rpms/libselinux/devel libselinux-rhat.patch, 1.137, 1.138 libselinux.spec, 1.297, 1.298
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jan 8 10:25:10 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/libselinux/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8430
Modified Files:
libselinux-rhat.patch libselinux.spec
Log Message:
* Tue Jan 8 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.46-4
- Add pid_t typemap for swig bindings
libselinux-rhat.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.137 -r 1.138 libselinux-rhat.patch
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/libselinux/devel/libselinux-rhat.patch,v
retrieving revision 1.137
retrieving revision 1.138
diff -u -r1.137 -r1.138
--- libselinux-rhat.patch 3 Jan 2008 20:29:21 -0000 1.137
+++ libselinux-rhat.patch 8 Jan 2008 10:25:03 -0000 1.138
@@ -12,7 +12,7 @@
#define KEY__WRITE 0x00000004UL
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.46/src/Makefile
--- nsalibselinux/src/Makefile 2007-09-26 19:37:45.000000000 -0400
-+++ libselinux-2.0.46/src/Makefile 2008-01-03 15:24:29.000000000 -0500
++++ libselinux-2.0.46/src/Makefile 2008-01-05 08:19:27.000000000 -0500
@@ -77,14 +77,14 @@
install: all
@@ -50,6 +50,428 @@
va_end(ap);
}
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.46/src/selinux.py
+--- nsalibselinux/src/selinux.py 2007-10-05 13:09:54.000000000 -0400
++++ libselinux-2.0.46/src/selinux.py 2008-01-08 05:00:39.000000000 -0500
+@@ -1,5 +1,5 @@
+ # This file was automatically generated by SWIG (http://www.swig.org).
+-# Version 1.3.31
++# Version 1.3.33
+ #
+ # Don't modify this file, modify the SWIG interface instead.
+ # This file is compatible with both classic and new-style classes.
+Binary files nsalibselinux/src/selinux.pyc and libselinux-2.0.46/src/selinux.pyc differ
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.46/src/selinuxswig.i
+--- nsalibselinux/src/selinuxswig.i 2007-10-01 09:54:35.000000000 -0400
++++ libselinux-2.0.46/src/selinuxswig.i 2008-01-08 05:00:22.000000000 -0500
+@@ -10,6 +10,7 @@
+ %apply int *OUTPUT { size_t * };
+
+ %typedef unsigned mode_t;
++%typedef unsigned pid_t;
+
+ %typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) {
+ $1 = &temp1;
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.46/src/selinuxswig_wrap.c
+--- nsalibselinux/src/selinuxswig_wrap.c 2007-10-05 13:09:54.000000000 -0400
++++ libselinux-2.0.46/src/selinuxswig_wrap.c 2008-01-08 05:00:39.000000000 -0500
+@@ -1,6 +1,6 @@
+ /* ----------------------------------------------------------------------------
+ * This file was automatically generated by SWIG (http://www.swig.org).
+- * Version 1.3.31
++ * Version 1.3.33
+ *
+ * This file is not intended to be easily readable and contains a number of
+ * coding conventions designed to improve portability and efficiency. Do not make
+@@ -17,14 +17,14 @@
+
+ /* template workaround for compilers that cannot correctly implement the C++ standard */
+ #ifndef SWIGTEMPLATEDISAMBIGUATOR
+-# if defined(__SUNPRO_CC)
+-# if (__SUNPRO_CC <= 0x560)
+-# define SWIGTEMPLATEDISAMBIGUATOR template
+-# else
+-# define SWIGTEMPLATEDISAMBIGUATOR
+-# endif
++# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560)
++# define SWIGTEMPLATEDISAMBIGUATOR template
++# elif defined(__HP_aCC)
++/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */
++/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */
++# define SWIGTEMPLATEDISAMBIGUATOR template
+ # else
+-# define SWIGTEMPLATEDISAMBIGUATOR
++# define SWIGTEMPLATEDISAMBIGUATOR
+ # endif
+ #endif
+
+@@ -107,6 +107,12 @@
+ # define _CRT_SECURE_NO_DEPRECATE
+ #endif
+
++/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */
++#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE)
++# define _SCL_SECURE_NO_DEPRECATE
++#endif
++
++
+
+ /* Python.h has to appear first */
+ #include <Python.h>
+@@ -343,7 +349,7 @@
+ while ((*f2 == ' ') && (f2 != l2)) ++f2;
+ if (*f1 != *f2) return (*f1 > *f2) ? 1 : -1;
+ }
+- return (l1 - f1) - (l2 - f2);
++ return (int)((l1 - f1) - (l2 - f2));
+ }
+
+ /*
+@@ -1090,14 +1096,14 @@
+ /* Unpack the argument tuple */
+
+ SWIGINTERN int
+-SWIG_Python_UnpackTuple(PyObject *args, const char *name, int min, int max, PyObject **objs)
++SWIG_Python_UnpackTuple(PyObject *args, const char *name, Py_ssize_t min, Py_ssize_t max, PyObject **objs)
+ {
+ if (!args) {
+ if (!min && !max) {
+ return 1;
+ } else {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got none",
+- name, (min == max ? "" : "at least "), min);
++ name, (min == max ? "" : "at least "), (int)min);
+ return 0;
+ }
+ }
+@@ -1105,14 +1111,14 @@
+ PyErr_SetString(PyExc_SystemError, "UnpackTuple() argument list is not a tuple");
+ return 0;
+ } else {
+- register int l = PyTuple_GET_SIZE(args);
++ register Py_ssize_t l = PyTuple_GET_SIZE(args);
+ if (l < min) {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
+- name, (min == max ? "" : "at least "), min, l);
++ name, (min == max ? "" : "at least "), (int)min, (int)l);
+ return 0;
+ } else if (l > max) {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
+- name, (min == max ? "" : "at most "), max, l);
++ name, (min == max ? "" : "at most "), (int)max, (int)l);
+ return 0;
+ } else {
+ register int i;
+@@ -1591,9 +1597,11 @@
+ (unaryfunc)0, /*nb_float*/
+ (unaryfunc)PySwigObject_oct, /*nb_oct*/
+ (unaryfunc)PySwigObject_hex, /*nb_hex*/
+-#if PY_VERSION_HEX >= 0x02020000
+- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
+-#elif PY_VERSION_HEX >= 0x02000000
++#if PY_VERSION_HEX >= 0x02050000 /* 2.5.0 */
++ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_index */
++#elif PY_VERSION_HEX >= 0x02020000 /* 2.2.0 */
++ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
++#elif PY_VERSION_HEX >= 0x02000000 /* 2.0.0 */
+ 0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_or */
+ #endif
+ };
+@@ -2458,14 +2466,13 @@
+ #define SWIGTYPE_p_int swig_types[7]
+ #define SWIGTYPE_p_p_char swig_types[8]
+ #define SWIGTYPE_p_p_p_char swig_types[9]
+-#define SWIGTYPE_p_pid_t swig_types[10]
+-#define SWIGTYPE_p_security_class_mapping swig_types[11]
+-#define SWIGTYPE_p_selinux_callback swig_types[12]
+-#define SWIGTYPE_p_selinux_opt swig_types[13]
+-#define SWIGTYPE_p_unsigned_int swig_types[14]
+-#define SWIGTYPE_p_unsigned_short swig_types[15]
+-static swig_type_info *swig_types[17];
+-static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
++#define SWIGTYPE_p_security_class_mapping swig_types[10]
++#define SWIGTYPE_p_selinux_callback swig_types[11]
++#define SWIGTYPE_p_selinux_opt swig_types[12]
++#define SWIGTYPE_p_unsigned_int swig_types[13]
++#define SWIGTYPE_p_unsigned_short swig_types[14]
++static swig_type_info *swig_types[16];
++static swig_module_info swig_module = {swig_types, 15, 0, 0, 0, 0};
+ #define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
+ #define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
+
+@@ -2484,7 +2491,7 @@
+
+ #define SWIG_name "_selinux"
+
+-#define SWIGVERSION 0x010331
++#define SWIGVERSION 0x010333
+ #define SWIG_VERSION SWIGVERSION
+
+
+@@ -2577,14 +2584,12 @@
+
+
+ #include <limits.h>
+-#ifndef LLONG_MIN
+-# define LLONG_MIN LONG_LONG_MIN
+-#endif
+-#ifndef LLONG_MAX
+-# define LLONG_MAX LONG_LONG_MAX
+-#endif
+-#ifndef ULLONG_MAX
+-# define ULLONG_MAX ULONG_LONG_MAX
++#if !defined(SWIG_NO_LLONG_MAX)
++# if !defined(LLONG_MAX) && defined(__GNUC__) && defined (__LONG_LONG_MAX__)
++# define LLONG_MAX __LONG_LONG_MAX__
++# define LLONG_MIN (-LLONG_MAX - 1LL)
++# define ULLONG_MAX (LLONG_MAX * 2ULL + 1ULL)
++# endif
+ #endif
+
+
[...3449 lines suppressed...]
++
++ domtrans_pattern($1,sendmail_exec_t,unconfined_sendmail_t)
++')
++
++########################################
++## <summary>
++## Execute sendmail in the unconfined sendmail domain, and
++## allow the specified role the unconfined sendmail domain,
++## and use the caller's terminal.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed the unconfined sendmail domain.
++## </summary>
++## </param>
++## <param name="terminal">
++## <summary>
++## The type of the terminal allow the unconfined sendmail domain to use.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`sendmail_run_unconfined',`
++ gen_require(`
++ type unconfined_sendmail_t;
++ ')
++
++ sendmail_domtrans_unconfined($1)
++ role $2 types unconfined_sendmail_t;
++ allow unconfined_sendmail_t $3:chr_file rw_file_perms;
++')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.2.5/policy/modules/services/sendmail.te
+--- nsaserefpolicy/policy/modules/services/sendmail.te 2007-12-19 05:32:17.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/sendmail.te 2007-12-31 15:42:11.000000000 -0500
+@@ -20,13 +20,17 @@
+ mta_mailserver_delivery(sendmail_t)
+ mta_mailserver_sender(sendmail_t)
+
++type unconfined_sendmail_t;
++application_domain(unconfined_sendmail_t,sendmail_exec_t)
++role system_r types unconfined_sendmail_t;
++
+ ########################################
+ #
+ # Sendmail local policy
+ #
+
+-allow sendmail_t self:capability { setuid setgid net_bind_service sys_nice chown sys_tty_config };
+-allow sendmail_t self:process signal;
++allow sendmail_t self:capability { dac_override setuid setgid net_bind_service sys_nice chown sys_tty_config };
++allow sendmail_t self:process { signal signull };
+ allow sendmail_t self:fifo_file rw_fifo_file_perms;
+ allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
+ allow sendmail_t self:unix_dgram_socket create_socket_perms;
+@@ -47,6 +51,7 @@
+ kernel_read_kernel_sysctls(sendmail_t)
+ # for piping mail to a command
+ kernel_read_system_state(sendmail_t)
++kernel_read_network_state(sendmail_t)
+
+ corenet_all_recvfrom_unlabeled(sendmail_t)
+ corenet_all_recvfrom_netlabel(sendmail_t)
+@@ -97,20 +102,35 @@
+
+ userdom_dontaudit_use_unpriv_user_fds(sendmail_t)
+ userdom_dontaudit_search_sysadm_home_dirs(sendmail_t)
++userdom_read_all_users_home_content_files(sendmail_t)
+
+ mta_read_config(sendmail_t)
+ mta_etc_filetrans_aliases(sendmail_t)
+ # Write to /etc/aliases and /etc/mail.
+-mta_rw_aliases(sendmail_t)
++mta_manage_aliases(sendmail_t)
+ # Write to /var/spool/mail and /var/spool/mqueue.
+ mta_manage_queue(sendmail_t)
+ mta_manage_spool(sendmail_t)
++mta_sendmail_exec(sendmail_t)
++
++optional_policy(`
++ cron_read_pipes(sendmail_t)
++')
+
+ optional_policy(`
+ clamav_search_lib(sendmail_t)
+ ')
+
+ optional_policy(`
++ cyrus_stream_connect(sendmail_t)
++ clamav_stream_connect(sendmail_t)
++')
++
++optional_policy(`
++ munin_dontaudit_search_lib(sendmail_t)
++')
++
++optional_policy(`
+ postfix_exec_master(sendmail_t)
+ postfix_read_config(sendmail_t)
+ postfix_search_spool(sendmail_t)
+@@ -125,24 +145,25 @@
+ ')
+
+ optional_policy(`
++ sasl_connect(sendmail_t)
++')
++
++optional_policy(`
++ spamd_stream_connect(sendmail_t)
++')
++
++optional_policy(`
+ udev_read_db(sendmail_t)
+ ')
+
+-ifdef(`TODO',`
+-allow sendmail_t etc_mail_t:dir rw_dir_perms;
+-allow sendmail_t etc_mail_t:file manage_file_perms;
+-# for the start script to run make -C /etc/mail
+-allow initrc_t etc_mail_t:dir rw_dir_perms;
+-allow initrc_t etc_mail_t:file manage_file_perms;
+-allow system_mail_t initrc_t:fd use;
+-allow system_mail_t initrc_t:fifo_file write;
+-
+-# When sendmail runs as user_mail_domain, it needs some extra permissions
+-# to update /etc/mail/statistics.
+-allow user_mail_domain etc_mail_t:file rw_file_perms;
++########################################
++#
++# Unconfined sendmail local policy
++# Allow unconfined domain to run newalias and have transitions work
++#
+
+-# Silently deny attempts to access /root.
+-dontaudit system_mail_t { staff_home_dir_t sysadm_home_dir_t}:dir { getattr search };
++optional_policy(`
++ mta_etc_filetrans_aliases(unconfined_sendmail_t)
++ unconfined_domain(unconfined_sendmail_t)
++')
+
+-dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl };
+-') dnl end TODO
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.2.5/policy/modules/services/setroubleshoot.te
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-12-19 05:32:17.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/setroubleshoot.te 2007-12-19 05:38:09.000000000 -0500
+@@ -27,8 +27,8 @@
+ # setroubleshootd local policy
+ #
+
+-allow setroubleshootd_t self:capability { dac_override sys_tty_config };
+-allow setroubleshootd_t self:process { signull signal getattr getsched };
++allow setroubleshootd_t self:capability { dac_override sys_nice sys_tty_config };
++allow setroubleshootd_t self:process { getattr getsched setsched sigkill signull signal };
+ allow setroubleshootd_t self:fifo_file rw_fifo_file_perms;
+ allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
+ allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
+@@ -52,7 +52,9 @@
+
+ kernel_read_kernel_sysctls(setroubleshootd_t)
+ kernel_read_system_state(setroubleshootd_t)
++kernel_read_net_sysctls(setroubleshootd_t)
+ kernel_read_network_state(setroubleshootd_t)
++kernel_dontaudit_list_all_proc(setroubleshootd_t)
+
+ corecmd_exec_bin(setroubleshootd_t)
+ corecmd_exec_shell(setroubleshootd_t)
+@@ -73,7 +75,7 @@
+
+ files_read_usr_files(setroubleshootd_t)
+ files_read_etc_files(setroubleshootd_t)
+-files_getattr_all_dirs(setroubleshootd_t)
++files_list_all(setroubleshootd_t)
+ files_getattr_all_files(setroubleshootd_t)
+
+ fs_getattr_all_dirs(setroubleshootd_t)
+@@ -110,6 +112,7 @@
+ optional_policy(`
+ dbus_system_bus_client_template(setroubleshootd, setroubleshootd_t)
+ dbus_connect_system_bus(setroubleshootd_t)
++ dbus_system_domain(setroubleshootd_t,setroubleshootd_exec_t)
+ ')
+
+ optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.2.5/policy/modules/services/snmp.te
+--- nsaserefpolicy/policy/modules/services/snmp.te 2007-12-19 05:32:17.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/snmp.te 2007-12-19 05:38:09.000000000 -0500
+@@ -81,8 +81,7 @@
+ files_read_usr_files(snmpd_t)
+ files_read_etc_runtime_files(snmpd_t)
+ files_search_home(snmpd_t)
+-files_getattr_boot_dirs(snmpd_t)
+-files_dontaudit_getattr_home_dir(snmpd_t)
++auth_read_all_dirs_except_shadow(snmpd_t)
+
+ fs_getattr_all_dirs(snmpd_t)
+ fs_getattr_all_fs(snmpd_t)
Index: libselinux.spec
===================================================================
RCS file: /cvs/extras/rpms/libselinux/devel/libselinux.spec,v
retrieving revision 1.297
retrieving revision 1.298
diff -u -r1.297 -r1.298
--- libselinux.spec 3 Jan 2008 20:39:20 -0000 1.297
+++ libselinux.spec 8 Jan 2008 10:25:03 -0000 1.298
@@ -2,7 +2,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.0.46
-Release: 3%{?dist}
+Release: 4%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -123,6 +123,9 @@
%{_libdir}/python*/site-packages/selinux.py*
%changelog
+* Tue Jan 8 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.46-4
+- Add pid_t typemap for swig bindings
+
* Thu Jan 3 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.46-3
- smp_mflag
More information about the fedora-extras-commits
mailing list