More fixes for disabled modules
This commit is contained in:
Dan Walsh
parent
568e47f118
commit
c00e96cc0c
@ -175,7 +175,7 @@ index 9b261b9..77c00b2 100644
|
|||||||
free(arg);
|
free(arg);
|
||||||
} else if (*arg == '/') {
|
} else if (*arg == '/') {
|
||||||
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
|
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
|
||||||
index bceb6a7..bfdcdbe 100644
|
index bceb6a7..dbdcdae 100644
|
||||||
--- a/libsemanage/src/direct_api.c
|
--- a/libsemanage/src/direct_api.c
|
||||||
+++ b/libsemanage/src/direct_api.c
|
+++ b/libsemanage/src/direct_api.c
|
||||||
@@ -2,7 +2,7 @@
|
@@ -2,7 +2,7 @@
|
||||||
@ -290,7 +290,15 @@ index bceb6a7..bfdcdbe 100644
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
ERR(sh, "Module %s was not found.", module_name);
|
ERR(sh, "Module %s was not found.", module_name);
|
||||||
@@ -1539,7 +1502,7 @@ int semanage_direct_access_check(semanage_handle_t * sh)
|
@@ -1418,6 +1381,7 @@ static int semanage_direct_remove(semanage_handle_t * sh, char *module_name)
|
||||||
|
}
|
||||||
|
base++;
|
||||||
|
if (memcmp(module_name, base, name_len) == 0) {
|
||||||
|
+ semanage_enable_module(module_filenames[i]);
|
||||||
|
if (unlink(module_filenames[i]) == -1) {
|
||||||
|
ERR(sh, "Could not remove module file %s.",
|
||||||
|
module_filenames[i]);
|
||||||
|
@@ -1539,7 +1503,7 @@ int semanage_direct_access_check(semanage_handle_t * sh)
|
||||||
{
|
{
|
||||||
char polpath[PATH_MAX];
|
char polpath[PATH_MAX];
|
||||||
|
|
||||||
@ -549,7 +557,7 @@ index 3cffef7..da0ad71 100644
|
|||||||
return _semanage.semanage_module_install(*args)
|
return _semanage.semanage_module_install(*args)
|
||||||
semanage_module_install = _semanage.semanage_module_install
|
semanage_module_install = _semanage.semanage_module_install
|
||||||
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
|
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
|
||||||
index 339bbd0..90af360 100644
|
index 339bbd0..602a937 100644
|
||||||
--- a/libsemanage/src/semanage_store.c
|
--- a/libsemanage/src/semanage_store.c
|
||||||
+++ b/libsemanage/src/semanage_store.c
|
+++ b/libsemanage/src/semanage_store.c
|
||||||
@@ -57,7 +57,7 @@ typedef struct dbase_policydb dbase_t;
|
@@ -57,7 +57,7 @@ typedef struct dbase_policydb dbase_t;
|
||||||
@ -598,7 +606,7 @@ index 339bbd0..90af360 100644
|
|||||||
/* Callback used by scandir() to select files. */
|
/* Callback used by scandir() to select files. */
|
||||||
static int semanage_filename_select(const struct dirent *d)
|
static int semanage_filename_select(const struct dirent *d)
|
||||||
{
|
{
|
||||||
@@ -435,9 +442,38 @@ static int semanage_filename_select(const struct dirent *d)
|
@@ -435,11 +442,41 @@ static int semanage_filename_select(const struct dirent *d)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -638,8 +646,57 @@ index 339bbd0..90af360 100644
|
|||||||
+ return (access(path, F_OK ) != 0);
|
+ return (access(path, F_OK ) != 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
+/* Callback used by scandir() to select module files. */
|
||||||
static int semanage_modulename_select(const struct dirent *d)
|
static int semanage_modulename_select(const struct dirent *d)
|
||||||
@@ -1071,14 +1107,14 @@ static int semanage_install_active(semanage_handle_t * sh)
|
{
|
||||||
|
if (d->d_name[0] == '.'
|
||||||
|
@@ -447,7 +484,7 @@ static int semanage_modulename_select(const struct dirent *d)
|
||||||
|
|| (d->d_name[1] == '.' && d->d_name[2] == '\0')))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
- return semanage_module_enabled(d->d_name);
|
||||||
|
+ return (! is_disabled_file(d->d_name));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Copies a file from src to dst. If dst already exists then
|
||||||
|
@@ -684,7 +721,7 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
|
||||||
|
int *len)
|
||||||
|
{
|
||||||
|
return semanage_get_modules_names_filter(sh, filenames,
|
||||||
|
- len, semanage_filename_select);
|
||||||
|
+ len, semanage_modulename_select);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Scans the modules directory for the current semanage handler. This
|
||||||
|
@@ -697,8 +734,25 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
|
||||||
|
int semanage_get_active_modules_names(semanage_handle_t * sh, char ***filenames,
|
||||||
|
int *len)
|
||||||
|
{
|
||||||
|
- return semanage_get_modules_names_filter(sh, filenames,
|
||||||
|
- len, semanage_modulename_select);
|
||||||
|
+
|
||||||
|
+ int rc = semanage_get_modules_names_filter(sh, filenames,
|
||||||
|
+ len, semanage_modulename_select);
|
||||||
|
+ if ( rc != 0 ) return rc;
|
||||||
|
+
|
||||||
|
+ int i = 0, num_modules = *len;
|
||||||
|
+ char **names=*filenames;
|
||||||
|
+
|
||||||
|
+ while ( i < num_modules ) {
|
||||||
|
+ if (! semanage_module_enabled(names[i])) {
|
||||||
|
+ free(names[i]);
|
||||||
|
+ names[i]=names[num_modules-1];
|
||||||
|
+ names[num_modules-1] = NULL;
|
||||||
|
+ num_modules--;
|
||||||
|
+ }
|
||||||
|
+ i++;
|
||||||
|
+ }
|
||||||
|
+ *len = num_modules;
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/******************* routines that run external programs *******************/
|
||||||
|
@@ -1071,14 +1125,14 @@ static int semanage_install_active(semanage_handle_t * sh)
|
||||||
const char *active_fc_hd =
|
const char *active_fc_hd =
|
||||||
semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_HOMEDIRS);
|
semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_HOMEDIRS);
|
||||||
|
|
||||||
@ -662,7 +719,7 @@ index 339bbd0..90af360 100644
|
|||||||
|
|
||||||
/* This is very unelegant, the right thing to do is export the path
|
/* This is very unelegant, the right thing to do is export the path
|
||||||
* building code in libselinux so that you can get paths for a given
|
* building code in libselinux so that you can get paths for a given
|
||||||
@@ -1099,11 +1135,11 @@ static int semanage_install_active(semanage_handle_t * sh)
|
@@ -1099,11 +1153,11 @@ static int semanage_install_active(semanage_handle_t * sh)
|
||||||
running_seusers += len;
|
running_seusers += len;
|
||||||
running_nc += len;
|
running_nc += len;
|
||||||
|
|
||||||
@ -676,42 +733,16 @@ index 339bbd0..90af360 100644
|
|||||||
sh->conf->store_path);
|
sh->conf->store_path);
|
||||||
|
|
||||||
snprintf(store_pol, PATH_MAX, "%s%s.%d", storepath,
|
snprintf(store_pol, PATH_MAX, "%s%s.%d", storepath,
|
||||||
@@ -1632,18 +1668,21 @@ int semanage_link_sandbox(semanage_handle_t * sh,
|
@@ -1633,8 +1687,7 @@ int semanage_link_sandbox(semanage_handle_t * sh,
|
||||||
num_modules = 0;
|
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
+ int disabled = 0;
|
|
||||||
for (i = 0; i < num_modules; i++) {
|
for (i = 0; i < num_modules; i++) {
|
||||||
- if (semanage_load_module(sh, module_filenames[i], mods + i) ==
|
- if (semanage_load_module(sh, module_filenames[i], mods + i) ==
|
||||||
- -1) {
|
- -1) {
|
||||||
- goto cleanup;
|
+ if (semanage_load_module(sh, module_filenames[i], mods + i) == -1) {
|
||||||
+ if (semanage_module_enabled(module_filenames[i])) {
|
|
||||||
+ if (semanage_load_module(sh, module_filenames[i], mods + (i - disabled)) == -1) {
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ disabled++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (sepol_link_packages(sh->sepolh, *base, mods, num_modules, 0) != 0) {
|
|
||||||
+ if (sepol_link_packages(sh->sepolh, *base, mods, num_modules - disabled, 0) != 0) {
|
|
||||||
ERR(sh, "Link packages failed");
|
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
-
|
|
||||||
retval = 0;
|
|
||||||
|
|
||||||
cleanup:
|
|
||||||
@@ -1651,7 +1690,7 @@ int semanage_link_sandbox(semanage_handle_t * sh,
|
|
||||||
free(module_filenames[i]);
|
|
||||||
}
|
}
|
||||||
free(module_filenames);
|
|
||||||
- for (i = 0; mods != NULL && i < num_modules; i++) {
|
|
||||||
+ for (i = 0; mods != NULL && i < num_modules -disabled; i++) {
|
|
||||||
sepol_module_package_free(mods[i]);
|
|
||||||
}
|
|
||||||
free(mods);
|
|
||||||
diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
|
diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
|
||||||
index 6abb2ee..8470191 100644
|
index 6abb2ee..8470191 100644
|
||||||
--- a/libsemanage/src/semanage_store.h
|
--- a/libsemanage/src/semanage_store.h
|
||||||
|
|||||||
@ -10,7 +10,7 @@
|
|||||||
Summary: SELinux binary policy manipulation library
|
Summary: SELinux binary policy manipulation library
|
||||||
Name: libsemanage
|
Name: libsemanage
|
||||||
Version: 2.0.46
|
Version: 2.0.46
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
|
||||||
@ -208,6 +208,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jun 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-6
|
||||||
|
- More fixes for disabled modules
|
||||||
|
|
||||||
* Tue Jun 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-5
|
* Tue Jun 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-5
|
||||||
- Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module
|
- Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module
|
||||||
indicating the module is disabled. MODULE.pp.disabled, it will no longer rename the module. This way we can
|
indicating the module is disabled. MODULE.pp.disabled, it will no longer rename the module. This way we can
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user