libsemanage-2.7-4.fc28

- Add support for listing fcontext.homedirs file (#1409813)

libsemanage-fedora.patch

@@ -1,5 +1,18 @@
+diff --git libsemanage-2.7/include/semanage/fcontexts_policy.h libsemanage-2.7/include/semanage/fcontexts_policy.h
+index a50db2b..199a1e1 100644
+--- libsemanage-2.7/include/semanage/fcontexts_policy.h
++++ libsemanage-2.7/include/semanage/fcontexts_policy.h
+@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
+ 				  semanage_fcontext_t *** records,
+ 				  unsigned int *count);
+ 
++extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
++				  semanage_fcontext_t *** records,
++				  unsigned int *count);
++
+ #endif
 diff --git libsemanage-2.7/src/direct_api.c libsemanage-2.7/src/direct_api.c
-index 65842df..ed11a7c 100644
+index 65842df..31fcada 100644
 --- libsemanage-2.7/src/direct_api.c
 +++ libsemanage-2.7/src/direct_api.c
 @@ -148,9 +148,6 @@ int semanage_direct_connect(semanage_handle_t * sh)
@@ -12,7 +25,28 @@ index 65842df..ed11a7c 100644
  	sh->u.direct.translock_file_fd = -1;
  	sh->u.direct.activelock_file_fd = -1;
  
-@@ -373,10 +370,6 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
+@@ -210,6 +207,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
+ 				     semanage_fcontext_dbase_local(sh)) < 0)
+ 		goto err;
+ 
++	if (fcontext_file_dbase_init(sh,
++				     semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS),
++				     semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
++				     semanage_fcontext_dbase_homedirs(sh)) < 0)
++		goto err;
++
+ 	if (seuser_file_dbase_init(sh,
+ 				   semanage_path(SEMANAGE_ACTIVE,
+ 						 SEMANAGE_SEUSERS_LOCAL),
+@@ -349,6 +352,7 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
+ 	iface_file_dbase_release(semanage_iface_dbase_local(sh));
+ 	bool_file_dbase_release(semanage_bool_dbase_local(sh));
+ 	fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh));
++	fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs(sh));
+ 	seuser_file_dbase_release(semanage_seuser_dbase_local(sh));
+ 	node_file_dbase_release(semanage_node_dbase_local(sh));
+ 
+@@ -373,10 +377,6 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
  
  static int semanage_direct_begintrans(semanage_handle_t * sh)
  {
@@ -23,7 +57,7 @@ index 65842df..ed11a7c 100644
  	if (semanage_get_trans_lock(sh) < 0) {
  		return -1;
  	}
-@@ -1545,33 +1538,27 @@ rebuild:
+@@ -1545,43 +1545,46 @@ rebuild:
  	}
  
  	path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
@@ -72,11 +106,120 @@ index 65842df..ed11a7c 100644
  	}
  
  	/* run genhomedircon if its enabled, this should be the last operation
+ 	 * which requires the out policydb */
+ 	if (!sh->conf->disable_genhomedircon) {
+-		if (out && (retval =
+-			semanage_genhomedircon(sh, out, sh->conf->usepasswd, sh->conf->ignoredirs)) != 0) {
+-			ERR(sh, "semanage_genhomedircon returned error code %d.",
+-			    retval);
+-			goto cleanup;
++		if (out){
++			if ((retval = semanage_genhomedircon(sh, out, sh->conf->usepasswd,
++								sh->conf->ignoredirs)) != 0) {
++				ERR(sh, "semanage_genhomedircon returned error code %d.", retval);
++				goto cleanup;
++			}
++			/* file_contexts.homedirs was created in SEMANAGE_TMP store */
++			retval = semanage_copy_file(
++						semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
++						semanage_final_path(SEMANAGE_FINAL_TMP,	SEMANAGE_FC_HOMEDIRS),
++						sh->conf->file_mode);
++			if (retval < 0) {
++				goto cleanup;
++			}
+ 		}
+ 	} else {
+ 		WARN(sh, "WARNING: genhomedircon is disabled. \
+diff --git libsemanage-2.7/src/fcontexts_policy.c libsemanage-2.7/src/fcontexts_policy.c
+index 0b063b1..98490ab 100644
+--- libsemanage-2.7/src/fcontexts_policy.c
++++ libsemanage-2.7/src/fcontexts_policy.c
+@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
+ 	dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
+ 	return dbase_list(handle, dconfig, records, count);
+ }
++
++int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
++			   semanage_fcontext_t *** records, unsigned int *count)
++{
++
++	dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
++	return dbase_list(handle, dconfig, records, count);
++}
+diff --git libsemanage-2.7/src/genhomedircon.c libsemanage-2.7/src/genhomedircon.c
+index b9a74b7..27a269e 100644
+--- libsemanage-2.7/src/genhomedircon.c
++++ libsemanage-2.7/src/genhomedircon.c
+@@ -1345,8 +1345,8 @@ int semanage_genhomedircon(semanage_handle_t * sh,
+ 
+ 	s.homedir_template_path =
+ 	    semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
+-	s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP,
+-					   SEMANAGE_FC_HOMEDIRS);
++	s.fcfilepath =
++		semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS);
+ 
+ 	s.fallback = calloc(1, sizeof(genhomedircon_user_entry_t));
+ 	if (s.fallback == NULL) {
+diff --git libsemanage-2.7/src/handle.h libsemanage-2.7/src/handle.h
+index 889871d..1780ac8 100644
+--- libsemanage-2.7/src/handle.h
++++ libsemanage-2.7/src/handle.h
+@@ -79,7 +79,7 @@ struct semanage_handle {
+ 	struct semanage_policy_table *funcs;
+ 
+ 	/* Object databases */
+-#define DBASE_COUNT      23
++#define DBASE_COUNT      24
+ 
+ /* Local modifications */
+ #define DBASE_LOCAL_USERS_BASE  0
+@@ -102,13 +102,14 @@ struct semanage_handle {
+ #define DBASE_POLICY_INTERFACES  15
+ #define DBASE_POLICY_BOOLEANS    16
+ #define DBASE_POLICY_FCONTEXTS   17
+-#define DBASE_POLICY_SEUSERS     18
+-#define DBASE_POLICY_NODES       19
+-#define DBASE_POLICY_IBPKEYS     20
+-#define DBASE_POLICY_IBENDPORTS  21
++#define DBASE_POLICY_FCONTEXTS_H 18
++#define DBASE_POLICY_SEUSERS     19
++#define DBASE_POLICY_NODES       20
++#define DBASE_POLICY_IBPKEYS     21
++#define DBASE_POLICY_IBENDPORTS  22
+ 
+ /* Active kernel policy */
+-#define DBASE_ACTIVE_BOOLEANS    22
++#define DBASE_ACTIVE_BOOLEANS    23
+ 	dbase_config_t dbase[DBASE_COUNT];
+ };
+ 
+@@ -235,6 +236,12 @@ static inline
+ 	return &handle->dbase[DBASE_POLICY_FCONTEXTS];
+ }
+ 
++static inline
++    dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
++{
++	return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
++}
++
+ static inline
+     dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
+ {
 diff --git libsemanage-2.7/src/semanage_store.c libsemanage-2.7/src/semanage_store.c
-index 6158d08..d2d7e3e 100644
+index 6158d08..320fa7b 100644
 --- libsemanage-2.7/src/semanage_store.c
 +++ libsemanage-2.7/src/semanage_store.c
-@@ -537,7 +537,6 @@ char *semanage_conf_path(void)
+@@ -116,6 +116,7 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
+ 	"/modules/disabled",
+ 	"/policy.kern",
+ 	"/file_contexts.local",
++	"/file_contexts.homedirs",
+ 	"/file_contexts",
+ 	"/seusers"
+ };
+@@ -537,7 +538,6 @@ char *semanage_conf_path(void)
  int semanage_create_store(semanage_handle_t * sh, int create)
  {
  	struct stat sb;
@@ -84,7 +227,7 @@ index 6158d08..d2d7e3e 100644
  	const char *path = semanage_files[SEMANAGE_ROOT];
  	int fd;
  
-@@ -556,9 +555,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
+@@ -556,9 +556,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
  			return -1;
  		}
  	} else {
@@ -96,7 +239,7 @@ index 6158d08..d2d7e3e 100644
  			    path);
  			return -1;
  		}
-@@ -579,9 +578,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
+@@ -579,9 +579,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
  			return -1;
  		}
  	} else {
@@ -108,7 +251,7 @@ index 6158d08..d2d7e3e 100644
  			    path);
  			return -1;
  		}
-@@ -602,9 +601,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
+@@ -602,9 +602,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
  			return -1;
  		}
  	} else {
@@ -120,7 +263,7 @@ index 6158d08..d2d7e3e 100644
  			    path);
  			return -1;
  		}
-@@ -623,8 +622,8 @@ int semanage_create_store(semanage_handle_t * sh, int create)
+@@ -623,8 +623,8 @@ int semanage_create_store(semanage_handle_t * sh, int create)
  			return -1;
  		}
  	} else {
@@ -131,3 +274,15 @@ index 6158d08..d2d7e3e 100644
  			return -1;
  		}
  	}
+diff --git libsemanage-2.7/src/semanage_store.h libsemanage-2.7/src/semanage_store.h
+index fcaa505..34bf852 100644
+--- libsemanage-2.7/src/semanage_store.h
++++ libsemanage-2.7/src/semanage_store.h
+@@ -61,6 +61,7 @@ enum semanage_sandbox_defs {
+ 	SEMANAGE_MODULES_DISABLED,
+ 	SEMANAGE_STORE_KERNEL,
+ 	SEMANAGE_STORE_FC_LOCAL,
++	SEMANAGE_STORE_FC_HOMEDIRS,
+ 	SEMANAGE_STORE_FC,
+ 	SEMANAGE_STORE_SEUSERS,
+ 	SEMANAGE_STORE_NUM_PATHS

libsemanage.spec

@@ -1,20 +1,20 @@
 %global with_python3 1
 %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print (get_python_lib(1))")}
 
-%define libsepolver 2.7-1
+%define libsepolver 2.7-2
-%define libselinuxver 2.7-1
+%define libselinuxver 2.7-5
 
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
 Version: 2.7
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/libsemanage-2.7.tar.gz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.7 ./make-fedora-selinux-patch.sh libsemanage
-# HEAD https://github.com/fedora-selinux/selinux/commit/70a12c5e7b56a81223d67ce2469292826b84efe9
+# HEAD https://github.com/fedora-selinux/selinux/commit/4247fad665261169b430895f0ab10f56eb33dd10
 Patch1: libsemanage-fedora.patch
 URL: https://github.com/SELinuxProject/selinux/wiki
 Source1: semanage.conf
@@ -206,6 +206,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif # if with_python3
 
 %changelog
+* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
+- Add support for listing fcontext.homedirs file (#1409813)
+
 * Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-3
 - Add Provides for the old names without %%_isa