rpms/libselinux/FC-4 libselinux-rhat.patch, 1.44, 1.45 libselinux.spec, 1.103, 1.104
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 17 03:13:53 UTC 2006
- Previous message (by thread): rpms/libgnome/devel .cvsignore, 1.20, 1.21 libgnome.spec, 1.43, 1.44 sources, 1.20, 1.21
- Next message (by thread): rpms/libgnomeui/devel .cvsignore, 1.19, 1.20 libgnomeui.spec, 1.31, 1.32 sources, 1.19, 1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/libselinux/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv28343
Modified Files:
libselinux-rhat.patch libselinux.spec
Log Message:
* Mon Jan 16 2006 Dan Walsh <dwalsh at redhat.com> 1.23.11-1.1
- Allow rpm_exec to continue on failure if permissive mode
libselinux-rhat.patch:
rpm.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/libselinux/FC-4/libselinux-rhat.patch,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- libselinux-rhat.patch 11 May 2005 15:00:11 -0000 1.44
+++ libselinux-rhat.patch 17 Jan 2006 03:13:48 -0000 1.45
@@ -1,66 +1,39 @@
---- libselinux-1.23.10/man/man8/selinux.8.rhat 2005-04-29 14:07:14.000000000 -0400
-+++ libselinux-1.23.10/man/man8/selinux.8 2005-05-11 10:56:10.000000000 -0400
-@@ -1,4 +1,4 @@
--.TH "selinux" "8" "11 Aug 2004" "dwalsh at redhat.com" "SELinux Command Line documentation"
-+.TH "selinux" "8" "29 Apr 2005" "dwalsh at redhat.com" "SELinux Command Line documentation"
-
- .SH "NAME"
- selinux \- NSA Security-Enhanced Linux (SELinux)
-@@ -62,11 +62,22 @@
- .B system-config-securitylevel
- allows customization of these booleans and tunables.
-
-+.br
-+Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
-+
-+.SH FILE LABELING
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/rpm.c libselinux-1.23.11/src/rpm.c
+--- nsalibselinux/src/rpm.c 2005-05-20 13:15:53.000000000 -0400
++++ libselinux-1.23.11/src/rpm.c 2006-01-16 22:09:51.000000000 -0500
+@@ -11,7 +11,7 @@
+ {
+ security_context_t mycon = NULL, fcon = NULL, newcon = NULL;
+ context_t con = NULL;
+- int rc;
++ int rc = 0;
+
+ if (is_selinux_enabled() < 1)
+ return execve(filename, argv, envp);
+@@ -30,6 +30,7 @@
+
+ if (!strcmp(mycon, newcon)) {
+ /* No default transition, use rpm_script_t for now. */
++ rc = -1;
+ con = context_new(mycon);
+ if (!con)
+ goto out;
+@@ -39,13 +40,17 @@
+ newcon = strdup(context_str(con));
+ if (!newcon)
+ goto out;
++ rc = 0;
+ }
+
+ rc = setexeccon(newcon);
+ if (rc < 0)
+ goto out;
+- rc = execve(filename, argv, envp);
+ out:
+
-+All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
-+Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
-+.br
-+The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
-+
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-
- .SH "SEE ALSO"
--booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8)
-+booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
++ if (rc >= 0 || !security_getenforce())
++ rc = execve(filename, argv, envp);
+
-
- .SH FILES
- /etc/selinux/config
---- libselinux-1.23.10/utils/avcstat.c.rhat 2005-04-29 14:07:14.000000000 -0400
-+++ libselinux-1.23.10/utils/avcstat.c 2005-05-11 10:57:30.000000000 -0400
-@@ -90,12 +90,15 @@
-
- int main(int argc, char **argv)
- {
-+ struct avc_cache_stats tot, rel, last;
- int fd, i, cumulative = 0;
- struct sigaction sa;
- char avcstatfile[PATH_MAX];
- snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt, DEF_STAT_FILE);
- progname = basename(argv[0]);
-
-+ memset(&last, 0, sizeof(last));
-+
- while((i = getopt(argc, argv, "cf:h?-")) != -1) {
- switch (i) {
- case 'c':
-@@ -144,7 +147,6 @@
- for (i = 0;; i++) {
- char *line;
- ssize_t ret, parsed = 0;
-- struct avc_cache_stats tot, rel, last;
-
- memset(buf, 0, DEF_BUF_SIZE);
- ret = read(fd, buf, DEF_BUF_SIZE);
-@@ -166,7 +168,6 @@
- "hits", "misses", "allocs", "reclaims", "frees");
-
- memset(&tot, 0, sizeof(tot));
-- memset(&last, 0, sizeof(last));
-
- while ((line = strtok(NULL, "\n"))) {
- struct avc_cache_stats tmp;
+ context_free(con);
+ freecon(newcon);
+ freecon(fcon);
Index: libselinux.spec
===================================================================
RCS file: /cvs/dist/rpms/libselinux/FC-4/libselinux.spec,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -r1.103 -r1.104
--- libselinux.spec 20 May 2005 17:18:49 -0000 1.103
+++ libselinux.spec 17 Jan 2006 03:13:48 -0000 1.104
@@ -1,10 +1,11 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 1.23.11
-Release: 1
+Release: 1.1
License: Public domain (uncopyrighted)
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
+Patch: libselinux-rhat.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -34,6 +35,7 @@
%prep
%setup -q
+%patch -p1 -b .rhat
%build
make CFLAGS="-g %{optflags}"
@@ -83,6 +85,9 @@
%{_mandir}/man8/*
%changelog
+* Mon Jan 16 2006 Dan Walsh <dwalsh at redhat.com> 1.23.11-1.1
+- Allow rpm_exec to continue on failure if permissive mode
+
* Fri May 20 2005 Dan Walsh <dwalsh at redhat.com> 1.23.11-1
- Update from NSA
* Merged avcstat and selinux man page from Dan Walsh.
- Previous message (by thread): rpms/libgnome/devel .cvsignore, 1.20, 1.21 libgnome.spec, 1.43, 1.44 sources, 1.20, 1.21
- Next message (by thread): rpms/libgnomeui/devel .cvsignore, 1.19, 1.20 libgnomeui.spec, 1.31, 1.32 sources, 1.19, 1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list