rpms/libselinux/F-10 libselinux-rhat.patch, 1.168, 1.169 libselinux.spec, 1.344, 1.345 sources, 1.178, 1.179
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Dec 12 15:31:26 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/libselinux/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27409
Modified Files:
libselinux-rhat.patch libselinux.spec sources
Log Message:
* Fri Dec 12 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.76-3
- Add new function getseuser which will take username and service and return
- seuser and level. ipa will populate file in future.
- Change selinuxdefcon to return just the context by default
libselinux-rhat.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.168 -r 1.169 libselinux-rhat.patch
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/libselinux/F-10/libselinux-rhat.patch,v
retrieving revision 1.168
retrieving revision 1.169
diff -u -r1.168 -r1.169
--- libselinux-rhat.patch 30 Sep 2008 13:30:18 -0000 1.168
+++ libselinux-rhat.patch 12 Dec 2008 15:30:56 -0000 1.169
@@ -1,44 +1,24 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.71/man/man3/matchpathcon.3
---- nsalibselinux/man/man3/matchpathcon.3 2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.71/man/man3/matchpathcon.3 2008-09-26 10:21:43.000000000 -0400
-@@ -18,6 +18,11 @@
-
- .BI "void set_matchpathcon_flags(unsigned int " flags ");"
-
-+.BI "int selinux_file_context_cmp(const security_context_t a,
-+ const security_context_t b);"
-+
-+.BI "int selinux_file_context_verify(const char *path, mode_t mode);"
-+
- .SH "DESCRIPTION"
- .B matchpathcon_init
- loads the file contexts configuration specified by
-@@ -111,6 +116,12 @@
- .B MATCHPATHCON_BASEONLY
- flag is set, then only the base file contexts configuration file
- will be processed, not any dynamically generated entries or local customizations.
-+.sp
-+.B selinux_file_context_cmp
-+compares two file contexts to see if their differences are "significant", the function runs the strcmp function ignoring the user componant of the file context.
-+.sp
-+.B selinux_file_context_verify
-+compares the file context on disk to the system default.
-
- .sp
- .SH "RETURN VALUE"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_cmp.3 libselinux-2.0.71/man/man3/selinux_file_context_cmp.3
---- nsalibselinux/man/man3/selinux_file_context_cmp.3 1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.71/man/man3/selinux_file_context_cmp.3 2008-09-26 10:21:43.000000000 -0400
-@@ -0,0 +1 @@
-+.so man3/matchpathcon.3
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_verify.3 libselinux-2.0.71/man/man3/selinux_file_context_verify.3
---- nsalibselinux/man/man3/selinux_file_context_verify.3 1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.71/man/man3/selinux_file_context_verify.3 2008-09-26 10:21:43.000000000 -0400
-@@ -0,0 +1 @@
-+.so man3/matchpathcon.3
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.71/man/man8/selinuxconlist.8
+diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-2.0.76/include/selinux/selinux.h
+--- nsalibselinux/include/selinux/selinux.h 2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.76/include/selinux/selinux.h 2008-12-12 10:06:21.000000000 -0500
+@@ -511,6 +511,14 @@
+ Caller must free the returned strings via free. */
+ extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
+
++/* Get the SELinux username and level to use for a given Linux username and service.
++ These values may then be passed into the get_ordered_context_list*
++ and get_default_context* functions to obtain a context for the user.
++ Returns 0 on success or -1 otherwise.
++ Caller must free the returned strings via free. */
++extern int getseuser(const char *username, const char *service,
++ char **r_seuser, char **r_level);
++
+ /* Compare two file contexts, return 0 if equivalent. */
+ int selinux_file_context_cmp(const security_context_t a,
+ const security_context_t b);
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.76/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.71/man/man8/selinuxconlist.8 2008-09-26 10:21:43.000000000 -0400
++++ libselinux-2.0.76/man/man8/selinuxconlist.8 2008-12-02 09:14:48.000000000 -0500
@@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh at redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
@@ -58,9 +38,9 @@
+
+.SH "SEE ALSO"
+secon(8), selinuxdefcon(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.71/man/man8/selinuxdefcon.8
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.76/man/man8/selinuxdefcon.8
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.71/man/man8/selinuxdefcon.8 2008-09-26 10:21:43.000000000 -0400
++++ libselinux-2.0.76/man/man8/selinuxdefcon.8 2008-12-02 09:14:48.000000000 -0500
@@ -0,0 +1,19 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh at redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
@@ -81,9 +61,9 @@
+
+.SH "SEE ALSO"
+secon(8), selinuxconlist(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.71/src/callbacks.c
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.76/src/callbacks.c
--- nsalibselinux/src/callbacks.c 2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.71/src/callbacks.c 2008-09-26 10:21:43.000000000 -0400
++++ libselinux-2.0.76/src/callbacks.c 2008-12-02 09:14:48.000000000 -0500
@@ -16,6 +16,7 @@
{
int rc;
@@ -92,9 +72,9 @@
va_start(ap, fmt);
rc = vfprintf(stderr, fmt, ap);
va_end(ap);
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.71/src/matchpathcon.c
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.76/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.71/src/matchpathcon.c 2008-09-26 10:21:43.000000000 -0400
++++ libselinux-2.0.76/src/matchpathcon.c 2008-12-02 09:14:48.000000000 -0500
@@ -2,6 +2,7 @@
#include <string.h>
#include <errno.h>
@@ -112,21 +92,2988 @@
va_end(ap);
}
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.71/utils/matchpathcon.c
---- nsalibselinux/utils/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.71/utils/matchpathcon.c 2008-09-26 10:21:43.000000000 -0400
-@@ -106,12 +106,12 @@
-
- if (verify) {
- if (quiet) {
-- if (selinux_file_context_verify(argv[i], 0))
-+ if (selinux_file_context_verify(argv[i], mode))
- continue;
- else
- exit(1);
- }
-- if (selinux_file_context_verify(argv[i], 0)) {
-+ if (selinux_file_context_verify(argv[i], mode)) {
- printf("%s verified.\n", argv[i]);
- } else {
- security_context_t con;
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.76/src/selinux.py
+--- nsalibselinux/src/selinux.py 2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.76/src/selinux.py 2008-12-12 10:08:01.000000000 -0500
+@@ -1,5 +1,5 @@
+ # This file was automatically generated by SWIG (http://www.swig.org).
+-# Version 1.3.33
++# Version 1.3.36
+ #
+ # Don't modify this file, modify the SWIG interface instead.
+ # This file is compatible with both classic and new-style classes.
+@@ -48,6 +48,29 @@
+ del types
+
+
++import shutil, os, stat
++
++def restorecon(path, recursive=False):
++ """ Restore SELinux context on a given path """
++ mode = os.stat(path)[stat.ST_MODE]
++ status, context = matchpathcon(path, mode)
++ if status == 0:
++ lsetfilecon(path, context)
++ if recursive:
++ os.path.walk(path, lambda arg, dirname, fnames:
++ map(restorecon, [os.path.join(dirname, fname)
++ for fname in fnames]), None)
++
++def copytree(src, dest):
++ """ An SELinux-friendly shutil.copytree method """
++ shutil.copytree(src, dest)
++ restorecon(dest, recursive=True)
++
++def install(src, dest):
++ """ An SELinux-friendly shutil.move method """
++ shutil.move(src, dest)
++ restorecon(dest, recursive=True)
++
+ is_selinux_enabled = _selinux.is_selinux_enabled
+ is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled
+ getcon = _selinux.getcon
+@@ -297,6 +320,7 @@
+ selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context
+ selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context
+ getseuserbyname = _selinux.getseuserbyname
++getseuser = _selinux.getseuser
+ selinux_file_context_cmp = _selinux.selinux_file_context_cmp
+ selinux_file_context_verify = _selinux.selinux_file_context_verify
+ selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.76/src/selinuxswig_python.i
+--- nsalibselinux/src/selinuxswig_python.i 2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.76/src/selinuxswig_python.i 2008-12-02 09:14:48.000000000 -0500
+@@ -6,6 +6,32 @@
+ #include "selinux/selinux.h"
+ %}
+
++%pythoncode %{
++
++import shutil, os, stat
++
++def restorecon(path, recursive=False):
++ """ Restore SELinux context on a given path """
++ mode = os.stat(path)[stat.ST_MODE]
++ status, context = matchpathcon(path, mode)
++ if status == 0:
++ lsetfilecon(path, context)
++ if recursive:
++ os.path.walk(path, lambda arg, dirname, fnames:
++ map(restorecon, [os.path.join(dirname, fname)
++ for fname in fnames]), None)
[...2716 lines suppressed...]
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_default_context_with_role",&obj0,&obj1,&obj2)) SWIG_fail;
+@@ -9916,7 +9957,6 @@
+ char *arg3 = (char *) 0 ;
+ security_context_t arg4 = (security_context_t) 0 ;
+ security_context_t *arg5 = (security_context_t *) 0 ;
+- int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+@@ -9934,6 +9974,7 @@
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
++ int result;
+
+ arg5 = &temp5;
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:get_default_context_with_rolelevel",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+@@ -9985,9 +10026,9 @@
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+- int result;
+ security_context_t temp1 = 0 ;
+ security_context_t temp2 = 0 ;
++ int result;
+
+ arg1 = &temp1;
+ arg2 = &temp2;
+@@ -10020,12 +10061,12 @@
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+- int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
++ int result;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:manual_user_enter_context",&obj0)) SWIG_fail;
+@@ -10218,6 +10259,7 @@
+ { (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL},
+ { (char *)"selinux_raw_to_trans_context", _wrap_selinux_raw_to_trans_context, METH_VARARGS, NULL},
+ { (char *)"getseuserbyname", _wrap_getseuserbyname, METH_VARARGS, NULL},
++ { (char *)"getseuser", _wrap_getseuser, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_cmp", _wrap_selinux_file_context_cmp, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_verify", _wrap_selinux_file_context_verify, METH_VARARGS, NULL},
+ { (char *)"selinux_lsetfilecon_default", _wrap_selinux_lsetfilecon_default, METH_VARARGS, NULL},
+@@ -10513,7 +10555,7 @@
+ SWIG_InitializeModule(void *clientdata) {
+ size_t i;
+ swig_module_info *module_head, *iter;
+- int found;
++ int found, init;
+
+ clientdata = clientdata;
+
+@@ -10523,6 +10565,9 @@
+ swig_module.type_initial = swig_type_initial;
+ swig_module.cast_initial = swig_cast_initial;
+ swig_module.next = &swig_module;
++ init = 1;
++ } else {
++ init = 0;
+ }
+
+ /* Try and load any already created modules */
+@@ -10551,6 +10596,12 @@
+ module_head->next = &swig_module;
+ }
+
++ /* When multiple interpeters are used, a module could have already been initialized in
++ a different interpreter, but not yet have a pointer in this interpreter.
++ In this case, we do not want to continue adding types... everything should be
++ set up already */
++ if (init == 0) return;
++
+ /* Now work on filling in swig_module.types */
+ #ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: size %d\n", swig_module.size);
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.76/src/seusers.c
+--- nsalibselinux/src/seusers.c 2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.76/src/seusers.c 2008-12-12 10:06:56.000000000 -0500
+@@ -243,3 +243,66 @@
+ *r_level = NULL;
+ return 0;
+ }
++
++int getseuser(const char *username, const char *service,
++ char **r_seuser, char **r_level) {
++ int ret = -1;
++ int len = 0;
++ char *seuser = NULL;
++ char *level = NULL;
++ char *buffer = NULL;
++ size_t size = 0;
++ size_t lineno = 0;
++ char *rec = NULL;
++ char *path=NULL;
++ if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), username) < 0)
++ goto err;
++ FILE *fp = fopen(path, "r");
++ free(path);
++ if (fp == NULL) goto err;
++ __fsetlocking(fp, FSETLOCKING_BYCALLER);
++ while (getline(&buffer, &size, fp) > 0) {
++ ++lineno;
++
++ if (strncmp(buffer, "*:", 2) == 0) {
++ free(rec);
++ rec = strdup(buffer);
++ continue;
++ }
++ len = strlen(service);
++ if ((strncmp(buffer, service, len) == 0) &&
++ (buffer[len] == ':')) {
++ free(rec);
++ rec = strdup(buffer);
++ break;
++ }
++ }
++
++ if (! rec) goto err;
++ seuser = strchr(rec, ':');
++ if (! seuser) goto err;
++
++ seuser++;
++ level = strchr(seuser, ':');
++ *level = 0;
++ level++;
++ *r_seuser = strdup(seuser);
++ if (! *r_seuser) goto err;
++
++ len = strlen(level);
++ if (len && level[len-1] == '\n')
++ level[len-1] = 0;
++
++ *r_level = strdup(level);
++ if (! *r_level) {
++ free(*r_seuser);
++ goto err;
++ }
++ ret = 0;
++
++ err:
++ free(buffer);
++ fclose(fp);
++ free(rec);
++ return getseuserbyname(username, r_seuser, r_level);
++}
+diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getdefaultcon.c libselinux-2.0.76/utils/getdefaultcon.c
+--- nsalibselinux/utils/getdefaultcon.c 2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.76/utils/getdefaultcon.c 2008-12-02 09:33:14.000000000 -0500
+@@ -22,8 +22,9 @@
+ security_context_t usercon = NULL, cur_context = NULL;
+ char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+ int ret, opt;
++ int verbose = 0;
+
+- while ((opt = getopt(argc, argv, "l:r:")) > 0) {
++ while ((opt = getopt(argc, argv, "l:r:v")) > 0) {
+ switch (opt) {
+ case 'l':
+ level = strdup(optarg);
+@@ -31,6 +32,9 @@
+ case 'r':
+ role = strdup(optarg);
+ break;
++ case 'v':
++ verbose = 1;
++ break;
+ default:
+ usage(argv[0], "invalid option", 1);
+ }
+@@ -66,9 +70,13 @@
+ }
+ if (ret < 0)
+ perror(argv[0]);
+- else
+- printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
+-
++ else {
++ if (verbose) {
++ printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
++ } else {
++ printf("%s", usercon);
++ }
++ }
+
+ free(role);
+ free(seuser);
+@@ -76,5 +84,5 @@
+ free(dlevel);
+ free(usercon);
+
+- return 0;
++ return ret >= 0;
+ }
Index: libselinux.spec
===================================================================
RCS file: /cvs/extras/rpms/libselinux/F-10/libselinux.spec,v
retrieving revision 1.344
retrieving revision 1.345
diff -u -r1.344 -r1.345
--- libselinux.spec 30 Sep 2008 13:30:18 -0000 1.344
+++ libselinux.spec 12 Dec 2008 15:30:56 -0000 1.345
@@ -4,8 +4,8 @@
Summary: SELinux library and simple utilities
Name: libselinux
-Version: 2.0.73
-Release: 1%{?dist}
+Version: 2.0.76
+Release: 3%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -163,6 +163,28 @@
%{ruby_sitearch}/selinux.so
%changelog
+* Fri Dec 12 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.76-3
+- Add new function getseuser which will take username and service and return
+- seuser and level. ipa will populate file in future.
+- Change selinuxdefcon to return just the context by default
+
+* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm at gmail.com> - 2.0.76-2
+- Rebuild for Python 2.6
+
+* Mon Nov 17 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.76-1
+- Update to Upstream
+ * Allow shell-style wildcards in x_contexts file.
+
+* Mon Nov 17 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.75-2
+- Eamon Walsh Patch - libselinux: allow shell-style wildcarding in X names
+- Add Restorecon/Install python functions from Luke Macken
+
+* Fri Nov 7 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.75-1
+- Update to Upstream
+ * Correct message types in AVC log messages.
+ * Make matchpathcon -V pass mode from Dan Walsh.
+ * Add man page for selinux_file_context_cmp from Dan Walsh.
+
* Tue Sep 30 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.73-1
- Update to Upstream
* New man pages from Dan Walsh.
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/libselinux/F-10/sources,v
retrieving revision 1.178
retrieving revision 1.179
diff -u -r1.178 -r1.179
--- sources 30 Sep 2008 13:30:18 -0000 1.178
+++ sources 12 Dec 2008 15:30:56 -0000 1.179
@@ -1 +1 @@
-3fb779dd1d9e06190f37dc26f31c7ff7 libselinux-2.0.73.tgz
+6829e79d3103683961d82c419bdb4e86 libselinux-2.0.76.tgz
More information about the fedora-extras-commits
mailing list