From bc9b70b7c6efcbd95196cab6a18d0fa71e270904 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Wed, 30 Jul 2014 19:07:08 +0200 Subject: [PATCH] * Wed Jul 30 2014 Miroslav Grepl - 2.3-5 - Skip policy module re-link when only setting booleans. * patch from Stephen Smalley --- libsemanage-rhat.patch | 118 +++++++++++++++++++++++++++++------------ libsemanage.spec | 10 ++-- 2 files changed, 91 insertions(+), 37 deletions(-) diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch index dd56774..5991109 100644 --- a/libsemanage-rhat.patch +++ b/libsemanage-rhat.patch @@ -1,39 +1,89 @@ -diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c -index f3b9b5c..1aea839 100644 ---- a/libsemanage/src/genhomedircon.c -+++ b/libsemanage/src/genhomedircon.c -@@ -1070,8 +1070,10 @@ int semanage_genhomedircon(semanage_handle_t * sh, - s.fallback_user = strdup(FALLBACK_USER); - s.fallback_user_prefix = strdup(FALLBACK_USER_PREFIX); - s.fallback_user_level = strdup(FALLBACK_USER_LEVEL); -- if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL) -- return STATUS_ERR; -+ if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL) { -+ retval = STATUS_ERR; -+ goto done; +diff --git a/src/direct_api.c b/src/direct_api.c +index 64dc7d9..5b94725 100644 +--- a/src/direct_api.c ++++ b/src/direct_api.c +@@ -690,7 +690,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) + /* Declare some variables */ + int modified = 0, fcontexts_modified, ports_modified, + seusers_modified, users_extra_modified, dontaudit_modified, +- preserve_tunables_modified; ++ preserve_tunables_modified, bools_modified; + dbase_config_t *users = semanage_user_dbase_local(sh); + dbase_config_t *users_base = semanage_user_base_dbase_local(sh); + dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh); +@@ -771,11 +771,11 @@ static int semanage_direct_commit(semanage_handle_t * sh) + users_extra_modified = + users_extra->dtable->is_modified(users_extra->dbase); + ports_modified = ports->dtable->is_modified(ports->dbase); ++ bools_modified = bools->dtable->is_modified(bools->dbase); + + modified = sh->modules_modified; + modified |= ports_modified; + modified |= users->dtable->is_modified(users_base->dbase); +- modified |= bools->dtable->is_modified(bools->dbase); + modified |= ifaces->dtable->is_modified(ifaces->dbase); + modified |= nodes->dtable->is_modified(nodes->dbase); + modified |= dontaudit_modified; +@@ -891,15 +891,26 @@ static int semanage_direct_commit(semanage_handle_t * sh) + + /* ==================== Policydb-backed ================ */ + +- /* Create new policy object, then attach to policy databases +- * that work with a policydb */ ++ /* Create new policy object */ + retval = semanage_expand_sandbox(sh, base, &out); + if (retval < 0) + goto cleanup; + + sepol_module_package_free(base); + base = NULL; ++ } else { ++ /* Load already linked policy */ ++ retval = sepol_policydb_create(&out); ++ if (retval < 0) ++ goto cleanup; ++ ++ retval = semanage_read_policydb(sh, out); ++ if (retval < 0) ++ goto cleanup; + } - if (ignoredirs) ignore_setup(ignoredirs); ++ if (sh->do_rebuild || modified || bools_modified) { ++ /* Attach to policy databases that work with a policydb. */ + dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, + out); + dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out); +@@ -921,14 +932,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) + if (retval < 0) + goto cleanup; + } else { +- retval = sepol_policydb_create(&out); +- if (retval < 0) +- goto cleanup; +- +- retval = semanage_read_policydb(sh, out); +- if (retval < 0) +- goto cleanup; +- ++ /* Changes to non-kernel policy configurations only. */ + if (seusers_modified || users_extra_modified) { + retval = semanage_link_base(sh, &base); + if (retval < 0) +@@ -1007,7 +1011,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) + sepol_policydb_free(out); + out = NULL; -@@ -1082,15 +1084,19 @@ int semanage_genhomedircon(semanage_handle_t * sh, - if (!(out = fopen(s.fcfilepath, "w"))) { - /* couldn't open output file */ - ERR(sh, "Could not open the file_context file for writing"); -- return STATUS_ERR; -+ retval = STATUS_ERR; -+ goto done; +- if (sh->do_rebuild || modified || ++ if (sh->do_rebuild || modified || bools_modified || + seusers_modified || fcontexts_modified || users_extra_modified) { + retval = semanage_install_sandbox(sh); + } +@@ -1017,7 +1021,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) + free(mod_filenames[i]); } - retval = write_context_file(&s, out); - -- fclose(out); -+done: -+ if (out != NULL) -+ fclose(out); - - free(s.fallback_user); - free(s.fallback_user_prefix); -+ free(s.fallback_user_level); - ignore_free(); - - return retval; +- if (modified) { ++ if (modified || bools_modified) { + /* Detach from policydb, so it can be freed */ + dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase); + dbase_policydb_detach((dbase_policydb_t *) pports->dbase); diff --git a/libsemanage.spec b/libsemanage.spec index 3bd8e34..927d455 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -7,11 +7,11 @@ Summary: SELinux binary policy manipulation library Name: libsemanage Version: 2.3 -Release: 4%{?dist} +Release: 5%{?dist} License: LGPLv2+ Group: System Environment/Libraries Source: libsemanage-%{version}.tgz -#Patch: libsemanage-rhat.patch +Patch: libsemanage-rhat.patch URL: http://oss.tresys.com/git/selinux.git Source1: semanage.conf @@ -83,7 +83,7 @@ SELinux management applications. %prep %setup -q -#%patch -p2 -b .rhat +%patch -p1 -b .rhat %build # To support building the Python wrapper against multiple Python runtimes @@ -181,6 +181,10 @@ rm -rf ${RPM_BUILD_ROOT} %endif # if with_python3 %changelog +* Wed Jul 30 2014 Miroslav Grepl - 2.3-5 +- Skip policy module re-link when only setting booleans. + * patch from Stephen Smalley + * Fri Jul 18 2014 Tom Callaway - 2.3-4 - fix license handling