More fixes for disabled modules
This commit is contained in:
Dan Walsh
parent
568e47f118
commit
c00e96cc0c
@ -175,7 +175,7 @@ index 9b261b9..77c00b2 100644
|
||||
free(arg);
|
||||
} else if (*arg == '/') {
|
||||
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
|
||||
index bceb6a7..bfdcdbe 100644
|
||||
index bceb6a7..dbdcdae 100644
|
||||
--- a/libsemanage/src/direct_api.c
|
||||
+++ b/libsemanage/src/direct_api.c
|
||||
@@ -2,7 +2,7 @@
|
||||
@ -290,7 +290,15 @@ index bceb6a7..bfdcdbe 100644
|
||||
}
|
||||
}
|
||||
ERR(sh, "Module %s was not found.", module_name);
|
||||
@@ -1539,7 +1502,7 @@ int semanage_direct_access_check(semanage_handle_t * sh)
|
||||
@@ -1418,6 +1381,7 @@ static int semanage_direct_remove(semanage_handle_t * sh, char *module_name)
|
||||
}
|
||||
base++;
|
||||
if (memcmp(module_name, base, name_len) == 0) {
|
||||
+ semanage_enable_module(module_filenames[i]);
|
||||
if (unlink(module_filenames[i]) == -1) {
|
||||
ERR(sh, "Could not remove module file %s.",
|
||||
module_filenames[i]);
|
||||
@@ -1539,7 +1503,7 @@ int semanage_direct_access_check(semanage_handle_t * sh)
|
||||
{
|
||||
char polpath[PATH_MAX];
|
||||
|
||||
@ -549,7 +557,7 @@ index 3cffef7..da0ad71 100644
|
||||
return _semanage.semanage_module_install(*args)
|
||||
semanage_module_install = _semanage.semanage_module_install
|
||||
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
|
||||
index 339bbd0..90af360 100644
|
||||
index 339bbd0..602a937 100644
|
||||
--- a/libsemanage/src/semanage_store.c
|
||||
+++ b/libsemanage/src/semanage_store.c
|
||||
@@ -57,7 +57,7 @@ typedef struct dbase_policydb dbase_t;
|
||||
@ -598,7 +606,7 @@ index 339bbd0..90af360 100644
|
||||
/* Callback used by scandir() to select files. */
|
||||
static int semanage_filename_select(const struct dirent *d)
|
||||
{
|
||||
@@ -435,9 +442,38 @@ static int semanage_filename_select(const struct dirent *d)
|
||||
@@ -435,11 +442,41 @@ static int semanage_filename_select(const struct dirent *d)
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -638,8 +646,57 @@ index 339bbd0..90af360 100644
|
||||
+ return (access(path, F_OK ) != 0);
|
||||
}
|
||||
|
||||
+/* Callback used by scandir() to select module files. */
|
||||
static int semanage_modulename_select(const struct dirent *d)
|
||||
@@ -1071,14 +1107,14 @@ static int semanage_install_active(semanage_handle_t * sh)
|
||||
{
|
||||
if (d->d_name[0] == '.'
|
||||
@@ -447,7 +484,7 @@ static int semanage_modulename_select(const struct dirent *d)
|
||||
|| (d->d_name[1] == '.' && d->d_name[2] == '\0')))
|
||||
return 0;
|
||||
|
||||
- return semanage_module_enabled(d->d_name);
|
||||
+ return (! is_disabled_file(d->d_name));
|
||||
}
|
||||
|
||||
/* Copies a file from src to dst. If dst already exists then
|
||||
@@ -684,7 +721,7 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
|
||||
int *len)
|
||||
{
|
||||
return semanage_get_modules_names_filter(sh, filenames,
|
||||
- len, semanage_filename_select);
|
||||
+ len, semanage_modulename_select);
|
||||
}
|
||||
|
||||
/* Scans the modules directory for the current semanage handler. This
|
||||
@@ -697,8 +734,25 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
|
||||
int semanage_get_active_modules_names(semanage_handle_t * sh, char ***filenames,
|
||||
int *len)
|
||||
{
|
||||
- return semanage_get_modules_names_filter(sh, filenames,
|
||||
- len, semanage_modulename_select);
|
||||
+
|
||||
+ int rc = semanage_get_modules_names_filter(sh, filenames,
|
||||
+ len, semanage_modulename_select);
|
||||
+ if ( rc != 0 ) return rc;
|
||||
+
|
||||
+ int i = 0, num_modules = *len;
|
||||
+ char **names=*filenames;
|
||||
+
|
||||
+ while ( i < num_modules ) {
|
||||
+ if (! semanage_module_enabled(names[i])) {
|
||||
+ free(names[i]);
|
||||
+ names[i]=names[num_modules-1];
|
||||
+ names[num_modules-1] = NULL;
|
||||
+ num_modules--;
|
||||
+ }
|
||||
+ i++;
|
||||
+ }
|
||||
+ *len = num_modules;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
/******************* routines that run external programs *******************/
|
||||
@@ -1071,14 +1125,14 @@ static int semanage_install_active(semanage_handle_t * sh)
|
||||
const char *active_fc_hd =
|
||||
semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_HOMEDIRS);
|
||||
|
||||
@ -662,7 +719,7 @@ index 339bbd0..90af360 100644
|
||||
|
||||
/* This is very unelegant, the right thing to do is export the path
|
||||
* building code in libselinux so that you can get paths for a given
|
||||
@@ -1099,11 +1135,11 @@ static int semanage_install_active(semanage_handle_t * sh)
|
||||
@@ -1099,11 +1153,11 @@ static int semanage_install_active(semanage_handle_t * sh)
|
||||
running_seusers += len;
|
||||
running_nc += len;
|
||||
|
||||
@ -676,42 +733,16 @@ index 339bbd0..90af360 100644
|
||||
sh->conf->store_path);
|
||||
|
||||
snprintf(store_pol, PATH_MAX, "%s%s.%d", storepath,
|
||||
@@ -1632,18 +1668,21 @@ int semanage_link_sandbox(semanage_handle_t * sh,
|
||||
num_modules = 0;
|
||||
@@ -1633,8 +1687,7 @@ int semanage_link_sandbox(semanage_handle_t * sh,
|
||||
goto cleanup;
|
||||
}
|
||||
+ int disabled = 0;
|
||||
for (i = 0; i < num_modules; i++) {
|
||||
- if (semanage_load_module(sh, module_filenames[i], mods + i) ==
|
||||
- -1) {
|
||||
- goto cleanup;
|
||||
+ if (semanage_module_enabled(module_filenames[i])) {
|
||||
+ if (semanage_load_module(sh, module_filenames[i], mods + (i - disabled)) == -1) {
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ } else {
|
||||
+ disabled++;
|
||||
}
|
||||
}
|
||||
|
||||
- if (sepol_link_packages(sh->sepolh, *base, mods, num_modules, 0) != 0) {
|
||||
+ if (sepol_link_packages(sh->sepolh, *base, mods, num_modules - disabled, 0) != 0) {
|
||||
ERR(sh, "Link packages failed");
|
||||
+ if (semanage_load_module(sh, module_filenames[i], mods + i) == -1) {
|
||||
goto cleanup;
|
||||
}
|
||||
-
|
||||
retval = 0;
|
||||
|
||||
cleanup:
|
||||
@@ -1651,7 +1690,7 @@ int semanage_link_sandbox(semanage_handle_t * sh,
|
||||
free(module_filenames[i]);
|
||||
}
|
||||
free(module_filenames);
|
||||
- for (i = 0; mods != NULL && i < num_modules; i++) {
|
||||
+ for (i = 0; mods != NULL && i < num_modules -disabled; i++) {
|
||||
sepol_module_package_free(mods[i]);
|
||||
}
|
||||
free(mods);
|
||||
diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
|
||||
index 6abb2ee..8470191 100644
|
||||
--- a/libsemanage/src/semanage_store.h
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
Summary: SELinux binary policy manipulation library
|
||||
Name: libsemanage
|
||||
Version: 2.0.46
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: LGPLv2+
|
||||
Group: System Environment/Libraries
|
||||
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
|
||||
@ -208,6 +208,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jun 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-6
|
||||
- More fixes for disabled modules
|
||||
|
||||
* Tue Jun 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-5
|
||||
- Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module
|
||||
indicating the module is disabled. MODULE.pp.disabled, it will no longer rename the module. This way we can
|
||||
|
||||
Loading…
Reference in New Issue
Block a user