diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile index fc64919..c63bb22 100644 --- a/libsemanage/src/Makefile +++ b/libsemanage/src/Makefile @@ -13,12 +13,10 @@ SHLIBDIR ?= $(PREFIX)/lib INCLUDEDIR ?= $(PREFIX)/include PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])') PYINC ?= $(shell pkg-config --cflags $(PYPREFIX)) -PYTHONLIBDIR ?= $(shell pkg-config --libs $(PYPREFIX)) PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER) RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")') RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM') RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER)) -RUBYLIBDIR ?= $(shell pkg-config --libs ruby-$(RUBYLIBVER)) RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) LIBBASE=$(shell basename $(LIBDIR)) @@ -84,10 +82,10 @@ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $< $(SWIGSO): $(SWIGLOBJ) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -L$(LIBDIR) -Wl,-soname,$@ + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -L$(LIBDIR) $(SWIGRUBYSO): $(SWIGRUBYLOBJ) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage -L$(LIBDIR) -Wl,-soname,$@ + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage -L$(LIBDIR) $(LIBA): $(OBJS) $(AR) rcs $@ $^ diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index 7fcd2b4..18babe6 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -52,6 +52,26 @@ static char *private_usersconf_path = NULL; static char *private_netfilter_context_path = NULL; static char *private_policy_root = NULL; +static char *get_policy_path(void) { + char *dup_path = NULL; + int max = security_policyvers(); + if (max < 0) + max = sepol_policy_kern_vers_max(); + + char *policy_path = selinux_binary_policy_path_min_max(0, &max); + if (policy_path) { + dup_path = strdup(policy_path); + free(policy_path); + } else { + /* No Policy installed so just do max */ + int ret = asprintf(&policy_path, "%s.%d", selinux_binary_policy_path(), sepol_policy_kern_vers_max()); + if (ret > 0) + dup_path = strdup(policy_path); + free(policy_path); + } + return dup_path; +} + void semanage_free_root() { free(private_selinux_path); private_selinux_path = NULL; free(private_semanage_conf_path); private_semanage_conf_path = NULL; @@ -91,9 +111,15 @@ int semanage_set_root(const char *path) { goto error; } - if ( asprintf(&private_binary_policy_path, "%s/%s", path, selinux_binary_policy_path()) < 0 ) { + char *policy_path = get_policy_path(); + if (! policy_path) + goto error; + + if ( asprintf(&private_binary_policy_path, "%s/%s", path, policy_path) < 0 ) { + free(policy_path); goto error; } + free(policy_path); if ( asprintf(&private_usersconf_path, "%s/%s", path, selinux_usersconf_path()) < 0 ) { goto error; @@ -147,7 +173,9 @@ const char *semanage_binary_policy_path() { // printf("private_binary_policy_path %s\n", private_binary_policy_path); if (private_binary_policy_path) return private_binary_policy_path; - return selinux_binary_policy_path(); + + private_binary_policy_path = get_policy_path(); + return private_binary_policy_path; } const char *semanage_usersconf_path() { diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index cd7ce68..9c4b1fe 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -1145,8 +1145,7 @@ static int semanage_install_active(semanage_handle_t * sh) if (asprintf(&storepath, "%s%s", semanage_selinux_path(), sh->conf->store_path) < 0) return retval; - snprintf(store_pol, PATH_MAX, "%s%s.%d", storepath, - running_policy, sh->conf->policyvers); + snprintf(store_pol, PATH_MAX, "%s%s", storepath, running_policy); if (semanage_copy_file(active_kernel, store_pol, sh->conf->file_mode) == -1) { ERR(sh, "Could not copy %s to %s.", active_kernel, store_pol);