Compare commits
2 Commits
Author | SHA1 | Date |
---|---|---|
Dan Walsh | 321be5db13 | |
Dan Walsh | cfd54c73b4 |
|
@ -74,3 +74,4 @@ checkpolicy-2.0.19.tgz
|
|||
checkpolicy-2.0.20.tgz
|
||||
checkpolicy-2.0.21.tgz
|
||||
checkpolicy-2.0.22.tgz
|
||||
/checkpolicy-2.0.23.tgz
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
policy_parse.y | 14 ++++++++++----
|
||||
policy_scan.l | 1 +
|
||||
2 files changed, 11 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
|
||||
index 8d1bc37..0777238 100644
|
||||
--- a/checkpolicy/policy_parse.y
|
||||
+++ b/checkpolicy/policy_parse.y
|
||||
@@ -138,6 +138,7 @@ typedef int (* require_func_t)();
|
||||
%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
|
||||
%token POLICYCAP
|
||||
%token PERMISSIVE
|
||||
+%token FILESYSTEM
|
||||
|
||||
%left OR
|
||||
%left XOR
|
||||
@@ -637,7 +638,7 @@ opt_fs_uses : fs_uses
|
||||
fs_uses : fs_use_def
|
||||
| fs_uses fs_use_def
|
||||
;
|
||||
-fs_use_def : FSUSEXATTR identifier security_context_def ';'
|
||||
+fs_use_def : FSUSEXATTR filesystem security_context_def ';'
|
||||
{if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;}
|
||||
| FSUSETASK identifier security_context_def ';'
|
||||
{if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;}
|
||||
@@ -650,11 +651,11 @@ opt_genfs_contexts : genfs_contexts
|
||||
genfs_contexts : genfs_context_def
|
||||
| genfs_contexts genfs_context_def
|
||||
;
|
||||
-genfs_context_def : GENFSCON identifier path '-' identifier security_context_def
|
||||
+genfs_context_def : GENFSCON filesystem path '-' identifier security_context_def
|
||||
{if (define_genfs_context(1)) return -1;}
|
||||
- | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
|
||||
+ | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
|
||||
{if (define_genfs_context(1)) return -1;}
|
||||
- | GENFSCON identifier path security_context_def
|
||||
+ | GENFSCON filesystem path security_context_def
|
||||
{if (define_genfs_context(0)) return -1;}
|
||||
;
|
||||
ipv4_addr_def : IPV4_ADDR
|
||||
@@ -728,6 +729,11 @@ nested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; }
|
||||
identifier : IDENTIFIER
|
||||
{ if (insert_id(yytext,0)) return -1; }
|
||||
;
|
||||
+filesystem : FILESYSTEM
|
||||
+ { if (insert_id(yytext,0)) return -1; }
|
||||
+ | IDENTIFIER
|
||||
+ { if (insert_id(yytext,0)) return -1; }
|
||||
+ ;
|
||||
path : PATH
|
||||
{ if (insert_id(yytext,0)) return -1; }
|
||||
;
|
||||
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
|
||||
index 48128a8..65aff8d 100644
|
||||
--- a/checkpolicy/policy_scan.l
|
||||
+++ b/checkpolicy/policy_scan.l
|
||||
@@ -217,6 +217,7 @@ permissive |
|
||||
PERMISSIVE { return(PERMISSIVE); }
|
||||
"/"({alnum}|[_\.\-/])* { return(PATH); }
|
||||
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
|
||||
+{alnum}*{letter}{alnum}* { return(FILESYSTEM); }
|
||||
{digit}+|0x{hexval}+ { return(NUMBER); }
|
||||
{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
|
||||
{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
|
||||
|
|
@ -1,15 +1,16 @@
|
|||
%define libsepolver 2.0.39-1
|
||||
Summary: SELinux policy compiler
|
||||
Name: checkpolicy
|
||||
Version: 2.0.22
|
||||
Release: 1%{?dist}
|
||||
Version: 2.0.23
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2
|
||||
Group: Development/System
|
||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||
Patch: checkpolicy-rhat.patch
|
||||
Patch2: checkpolicy-filesystem.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||
BuildRequires: byacc bison flex libsepol-static >= %{libsepolver} libselinux-devel
|
||||
BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel
|
||||
|
||||
%description
|
||||
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
||||
|
@ -28,6 +29,7 @@ Only required for building policies.
|
|||
%prep
|
||||
%setup -q
|
||||
%patch -p1 -b .rhat
|
||||
%patch2 -p2 -b .filesystem
|
||||
|
||||
%build
|
||||
make clean
|
||||
|
@ -55,6 +57,18 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%{_bindir}/sedispol
|
||||
|
||||
%changelog
|
||||
* Wed Jan 12 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.23-2
|
||||
- Add James Carters Patch
|
||||
*This patch is needed because some filesystem names (such as 9p) start
|
||||
with a digit.
|
||||
|
||||
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.23-1
|
||||
- Latest update from NSA
|
||||
* Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock
|
||||
|
||||
* Wed Dec 8 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-2
|
||||
- Rebuild to make sure it will build in Fedora
|
||||
|
||||
* Mon Jun 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-1
|
||||
- Latest update from NSA
|
||||
* Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence
|
||||
|
|
Loading…
Reference in New Issue