rpms/libsemanage/devel libsemanage-rhat.patch, 1.25, 1.26 libsemanage.spec, 1.133, 1.134
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Sep 26 20:51:45 UTC 2007
- Previous message (by thread): rpms/pyxf86config/devel .cvsignore, 1.23, 1.24 pyxf86config.spec, 1.44, 1.45 sources, 1.23, 1.24
- Next message (by thread): rpms/kernel/devel patch-2.6.23-rc8-git1.bz2.sign, NONE, 1.1 .cvsignore, 1.695, 1.696 kernel.spec, 1.189, 1.190 linux-2.6-highres-timers.patch, 1.12, 1.13 sources, 1.656, 1.657 upstream, 1.578, 1.579 linux-2.6-powerpc-FULL_REGS-on-exec.patch, 1.1, NONE linux-2.6-wireless.patch, 1.7, NONE linux-2.6-x86-disable-local-apic-amd-c1e.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/libsemanage/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5120
Modified Files:
libsemanage-rhat.patch libsemanage.spec
Log Message:
* Wed Sep 26 2007 Dan Walsh <dwalsh at redhat.com> - 2.0.6-2
- Fix genhomedircon code to only generate valid context
- Fixes autorelabel problem
libsemanage-rhat.patch:
Index: libsemanage-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/libsemanage/devel/libsemanage-rhat.patch,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- libsemanage-rhat.patch 6 Sep 2007 02:48:04 -0000 1.25
+++ libsemanage-rhat.patch 26 Sep 2007 20:51:42 -0000 1.26
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/handle.h libsemanage-2.0.3/include/semanage/handle.h
+diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/handle.h libsemanage-2.0.6/include/semanage/handle.h
--- nsalibsemanage/include/semanage/handle.h 2007-08-20 19:15:36.000000000 -0400
-+++ libsemanage-2.0.3/include/semanage/handle.h 2007-08-11 06:41:11.000000000 -0400
++++ libsemanage-2.0.6/include/semanage/handle.h 2007-09-26 16:22:02.000000000 -0400
@@ -69,6 +69,10 @@
* 1 for yes, 0 for no (default) */
void semanage_set_create_store(semanage_handle_t * handle, int create_store);
@@ -12,9 +12,9 @@
/* Set whether or not to disable dontaudits upon commit */
void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
-diff --exclude-from=exclude -N -u -r nsalibsemanage/Makefile libsemanage-2.0.3/Makefile
+diff --exclude-from=exclude -N -u -r nsalibsemanage/Makefile libsemanage-2.0.6/Makefile
--- nsalibsemanage/Makefile 2007-07-16 14:20:39.000000000 -0400
-+++ libsemanage-2.0.3/Makefile 2007-08-11 06:40:28.000000000 -0400
++++ libsemanage-2.0.6/Makefile 2007-09-26 16:22:02.000000000 -0400
@@ -1,6 +1,9 @@
all:
$(MAKE) -C src all
@@ -25,9 +25,255 @@
pywrap:
$(MAKE) -C src pywrap
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.c libsemanage-2.0.3/src/handle.c
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.6/src/direct_api.c
+--- nsalibsemanage/src/direct_api.c 2007-07-16 14:20:38.000000000 -0400
++++ libsemanage-2.0.6/src/direct_api.c 2007-09-26 16:22:31.000000000 -0400
+@@ -700,7 +700,7 @@
+ goto cleanup;
+
+ if (sh->do_rebuild || modified) {
+- retval = semanage_install_sandbox(sh);
++ retval = semanage_install_sandbox(sh, out);
+ }
+
+ cleanup:
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.6/src/genhomedircon.c
+--- nsalibsemanage/src/genhomedircon.c 2007-09-13 08:21:11.000000000 -0400
++++ libsemanage-2.0.6/src/genhomedircon.c 2007-09-26 16:39:40.000000000 -0400
+@@ -1,5 +1,6 @@
+-/* Author: Mark Goldman <mgoldman at tresys.com>
+- * Paul Rosenfeld <prosenfeld at tresys.com>
++/* Author: Mark Goldman <mgoldman at tresys.com>
++ * Paul Rosenfeld <prosenfeld at tresys.com>
++ * Todd C. Miller <tmiller at tresys.com>
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+@@ -23,6 +24,8 @@
+ #include <semanage/seusers_policy.h>
+ #include <semanage/users_policy.h>
+ #include <semanage/user_record.h>
++#include <sepol/context.h>
++#include <sepol/context_record.h>
+ #include "semanage_store.h"
+ #include "seuser_internal.h"
+ #include "debug.h"
+@@ -80,6 +83,7 @@
+ int usepasswd;
+ const char *homedir_template_path;
+ semanage_handle_t *h_semanage;
++ sepol_policydb_t *policydb;
+ } genhomedircon_settings_t;
+
+ typedef struct user_entry {
+@@ -352,9 +356,48 @@
+ return retval;
+ }
+
+-static int write_home_dir_context(FILE * out, semanage_list_t * tpl,
+- const char *user, const char *seuser,
+- const char *home, const char *role_prefix)
++static const char * extract_context(Ustr *line)
++{
++ const char whitespace[] = " \t\n";
++ size_t off, len;
++
++ /* check for trailing whitespace */
++ off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
++
++ /* find the length of the last field in line */
++ len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
++
++ if (len == 0)
++ return NULL;
++ return ustr_cstr(line) + ustr_len(line) - (len + off);
++}
++
++static int check_line(genhomedircon_settings_t * s, Ustr *line)
++{
++ sepol_context_t *ctx_record = NULL;
++ const char *ctx_str;
++ int result;
++
++ ctx_str = extract_context(line);
++ if (!ctx_str)
++ return STATUS_ERR;
++
++ result = sepol_context_from_string(s->h_semanage->sepolh,
++ ctx_str, &ctx_record);
++ if (result == STATUS_SUCCESS && ctx_record != NULL) {
++ sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
++ result = sepol_context_check(s->h_semanage->sepolh,
++ s->policydb, ctx_record);
++ sepol_msg_set_callback(s->h_semanage->sepolh, semanage_msg_relay_handler, NULL);
++ sepol_context_free(ctx_record);
++ }
++ return result;
++}
++
++static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
++ semanage_list_t * tpl, const char *user,
++ const char *seuser, const char *home,
++ const char *role_prefix)
+ {
+ replacement_pair_t repl[] = {
+ {.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
+@@ -369,8 +412,12 @@
+
+ for (; tpl; tpl = tpl->next) {
+ line = replace_all(tpl->data, repl);
+- if (!line || !ustr_io_putfileline(&line, out))
++ if (!line)
+ goto fail;
++ if (check_line(s, line) == STATUS_SUCCESS) {
++ if (!ustr_io_putfileline(&line, out))
++ goto fail;
++ }
+ ustr_sc_free(&line);
+ }
+ return STATUS_SUCCESS;
+@@ -380,8 +427,8 @@
+ return STATUS_ERR;
+ }
+
+-static int write_home_root_context(FILE * out, semanage_list_t * tpl,
+- char *homedir)
++static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
++ semanage_list_t * tpl, char *homedir)
+ {
+ replacement_pair_t repl[] = {
+ {.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
+@@ -391,8 +438,12 @@
+
+ for (; tpl; tpl = tpl->next) {
+ line = replace_all(tpl->data, repl);
+- if (!line || !ustr_io_putfileline(&line, out))
++ if (!line)
+ goto fail;
++ if (check_line(s, line) == STATUS_SUCCESS) {
++ if (!ustr_io_putfileline(&line, out))
++ goto fail;
++ }
+ ustr_sc_free(&line);
+ }
+ return STATUS_SUCCESS;
+@@ -402,7 +453,8 @@
+ return STATUS_ERR;
+ }
+
+-static int write_user_context(FILE * out, semanage_list_t * tpl, char *user,
++static int write_user_context(genhomedircon_settings_t * s, FILE * out,
++ semanage_list_t * tpl, char *user,
+ char *seuser, char *role_prefix)
+ {
+ replacement_pair_t repl[] = {
+@@ -415,8 +467,12 @@
+
+ for (; tpl; tpl = tpl->next) {
+ line = replace_all(tpl->data, repl);
+- if (!line || !ustr_io_putfileline(&line, out))
++ if (!line)
+ goto fail;
++ if (check_line(s, line) == STATUS_SUCCESS) {
++ if (!ustr_io_putfileline(&line, out))
++ goto fail;
++ }
+ ustr_sc_free(&line);
+ }
+ return STATUS_SUCCESS;
+@@ -602,7 +658,7 @@
+ return head;
+ }
+
+-static int write_gen_home_dir_context(FILE * out, genhomedircon_settings_t * s,
++static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * user_context_tpl,
+ semanage_list_t * homedir_context_tpl)
+ {
+@@ -615,13 +671,13 @@
+ }
+
+ for (; users; pop_user_entry(&users)) {
+- if (write_home_dir_context(out, homedir_context_tpl,
++ if (write_home_dir_context(s, out, homedir_context_tpl,
+ users->name,
+ users->sename, users->home,
+ users->prefix)) {
+ return STATUS_ERR;
+ }
+- if (write_user_context(out, user_context_tpl, users->name,
++ if (write_user_context(s, out, user_context_tpl, users->name,
+ users->sename, users->prefix)) {
+ return STATUS_ERR;
+ }
+@@ -671,7 +727,7 @@
+ goto done;
+ }
+
+- if (write_home_dir_context(out,
++ if (write_home_dir_context(s, out,
+ homedir_context_tpl, FALLBACK_USER,
+ FALLBACK_USER, ustr_cstr(temp),
+ FALLBACK_USER_PREFIX) !=
+@@ -680,7 +736,7 @@
+ retval = STATUS_ERR;
+ goto done;
+ }
+- if (write_home_root_context(out,
++ if (write_home_root_context(s, out,
+ homeroot_context_tpl,
+ h->data) != STATUS_SUCCESS) {
+ ustr_sc_free(&temp);
+@@ -690,13 +746,13 @@
+
+ ustr_sc_free(&temp);
+ }
+- if (write_user_context(out, user_context_tpl,
++ if (write_user_context(s, out, user_context_tpl,
+ ".*", FALLBACK_USER,
+ FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ goto done;
+ }
+- if (write_gen_home_dir_context(out, s, user_context_tpl,
++ if (write_gen_home_dir_context(s, out, user_context_tpl,
+ homedir_context_tpl) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ }
+@@ -711,7 +767,9 @@
+ return retval;
+ }
+
+-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd)
++int semanage_genhomedircon(semanage_handle_t * sh,
++ sepol_policydb_t * policydb,
++ int usepasswd)
+ {
+ genhomedircon_settings_t s;
+ FILE *out = NULL;
+@@ -725,6 +783,7 @@
+
+ s.usepasswd = usepasswd;
+ s.h_semanage = sh;
++ s.policydb = policydb;
+
+ if (!(out = fopen(s.fcfilepath, "w"))) {
+ /* couldn't open output file */
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.h libsemanage-2.0.6/src/genhomedircon.h
+--- nsalibsemanage/src/genhomedircon.h 2007-08-23 16:52:25.000000000 -0400
++++ libsemanage-2.0.6/src/genhomedircon.h 2007-09-26 16:22:31.000000000 -0400
+@@ -22,6 +22,7 @@
+
+ #include "utilities.h"
+
+-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd);
++int semanage_genhomedircon(semanage_handle_t * sh,
++ sepol_policydb_t * policydb, int usepasswd);
+
+ #endif
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.c libsemanage-2.0.6/src/handle.c
--- nsalibsemanage/src/handle.c 2007-08-20 19:15:37.000000000 -0400
-+++ libsemanage-2.0.3/src/handle.c 2007-08-11 06:41:31.000000000 -0400
++++ libsemanage-2.0.6/src/handle.c 2007-09-26 16:22:02.000000000 -0400
@@ -68,6 +68,7 @@
/* By default do not create store */
sh->create_store = 0;
@@ -52,9 +298,9 @@
void semanage_set_create_store(semanage_handle_t * sh, int create_store)
{
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.h libsemanage-2.0.3/src/handle.h
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.h libsemanage-2.0.6/src/handle.h
--- nsalibsemanage/src/handle.h 2007-07-16 14:20:38.000000000 -0400
-+++ libsemanage-2.0.3/src/handle.h 2007-08-11 06:40:28.000000000 -0400
++++ libsemanage-2.0.6/src/handle.h 2007-09-26 16:22:02.000000000 -0400
@@ -58,6 +58,7 @@
int is_connected;
int is_in_transaction;
@@ -63,9 +309,9 @@
int do_rebuild; /* whether to rebuild policy if there were no changes */
int modules_modified;
int create_store; /* whether to create the store if it does not exist
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.3/src/libsemanage.map
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.6/src/libsemanage.map
--- nsalibsemanage/src/libsemanage.map 2007-08-20 19:15:37.000000000 -0400
-+++ libsemanage-2.0.3/src/libsemanage.map 2007-08-11 06:40:28.000000000 -0400
++++ libsemanage-2.0.6/src/libsemanage.map 2007-09-26 16:22:02.000000000 -0400
@@ -9,6 +9,7 @@
semanage_module_list_nth; semanage_module_get_name;
semanage_module_get_version; semanage_select_store;
@@ -74,10 +320,10 @@
semanage_user_*; semanage_bool_*; semanage_seuser_*;
semanage_iface_*; semanage_port_*; semanage_context_*;
semanage_node_*;
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.3/src/semanage_store.c
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.6/src/semanage_store.c
--- nsalibsemanage/src/semanage_store.c 2007-08-23 16:52:25.000000000 -0400
-+++ libsemanage-2.0.3/src/semanage_store.c 2007-08-11 06:40:28.000000000 -0400
-@@ -1130,7 +1120,7 @@
++++ libsemanage-2.0.6/src/semanage_store.c 2007-09-26 16:22:31.000000000 -0400
+@@ -1130,7 +1130,7 @@
skip_reload:
@@ -86,3 +332,44 @@
semanage_exec_prog(sh, sh->conf->setfiles, store_pol,
store_fc)) != 0) {
ERR(sh, "setfiles returned error code %d.", r);
+@@ -1257,7 +1257,8 @@
+ * should be placed within a mutex lock to ensure that it runs
+ * atomically. Returns commit number on success, -1 on error.
+ */
+-int semanage_install_sandbox(semanage_handle_t * sh)
++int semanage_install_sandbox(semanage_handle_t * sh,
++ sepol_policydb_t * policydb)
+ {
+ int retval = -1, commit_num = -1;
+
+@@ -1272,7 +1273,7 @@
+ }
+ if (!sh->conf->disable_genhomedircon) {
+ if ((retval =
+- semanage_genhomedircon(sh, TRUE)) != 0) {
++ semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
+ ERR(sh, "semanage_genhomedircon returned error code %d.",
+ retval);
+ goto cleanup;
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.6/src/semanage_store.h
+--- nsalibsemanage/src/semanage_store.h 2007-08-23 16:52:25.000000000 -0400
++++ libsemanage-2.0.6/src/semanage_store.h 2007-09-26 16:22:31.000000000 -0400
+@@ -83,8 +83,6 @@
+ int semanage_get_modules_names(semanage_handle_t * sh,
+ char ***filenames, int *len);
+
+-int semanage_install_sandbox(semanage_handle_t * sh);
+-
+ /* lock file routines */
+ int semanage_get_trans_lock(semanage_handle_t * sh);
+ int semanage_get_active_lock(semanage_handle_t * sh);
+@@ -102,7 +100,8 @@
+ int semanage_write_policydb(semanage_handle_t * sh,
+ sepol_policydb_t * policydb);
+
+-int semanage_install_sandbox(semanage_handle_t * sh);
++int semanage_install_sandbox(semanage_handle_t * sh,
++ sepol_policydb_t * policydb);
+
+ int semanage_verify_modules(semanage_handle_t * sh,
+ char **module_filenames, int num_modules);
Index: libsemanage.spec
===================================================================
RCS file: /cvs/extras/rpms/libsemanage/devel/libsemanage.spec,v
retrieving revision 1.133
retrieving revision 1.134
diff -u -r1.133 -r1.134
--- libsemanage.spec 13 Sep 2007 12:29:42 -0000 1.133
+++ libsemanage.spec 26 Sep 2007 20:51:43 -0000 1.134
@@ -3,7 +3,7 @@
Summary: SELinux binary policy manipulation library
Name: libsemanage
Version: 2.0.6
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPL
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
@@ -78,6 +78,10 @@
%{_mandir}/man3/*
%changelog
+* Wed Sep 26 2007 Dan Walsh <dwalsh at redhat.com> - 2.0.6-2
+- Fix genhomedircon code to only generate valid context
+- Fixes autorelabel problem
+
* Thu Sep 13 2007 Dan Walsh <dwalsh at redhat.com> - 2.0.6-1
- Upgrade to latest from NSA
* Change to use getpw* function calls to the _r versions from Todd Miller.
- Previous message (by thread): rpms/pyxf86config/devel .cvsignore, 1.23, 1.24 pyxf86config.spec, 1.44, 1.45 sources, 1.23, 1.24
- Next message (by thread): rpms/kernel/devel patch-2.6.23-rc8-git1.bz2.sign, NONE, 1.1 .cvsignore, 1.695, 1.696 kernel.spec, 1.189, 1.190 linux-2.6-highres-timers.patch, 1.12, 1.13 sources, 1.656, 1.657 upstream, 1.578, 1.579 linux-2.6-powerpc-FULL_REGS-on-exec.patch, 1.1, NONE linux-2.6-wireless.patch, 1.7, NONE linux-2.6-x86-disable-local-apic-amd-c1e.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list