rpms/libsemanage
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Upgrade to upstream

Browse Source 
* regenerate .pc on VERSION change
	* maintain mode even if umask is tighter
	* semanage.conf man page
	* create man5dir if not exist
This commit is contained in:
Dan Walsh 2011-11-04 09:37:32 -04:00
parent 86ba998b25
commit a29afa3a34
4 changed files with 12 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -123,3 +123,4 @@ libsemanage-2.0.45.tgz
/libsemanage-2.1.2.tgz /libsemanage-2.1.2.tgz
/libsemanage-2.1.3.tgz /libsemanage-2.1.3.tgz
/libsemanage-2.1.4.tgz /libsemanage-2.1.4.tgz
/libsemanage-2.1.5.tgz

146
libsemanage-rhat.patch
View File

@ -1,119 +1,3 @@
diff --git a/libsemanage/man/Makefile b/libsemanage/man/Makefile
index 8b2a2b9..852043d 100644
--- a/libsemanage/man/Makefile
+++ b/libsemanage/man/Makefile
@@ -1,9 +1,12 @@
# Installation directories.
MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
+MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
all:
install: all
mkdir -p $(MAN3DIR)
+ mkdir -p $(MAN5DIR)
install -m 644 man3/*.3 $(MAN3DIR)
+ install -m 644 man5/*.5 $(MAN5DIR)
diff --git a/libsemanage/man/man5/semanage.conf.5 b/libsemanage/man/man5/semanage.conf.5
new file mode 100644
index 0000000..c60bdc6
--- /dev/null
+++ b/libsemanage/man/man5/semanage.conf.5
@@ -0,0 +1,93 @@
+.TH semanage.conf "5" "September 2011" "semanage.conf" "Linux System Administration"
+.SH NAME
+semanage.conf \- global configuration file for the SELinux Management library
+.SH DESCRIPTION
+.PP
+The
+.BR semanage.conf
+file is usually located under the directory /etc/selinux and it is used for run-time configuration of the
+behavior of the SELinux Management library.
+
+.PP
+Each line should contain a configuration parameter followed by the equal sign ("=") and then followed by the configuration value for that
+parameter. Anything after the "#" symbol is ignored similarly to empty lines.
+
+.PP
+The following parameters are allowed:
+
+.RS
+.TP
+.B module-store
+Specify how the SELinux Management library should interact with the SELinux policy store. When set to "direct", the SELinux
+Management library writes to the SELinux policy module store directly (this is the default setting).
+Otherwise a socket path or a server name can be used for the argument.
+If the argument begins with "/" (as in "/foo/bar"), it represents the path to a named socket that should be used to connect the policy management
+server.
+If the argument does not begin with a "/" (as in "foo.com:4242"), it should be interpreted as the name of a remote policy management server
+to be used through a TCP connection (default port is 4242 unless a different one is specified after the server name using the colon to separate
+the two fields).
+
+.TP
+.B policy-version
+When generating the policy, by default
+.BR semanage
+will set the policy version to POLICYDB_VERSION_MAX, as defined in <sepol/policydb/policydb.h>. Change this setting if a different
+version needs to be set for the policy.
+
+.TP
+.B expand-check
+Whether or not to check "neverallow" rules when executing all
+.BR semanage
+command. It can be set to either "0" (disabled) or "1" (enabled) and by default it is enabled. There might be a large
+penalty in execution time if this option is enabled.
+
+.TP
+.B file-mode
+By default the permission mode for the run-time policy files is set to 0644.
+
+.TP
+.B save-previous
+It controls whether the previous module directory is saved after a successful commit to the policy store and it can be set to
+either "true" or "false". By default it is set to "false" (the previous version is deleted).
+
+.TP
+.B save-linked
+It controls whether the previously linked module is saved (with name "base.linked") after a successful commit to the policy store.
+It can be set to either "true" or "false" and by default it is set to "false" (the previous module is deleted).
+
+.TP
+.B usepasswd
+Whether or not to enable the use getpwent() to obtain a list of home directories to label. It can be set to either "true" or "false".
+By default it is set to "true".
+
+.TP
+.B disable-genhomedircon
+It controls whether or not the genhomedircon function is executed when using the
+.BR semanage
+command and it can be set to either "false" or "true". By default the genhomedircon functionality is enabled (equivalent
+to this option set to "false").
+
+.TP
+.B handle-unknown
+This option controls the kernel behavior for handling permissions defined in the kernel but missing from the actual policy.
+It can be set to "deny", "reject" or "allow".
+
+.TP
+.B bzip-blocksize
+It should be in the range 0-9. A value of 0 means no compression. By default the bzip block size is set to 9 (actual block
+size value is obtained after multiplication by 100000).
+
+.TP
+.B bzip-small
+When set to "true", the bzip algorithm shall try to reduce its system memory usage. It can be set to either "true" or "false" and
+by default it is set to "false".
+
+.SH "SEE ALSO"
+.TP
+semanage(8)
+.PP
+
+.SH AUTHOR
+This manual page was written by Guido Trentalancia <guido@trentalancia.com>.
+
+The SELinux management library was written by Tresys Technology LLC and Red Hat Inc.
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index 847d87e..2870fa8 100644 index 847d87e..2870fa8 100644
--- a/libsemanage/src/genhomedircon.c --- a/libsemanage/src/genhomedircon.c
@ -136,33 +20,3 @@ index 847d87e..2870fa8 100644
if (push_user_entry(&head, name, seuname, if (push_user_entry(&head, name, seuname,
prefix, pwent->pw_dir, level) != STATUS_SUCCESS) { prefix, pwent->pw_dir, level) != STATUS_SUCCESS) {
*errors = STATUS_ERR; *errors = STATUS_ERR;
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index e322992..a223aa7 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -495,6 +495,7 @@ static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
int in, out, retval = 0, amount_read, n, errsv = errno;
char tmp[PATH_MAX];
char buf[4192];
+ mode_t mask;
n = snprintf(tmp, PATH_MAX, "%s.tmp", dst);
if (n < 0 || n >= PATH_MAX)
@@ -506,13 +507,16 @@ static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
if (!mode)
mode = S_IRUSR | S_IWUSR;
-
+
+ mask = umask(0);
if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) {
+ umask(mask);
errsv = errno;
close(in);
retval = -1;
goto out;
}
+ umask(mask);
while (retval == 0 && (amount_read = read(in, buf, sizeof(buf))) > 0) {
if (write(out, buf, amount_read) < 0) {
errsv = errno;

13
libsemanage.spec
View File

@ -5,12 +5,12 @@
%endif %endif
%define libsepolver 2.1.2-3 %define libsepolver 2.1.2-3
%define libselinuxver 2.1.5-1 %define libselinuxver 2.1.6-4
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsemanage Name: libsemanage
Version: 2.1.4 Version: 2.1.5
Release: 3%{?dist} Release: 1%{?dist}
License: LGPLv2+ License: LGPLv2+
Group: System Environment/Libraries Group: System Environment/Libraries
Source: libsemanage-%{version}.tgz Source: libsemanage-%{version}.tgz
@ -180,6 +180,13 @@ rm -rf ${RPM_BUILD_ROOT}
%endif # if with_python3 %endif # if with_python3
%changelog %changelog
* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
- Upgrade to upstream
* regenerate .pc on VERSION change
* maintain mode even if umask is tighter
* semanage.conf man page
* create man5dir if not exist
* Wed Oct 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2 * Wed Oct 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
- Fix handling of umask, so files get created with the correct label. - Fix handling of umask, so files get created with the correct label.

2
sources
View File

@ -1 +1 @@
3810c7b51fc43ea03d34faef934442a0 libsemanage-2.1.4.tgz d6b87d0f0afd19cbb8f017ed663e37bd libsemanage-2.1.5.tgz