import libsemanage-2.9-2.el8
This commit is contained in:
commit
d8134eef65
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
SOURCES/libsemanage-2.9.tar.gz
|
1
.libsemanage.metadata
Normal file
1
.libsemanage.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
4c669c72c4626391d67e5c7e69be8397d71ee31e SOURCES/libsemanage-2.9.tar.gz
|
@ -0,0 +1,66 @@
|
|||||||
|
From dc105dcb5e34e256bcbcf547fea590cfcee06933 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Wed, 7 Nov 2018 18:17:34 +0100
|
||||||
|
Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity
|
||||||
|
scan defects
|
||||||
|
|
||||||
|
---
|
||||||
|
libsemanage/src/direct_api.c | 21 ++++++++-------------
|
||||||
|
1 file changed, 8 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
|
||||||
|
index c58961be..8e4d116d 100644
|
||||||
|
--- a/libsemanage/src/direct_api.c
|
||||||
|
+++ b/libsemanage/src/direct_api.c
|
||||||
|
@@ -1028,7 +1028,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
|
||||||
|
|
||||||
|
fp = NULL;
|
||||||
|
|
||||||
|
- ret = 0;
|
||||||
|
+ return 0;
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
if (fp != NULL) fclose(fp);
|
||||||
|
@@ -2177,7 +2177,6 @@ cleanup:
|
||||||
|
semanage_module_info_destroy(sh, modinfo);
|
||||||
|
free(modinfo);
|
||||||
|
|
||||||
|
- if (fp != NULL) fclose(fp);
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -2342,16 +2341,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
|
||||||
|
free(tmp);
|
||||||
|
tmp = NULL;
|
||||||
|
|
||||||
|
- if (fclose(fp) != 0) {
|
||||||
|
- ERR(sh,
|
||||||
|
- "Unable to close %s module lang ext file.",
|
||||||
|
- (*modinfo)->name);
|
||||||
|
- status = -1;
|
||||||
|
- goto cleanup;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- fp = NULL;
|
||||||
|
-
|
||||||
|
/* lookup enabled/disabled status */
|
||||||
|
ret = semanage_module_get_path(sh,
|
||||||
|
*modinfo,
|
||||||
|
@@ -2395,7 +2384,13 @@ cleanup:
|
||||||
|
free(modinfos);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (fp != NULL) fclose(fp);
|
||||||
|
+ if (fp != NULL && fclose(fp) != 0) {
|
||||||
|
+ ERR(sh,
|
||||||
|
+ "Unable to close %s module lang ext file.",
|
||||||
|
+ (*modinfo)->name);
|
||||||
|
+ status = -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
@ -0,0 +1,48 @@
|
|||||||
|
From d68976d353bf334c43fd084f9cc4535874860006 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
Date: Tue, 8 Oct 2019 14:22:12 +0200
|
||||||
|
Subject: [PATCH] libsemanage: Add support for DCCP and SCTP protocols
|
||||||
|
|
||||||
|
This is necessary for "semanage port" to be able to handle DCCP and SCTP
|
||||||
|
protocols.
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
"port_parse" only handles TCP and UDP protocols
|
||||||
|
|
||||||
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
---
|
||||||
|
libsemanage/include/semanage/port_record.h | 2 ++
|
||||||
|
libsemanage/src/ports_file.c | 4 ++++
|
||||||
|
2 files changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libsemanage/include/semanage/port_record.h b/libsemanage/include/semanage/port_record.h
|
||||||
|
index 20ae4bd9..71074800 100644
|
||||||
|
--- a/libsemanage/include/semanage/port_record.h
|
||||||
|
+++ b/libsemanage/include/semanage/port_record.h
|
||||||
|
@@ -16,6 +16,8 @@ typedef struct semanage_port_key semanage_port_key_t;
|
||||||
|
|
||||||
|
#define SEMANAGE_PROTO_UDP 0
|
||||||
|
#define SEMANAGE_PROTO_TCP 1
|
||||||
|
+#define SEMANAGE_PROTO_DCCP 2
|
||||||
|
+#define SEMANAGE_PROTO_SCTP 3
|
||||||
|
|
||||||
|
/* Key */
|
||||||
|
extern int semanage_port_compare(const semanage_port_t * port,
|
||||||
|
diff --git a/libsemanage/src/ports_file.c b/libsemanage/src/ports_file.c
|
||||||
|
index 46ee2f00..4738d467 100644
|
||||||
|
--- a/libsemanage/src/ports_file.c
|
||||||
|
+++ b/libsemanage/src/ports_file.c
|
||||||
|
@@ -84,6 +84,10 @@ static int port_parse(semanage_handle_t * handle,
|
||||||
|
semanage_port_set_proto(port, SEMANAGE_PROTO_TCP);
|
||||||
|
else if (!strcasecmp(str, "udp"))
|
||||||
|
semanage_port_set_proto(port, SEMANAGE_PROTO_UDP);
|
||||||
|
+ else if (!strcasecmp(str, "dccp"))
|
||||||
|
+ semanage_port_set_proto(port, SEMANAGE_PROTO_DCCP);
|
||||||
|
+ else if (!strcasecmp(str, "sctp"))
|
||||||
|
+ semanage_port_set_proto(port, SEMANAGE_PROTO_SCTP);
|
||||||
|
else {
|
||||||
|
ERR(handle, "invalid protocol \"%s\" (%s: %u):\n%s", str,
|
||||||
|
info->filename, info->lineno, info->orig_line);
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
57
SOURCES/semanage.conf
Normal file
57
SOURCES/semanage.conf
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
# Authors: Jason Tang <jtang@tresys.com>
|
||||||
|
#
|
||||||
|
# Copyright (C) 2004-2005 Tresys Technology, LLC
|
||||||
|
#
|
||||||
|
# This library is free software; you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU Lesser General Public
|
||||||
|
# License as published by the Free Software Foundation; either
|
||||||
|
# version 2.1 of the License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This library is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
# Lesser General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Lesser General Public
|
||||||
|
# License along with this library; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
#
|
||||||
|
# Specify how libsemanage will interact with a SELinux policy manager.
|
||||||
|
# The four options are:
|
||||||
|
#
|
||||||
|
# "source" - libsemanage manipulates a source SELinux policy
|
||||||
|
# "direct" - libsemanage will write directly to a module store.
|
||||||
|
# /foo/bar - Write by way of a policy management server, whose
|
||||||
|
# named socket is at /foo/bar. The path must begin
|
||||||
|
# with a '/'.
|
||||||
|
# foo.com:4242 - Establish a TCP connection to a remote policy
|
||||||
|
# management server at foo.com. If there is a colon
|
||||||
|
# then the remainder is interpreted as a port number;
|
||||||
|
# otherwise default to port 4242.
|
||||||
|
module-store = direct
|
||||||
|
|
||||||
|
# When generating the final linked and expanded policy, by default
|
||||||
|
# semanage will set the policy version to POLICYDB_VERSION_MAX, as
|
||||||
|
# given in <sepol/policydb.h>. Change this setting if a different
|
||||||
|
# version is necessary.
|
||||||
|
#policy-version = 19
|
||||||
|
|
||||||
|
# expand-check check neverallow rules when executing all semanage
|
||||||
|
# commands. There might be a penalty in execution time if this
|
||||||
|
# option is enabled.
|
||||||
|
expand-check=0
|
||||||
|
|
||||||
|
# usepasswd check tells semanage to scan all pass word records for home directories
|
||||||
|
# and setup the labeling correctly. If this is turned off, SELinux will label /home
|
||||||
|
# correctly only. You will need to use semanage fcontext command.
|
||||||
|
# For example, if you had home dirs in /althome directory you would have to execute
|
||||||
|
# semanage fcontext -a -e /home /althome
|
||||||
|
usepasswd=False
|
||||||
|
bzip-small=true
|
||||||
|
bzip-blocksize=5
|
||||||
|
ignoredirs=/root
|
||||||
|
|
||||||
|
[sefcontext_compile]
|
||||||
|
path = /usr/sbin/sefcontext_compile
|
||||||
|
args = -r $@
|
||||||
|
[end]
|
1479
SPECS/libsemanage.spec
Normal file
1479
SPECS/libsemanage.spec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user