rpms/libsemanage
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update from NSA

Browse Source 
Merged semod.conf template patch from Dan Walsh (Red Hat), but restored
    location to /usr/share/semod/semod.conf.
Fixed several bugs found by valgrind.
Fixed bug in prior patch for the semod_build_module_list leak.
Merged errno fix from Joshua Brindle (Tresys).
Merged fix for semod_build_modules_list leak on error path from Serge
    Hallyn (IBM). Bug found by Coverity.
This commit is contained in:
Daniel J Walsh 2005-09-06 20:16:22 +00:00
parent c05d7ada4a
commit 785fc2e237
2 changed files with 127 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
libsemanage-rhat.patch
View File

@ -1,43 +1,121 @@
--- libsemanage-1.1.4/src/semod.conf.rhat 2005-08-30 09:24:00.000000000 -0400 diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile libsemanage-1.1.6/src/Makefile
+++ libsemanage-1.1.4/src/semod.conf 2005-08-30 10:22:33.000000000 -0400 --- nsalibsemanage/src/Makefile 2005-09-01 12:19:45.000000000 -0400
@@ -16,10 +16,10 @@ +++ libsemanage-1.1.6/src/Makefile 2005-09-06 16:15:37.000000000 -0400
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-# Specify how libsemod will interact with the module store. The three
+# Specify how libsemanage will interact with the module store. The three
# options are:
#
-# "direct" - libsemod will write directly to the store.
+# "direct" - libsemanage will write directly to the store.
# /foo/bar - Write by way of a policy server, whose named socket
# is at /foo/bar. The path must begin with a '/'.
# foo.com:4242 - Establish a TCP connection to a remote policy server
@@ -44,7 +44,7 @@
#args = -b $@
#[end]
-# In addition to loading a policy libsemod will validate file contexts
+# In addition to loading a policy libsemanage will validate file contexts
# by calling the setfiles utility. As above, "$@" will be replaced
# with the policy filename. In addition "$<" will be replaced with
# the file contexts filename.
--- libsemanage-1.1.4/src/Makefile.rhat 2005-08-30 09:24:00.000000000 -0400
+++ libsemanage-1.1.4/src/Makefile 2005-08-30 10:23:09.000000000 -0400
@@ -4,7 +4,7 @@ @@ -4,7 +4,7 @@
SHLIBDIR ?= $(DESTDIR)/lib SHLIBDIR ?= $(DESTDIR)/lib
INCLUDEDIR ?= $(PREFIX)/include INCLUDEDIR ?= $(PREFIX)/include
-DEFAULT_SEMOD_CONF_LOCATION=$(PREFIX)/share/semod/semod.conf -DEFAULT_SEMOD_CONF_LOCATION=/usr/share/semod/semod.conf
+DEFAULT_SEMOD_CONF_LOCATION=/etc/selinux/semod.conf +DEFAULT_SEMOD_CONF_LOCATION=/usr/share/semanage/semanage.conf
LEX = flex LEX = flex
LFLAGS = -s LFLAGS = -s
@@ -40,7 +40,6 @@ @@ -40,7 +40,7 @@
install: all install: all
test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
install -m 644 $(LIBA) $(LIBDIR) install -m 644 $(LIBA) $(LIBDIR)
- install -m 644 -D semod.conf $(DEFAULT_SEMOD_CONF_LOCATION) - install -m 644 -D semod.conf $(DESTDIR)/$(DEFAULT_SEMOD_CONF_LOCATION)
+ install -m 644 -D semanage.conf $(DESTDIR)/$(DEFAULT_SEMOD_CONF_LOCATION)
clean: clean:
rm -f $(OBJS) $(LIBA) conf-scan.c conf-parse.c conf-parse.h rm -f $(OBJS) $(LIBA) conf-scan.c conf-parse.c conf-parse.h
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage.conf libsemanage-1.1.6/src/semanage.conf
--- nsalibsemanage/src/semanage.conf 1969-12-31 19:00:00.000000000 -0500
+++ libsemanage-1.1.6/src/semanage.conf 2005-09-06 16:15:20.000000000 -0400
@@ -0,0 +1,96 @@
+# Authors: Jason Tang <jtang@tresys.com>
+#
+# Copyright (C) 2004-2005 Tresys Technology, LLC
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+# Specify how libsemanage will interact with the module store. The three
+# options are:
+#
+# "direct" - libsemanage will write directly to the store.
+# /foo/bar - Write by way of a policy server, whose named socket
+# is at /foo/bar. The path must begin with a '/'.
+# foo.com:4242 - Establish a TCP connection to a remote policy server
+# at foo.com. If there is a colon then the remainder
+# is interpreted as a port number; otherwise default
+# to port 4242.
+module-store = direct
+
+# When generating the final linked and expanded policy, by default
+# semanageule will set the policy version to POLICYDB_VERSION_MAX, as
+# given in <sepol/policydb.h>. Change this setting if a different
+# version is necessary.
+#policy-version = 19
+
+# After a policy has been created this library will attempt to load it
+# by calling the load_policy utility. If there are special
+# requirements (e.g., read booleans from a certain file) then add them
+# here. Below are the default values. Within 'args', the special
+# sequence "$@" will be replaced with the policy filename.
+#[load_policy]
+#path = /usr/sbin/load_policy
+#args = -b $@
+#[end]
+
+# In addition to loading a policy libsemanage will validate file contexts
+# by calling the setfiles utility. As above, "$@" will be replaced
+# with the policy filename. In addition "$<" will be replaced with
+# the file contexts filename.
+#[setfiles]
+#path = /usr/sbin/setfiles
+#args = -q -c $@ $<
+#[end]
+
+# Each program specified within a [verify] block is run during
+# committing. There are three types of verifies allowed: module,
+# linked, and kernel. Multiple verifies may exist for a stage; place
+# each program within its own [verify] block. For each stage the
+# programs are executed in the order given below. If a program ever
+# returns a non-zero value then the entire commit is aborted.
+#
+# Module verifies are executed for each source module prior to
+# linking. After they have been linked each link verifier is run
+# against the linked base module. Finally, each kernel verifier is
+# run against the final expanded kernel policy. If these verifiers
+# all exit with a return value of 0 then that kernel policy will be
+# loaded.
+#
+# 'path' gives a path the verificaton program. 'args' is any
+# free-form string that supplies command line arguments to the
+# verifier. Within args single quotes, double quotes, and backslashes
+# are metacharacters handled similarly to bash. Within 'args', the
+# special sequence "$@" will be replaced with a filename to the entity
+# being checked: source module for module verifiers, linked module for
+# linked, kernel policy for kernel. The sequence "$<" will be
+# replaced with the previous filename, if applicable. If an older
+# version does not exist "$<" expands to an empty string.
+#[verify module]
+#path = /usr/bin/some_module_verifier
+#args = -Wall -ansi -pedantic $@ $<
+#[end]
+
+#[verify module]
+#path = /another/module/verify/program
+#args = -With -some_more arguments
+#[end]
+
+#[verify linked]
+#path = /usr/local/bin/some_link_verifier
+#[end]
+
+#[verify kernel]
+#path = /usr/sbin/kernel_verifier
+#args = "some argument" "some other parameter" -k $@
+#[end]

23
libsemanage.spec
View File

@ -1,10 +1,11 @@
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsemanage-devel Name: libsemanage
Version: 1.1.6 Version: 1.1.6
Release: 1 Release: 1
License: GPL License: GPL
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
Patch: libsemanage-rhat.patch
BuildRoot: %{_tmppath}/%{name}-buildroot BuildRoot: %{_tmppath}/%{name}-buildroot
%description %description
@ -23,12 +24,18 @@ It is used by checkpolicy (the policy compiler) and similar tools, as well
as by programs like load_policy that need to perform specific transformations as by programs like load_policy that need to perform specific transformations
on binary policies such as customizing policy boolean settings. on binary policies such as customizing policy boolean settings.
%description %package devel
Summary: Header files and libraries used to build policy manipulation tools
Group: Development/Libraries
Requires: libsemanage = %{version}
%description devel
The semanage-devel package contains the static libraries and header files The semanage-devel package contains the static libraries and header files
needed for developing applications that manipulate binary policies. needed for developing applications that manipulate binary policies.
%prep %prep
%setup -q -n libsemanage-%{version} %setup -q
%patch -p1 -b .rhat
%build %build
make CFLAGS="%{optflags}" make CFLAGS="%{optflags}"
@ -39,12 +46,20 @@ mkdir -p ${RPM_BUILD_ROOT}/%{_lib}
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}
mkdir -p ${RPM_BUILD_ROOT}%{_includedir} mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" install make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" install
rm -rf ${RPM_BUILD_ROOT}/usr/share/semod/semod.conf
%clean %clean
rm -rf ${RPM_BUILD_ROOT} rm -rf ${RPM_BUILD_ROOT}
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%config(noreplace) /usr/share/semanage/semanage.conf
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files devel
%defattr(-,root,root)
%{_libdir}/libsemanage.a %{_libdir}/libsemanage.a
%{_includedir}/semanage/*.h %{_includedir}/semanage/*.h