- Process file_context.homedir
This commit is contained in:
Daniel J Walsh
parent
34474bcbb4
commit
03d51ea8f7
|
|
@ -1,27 +1,92 @@
|
|||
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/avcstat.c libselinux-1.21.1/utils/avcstat.c
|
||||
--- nsalibselinux/utils/avcstat.c 2005-01-20 16:05:24.000000000 -0500
|
||||
+++ libselinux-1.21.1/utils/avcstat.c 2005-01-21 15:52:50.111732000 -0500
|
||||
@@ -68,7 +68,7 @@
|
||||
printf("program will loop, displaying updated statistics every \'interval\' seconds.\n");
|
||||
printf("Relative values are displayed by default. Use the -c option to specify the\n");
|
||||
printf("display of cumulative values. The -f option specifies the location of the\n");
|
||||
- printf("AVC statistics file, defaulting to \'%s\%s\'.\n\n", selinux_mnt, DEF_STAT_FILE);
|
||||
+ printf("AVC statistics file, defaulting to \'%s%s\'.\n\n", selinux_mnt, DEF_STAT_FILE);
|
||||
}
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.21.9/src/matchpathcon.c
|
||||
--- nsalibselinux/src/matchpathcon.c 2005-01-31 13:50:18.000000000 -0500
|
||||
+++ libselinux-1.21.9/src/matchpathcon.c 2005-02-10 16:51:59.000000000 -0500
|
||||
@@ -519,10 +519,13 @@
|
||||
{
|
||||
FILE *fp;
|
||||
FILE *localfp;
|
||||
+ FILE *homedirfp;
|
||||
char local_path[PATH_MAX + 1];
|
||||
+ char homedir_path[PATH_MAX + 1];
|
||||
char line_buf[BUFSIZ + 1];
|
||||
unsigned int lineno, pass, i, j, maxnspec;
|
||||
spec_t *spec_copy;
|
||||
+ int status=-1;
|
||||
|
||||
/* Open the specification file. */
|
||||
if (!path)
|
||||
@@ -530,6 +533,9 @@
|
||||
if ((fp = fopen(path, "r")) == NULL)
|
||||
return -1;
|
||||
|
||||
+ snprintf(homedir_path, sizeof(homedir_path), "%s.homedirs", path);
|
||||
+ homedirfp = fopen(homedir_path, "r");
|
||||
+
|
||||
snprintf(local_path, sizeof(local_path), "%s.local", path);
|
||||
localfp = fopen(local_path, "r");
|
||||
|
||||
@@ -547,33 +553,41 @@
|
||||
nspec = 0;
|
||||
while (fgets_unlocked(line_buf, sizeof line_buf, fp) && nspec < maxnspec) {
|
||||
if (process_line(path, line_buf, pass, ++lineno) != 0)
|
||||
- return -1;
|
||||
+ goto finish;
|
||||
}
|
||||
+ if (homedirfp)
|
||||
+ while (fgets_unlocked(line_buf, sizeof line_buf, homedirfp) && nspec < maxnspec) {
|
||||
+ if (process_line(homedir_path, line_buf, pass, ++lineno) != 0)
|
||||
+ goto finish;
|
||||
+ }
|
||||
+
|
||||
+
|
||||
if (localfp)
|
||||
while (fgets_unlocked(line_buf, sizeof line_buf, localfp) && nspec < maxnspec) {
|
||||
if (process_line(local_path, line_buf, pass, ++lineno) != 0)
|
||||
- return -1;
|
||||
+ goto finish;
|
||||
}
|
||||
|
||||
if (pass == 0) {
|
||||
- if (nspec == 0)
|
||||
- return 0;
|
||||
+ if (nspec == 0) {
|
||||
+ status = 0;
|
||||
+ goto finish;
|
||||
+ }
|
||||
if ((spec_arr = malloc(sizeof(spec_t) * nspec)) ==
|
||||
NULL)
|
||||
- return -1;
|
||||
+ goto finish;
|
||||
memset(spec_arr, '\0', sizeof(spec_t) * nspec);
|
||||
maxnspec = nspec;
|
||||
rewind(fp);
|
||||
+ if (homedirfp) rewind(homedirfp);
|
||||
if (localfp) rewind(localfp);
|
||||
}
|
||||
}
|
||||
- fclose(fp);
|
||||
- if (localfp) fclose(localfp);
|
||||
|
||||
/* Move exact pathname specifications to the end. */
|
||||
spec_copy = malloc(sizeof(spec_t) * nspec);
|
||||
if (!spec_copy)
|
||||
- return -1;
|
||||
+ goto finish;
|
||||
j = 0;
|
||||
for (i = 0; i < nspec; i++) {
|
||||
if (spec_arr[i].hasMetaChars)
|
||||
@@ -588,7 +602,13 @@
|
||||
|
||||
nodups_specs(path);
|
||||
|
||||
- return 0;
|
||||
+ status = 0;
|
||||
+ finish:
|
||||
+ fclose(fp);
|
||||
+ if (spec_arr != spec_copy) free(spec_arr);
|
||||
+ if (homedirfp) fclose(homedirfp);
|
||||
+ if (localfp) fclose(localfp);
|
||||
+ return status;
|
||||
}
|
||||
hidden_def(matchpathcon_init)
|
||||
|
||||
static void set_window_rows(void)
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/rpm.c libselinux-1.21.1/src/rpm.c
|
||||
--- nsalibselinux/src/rpm.c 2004-11-09 09:13:54.000000000 -0500
|
||||
+++ libselinux-1.21.1/src/rpm.c 2005-01-24 15:24:33.000000000 -0500
|
||||
@@ -41,8 +41,10 @@
|
||||
rc = setexeccon(newcon);
|
||||
if (rc < 0)
|
||||
goto out;
|
||||
- rc = execve(filename, argv, envp);
|
||||
out:
|
||||
+ if ( ( rc == 0 ) ||
|
||||
+ (security_getenforce() == 0 ))
|
||||
+ rc = execve(filename, argv, envp);
|
||||
context_free(con);
|
||||
freecon(newcon);
|
||||
freecon(fcon);
|
||||
|
|
|
|||
|
|
@ -1,10 +1,11 @@
|
|||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 1.21.9
|
||||
Release: 1
|
||||
Release: 2
|
||||
License: Public domain (uncopyrighted)
|
||||
Group: System Environment/Libraries
|
||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||
Patch: libselinux-rhat.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
||||
|
||||
|
|
@ -34,7 +35,7 @@ needed for developing SELinux applications.
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%patch -p1 -b .rhat
|
||||
%build
|
||||
make CFLAGS="-g %{optflags}"
|
||||
|
||||
|
|
@ -84,6 +85,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.21.9-2
|
||||
- Process file_context.homedir
|
||||
|
||||
* Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.21.9-1
|
||||
- Update from NSA
|
||||
* Changed relabel Makefile target to use restorecon.
|
||||
|
|
|
|||
Loading…
Reference in New Issue