* Wed Jul 30 2014 Miroslav Grepl <mgrepl@fedoraproject.org> - 2.3-5

- Skip policy module re-link when only setting booleans. * patch from Stephen Smalley
2014-07-30 19:07:08 +02:00 · 2014-07-30 19:07:08 +02:00 · bc9b70b7c6
commit bc9b70b7c6
parent 3b4c09022e
2 changed files with 91 additions and 37 deletions
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@ -1,39 +1,89 @@
-diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
-index f3b9b5c..1aea839 100644
--- a/libsemanage/src/genhomedircon.c
-+++ b/libsemanage/src/genhomedircon.c
-@@ -1070,8 +1070,10 @@ int semanage_genhomedircon(semanage_handle_t * sh,
- 	s.fallback_user = strdup(FALLBACK_USER);
- 	s.fallback_user_prefix = strdup(FALLBACK_USER_PREFIX);
- 	s.fallback_user_level = strdup(FALLBACK_USER_LEVEL);
-	if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL)
-		return STATUS_ERR;
-+	if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL) {
-+		retval = STATUS_ERR;
-+		goto done;
+diff --git a/src/direct_api.c b/src/direct_api.c
+index 64dc7d9..5b94725 100644
+--- a/src/direct_api.c
+++ b/src/direct_api.c
+@@ -690,7 +690,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 	/* Declare some variables */
+ 	int modified = 0, fcontexts_modified, ports_modified,
+ 	    seusers_modified, users_extra_modified, dontaudit_modified,
+-	    preserve_tunables_modified;
+	    preserve_tunables_modified, bools_modified;
+ 	dbase_config_t *users = semanage_user_dbase_local(sh);
+ 	dbase_config_t *users_base = semanage_user_base_dbase_local(sh);
+ 	dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh);
+@@ -771,11 +771,11 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 	users_extra_modified =
+ 	    users_extra->dtable->is_modified(users_extra->dbase);
+ 	ports_modified = ports->dtable->is_modified(ports->dbase);
+	bools_modified = bools->dtable->is_modified(bools->dbase);
+ 
+ 	modified = sh->modules_modified;
+ 	modified |= ports_modified;
+ 	modified |= users->dtable->is_modified(users_base->dbase);
+-	modified |= bools->dtable->is_modified(bools->dbase);
+ 	modified |= ifaces->dtable->is_modified(ifaces->dbase);
+ 	modified |= nodes->dtable->is_modified(nodes->dbase);
+ 	modified |= dontaudit_modified;
+@@ -891,15 +891,26 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 
+ 		/* ==================== Policydb-backed ================ */
+ 
+-		/* Create new policy object, then attach to policy databases
+-		 * that work with a policydb */
+		/* Create new policy object */
+ 		retval = semanage_expand_sandbox(sh, base, &out);
+ 		if (retval < 0)
+ 			goto cleanup;
+ 	
+ 		sepol_module_package_free(base);
+ 		base = NULL;
+	} else {
+		/* Load already linked policy */
+		retval = sepol_policydb_create(&out);
+		if (retval < 0)
+			goto cleanup;
+
+		retval = semanage_read_policydb(sh, out);
+		if (retval < 0)
+			goto cleanup;
 +	}
 
- 	if (ignoredirs) ignore_setup(ignoredirs);
+	if (sh->do_rebuild || modified || bools_modified) {
+		/* Attach to policy databases that work with a policydb. */
+ 		dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase,
+ 				      out);
+ 		dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out);
+@@ -921,14 +932,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 		if (retval < 0)
+ 			goto cleanup;
+ 	} else {
+-		retval = sepol_policydb_create(&out);
+-		if (retval < 0)
+-			goto cleanup;
+-
+-		retval = semanage_read_policydb(sh, out);
+-		if (retval < 0)
+-			goto cleanup;
+-		
+		/* Changes to non-kernel policy configurations only. */
+ 		if (seusers_modified || users_extra_modified) {
+ 			retval = semanage_link_base(sh, &base);
+ 			if (retval < 0)
+@@ -1007,7 +1011,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 	sepol_policydb_free(out);
+ 	out = NULL;
 
-@@ -1082,15 +1084,19 @@ int semanage_genhomedircon(semanage_handle_t * sh,
- 	if (!(out = fopen(s.fcfilepath, "w"))) {
- 		/* couldn't open output file */
- 		ERR(sh, "Could not open the file_context file for writing");
-		return STATUS_ERR;
-+		retval = STATUS_ERR;
-+		goto done;
+-	if (sh->do_rebuild || modified || 
+	if (sh->do_rebuild || modified || bools_modified ||
+ 	    seusers_modified || fcontexts_modified || users_extra_modified) {
+ 		retval = semanage_install_sandbox(sh);
+ 	}
+@@ -1017,7 +1021,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ 		free(mod_filenames[i]);
 	}
 
- 	retval = write_context_file(&s, out);
- 
-	fclose(out);
-+done:
-+	if (out != NULL)
-+		fclose(out);
- 
- 	free(s.fallback_user);
- 	free(s.fallback_user_prefix);
-+	free(s.fallback_user_level);
- 	ignore_free();
- 
- 	return retval;
+-	if (modified) {
+	if (modified || bools_modified) {
+ 		/* Detach from policydb, so it can be freed */
+ 		dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
+ 		dbase_policydb_detach((dbase_policydb_t *) pports->dbase);
--- a/libsemanage.spec
+++ b/libsemanage.spec
@ -7,11 +7,11 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
 Version: 2.3
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 Source: libsemanage-%{version}.tgz
-#Patch: libsemanage-rhat.patch
+Patch: libsemanage-rhat.patch
 URL: http://oss.tresys.com/git/selinux.git
 Source1: semanage.conf

@ -83,7 +83,7 @@ SELinux management applications.

 %prep
 %setup -q
-#%patch -p2 -b .rhat
+%patch -p1 -b .rhat

 %build
 # To support building the Python wrapper against multiple Python runtimes
@ -181,6 +181,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif # if with_python3

 %changelog
+* Wed Jul 30 2014 Miroslav Grepl <mgrepl@fedoraproject.org> - 2.3-5
+- Skip policy module re-link when only setting booleans.
+    * patch from Stephen Smalley
+
 * Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> - 2.3-4
 - fix license handling