rpms/libselinux/devel libselinux-rhat.patch, 1.174, 1.175 libselinux.spec, 1.348, 1.349
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Dec 12 15:21:40 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/libselinux/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24306
Modified Files:
libselinux-rhat.patch libselinux.spec
Log Message:
* Fri Dec 12 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.76-3
- Add new function getseuser which will take username and service and return
- seuser and level. ipa will populate file in future.
- Change selinuxdefcon to return just the context by default
libselinux-rhat.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.174 -r 1.175 libselinux-rhat.patch
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/libselinux/devel/libselinux-rhat.patch,v
retrieving revision 1.174
retrieving revision 1.175
diff -u -r1.174 -r1.175
--- libselinux-rhat.patch 22 Nov 2008 21:01:27 -0000 1.174
+++ libselinux-rhat.patch 12 Dec 2008 15:21:09 -0000 1.175
@@ -1,6 +1,24 @@
+diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-2.0.76/include/selinux/selinux.h
+--- nsalibselinux/include/selinux/selinux.h 2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.76/include/selinux/selinux.h 2008-12-12 10:06:21.000000000 -0500
+@@ -511,6 +511,14 @@
+ Caller must free the returned strings via free. */
+ extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
+
++/* Get the SELinux username and level to use for a given Linux username and service.
++ These values may then be passed into the get_ordered_context_list*
++ and get_default_context* functions to obtain a context for the user.
++ Returns 0 on success or -1 otherwise.
++ Caller must free the returned strings via free. */
++extern int getseuser(const char *username, const char *service,
++ char **r_seuser, char **r_level);
++
+ /* Compare two file contexts, return 0 if equivalent. */
+ int selinux_file_context_cmp(const security_context_t a,
+ const security_context_t b);
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.76/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.76/man/man8/selinuxconlist.8 2008-11-22 15:57:58.000000000 -0500
++++ libselinux-2.0.76/man/man8/selinuxconlist.8 2008-12-02 09:14:48.000000000 -0500
@@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh at redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
@@ -22,7 +40,7 @@
+secon(8), selinuxdefcon(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.76/man/man8/selinuxdefcon.8
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.76/man/man8/selinuxdefcon.8 2008-11-22 15:57:58.000000000 -0500
++++ libselinux-2.0.76/man/man8/selinuxdefcon.8 2008-12-02 09:14:48.000000000 -0500
@@ -0,0 +1,19 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh at redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
@@ -45,7 +63,7 @@
+secon(8), selinuxconlist(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.76/src/callbacks.c
--- nsalibselinux/src/callbacks.c 2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.76/src/callbacks.c 2008-11-22 15:57:58.000000000 -0500
++++ libselinux-2.0.76/src/callbacks.c 2008-12-02 09:14:48.000000000 -0500
@@ -16,6 +16,7 @@
{
int rc;
@@ -56,7 +74,7 @@
va_end(ap);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.76/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.76/src/matchpathcon.c 2008-11-22 15:58:02.000000000 -0500
++++ libselinux-2.0.76/src/matchpathcon.c 2008-12-02 09:14:48.000000000 -0500
@@ -2,6 +2,7 @@
#include <string.h>
#include <errno.h>
@@ -76,11 +94,11 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.76/src/selinux.py
--- nsalibselinux/src/selinux.py 2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.76/src/selinux.py 2008-11-22 15:58:02.000000000 -0500
++++ libselinux-2.0.76/src/selinux.py 2008-12-12 10:08:01.000000000 -0500
@@ -1,5 +1,5 @@
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.33
-+# Version 1.3.35
++# Version 1.3.36
#
# Don't modify this file, modify the SWIG interface instead.
# This file is compatible with both classic and new-style classes.
@@ -114,9 +132,17 @@
is_selinux_enabled = _selinux.is_selinux_enabled
is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled
getcon = _selinux.getcon
+@@ -297,6 +320,7 @@
+ selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context
+ selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context
+ getseuserbyname = _selinux.getseuserbyname
++getseuser = _selinux.getseuser
+ selinux_file_context_cmp = _selinux.selinux_file_context_cmp
+ selinux_file_context_verify = _selinux.selinux_file_context_verify
+ selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.76/src/selinuxswig_python.i
--- nsalibselinux/src/selinuxswig_python.i 2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.76/src/selinuxswig_python.i 2008-11-22 15:58:02.000000000 -0500
++++ libselinux-2.0.76/src/selinuxswig_python.i 2008-12-02 09:14:48.000000000 -0500
@@ -6,6 +6,32 @@
#include "selinux/selinux.h"
%}
@@ -152,16 +178,29 @@
PyObject* list = PyList_New(*$2);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.76/src/selinuxswig_wrap.c
--- nsalibselinux/src/selinuxswig_wrap.c 2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.76/src/selinuxswig_wrap.c 2008-11-22 15:58:02.000000000 -0500
++++ libselinux-2.0.76/src/selinuxswig_wrap.c 2008-12-12 10:08:01.000000000 -0500
@@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
- * Version 1.3.33
-+ * Version 1.3.35
++ * Version 1.3.36
*
* This file is not intended to be easily readable and contains a number of
* coding conventions designed to improve portability and efficiency. Do not make
-@@ -126,7 +126,7 @@
+@@ -52,6 +52,12 @@
+ # endif
+ #endif
+
++#ifndef SWIG_MSC_UNSUPPRESS_4505
++# if defined(_MSC_VER)
++# pragma warning(disable : 4505) /* unreferenced local function has been removed */
++# endif
++#endif
++
+ #ifndef SWIGUNUSEDPARM
+ # ifdef __cplusplus
+ # define SWIGUNUSEDPARM(p)
+@@ -126,7 +132,7 @@
/* This should only be incremented when either the layout of swig_type_info changes,
or for whatever reason, the runtime changes incompatibly */
@@ -170,7 +209,7 @@
/* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */
#ifdef SWIG_TYPE_TABLE
-@@ -161,6 +161,7 @@
+@@ -161,6 +167,7 @@
/* Flags for pointer conversions */
#define SWIG_POINTER_DISOWN 0x1
@@ -178,7 +217,7 @@
/* Flags for new pointer objects */
#define SWIG_POINTER_OWN 0x1
-@@ -301,10 +302,10 @@
+@@ -301,10 +308,10 @@
extern "C" {
#endif
@@ -191,7 +230,7 @@
typedef struct swig_type_info {
const char *name; /* mangled name of this type */
const char *str; /* human readable name of this type */
-@@ -431,8 +432,8 @@
+@@ -431,8 +438,8 @@
Cast a pointer up an inheritance hierarchy
*/
SWIGRUNTIMEINLINE void *
@@ -202,7 +241,7 @@
}
/*
-@@ -856,7 +857,7 @@
+@@ -856,7 +863,7 @@
Py_DECREF(old_str);
Py_DECREF(value);
} else {
@@ -211,7 +250,7 @@
}
}
-@@ -1416,7 +1417,7 @@
+@@ -1416,7 +1423,7 @@
{
PySwigObject *sobj = (PySwigObject *) v;
PyObject *next = sobj->next;
@@ -220,7 +259,7 @@
swig_type_info *ty = sobj->ty;
PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
PyObject *destroy = data ? data->destroy : 0;
-@@ -1434,12 +1435,13 @@
+@@ -1434,12 +1441,13 @@
res = ((*meth)(mself, v));
}
Py_XDECREF(res);
@@ -238,7 +277,7 @@
}
Py_XDECREF(next);
PyObject_DEL(v);
-@@ -1944,7 +1946,7 @@
+@@ -1944,7 +1952,7 @@
SWIGRUNTIME int
SWIG_Python_AcquirePtr(PyObject *obj, int own) {
@@ -247,7 +286,7 @@
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
if (sobj) {
int oldown = sobj->own;
-@@ -1965,6 +1967,8 @@
+@@ -1965,6 +1973,8 @@
return SWIG_OK;
} else {
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
@@ -256,7 +295,7 @@
[...2564 lines suppressed...]
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
++ int result;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_default_context_with_role",&obj0,&obj1,&obj2)) SWIG_fail;
+@@ -9916,7 +9957,6 @@
+ char *arg3 = (char *) 0 ;
+ security_context_t arg4 = (security_context_t) 0 ;
+ security_context_t *arg5 = (security_context_t *) 0 ;
+- int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+@@ -9934,6 +9974,7 @@
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
++ int result;
+
+ arg5 = &temp5;
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:get_default_context_with_rolelevel",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+@@ -9985,9 +10026,9 @@
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+- int result;
+ security_context_t temp1 = 0 ;
+ security_context_t temp2 = 0 ;
++ int result;
+
+ arg1 = &temp1;
+ arg2 = &temp2;
+@@ -10020,12 +10061,12 @@
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+- int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
++ int result;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:manual_user_enter_context",&obj0)) SWIG_fail;
+@@ -10218,6 +10259,7 @@
+ { (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL},
+ { (char *)"selinux_raw_to_trans_context", _wrap_selinux_raw_to_trans_context, METH_VARARGS, NULL},
+ { (char *)"getseuserbyname", _wrap_getseuserbyname, METH_VARARGS, NULL},
++ { (char *)"getseuser", _wrap_getseuser, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_cmp", _wrap_selinux_file_context_cmp, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_verify", _wrap_selinux_file_context_verify, METH_VARARGS, NULL},
+ { (char *)"selinux_lsetfilecon_default", _wrap_selinux_lsetfilecon_default, METH_VARARGS, NULL},
+@@ -10513,7 +10555,7 @@
SWIG_InitializeModule(void *clientdata) {
size_t i;
swig_module_info *module_head, *iter;
@@ -533,7 +2936,7 @@
clientdata = clientdata;
-@@ -10523,6 +10541,9 @@
+@@ -10523,6 +10565,9 @@
swig_module.type_initial = swig_type_initial;
swig_module.cast_initial = swig_cast_initial;
swig_module.next = &swig_module;
@@ -543,7 +2946,7 @@
}
/* Try and load any already created modules */
-@@ -10551,6 +10572,12 @@
+@@ -10551,6 +10596,12 @@
module_head->next = &swig_module;
}
@@ -556,3 +2959,121 @@
/* Now work on filling in swig_module.types */
#ifdef SWIGRUNTIME_DEBUG
printf("SWIG_InitializeModule: size %d\n", swig_module.size);
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.76/src/seusers.c
+--- nsalibselinux/src/seusers.c 2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.76/src/seusers.c 2008-12-12 10:06:56.000000000 -0500
+@@ -243,3 +243,66 @@
+ *r_level = NULL;
+ return 0;
+ }
++
++int getseuser(const char *username, const char *service,
++ char **r_seuser, char **r_level) {
++ int ret = -1;
++ int len = 0;
++ char *seuser = NULL;
++ char *level = NULL;
++ char *buffer = NULL;
++ size_t size = 0;
++ size_t lineno = 0;
++ char *rec = NULL;
++ char *path=NULL;
++ if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), username) < 0)
++ goto err;
++ FILE *fp = fopen(path, "r");
++ free(path);
++ if (fp == NULL) goto err;
++ __fsetlocking(fp, FSETLOCKING_BYCALLER);
++ while (getline(&buffer, &size, fp) > 0) {
++ ++lineno;
++
++ if (strncmp(buffer, "*:", 2) == 0) {
++ free(rec);
++ rec = strdup(buffer);
++ continue;
++ }
++ len = strlen(service);
++ if ((strncmp(buffer, service, len) == 0) &&
++ (buffer[len] == ':')) {
++ free(rec);
++ rec = strdup(buffer);
++ break;
++ }
++ }
++
++ if (! rec) goto err;
++ seuser = strchr(rec, ':');
++ if (! seuser) goto err;
++
++ seuser++;
++ level = strchr(seuser, ':');
++ *level = 0;
++ level++;
++ *r_seuser = strdup(seuser);
++ if (! *r_seuser) goto err;
++
++ len = strlen(level);
++ if (len && level[len-1] == '\n')
++ level[len-1] = 0;
++
++ *r_level = strdup(level);
++ if (! *r_level) {
++ free(*r_seuser);
++ goto err;
++ }
++ ret = 0;
++
++ err:
++ free(buffer);
++ fclose(fp);
++ free(rec);
++ return getseuserbyname(username, r_seuser, r_level);
++}
+diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getdefaultcon.c libselinux-2.0.76/utils/getdefaultcon.c
+--- nsalibselinux/utils/getdefaultcon.c 2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.76/utils/getdefaultcon.c 2008-12-02 09:33:14.000000000 -0500
+@@ -22,8 +22,9 @@
+ security_context_t usercon = NULL, cur_context = NULL;
+ char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+ int ret, opt;
++ int verbose = 0;
+
+- while ((opt = getopt(argc, argv, "l:r:")) > 0) {
++ while ((opt = getopt(argc, argv, "l:r:v")) > 0) {
+ switch (opt) {
+ case 'l':
+ level = strdup(optarg);
+@@ -31,6 +32,9 @@
+ case 'r':
+ role = strdup(optarg);
+ break;
++ case 'v':
++ verbose = 1;
++ break;
+ default:
+ usage(argv[0], "invalid option", 1);
+ }
+@@ -66,9 +70,13 @@
+ }
+ if (ret < 0)
+ perror(argv[0]);
+- else
+- printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
+-
++ else {
++ if (verbose) {
++ printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
++ } else {
++ printf("%s", usercon);
++ }
++ }
+
+ free(role);
+ free(seuser);
+@@ -76,5 +84,5 @@
+ free(dlevel);
+ free(usercon);
+
+- return 0;
++ return ret >= 0;
+ }
Index: libselinux.spec
===================================================================
RCS file: /cvs/extras/rpms/libselinux/devel/libselinux.spec,v
retrieving revision 1.348
retrieving revision 1.349
diff -u -r1.348 -r1.349
--- libselinux.spec 29 Nov 2008 16:48:05 -0000 1.348
+++ libselinux.spec 12 Dec 2008 15:21:10 -0000 1.349
@@ -5,7 +5,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.0.76
-Release: 2%{?dist}
+Release: 3%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -163,6 +163,11 @@
%{ruby_sitearch}/selinux.so
%changelog
+* Fri Dec 12 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.76-3
+- Add new function getseuser which will take username and service and return
+- seuser and level. ipa will populate file in future.
+- Change selinuxdefcon to return just the context by default
+
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm at gmail.com> - 2.0.76-2
- Rebuild for Python 2.6
More information about the fedora-extras-commits
mailing list