- Upgrade to latest from NSA

Pass CFLAGS to CC even on link command, per Dennis Gilmore. Clear errno on non-fatal errors to avoid reporting them upon a later error that does not set errno. Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.
2007-09-27 00:20:09 +00:00 · 2007-09-27 00:20:09 +00:00 · 8bb5a230f2
commit 8bb5a230f2
parent 09711868c7
4 changed files with 181 additions and 45 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -85,3 +85,4 @@ libsemanage-2.0.3.tgz
 libsemanage-2.0.4.tgz
 libsemanage-2.0.5.tgz
 libsemanage-2.0.6.tgz
 libsemanage-2.0.9.tgz
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/handle.h libsemanage-2.0.6/include/semanage/handle.h
+diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/handle.h libsemanage-2.0.9/include/semanage/handle.h
 --- nsalibsemanage/include/semanage/handle.h	2007-08-20 19:15:36.000000000 -0400
-+++ libsemanage-2.0.6/include/semanage/handle.h	2007-09-26 16:22:02.000000000 -0400
+++ libsemanage-2.0.9/include/semanage/handle.h	2007-09-26 19:49:09.000000000 -0400
@@ -69,6 +69,10 @@
  * 1 for yes, 0 for no (default) */
 void semanage_set_create_store(semanage_handle_t * handle, int create_store);
@ -12,9 +12,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/handle.h li
 /* Set whether or not to disable dontaudits upon commit */
 void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
-diff --exclude-from=exclude -N -u -r nsalibsemanage/Makefile libsemanage-2.0.6/Makefile
+diff --exclude-from=exclude -N -u -r nsalibsemanage/Makefile libsemanage-2.0.9/Makefile
 --- nsalibsemanage/Makefile	2007-07-16 14:20:39.000000000 -0400
-+++ libsemanage-2.0.6/Makefile	2007-09-26 16:22:02.000000000 -0400
+++ libsemanage-2.0.9/Makefile	2007-09-26 19:49:09.000000000 -0400
@@ -1,6 +1,9 @@
 all: 
 	$(MAKE) -C src all
@ -25,10 +25,10 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/Makefile libsemanage-2.0.6/M
 pywrap: 
 	$(MAKE) -C src pywrap
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.6/src/direct_api.c
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.9/src/direct_api.c
--- nsalibsemanage/src/direct_api.c	2007-07-16 14:20:38.000000000 -0400
+--- nsalibsemanage/src/direct_api.c	2007-09-26 19:37:44.000000000 -0400
-+++ libsemanage-2.0.6/src/direct_api.c	2007-09-26 16:22:31.000000000 -0400
+++ libsemanage-2.0.9/src/direct_api.c	2007-09-26 19:49:09.000000000 -0400
-@@ -700,7 +700,7 @@
+@@ -702,7 +702,7 @@
 		goto cleanup;
 	if (sh->do_rebuild || modified) {
@ -37,9 +37,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage
 	}
       cleanup:
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.6/src/genhomedircon.c
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.9/src/genhomedircon.c
 --- nsalibsemanage/src/genhomedircon.c	2007-09-13 08:21:11.000000000 -0400
-+++ libsemanage-2.0.6/src/genhomedircon.c	2007-09-26 16:39:40.000000000 -0400
+++ libsemanage-2.0.9/src/genhomedircon.c	2007-09-26 19:49:09.000000000 -0400
@@ -1,5 +1,6 @@
 -/* Author: Mark Goldman   <mgoldman@tresys.com>
 - * 			Paul Rosenfeld	<prosenfeld@tresys.com>
@ -181,7 +181,93 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
 		ustr_sc_free(&line);
 	}
 	return STATUS_SUCCESS;
-@@ -602,7 +658,7 @@
+@@ -496,6 +552,32 @@
 	free(temp);
 }
 +static char *global_fallback_user=NULL;
 +static char *global_fallback_user_prefix=NULL;
 +
 +static int set_fallback_user(const char *user, const char *prefix) {
 +	free(global_fallback_user);
 +	free(global_fallback_user_prefix);
 +	global_fallback_user = strdup(user);
 +	global_fallback_user_prefix = strdup(prefix);
 +	if (!global_fallback_user || !global_fallback_user_prefix)
 +		return -1;
 +	return 0;
 +}
 +
 +static char *get_fallback_user(void) {
 +	return global_fallback_user;
 +}
 +
 +static char *get_fallback_user_prefix(void) {
 +	return global_fallback_user_prefix;
 +}
 +
 +static void free_fallback_user(void) {
 +	free(global_fallback_user);
 +	free(global_fallback_user_prefix);
 +}
 +
 static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
 					     int *errors)
 {
@@ -538,13 +620,39 @@
 	for (i = 0; i < nseusers; i++) {
 		name = semanage_seuser_get_name(seuser_list[i]);
 +		if (strcmp(name, DEFAULT_LOGIN) == 0) {
 +			seuname = semanage_seuser_get_sename(seuser_list[i]);
 +
 +			/* find the user structure given the name */
 +			u = bsearch(seuname, user_list, nusers, sizeof(semanage_user_t *),
 +				    (int (*)(const void *, const void *))
 +				    &name_user_cmp);
 +			if (u) {
 +				prefix = semanage_user_get_prefix(*u);
 +			} else {
 +				prefix = name;
 +			}
 +
 +			if (set_fallback_user(seuname, prefix) != 0) {
 +				*errors = STATUS_ERR;
 +				goto cleanup;
 +			}
 +			break;
 +		}
 +	}
 +	char *fallback_user = get_fallback_user();
 +			
 +	for (i = 0; i < nseusers; i++) {
 +		name = semanage_seuser_get_name(seuser_list[i]);
 		seuname = semanage_seuser_get_sename(seuser_list[i]);
 -		if (strcmp(seuname, FALLBACK_USER) == 0)
 +		if (strcmp(seuname, fallback_user) == 0)
 			continue;
 -		if (strcmp(seuname, DEFAULT_LOGIN) == 0)
 +
 +		if (strcmp(name, DEFAULT_LOGIN) == 0)
 			continue;
 -		if (strcmp(seuname, TEMPLATE_SEUSER) == 0)
 +		
 +		if (strcmp(name, TEMPLATE_SEUSER) == 0)
 			continue;
 		/* find the user structure given the name */
@@ -563,6 +671,9 @@
 				*errors = STATUS_ERR;
 				goto cleanup;
 			}
 +		}
 +
 +		if (!pwent) {
 			WARN(s->h_semanage,
 			     "user %s not in password file", name);
 			continue;
@@ -602,7 +713,7 @@
 	return head;
 }
@ -190,7 +276,7 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
 				      semanage_list_t * user_context_tpl,
 				      semanage_list_t * homedir_context_tpl)
 {
-@@ -615,13 +671,13 @@
+@@ -615,13 +726,13 @@
 	}
 	for (; users; pop_user_entry(&users)) {
@ -206,16 +292,35 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
 				       users->sename, users->prefix)) {
 			return STATUS_ERR;
 		}
-@@ -671,7 +727,7 @@
+@@ -662,6 +773,14 @@
 		goto done;
 	}
 +	if (write_gen_home_dir_context(s, out, user_context_tpl,
 +				       homedir_context_tpl) != STATUS_SUCCESS) {
 +		retval = STATUS_ERR;
 +	}
 +
 +	char *fallback_user = get_fallback_user();
 +	char *fallback_user_prefix = get_fallback_user_prefix();
 +
 	for (h = homedirs; h; h = h->next) {
 		Ustr *temp = ustr_dup_cstr(h->data);
@@ -671,16 +790,16 @@
 			goto done;
 		}
 -		if (write_home_dir_context(out,
 -					   homedir_context_tpl, FALLBACK_USER,
 -					   FALLBACK_USER, ustr_cstr(temp),
 -					   FALLBACK_USER_PREFIX) !=
 +		if (write_home_dir_context(s, out,
- 					   homedir_context_tpl, FALLBACK_USER,
+					   homedir_context_tpl, fallback_user,
- 					   FALLBACK_USER, ustr_cstr(temp),
+					   fallback_user, ustr_cstr(temp),
- 					   FALLBACK_USER_PREFIX) !=
+					   fallback_user_prefix) !=
-@@ -680,7 +736,7 @@
+ 		    STATUS_SUCCESS) {
 			ustr_sc_free(&temp);
 			retval = STATUS_ERR;
 			goto done;
 		}
@ -224,23 +329,27 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
 					    homeroot_context_tpl,
 					    h->data) != STATUS_SUCCESS) {
 			ustr_sc_free(&temp);
-@@ -690,13 +746,13 @@
+@@ -690,16 +809,12 @@
 		ustr_sc_free(&temp);
 	}
 -	if (write_user_context(out, user_context_tpl,
 -			       ".*", FALLBACK_USER,
 -			       FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
 +	if (write_user_context(s, out, user_context_tpl,
- 			       ".*", FALLBACK_USER,
+			       ".*", fallback_user,
- 			       FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
+			       fallback_user_prefix) != STATUS_SUCCESS) {
 		retval = STATUS_ERR;
 		goto done;
 	}
 -	if (write_gen_home_dir_context(out, s, user_context_tpl,
-+	if (write_gen_home_dir_context(s, out, user_context_tpl,
+-				       homedir_context_tpl) != STATUS_SUCCESS) {
- 				       homedir_context_tpl) != STATUS_SUCCESS) {
+-		retval = STATUS_ERR;
- 		retval = STATUS_ERR;
+-	}
- 	}
+ 
-@@ -711,7 +767,9 @@
+       done:
 	/* Cleanup */
@@ -711,7 +826,9 @@
 	return retval;
 }
@ -251,7 +360,15 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
 {
 	genhomedircon_settings_t s;
 	FILE *out = NULL;
-@@ -725,6 +783,7 @@
+@@ -719,12 +836,15 @@
 	assert(sh);
 +	set_fallback_user(FALLBACK_USER, FALLBACK_USER_PREFIX);
 +
 	s.homedir_template_path =
 	    semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
 	s.fcfilepath = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_HOMEDIRS);
 	s.usepasswd = usepasswd;
 	s.h_semanage = sh;
@ -259,9 +376,18 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman
 	if (!(out = fopen(s.fcfilepath, "w"))) {
 		/* couldn't open output file */
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.h libsemanage-2.0.6/src/genhomedircon.h
+@@ -735,5 +855,8 @@
 	retval = write_context_file(&s, out);
 	fclose(out);
 +
 +	free_fallback_user();
 +
 	return retval;
 }
 diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.h libsemanage-2.0.9/src/genhomedircon.h
 --- nsalibsemanage/src/genhomedircon.h	2007-08-23 16:52:25.000000000 -0400
-+++ libsemanage-2.0.6/src/genhomedircon.h	2007-09-26 16:22:31.000000000 -0400
+++ libsemanage-2.0.9/src/genhomedircon.h	2007-09-26 19:49:09.000000000 -0400
@@ -22,6 +22,7 @@
 #include "utilities.h"
@ -271,9 +397,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.h libseman
 +			   sepol_policydb_t * policydb, int usepasswd);
 #endif
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.c libsemanage-2.0.6/src/handle.c
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.c libsemanage-2.0.9/src/handle.c
 --- nsalibsemanage/src/handle.c	2007-08-20 19:15:37.000000000 -0400
-+++ libsemanage-2.0.6/src/handle.c	2007-09-26 16:22:02.000000000 -0400
+++ libsemanage-2.0.9/src/handle.c	2007-09-26 19:49:09.000000000 -0400
@@ -68,6 +68,7 @@
 	/* By default do not create store */
 	sh->create_store = 0;
@ -298,9 +424,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.c libsemanage-2.0
 void semanage_set_create_store(semanage_handle_t * sh, int create_store)
 {
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.h libsemanage-2.0.6/src/handle.h
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.h libsemanage-2.0.9/src/handle.h
 --- nsalibsemanage/src/handle.h	2007-07-16 14:20:38.000000000 -0400
-+++ libsemanage-2.0.6/src/handle.h	2007-09-26 16:22:02.000000000 -0400
+++ libsemanage-2.0.9/src/handle.h	2007-09-26 19:49:09.000000000 -0400
@@ -58,6 +58,7 @@
 	int is_connected;
 	int is_in_transaction;
@ -309,9 +435,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.h libsemanage-2.0
 	int do_rebuild;		/* whether to rebuild policy if there were no changes */
 	int modules_modified;
 	int create_store;	/* whether to create the store if it does not exist
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.6/src/libsemanage.map
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.9/src/libsemanage.map
 --- nsalibsemanage/src/libsemanage.map	2007-08-20 19:15:37.000000000 -0400
-+++ libsemanage-2.0.6/src/libsemanage.map	2007-09-26 16:22:02.000000000 -0400
+++ libsemanage-2.0.9/src/libsemanage.map	2007-09-26 19:49:09.000000000 -0400
@@ -9,6 +9,7 @@
 	  semanage_module_list_nth; semanage_module_get_name;
 	  semanage_module_get_version; semanage_select_store;
@ -320,10 +446,10 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libseman
 	  semanage_user_*; semanage_bool_*; semanage_seuser_*;
 	  semanage_iface_*; semanage_port_*; semanage_context_*;
 	  semanage_node_*;
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.6/src/semanage_store.c
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.9/src/semanage_store.c
--- nsalibsemanage/src/semanage_store.c	2007-08-23 16:52:25.000000000 -0400
+--- nsalibsemanage/src/semanage_store.c	2007-09-26 19:37:44.000000000 -0400
-+++ libsemanage-2.0.6/src/semanage_store.c	2007-09-26 16:22:31.000000000 -0400
+++ libsemanage-2.0.9/src/semanage_store.c	2007-09-26 19:49:09.000000000 -0400
-@@ -1130,7 +1130,7 @@
+@@ -1148,7 +1148,7 @@
       skip_reload:
@ -332,7 +458,7 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsema
 	     semanage_exec_prog(sh, sh->conf->setfiles, store_pol,
 				store_fc)) != 0) {
 		ERR(sh, "setfiles returned error code %d.", r);
-@@ -1257,7 +1257,8 @@
+@@ -1279,7 +1279,8 @@
  * should be placed within a mutex lock to ensure that it runs
  * atomically.	Returns commit number on success, -1 on error.
  */
@ -342,7 +468,7 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsema
 {
 	int retval = -1, commit_num = -1;
-@@ -1272,7 +1273,7 @@
+@@ -1294,7 +1295,7 @@
 	}
 	if (!sh->conf->disable_genhomedircon) {
 		if ((retval =
@ -351,9 +477,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsema
 			ERR(sh, "semanage_genhomedircon returned error code %d.",
 			    retval);
 			goto cleanup;
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.6/src/semanage_store.h
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.9/src/semanage_store.h
 --- nsalibsemanage/src/semanage_store.h	2007-08-23 16:52:25.000000000 -0400
-+++ libsemanage-2.0.6/src/semanage_store.h	2007-09-26 16:22:31.000000000 -0400
+++ libsemanage-2.0.9/src/semanage_store.h	2007-09-26 20:10:59.000000000 -0400
@@ -83,8 +83,6 @@
 int semanage_get_modules_names(semanage_handle_t * sh,
 			       char ***filenames, int *len);
--- a/libsemanage.spec
+++ b/libsemanage.spec
@ -2,8 +2,8 @@
 %define libselinuxver 2.0.0-1
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
-Version: 2.0.6
+Version: 2.0.9
-Release: 2%{?dist}
+Release: 1%{?dist}
 License: GPL
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
@ -78,6 +78,15 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man3/*
 %changelog
 * Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.9-1
 - Upgrade to latest from NSA
 	* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
 	* Clear errno on non-fatal errors to avoid reporting them upon a
 	  later error that does not set errno.
 	* Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.
 - Fix segfault in genhomedircon when using bad user names
 * Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-2
 - Fix genhomedircon code to only generate valid context
 - Fixes autorelabel problem
--- a/2
+++ b/2
@ -1 +1 @@
-ee1ccbd5cb4f0a08f85dd92a861283f8  libsemanage-2.0.6.tgz
+c241e659ddab751e036c3e770583e95c  libsemanage-2.0.9.tgz
`@ -1 +1 @@`
	`ee1ccbd5cb4f0a08f85dd92a861283f8 libsemanage-2.0.6.tgz`	`c241e659ddab751e036c3e770583e95c libsemanage-2.0.9.tgz`