rpms/libsemanage/devel .cvsignore, 1.95, 1.96 libsemanage-rhat.patch, 1.40, 1.41 libsemanage.spec, 1.162, 1.163 sources, 1.97, 1.98
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Sep 15 16:25:01 UTC 2008
- Previous message (by thread): rpms/alliance/F-8 import.log, NONE, 1.1 alliance-env.patch, 1.4, 1.5 alliance.spec, 1.6, 1.7
- Next message (by thread): rpms/alliance/F-9 alliance-env.patch, 1.4, 1.5 alliance.spec, 1.12, 1.13 import.log, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/libsemanage/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1739
Modified Files:
.cvsignore libsemanage-rhat.patch libsemanage.spec sources
Log Message:
* Mon Sep 15 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.28-1
- Update to upstream
* allow fcontext and seuser changes without rebuilding the policy from Dan Walsh
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/libsemanage/devel/.cvsignore,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- .cvsignore 5 Aug 2008 14:29:44 -0000 1.95
+++ .cvsignore 15 Sep 2008 16:24:30 -0000 1.96
@@ -101,3 +101,4 @@
libsemanage-2.0.25.tgz
libsemanage-2.0.26.tgz
libsemanage-2.0.27.tgz
+libsemanage-2.0.28.tgz
libsemanage-rhat.patch:
Index: libsemanage-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/libsemanage/devel/libsemanage-rhat.patch,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- libsemanage-rhat.patch 10 Sep 2008 14:37:31 -0000 1.40
+++ libsemanage-rhat.patch 15 Sep 2008 16:24:30 -0000 1.41
@@ -1,223 +1,3 @@
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.27/src/direct_api.c
---- nsalibsemanage/src/direct_api.c 2008-08-28 09:34:24.000000000 -0400
-+++ libsemanage-2.0.27/src/direct_api.c 2008-09-10 10:22:42.000000000 -0400
-@@ -430,6 +430,58 @@
- }
- return 0;
- }
-+static int semanage_direct_update_user_extra(semanage_handle_t * sh, sepol_module_package_t *base ) {
-+ const char *ofilename = NULL;
-+ int retval = -1;
-+
-+ dbase_config_t *pusers_extra = semanage_user_extra_dbase_policy(sh);
-+
-+ if (sepol_module_package_get_user_extra_len(base)) {
-+ ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA);
-+ if (ofilename == NULL) {
-+ return retval;
-+ }
-+ retval = write_file(sh, ofilename,
-+ sepol_module_package_get_user_extra(base),
-+ sepol_module_package_get_user_extra_len(base));
-+ if (retval < 0)
-+ return retval;
-+
-+ pusers_extra->dtable->drop_cache(pusers_extra->dbase);
-+
-+ } else {
-+ retval = pusers_extra->dtable->clear(sh, pusers_extra->dbase);
-+ }
-+
-+ return retval;
-+}
-+
-+
-+static int semanage_direct_update_seuser(semanage_handle_t * sh, sepol_module_package_t *base ) {
-+
-+ const char *ofilename = NULL;
-+ int retval = -1;
-+
-+ dbase_config_t *pseusers = semanage_seuser_dbase_policy(sh);
-+
-+ if (sepol_module_package_get_seusers_len(base)) {
-+ ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS);
-+ if (ofilename == NULL) {
-+ return -1;
-+ }
-+ retval = write_file(sh, ofilename,
-+ sepol_module_package_get_seusers(base),
-+ sepol_module_package_get_seusers_len(base));
-+ if (retval < 0)
-+ return retval;
-+
-+ pseusers->dtable->drop_cache(pseusers->dbase);
-+
-+ } else {
-+ retval = pseusers->dtable->clear(sh, pseusers->dbase);
-+ }
-+ return retval;
-+}
-
- /********************* direct API functions ********************/
-
-@@ -453,7 +505,6 @@
- dbase_config_t *users_base = semanage_user_base_dbase_local(sh);
- dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh);
- dbase_config_t *users_extra = semanage_user_extra_dbase_local(sh);
-- dbase_config_t *pusers_extra = semanage_user_extra_dbase_policy(sh);
- dbase_config_t *ports = semanage_port_dbase_local(sh);
- dbase_config_t *pports = semanage_port_dbase_policy(sh);
- dbase_config_t *bools = semanage_bool_dbase_local(sh);
-@@ -465,7 +516,6 @@
- dbase_config_t *fcontexts = semanage_fcontext_dbase_local(sh);
- dbase_config_t *pfcontexts = semanage_fcontext_dbase_policy(sh);
- dbase_config_t *seusers = semanage_seuser_dbase_local(sh);
-- dbase_config_t *pseusers = semanage_seuser_dbase_policy(sh);
-
- /* Before we do anything else, flush the join to its component parts.
- * This *does not* flush to disk automatically */
-@@ -489,12 +539,6 @@
- modified |= ifaces->dtable->is_modified(ifaces->dbase);
- modified |= nodes->dtable->is_modified(nodes->dbase);
-
-- /* FIXME: get rid of these, once we support loading the existing policy,
-- * instead of rebuilding it */
-- modified |= seusers_modified;
-- modified |= fcontexts_modified;
-- modified |= users_extra_modified;
--
- /* If there were policy changes, or explicitly requested, rebuild the policy */
- if (sh->do_rebuild || modified) {
-
-@@ -575,46 +619,13 @@
-
- pfcontexts->dtable->drop_cache(pfcontexts->dbase);
-
-- /* Seusers */
-- if (sepol_module_package_get_seusers_len(base)) {
-- ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS);
-- if (ofilename == NULL) {
-- retval = -1;
-- goto cleanup;
-- }
-- retval = write_file(sh, ofilename,
-- sepol_module_package_get_seusers(base),
-- sepol_module_package_get_seusers_len(base));
-- if (retval < 0)
-- goto cleanup;
--
-- pseusers->dtable->drop_cache(pseusers->dbase);
--
-- } else {
-- retval = pseusers->dtable->clear(sh, pseusers->dbase);
-- if (retval < 0)
-- goto cleanup;
-- }
--
-- /* Users_extra */
-- if (sepol_module_package_get_user_extra_len(base)) {
-- ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA);
-- if (ofilename == NULL) {
-- retval = -1;
-- goto cleanup;
-- }
-- retval = write_file(sh, ofilename,
-- sepol_module_package_get_user_extra(base),
-- sepol_module_package_get_user_extra_len(base));
-- if (retval < 0)
-- goto cleanup;
-- pusers_extra->dtable->drop_cache(pusers_extra->dbase);
-+ retval = semanage_direct_update_seuser(sh, base );
-+ if (retval < 0)
-+ goto cleanup;
-
-- } else {
-- retval = pusers_extra->dtable->clear(sh, pusers_extra->dbase);
-- if (retval < 0)
-- goto cleanup;
-- }
-+ retval = semanage_direct_update_user_extra(sh, base );
-+ if (retval < 0)
-+ goto cleanup;
-
- /* Netfilter Contexts */
- /* Sort the netfilter contexts. */
-@@ -667,11 +678,41 @@
- retval = semanage_verify_kernel(sh);
- if (retval < 0)
- goto cleanup;
-- }
-+ } else {
-+ retval = sepol_policydb_create(&out);
-+ if (retval < 0)
-+ goto cleanup;
-+
-+ retval = semanage_read_policydb(sh, out);
-+ if (retval < 0)
-+ goto cleanup;
-+
-+ if (seusers_modified || users_extra_modified) {
-+ retval = semanage_link_base(sh, &base);
-+ if (retval < 0)
-+ goto cleanup;
-+
-+ if (seusers_modified) {
-+ retval = semanage_direct_update_seuser(sh, base );
-+ if (retval < 0)
-+ goto cleanup;
-+ }
-+ if (users_extra_modified) {
-+ /* Users_extra */
-+ retval = semanage_direct_update_user_extra(sh, base );
-+ if (retval < 0)
-+ goto cleanup;
-+ }
-
-- /* FIXME: else if !modified, but seusers_modified,
-- * load the existing policy instead of rebuilding */
-+ sepol_module_package_free(base);
-+ base = NULL;
-+ }
-
-+ retval = semanage_base_merge_components(sh);
-+ if (retval < 0)
-+ goto cleanup;
-+
-+ }
- /* ======= Post-process: Validate non-policydb components ===== */
-
- /* Validate local modifications to file contexts.
-@@ -724,7 +765,8 @@
- sepol_policydb_free(out);
- out = NULL;
-
-- if (sh->do_rebuild || modified) {
-+ if (sh->do_rebuild || modified ||
-+ seusers_modified || fcontexts_modified || users_extra_modified) {
- retval = semanage_install_sandbox(sh);
- }
-
-@@ -733,12 +775,14 @@
- free(mod_filenames[i]);
- }
-
-- /* Detach from policydb, so it can be freed */
-- dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
-- dbase_policydb_detach((dbase_policydb_t *) pports->dbase);
-- dbase_policydb_detach((dbase_policydb_t *) pifaces->dbase);
-- dbase_policydb_detach((dbase_policydb_t *) pnodes->dbase);
-- dbase_policydb_detach((dbase_policydb_t *) pbools->dbase);
-+ if (modified) {
-+ /* Detach from policydb, so it can be freed */
-+ dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
-+ dbase_policydb_detach((dbase_policydb_t *) pports->dbase);
-+ dbase_policydb_detach((dbase_policydb_t *) pifaces->dbase);
-+ dbase_policydb_detach((dbase_policydb_t *) pnodes->dbase);
-+ dbase_policydb_detach((dbase_policydb_t *) pbools->dbase);
-+ }
-
- free(mod_filenames);
- sepol_policydb_free(out);
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.27/src/genhomedircon.c
--- nsalibsemanage/src/genhomedircon.c 2008-08-28 09:34:24.000000000 -0400
+++ libsemanage-2.0.27/src/genhomedircon.c 2008-09-10 10:22:42.000000000 -0400
@@ -246,192 +26,3 @@
#policy-version = 19
-
+expand-check=0
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.27/src/semanage_store.c
---- nsalibsemanage/src/semanage_store.c 2008-08-28 09:34:24.000000000 -0400
-+++ libsemanage-2.0.27/src/semanage_store.c 2008-09-10 10:24:12.000000000 -0400
-@@ -1608,6 +1608,41 @@
- return retval;
- }
-
-+/* Links only the base module within the sandbox into the base module.
-+ * '*base' will point to the module package that contains everything
-+ * linked together (caller must call sepol_module_package_destroy() on
-+ * it afterwards). '*base' will be set to NULL upon entering this
-+ * function. Returns 0 on success, -1 on error.
-+ */
-+int semanage_link_base(semanage_handle_t * sh,
-+ sepol_module_package_t ** base)
-+{
-+ const char *base_filename = NULL;
-+ int retval = -1;
-+
-+ *base = NULL;
-+
-+ /* first make sure that base module is readable */
-+ if ((base_filename =
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) {
-+ goto cleanup;
-+ }
-+ if (access(base_filename, R_OK) == -1) {
-+ ERR(sh, "Could not access sandbox base file %s.",
-+ base_filename);
-+ goto cleanup;
-+ }
-+
-+ if (semanage_load_module(sh, base_filename, base) == -1) {
-+ goto cleanup;
-+ }
-+
-+ retval = 0;
-+
-+ cleanup:
-+ return retval;
-+}
-+
- /*
- * Expands the policy contained within *base
- */
-@@ -1648,6 +1683,47 @@
- }
-
- /**
-+ * Read the policy from the sandbox (kernel)
-+ */
-+int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in)
-+{
-+
-+ int retval = STATUS_ERR;
-+ const char *kernel_filename = NULL;
-+ struct sepol_policy_file *pf = NULL;
-+ FILE *infile = NULL;
-+
-+ if ((kernel_filename =
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_KERNEL)) == NULL) {
-+ goto cleanup;
-+ }
-+ if ((infile = fopen(kernel_filename, "r")) == NULL) {
-+ ERR(sh, "Could not open kernel policy %s for reading.",
-+ kernel_filename);
-+ goto cleanup;
-+ }
-+ __fsetlocking(infile, FSETLOCKING_BYCALLER);
-+ if (sepol_policy_file_create(&pf)) {
-+ ERR(sh, "Out of memory!");
-+ goto cleanup;
-+ }
-+ sepol_policy_file_set_fp(pf, infile);
-+ sepol_policy_file_set_handle(pf, sh->sepolh);
-+ if (sepol_policydb_read(in, pf) == -1) {
-+ ERR(sh, "Error while reading kernel policy from %s.",
-+ kernel_filename);
-+ goto cleanup;
-+ }
-+ retval = STATUS_SUCCESS;
-+
-+ cleanup:
-+ if (infile != NULL) {
-+ fclose(infile);
-+ }
-+ sepol_policy_file_free(pf);
-+ return retval;
-+}
-+/**
- * Writes the final policy to the sandbox (kernel)
- */
- int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out)
-diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.27/src/semanage_store.h
---- nsalibsemanage/src/semanage_store.h 2008-08-28 09:34:24.000000000 -0400
-+++ libsemanage-2.0.27/src/semanage_store.h 2008-09-10 10:22:42.000000000 -0400
-@@ -93,10 +93,16 @@
- int semanage_link_sandbox(semanage_handle_t * sh,
- sepol_module_package_t ** base);
-
-+int semanage_link_base(semanage_handle_t * sh,
-+ sepol_module_package_t ** base);
-+
- int semanage_expand_sandbox(semanage_handle_t * sh,
- sepol_module_package_t * base,
- sepol_policydb_t ** policydb);
-
-+int semanage_read_policydb(semanage_handle_t * sh,
-+ sepol_policydb_t * policydb);
-+
- int semanage_write_policydb(semanage_handle_t * sh,
- sepol_policydb_t * policydb);
-
-diff --exclude-from=exclude -N -u -r nsalibsemanage/tests/test_fcontext.c libsemanage-2.0.27/tests/test_fcontext.c
---- nsalibsemanage/tests/test_fcontext.c 1969-12-31 19:00:00.000000000 -0500
-+++ libsemanage-2.0.27/tests/test_fcontext.c 2008-09-10 10:22:42.000000000 -0400
-@@ -0,0 +1,72 @@
-+#include <semanage/fcontext_record.h>
-+#include <semanage/semanage.h>
-+#include <semanage/fcontexts_local.h>
-+#include <sepol/sepol.h>
-+
-+#include <errno.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+
-+int main(const int argc, const char **argv) {
-+ semanage_handle_t *sh = NULL;
-+ semanage_fcontext_t *fcontext;
-+ semanage_context_t *con;
-+ semanage_fcontext_key_t *k;
-+
-+ int exist = 0;
-+ sh = semanage_handle_create();
-+ if (sh == NULL) {
-+ perror("Can't create semanage handle\n");
-+ return -1;
-+ }
-+ if (semanage_access_check(sh) < 0) {
-+ perror("Semanage access check failed\n");
-+ return -1;
-+ }
-+ if (semanage_connect(sh) < 0) {
-+ perror("Semanage connect failed\n");
-+ return -1;
-+ }
-+
-+ if (semanage_fcontext_key_create(sh, argv[2], SEMANAGE_FCONTEXT_REG, &k) < 0) {
-+ fprintf(stderr, "Could not create key for %s", argv[2]);
-+ return -1;
-+ }
-+
-+ if(semanage_fcontext_exists(sh, k, &exist) < 0) {
-+ fprintf(stderr,"Could not check if key exists for %s", argv[2]);
-+ return -1;
-+ }
-+ if (exist) {
-+ fprintf(stderr,"Could create %s mapping already exists", argv[2]);
-+ return -1;
-+ }
-+
-+ if (semanage_fcontext_create(sh, &fcontext) < 0) {
-+ fprintf(stderr,"Could not create file context for %s", argv[2]);
-+ return -1;
-+ }
-+ semanage_fcontext_set_expr(sh, fcontext, argv[2]);
-+
-+ if (semanage_context_from_string(sh, argv[1], &con)) {
-+ fprintf(stderr,"Could not create context using %s for file context %s", argv[1], argv[2]);
-+ return -1;
-+ }
-+
-+ if (semanage_fcontext_set_con(sh, fcontext, con) < 0) {
-+ fprintf(stderr,"Could not set file context for %s", argv[2]);
-+ return -1;
-+ }
-+
-+ semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_REG);
-+
-+ if(semanage_fcontext_modify_local(sh, k, fcontext) < 0) {
-+ fprintf(stderr,"Could not add file context for %s", argv[2]);
-+ return -1;
-+ }
-+ semanage_fcontext_key_free(k);
-+ semanage_fcontext_free(fcontext);
-+
-+ return 0;
-+}
-+
Index: libsemanage.spec
===================================================================
RCS file: /cvs/extras/rpms/libsemanage/devel/libsemanage.spec,v
retrieving revision 1.162
retrieving revision 1.163
diff -u -r1.162 -r1.163
--- libsemanage.spec 10 Sep 2008 14:37:31 -0000 1.162
+++ libsemanage.spec 15 Sep 2008 16:24:31 -0000 1.163
@@ -2,8 +2,8 @@
%define libselinuxver 2.0.0-1
Summary: SELinux binary policy manipulation library
Name: libsemanage
-Version: 2.0.27
-Release: 3%{?dist}
+Version: 2.0.28
+Release: 1%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
@@ -89,6 +89,10 @@
%{_libdir}/python*/site-packages/*
%changelog
+* Mon Sep 15 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.28-1
+- Update to upstream
+ * allow fcontext and seuser changes without rebuilding the policy from Dan Walsh
+
* Wed Sep 10 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.27-3
- Additional fixes for Don't rebuild on fcontext or seuser modifications
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/libsemanage/devel/sources,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -r1.97 -r1.98
--- sources 5 Aug 2008 14:29:44 -0000 1.97
+++ sources 15 Sep 2008 16:24:31 -0000 1.98
@@ -1 +1 @@
-783686e357b1931c27b540c0ca8d5514 libsemanage-2.0.27.tgz
+65fe04c02a3879d2224fc4036dc4e9c5 libsemanage-2.0.28.tgz
- Previous message (by thread): rpms/alliance/F-8 import.log, NONE, 1.1 alliance-env.patch, 1.4, 1.5 alliance.spec, 1.6, 1.7
- Next message (by thread): rpms/alliance/F-9 alliance-env.patch, 1.4, 1.5 alliance.spec, 1.12, 1.13 import.log, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list