rpms/libselinux/devel .cvsignore, 1.145, 1.146 libselinux-rhat.patch, 1.124, 1.125 libselinux.spec, 1.275, 1.276 sources, 1.147, 1.148
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Aug 3 20:07:26 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/libselinux/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24084
Modified Files:
.cvsignore libselinux-rhat.patch libselinux.spec sources
Log Message:
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/libselinux/devel/.cvsignore,v
retrieving revision 1.145
retrieving revision 1.146
diff -u -r1.145 -r1.146
--- .cvsignore 16 Jul 2007 18:22:25 -0000 1.145
+++ .cvsignore 3 Aug 2007 20:06:53 -0000 1.146
@@ -124,3 +124,4 @@
libselinux-2.0.22.tgz
libselinux-2.0.23.tgz
libselinux-2.0.24.tgz
+libselinux-2.0.29.tgz
libselinux-rhat.patch:
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/libselinux/devel/libselinux-rhat.patch,v
retrieving revision 1.124
retrieving revision 1.125
diff -u -r1.124 -r1.125
--- libselinux-rhat.patch 23 Jul 2007 14:23:50 -0000 1.124
+++ libselinux-rhat.patch 3 Aug 2007 20:06:53 -0000 1.125
@@ -1,894 +1,3 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.24/include/selinux/av_permissions.h
---- nsalibselinux/include/selinux/av_permissions.h 2007-07-16 14:20:45.000000000 -0400
-+++ libselinux-2.0.24/include/selinux/av_permissions.h 2007-07-23 10:21:34.000000000 -0400
-@@ -290,12 +290,16 @@
- #define NODE__RAWIP_RECV 0x00000010UL
- #define NODE__RAWIP_SEND 0x00000020UL
- #define NODE__ENFORCE_DEST 0x00000040UL
-+#define NODE__DCCP_RECV 0x00000080UL
-+#define NODE__DCCP_SEND 0x00000100UL
- #define NETIF__TCP_RECV 0x00000001UL
- #define NETIF__TCP_SEND 0x00000002UL
- #define NETIF__UDP_RECV 0x00000004UL
- #define NETIF__UDP_SEND 0x00000008UL
- #define NETIF__RAWIP_RECV 0x00000010UL
- #define NETIF__RAWIP_SEND 0x00000020UL
-+#define NETIF__DCCP_RECV 0x00000040UL
-+#define NETIF__DCCP_SEND 0x00000080UL
- #define NETLINK_SOCKET__IOCTL 0x00000001UL
- #define NETLINK_SOCKET__READ 0x00000002UL
- #define NETLINK_SOCKET__WRITE 0x00000004UL
-@@ -837,6 +841,8 @@
- #define NSCD__SHMEMPWD 0x00000020UL
- #define NSCD__SHMEMGRP 0x00000040UL
- #define NSCD__SHMEMHOST 0x00000080UL
-+#define NSCD__GETSERV 0x00000100UL
-+#define NSCD__SHMEMSERV 0x00000200UL
- #define ASSOCIATION__SENDTO 0x00000001UL
- #define ASSOCIATION__RECVFROM 0x00000002UL
- #define ASSOCIATION__SETCONTEXT 0x00000004UL
-@@ -897,3 +903,28 @@
- #define KEY__CREATE 0x00000040UL
- #define CONTEXT__TRANSLATE 0x00000001UL
- #define CONTEXT__CONTAINS 0x00000002UL
-+#define DCCP_SOCKET__IOCTL 0x00000001UL
-+#define DCCP_SOCKET__READ 0x00000002UL
-+#define DCCP_SOCKET__WRITE 0x00000004UL
-+#define DCCP_SOCKET__CREATE 0x00000008UL
-+#define DCCP_SOCKET__GETATTR 0x00000010UL
-+#define DCCP_SOCKET__SETATTR 0x00000020UL
-+#define DCCP_SOCKET__LOCK 0x00000040UL
-+#define DCCP_SOCKET__RELABELFROM 0x00000080UL
-+#define DCCP_SOCKET__RELABELTO 0x00000100UL
-+#define DCCP_SOCKET__APPEND 0x00000200UL
-+#define DCCP_SOCKET__BIND 0x00000400UL
-+#define DCCP_SOCKET__CONNECT 0x00000800UL
-+#define DCCP_SOCKET__LISTEN 0x00001000UL
-+#define DCCP_SOCKET__ACCEPT 0x00002000UL
-+#define DCCP_SOCKET__GETOPT 0x00004000UL
-+#define DCCP_SOCKET__SETOPT 0x00008000UL
-+#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
-+#define DCCP_SOCKET__RECVFROM 0x00020000UL
-+#define DCCP_SOCKET__SENDTO 0x00040000UL
-+#define DCCP_SOCKET__RECV_MSG 0x00080000UL
-+#define DCCP_SOCKET__SEND_MSG 0x00100000UL
-+#define DCCP_SOCKET__NAME_BIND 0x00200000UL
-+#define DCCP_SOCKET__NODE_BIND 0x00400000UL
-+#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
-+#define MEMPROTECT__MMAP_ZERO 0x00000001UL
-diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libselinux-2.0.24/include/selinux/flask.h
---- nsalibselinux/include/selinux/flask.h 2007-07-16 14:20:45.000000000 -0400
-+++ libselinux-2.0.24/include/selinux/flask.h 2007-07-23 10:21:34.000000000 -0400
-@@ -64,6 +64,8 @@
- #define SECCLASS_PACKET 57
- #define SECCLASS_KEY 58
- #define SECCLASS_CONTEXT 59
-+#define SECCLASS_DCCP_SOCKET 60
-+#define SECCLASS_MEMPROTECT 61
-
- /*
- * Security identifier indices for initial entities
-diff --exclude-from=exclude -N -u -r nsalibselinux/Makefile libselinux-2.0.24/Makefile
---- nsalibselinux/Makefile 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/Makefile 2007-07-23 10:21:34.000000000 -0400
-@@ -20,6 +20,9 @@
- $(MAKE) -C src
- $(MAKE) -C utils
-
-+swigify: all
-+ $(MAKE) -C src swigify
-+
- pywrap:
- $(MAKE) -C src pywrap
-
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_add_callback.3 libselinux-2.0.24/man/man3/avc_add_callback.3
---- nsalibselinux/man/man3/avc_add_callback.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_add_callback.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,26 +6,26 @@
- avc_add_callback \- additional event notification for SELinux userspace object managers.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/avc.h>
- .sp
- .BI "int avc_add_callback(int (*" callback ")(uint32_t " event ,
- .in +\w'int avc_add_callback(int (*callback)('u
- .BI "security_id_t " ssid ,
--.br
-+
- .BI "security_id_t " tsid ,
--.br
-+
- .BI "security_class_t " tclass ,
--.br
-+
- .BI "access_vector_t " perms ,
--.br
-+
- .BI "access_vector_t *" out_retained "),"
- .in
- .in +\w'int avc_add_callback('u
- .BI "uint32_t " events ", security_id_t " ssid ,
--.br
-+
- .BI "security_id_t " tsid ", security_class_t " tclass ,
--.br
-+
- .BI "access_vector_t " perms ");"
- .in
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_cache_stats.3 libselinux-2.0.24/man/man3/avc_cache_stats.3
---- nsalibselinux/man/man3/avc_cache_stats.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_cache_stats.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,7 +6,7 @@
- avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/avc.h>
- .sp
- .BI "void avc_av_stats(void);"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_compute_create.3 libselinux-2.0.24/man/man3/avc_compute_create.3
---- nsalibselinux/man/man3/avc_compute_create.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_compute_create.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,7 +6,7 @@
- avc_compute_create \- obtain SELinux label for new object.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/avc.h>
- .sp
- .BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid ,
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_context_to_sid.3 libselinux-2.0.24/man/man3/avc_context_to_sid.3
---- nsalibselinux/man/man3/avc_context_to_sid.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_context_to_sid.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,7 +6,7 @@
- avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/avc.h>
- .sp
- .BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_has_perm.3 libselinux-2.0.24/man/man3/avc_has_perm.3
---- nsalibselinux/man/man3/avc_has_perm.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_has_perm.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,7 +6,7 @@
- avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/avc.h>
- .sp
- .BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");"
-@@ -14,21 +14,21 @@
- .BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid ,
- .in +\w'int avc_has_perm('u
- .BI "security_class_t " tclass ", access_vector_t " requested ,
--.br
-+
- .BI "struct avc_entry_ref *" aeref ", void *" auditdata ");"
- .in
- .sp
- .BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid ,
- .in +\w'int avc_has_perm('u
- .BI "security_class_t " tclass ", access_vector_t " requested ,
--.br
-+
- .BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");"
- .in
- .sp
- .BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid ,
- .in +\w'void avc_audit('u
- .BI "security_class_t " tclass ", access_vector_t " requested ,
--.br
-+
- .BI "struct av_decision *" avd ", int " result ", void *" auditdata ");"
- .in
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_init.3 libselinux-2.0.24/man/man3/avc_init.3
---- nsalibselinux/man/man3/avc_init.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/avc_init.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,17 +6,17 @@
- avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/avc.h>
- .sp
- .BI "int avc_init(const char *" msgprefix ,
- .in +\w'int avc_init('u
- .BI "const struct avc_memory_callback *" mem_callbacks ,
--.br
-+
- .BI "const struct avc_log_callback *" log_callbacks ,
--.br
-+
- .BI "const struct avc_thread_callback *" thread_callbacks ,
--.br
-+
- .BI "const struct avc_lock_callback *" lock_callbacks ");"
- .in
- .sp
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_new.3 libselinux-2.0.24/man/man3/context_new.3
---- nsalibselinux/man/man3/context_new.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/context_new.3 2007-07-23 10:21:34.000000000 -0400
-@@ -4,27 +4,27 @@
-
- .SH "SYNOPSIS"
- .B #include <selinux/context.h>
--.br
-+
- .B "context_t context_new(const char *" context_str );
--.br
-+
- .B "const char * context_str(context_t " con );
--.br
-+
- .B "void context_free(context_t " con );
--.br
-+
- .B "const char * context_type_get(context_t " con );
--.br
-+
- .B "const char * context_range_get(context_t " con );
--.br
-+
- .B "const char * context_role_get(context_t " con );
--.br
-+
- .B "const char * context_user_get(context_t " con );
--.br
-+
- .B "const char * context_type_set(context_t " con ", const char* " type);
--.br
-+
- .B "const char * context_range_set(context_t " con ", const char* " range);
--.br
-+
- .B "const char * context_role_set(context_t " con ", const char* " role );
--.br
-+
- .B "const char * context_user_set(context_t " con ", const char* " user );
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.24/man/man3/freecon.3
---- nsalibselinux/man/man3/freecon.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/freecon.3 2007-07-23 10:21:34.000000000 -0400
-@@ -5,7 +5,7 @@
- .B #include <selinux/selinux.h>
- .sp
- .BI "void freecon(security_context_t "con );
--.br
-+
- .BI "void freeconary(security_context_t *" con );
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getcon.3 libselinux-2.0.24/man/man3/getcon.3
---- nsalibselinux/man/man3/getcon.3 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/getcon.3 2007-07-23 10:21:34.000000000 -0400
-@@ -1,21 +1,21 @@
- .TH "getcon" "3" "1 January 2004" "russell at coker.com.au" "SELinux API documentation"
- .SH "NAME"
- getcon, getprevcon, getpidcon \- get SELinux security context of a process.
--.br
-+
- getpeercon - get security context of a peer socket.
--.br
-+
- setcon - set current security context of a process.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
- .sp
- .BI "int getcon(security_context_t *" context );
--.br
-+
- .BI "int getprevcon(security_context_t *" context );
--.br
-+
- .BI "int getpidcon(pid_t " pid ", security_context_t *" context );
--.br
-+
- .BI "int getpeercon(int " fd ", security_context_t *" context);
--.br
-+
- .BI "int setcon(security_context_t " context);
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libselinux-2.0.24/man/man3/getexeccon.3
---- nsalibselinux/man/man3/getexeccon.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/getexeccon.3 2007-07-23 10:21:34.000000000 -0400
-@@ -1,16 +1,16 @@
- .TH "getexeccon" "3" "1 January 2004" "russell at coker.com.au" "SELinux API documentation"
- .SH "NAME"
- getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
--.br
-+
- rpm_execcon \- run a helper for rpm in an appropriate security context
-
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
- .sp
- .BI "int getexeccon(security_context_t *" context );
--.br
-+
- .BI "int setexeccon(security_context_t "context );
--.br
-+
- .BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
-
- .SH "DESCRIPTION"
-@@ -26,16 +26,16 @@
- setexeccon to reset to the default policy behavior.
- The exec context is automatically reset after the next execve, so a
- program doesn't need to explicitly sanitize it upon startup.
--.br
-+
-
- setexeccon can be applied prior to library
- functions that internally perform an execve, e.g. execl*, execv*, popen,
- in order to set an exec context for that operation.
--.br
-+
-
- Note: Signal handlers that perform an execve must take care to
- save, reset, and restore the exec context to avoid unexpected behaviors.
--.br
-+
-
- .B rpm_execcon
- runs a helper for rpm in an appropriate security context. The
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libselinux-2.0.24/man/man3/getfilecon.3
---- nsalibselinux/man/man3/getfilecon.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/getfilecon.3 2007-07-23 10:21:34.000000000 -0400
-@@ -5,9 +5,9 @@
- .B #include <selinux/selinux.h>
- .sp
- .BI "int getfilecon(const char *" path ", security_context_t *" con );
--.br
-+
- .BI "int lgetfilecon(const char *" path ", security_context_t *" con );
--.br
-+
- .BI "int fgetfilecon(int "fd ", security_context_t *" con );
- .SH "DESCRIPTION"
- .B getfilecon
-@@ -22,7 +22,6 @@
- is identical to getfilecon, only the open file pointed to by filedes (as
- returned by open(2)) is interrogated in place of path.
-
--.br
-
- The returned context should be freed with freecon if non-NULL.
- .SH "RETURN VALUE"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 libselinux-2.0.24/man/man3/getfscreatecon.3
---- nsalibselinux/man/man3/getfscreatecon.3 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/getfscreatecon.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,7 +6,7 @@
- .B #include <selinux/selinux.h>
- .sp
- .BI "int getfscreatecon(security_context_t *" con );
--.br
-+
- .BI "int setfscreatecon(security_context_t "context );
-
- .SH "DESCRIPTION"
-@@ -22,11 +22,11 @@
- setfscreatecon to reset to the default policy behavior.
- The fscreate context is automatically reset after the next execve, so a
- program doesn't need to explicitly sanitize it upon startup.
--.br
-+
- setfscreatecon can be applied prior to library
- functions that internally perform an file creation,
- in order to set an file context on the objects.
--.br
-+
-
- Note: Signal handlers that perform an setfscreate must take care to
- save, reset, and restore the fscreate context to avoid unexpected behaviors.
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-2.0.24/man/man3/get_ordered_context_list.3
---- nsalibselinux/man/man3/get_ordered_context_list.3 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/get_ordered_context_list.3 2007-07-23 10:21:34.000000000 -0400
-@@ -4,7 +4,7 @@
-
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/get_context_list.h>
- .sp
- .BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getseuserbyname.3 libselinux-2.0.24/man/man3/getseuserbyname.3
---- nsalibselinux/man/man3/getseuserbyname.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/getseuserbyname.3 2007-07-23 10:21:34.000000000 -0400
-@@ -12,7 +12,7 @@
- then be passed to other libselinux functions such as
- get_ordered_context_list_with_level and get_default_context_with_level.
-
--.br
-+
-
- The returned SELinux username and level should be freed by the caller
- using free.
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_context_customizable.3 libselinux-2.0.24/man/man3/is_context_customizable.3
---- nsalibselinux/man/man3/is_context_customizable.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/is_context_customizable.3 2007-07-23 10:21:34.000000000 -0400
-@@ -8,7 +8,7 @@
-
- .SH "DESCRIPTION"
- .B is_context_customizable
--.br
-+
- This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that
- administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place.
-
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libselinux-2.0.24/man/man3/matchmediacon.3
---- nsalibselinux/man/man3/matchmediacon.3 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/matchmediacon.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,14 +6,14 @@
- .B #include <selinux/selinux.h>
- .sp
- .BI "int matchmediacon(const char *" media ", security_context_t *" con);"
--.br
-+
-
- .SH "DESCRIPTION"
--.br
-+
- .B matchmediacon
- matches the specified media type with the media contexts configuration and sets the security context "con" to refer to the resulting context.
- .sp
--.br
-+
- .B Note:
- Caller must free returned security context "con" using freecon.
- .SH "RETURN VALUE"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.24/man/man3/matchpathcon.3
---- nsalibselinux/man/man3/matchpathcon.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/matchpathcon.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,18 +6,18 @@
- .B #include <selinux/selinux.h>
- .sp
- .BI "int matchpathcon_init(const char *" path ");"
--.br
-+
- .BI "int matchpathcon_fini(void);"
--.br
-+
- .BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);
- .sp
--.br
-+
- .BI "void set_matchpathcon_printf(void (*" f ")(const char *" fmt ", ...));"
--.br
-+
- .BI "void set_matchpathcon_invalidcon(int (*" f ")(const char *"path ", unsigned " lineno ", char * " context "));"
--.br
-+
- .BI "void set_matchpathcon_flags(unsigned int " flags ");"
--.br
-+
- .SH "DESCRIPTION"
- .B matchpathcon_init
- loads the file contexts configuration specified by
-@@ -40,7 +40,7 @@
- suffix are also looked up and loaded if present. These files provide
- dynamically generated entries for user home directories and for local
- customizations.
--.br
-+
- .sp
- .B matchpathcon_fini
- frees the memory allocated by a prior call to
-@@ -49,7 +49,7 @@
- .B matchpathcon_init
- calls, or to free memory when finished using
- .B matchpathcon.
--.br
-+
- .sp
- .B matchpathcon
- matches the specified pathname and mode against the file contexts
-@@ -72,14 +72,14 @@
- .I path,
- defaulting to the active file contexts configuration.
- .sp
--.br
-+
- .B set_matchpathcon_printf
- sets the function used by
- .B matchpathcon_init
- when displaying errors about the file contexts configuration. If not set,
- then this defaults to fprintf(stderr, fmt, ...). This can be set to redirect
- error reporting to a different destination.
--.br
-+
- .sp
- .B set_matchpathcon_invalidcon
- sets the function used by
-@@ -100,7 +100,7 @@
- and
- .I lineno
- in such error messages.
--.br
-+
- .sp
- .B set_matchpathcon_flags
- sets flags controlling the operation of
-@@ -111,7 +111,7 @@
- .B MATCHPATHCON_BASEONLY
- flag is set, then only the base file contexts configuration file
- will be processed, not any dynamically generated entries or local customizations.
--.br
-+
- .sp
- .SH "RETURN VALUE"
- Returns 0 on success or -1 otherwise.
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_class_to_string.3 libselinux-2.0.24/man/man3/security_class_to_string.3
---- nsalibselinux/man/man3/security_class_to_string.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/security_class_to_string.3 2007-07-23 10:21:34.000000000 -0400
-@@ -8,7 +8,7 @@
-
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/flask.h>
- .sp
- .BI "const char * security_class_to_string(security_class_t " tclass ");"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_compute_av.3 libselinux-2.0.24/man/man3/security_compute_av.3
---- nsalibselinux/man/man3/security_compute_av.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/security_compute_av.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,7 +6,7 @@
-
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/flask.h>
- .sp
- .BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_getenforce.3 libselinux-2.0.24/man/man3/security_getenforce.3
---- nsalibselinux/man/man3/security_getenforce.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/security_getenforce.3 2007-07-23 10:21:34.000000000 -0400
-@@ -5,7 +5,7 @@
- .B #include <selinux/selinux.h>
- .sp
- .B int security_getenforce();
--.br
-+
- .BI "int security_setenforce(int "value );
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_booleans.3 libselinux-2.0.24/man/man3/security_load_booleans.3
---- nsalibselinux/man/man3/security_load_booleans.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/security_load_booleans.3 2007-07-23 10:21:34.000000000 -0400
-@@ -7,15 +7,15 @@
- .B #include <selinux/selinux.h>
- .sp
- extern int security_load_booleans(char *path);
--.br
-+
- extern int security_get_boolean_names(char ***names, int *len);
--.br
-+
- extern int security_get_boolean_pending(const char *name);
--.br
-+
- extern int security_get_boolean_active(const char *name);
--.br
-+
- extern int security_set_boolean(const char *name, int value);
--.br
-+
- extern int security_commit_booleans(void);
-
-
-@@ -29,27 +29,27 @@
- The SELinux API allows for a transaction based update. So you can set several boolean values and the commit them all at once.
-
- security_load_booleans
--.br
-+
- Load policy boolean settings. Path may be NULL, in which case the booleans are loaded from the active policy boolean configuration file.
-
- security_get_boolean_names
--.br
-+
- Returns a list of boolean names, currently supported by the loaded policy.
-
- security_set_boolean
--.br
-+
- Sets the pending value for boolean
-
- security_get_boolean_pending
--.br
-+
- Return pending value for boolean
-
- security_get_boolean_active
--.br
-+
- Return active value for boolean
-
- security_commit_booleans
--.br
-+
- Commit all pending values for the booleans.
-
- .SH AUTHOR
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_lookup.3 libselinux-2.0.24/man/man3/selabel_lookup.3
---- nsalibselinux/man/man3/selabel_lookup.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selabel_lookup.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,20 +6,20 @@
- selabel_lookup \- obtain SELinux security context from a string label.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/label.h>
- .sp
- .BI "int selabel_lookup(struct selabel_handle *" hnd ,
- .in +\w'int selabel_lookup('u
- .BI "security_context_t *" context ,
--.br
-+
- .BI "const char *" key ", int " type ");"
- .in
- .sp
- .BI "int selabel_lookup_raw(struct selabel_handle *" hnd ,
- .in +\w'int selabel_lookup_raw('u
- .BI "security_context_t *" context ,
--.br
-+
- .BI "const char *" key ", int " type ");"
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_open.3 libselinux-2.0.24/man/man3/selabel_open.3
---- nsalibselinux/man/man3/selabel_open.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selabel_open.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,13 +6,13 @@
- selabel_open, selabel_close \- userspace SELinux labeling interface.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/label.h>
- .sp
- .BI "struct selabel_handle *selabel_open(int " backend ,
- .in +\w'struct selabel_handle *selabel_open('u
- .BI "struct selinux_opt *" options ,
--.br
-+
- .BI "unsigned " nopt ");"
- .in
- .sp
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_stats.3 libselinux-2.0.24/man/man3/selabel_stats.3
---- nsalibselinux/man/man3/selabel_stats.3 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selabel_stats.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,7 +6,7 @@
- selabel_stats \- obtain SELinux labeling statistics.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/label.h>
- .sp
- .BI "void selabel_lookup(struct selabel_handle *" hnd ");"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-2.0.24/man/man3/selinux_binary_policy_path.3
---- nsalibselinux/man/man3/selinux_binary_policy_path.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selinux_binary_policy_path.3 2007-07-23 10:21:34.000000000 -0400
-@@ -10,27 +10,27 @@
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
- .sp
--.br
-+
- extern const char *selinux_policy_root(void);
--.br
-+
- extern const char *selinux_binary_policy_path(void);
--.br
-+
- extern const char *selinux_failsafe_context_path(void);
--.br
-+
- extern const char *selinux_removable_context_path(void);
--.br
-+
- extern const char *selinux_default_context_path(void);
--.br
-+
- extern const char *selinux_user_contexts_path(void);
--.br
-+
- extern const char *selinux_file_context_path(void);
--.br
-+
- extern const char *selinux_media_context_path(void);
--.br
-+
- extern const char *selinux_securetty_types_path(void);
--.br
-+
- extern const char *selinux_contexts_path(void);
--.br
-+
- extern const char *selinux_booleans_path(void);
-
-
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getenforcemode.3 libselinux-2.0.24/man/man3/selinux_getenforcemode.3
---- nsalibselinux/man/man3/selinux_getenforcemode.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selinux_getenforcemode.3 2007-07-23 10:21:34.000000000 -0400
-@@ -5,13 +5,13 @@
- .B #include <selinux/selinux.h>
- .sp
- .B int selinux_getenforcemode(int *enforce);
--.br
-+
-
- .SH "DESCRIPTION"
- .B selinux_getenforcemode
- Reads the contents of the /etc/selinux/config file to determine how the
- system was setup to run SELinux.
--.br
-+
- Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
- Sets the value of enforce to 0 if SELinux should be run in permissive mode.
- Sets the value of enforce to -1 if SELinux should be disabled.
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_policy_root.3 libselinux-2.0.24/man/man3/selinux_policy_root.3
---- nsalibselinux/man/man3/selinux_policy_root.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selinux_policy_root.3 2007-07-23 10:21:34.000000000 -0400
-@@ -5,7 +5,7 @@
- .B #include <selinux/selinux.h>
- .sp
- .B char *selinux_policy_root();
--.br
-+
-
- .SH "DESCRIPTION"
- .B selinux_policy_root
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_set_callback.3 libselinux-2.0.24/man/man3/selinux_set_callback.3
---- nsalibselinux/man/man3/selinux_set_callback.3 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man3/selinux_set_callback.3 2007-07-23 10:21:34.000000000 -0400
-@@ -39,11 +39,11 @@
- argument indicates the type of message and will be set to one of the following:
-
- .B SELINUX_ERROR
--.br
-+
- .B SELINUX_WARNING
--.br
-+
- .B SELINUX_INFO
--.br
-+
- .B SELINUX_AVC
-
- .TP
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setfilecon.3 libselinux-2.0.24/man/man3/setfilecon.3
---- nsalibselinux/man/man3/setfilecon.3 2007-07-16 14:20:47.000000000 -0400
-+++ libselinux-2.0.24/man/man3/setfilecon.3 2007-07-23 10:21:34.000000000 -0400
-@@ -6,9 +6,9 @@
- .B #include <selinux/selinux.h>
- .sp
- .BI "int setfilecon(const char *" path ", security_context_t "con );
--.br
-+
- .BI "int lsetfilecon(const char *" path ", security_context_t "con );
--.br
-+
- .BI "int fsetfilecon(int "fd ", security_context_t "con );
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_file.5 libselinux-2.0.24/man/man5/selabel_file.5
---- nsalibselinux/man/man5/selabel_file.5 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man5/selabel_file.5 2007-07-23 10:21:34.000000000 -0400
-@@ -6,13 +6,13 @@
- selabel_file \- userspace SELinux labeling interface: file contexts backend.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/label.h>
- .sp
- .BI "int selabel_lookup(struct selabel_handle *" hnd ,
- .in +\w'int selabel_lookup('u
- .BI "security_context_t *" context ,
--.br
-+
- .BI "const char *" path ", int " mode ");"
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_media.5 libselinux-2.0.24/man/man5/selabel_media.5
---- nsalibselinux/man/man5/selabel_media.5 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man5/selabel_media.5 2007-07-23 10:21:34.000000000 -0400
-@@ -6,13 +6,13 @@
- selabel_media \- userspace SELinux labeling interface: media contexts backend.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/label.h>
- .sp
- .BI "int selabel_lookup(struct selabel_handle *" hnd ,
- .in +\w'int selabel_lookup('u
- .BI "security_context_t *" context ,
--.br
-+
- .BI "const char *" device_name ", int " unused ");"
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_x.5 libselinux-2.0.24/man/man5/selabel_x.5
---- nsalibselinux/man/man5/selabel_x.5 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man5/selabel_x.5 2007-07-23 10:21:34.000000000 -0400
-@@ -6,13 +6,13 @@
- selabel_x \- userspace SELinux labeling interface: X Window System contexts backend.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/label.h>
- .sp
- .BI "int selabel_lookup(struct selabel_handle *" hnd ,
- .in +\w'int selabel_lookup('u
- .BI "security_context_t *" context ,
--.br
-+
- .BI "const char *" object_name ", int " object_type ");"
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-2.0.24/man/man8/matchpathcon.8
---- nsalibselinux/man/man8/matchpathcon.8 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man8/matchpathcon.8 2007-07-23 10:21:34.000000000 -0400
-@@ -10,16 +10,16 @@
- .SH OPTIONS
- .B \-n
- Do not display path.
--.br
-+
- .B \-N
- Do not use translations.
--.br
-+
- .B \-f file_context_file
- Use alternate file_context file
--.br
-+
- .B \-p prefix
- Use prefix to speed translations
--.br
-+
- .B \-V
- Verify file context on disk matches defaults
-
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-2.0.24/man/man8/selinux.8
---- nsalibselinux/man/man8/selinux.8 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/man/man8/selinux.8 2007-07-23 10:21:34.000000000 -0400
-@@ -62,14 +62,13 @@
- .B system-config-securitylevel
- allows customization of these booleans and tunables.
-
--.br
- Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
-
- .SH FILE LABELING
-
- All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
- Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
--.br
-+
- The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
-
- .SH AUTHOR
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.24/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/src/matchpathcon.c 2007-07-23 10:21:34.000000000 -0400
@@ -901,24 +10,3 @@
void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
{
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/stringrep.c libselinux-2.0.24/src/stringrep.c
---- nsalibselinux/src/stringrep.c 2007-07-16 14:20:46.000000000 -0400
-+++ libselinux-2.0.24/src/stringrep.c 2007-07-23 10:21:54.000000000 -0400
-@@ -236,7 +236,7 @@
-
- dentry = readdir(dir);
- while (dentry != NULL) {
-- size_t value;
-+ unsigned int value;
- struct stat m;
-
- snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
-@@ -258,7 +258,7 @@
- if (ret < 0)
- goto err4;
-
-- if (sscanf(buf, "%u", (unsigned int *)&value) != 1)
-+ if (sscanf(buf, "%u", &value) != 1)
- goto err4;
-
- node->perms[value-1] = strdup(dentry->d_name);
Index: libselinux.spec
===================================================================
RCS file: /cvs/extras/rpms/libselinux/devel/libselinux.spec,v
retrieving revision 1.275
retrieving revision 1.276
diff -u -r1.275 -r1.276
--- libselinux.spec 23 Jul 2007 14:23:50 -0000 1.275
+++ libselinux.spec 3 Aug 2007 20:06:53 -0000 1.276
@@ -1,8 +1,8 @@
%define libsepolver 2.0.1-1
Summary: SELinux library and simple utilities
Name: libselinux
-Version: 2.0.24
-Release: 3%{?dist}
+Version: 2.0.29
+Release: 1%{?dist}
License: Public domain (uncopyrighted)
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -123,10 +123,21 @@
%{_libdir}/python*/site-packages/selinux.py*
%changelog
+
+* Fri Aug 3 2007 Dan Walsh <dwalsh at redhat.com> - 2.0.29-1
+- Upgrade to upstream
+ * Updated version for stable branch.
+ * Added x_contexts path function patch from Eamon Walsh.
+ * Fix build for EMBEDDED=y from Yuichi Nakamura.
+ * Fix markup problems in selinux man pages from Dan Walsh.
+ * Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.
+ * Added swigify to top-level Makefile from Dan Walsh.
+ * Fix for string_to_security_class segfault on x86_64 from Stephen
+ Smalley.
+
* Mon Jul 23 2007 Dan Walsh <dwalsh at redhat.com> - 2.0.24-3
- Apply Steven Smalley patch to fix segfault in string_to_security_class
-
* Wed Jul 18 2007 Dan Walsh <dwalsh at redhat.com> - 2.0.24-2
- Fix matchpathcon to set default myprintf
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/libselinux/devel/sources,v
retrieving revision 1.147
retrieving revision 1.148
diff -u -r1.147 -r1.148
--- sources 16 Jul 2007 18:22:25 -0000 1.147
+++ sources 3 Aug 2007 20:06:53 -0000 1.148
@@ -1 +1 @@
-b413d84d6f156e1ca28fd1652caf425c libselinux-2.0.24.tgz
+48296c41f563cc445ecdc9644e5a0483 libselinux-2.0.29.tgz
More information about the fedora-extras-commits
mailing list