrate_store
%changelog %changelog
* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-12
- build: Replace PYSITEDIR with PYTHONLIBDIR
- direct_api.c: Fix iterating over array (#1557468)
* Fri Mar 16 2018 Petr Lautrbach <plautrba@workstation> - 2.7-11 * Fri Mar 16 2018 Petr Lautrbach <plautrba@workstation> - 2.7-11
- Revert "remove access() check to make setuid programs work" (#1557468) - Revert "remove access() check to make setuid programs work" (#1557468)