rpms/libselinux
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Update to Upstream

Browse Source 
Fixed selinux_set_callback man page.
Try loading the max of the kernel-supported version and the
    libsepol-supported version when no manipulation of the binary policy is
    needed from Stephen Smalley.
Fix memory leaks in matchpathcon from Eamon Walsh.
This commit is contained in:
Daniel J Walsh 2008-04-22 20:59:01 +00:00
parent d87adcfe95
commit 1209c857ab
4 changed files with 41 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -150,3 +150,4 @@ libselinux-2.0.58.tgz
libselinux-2.0.59.tgz libselinux-2.0.59.tgz
libselinux-2.0.60.tgz libselinux-2.0.60.tgz
libselinux-2.0.61.tgz libselinux-2.0.61.tgz
libselinux-2.0.64.tgz

91
libselinux-rhat.patch
View File

@ -1,65 +1,6 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.61/src/label.c
--- nsalibselinux/src/label.c 2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.61/src/label.c 2008-04-09 08:54:15.000000000 -0400
@@ -95,7 +95,7 @@
if (compat_validate(rec, lr, "file_contexts", 0))
return NULL;
- if (translating &&
+ if (translating && (! lr->ctx_trans) &&
selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
return NULL;
@@ -131,6 +131,7 @@
void selabel_close(struct selabel_handle *rec)
{
rec->func_close(rec);
+ free(rec->data);
free(rec);
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/load_policy.c libselinux-2.0.61/src/load_policy.c
--- nsalibselinux/src/load_policy.c 2008-04-08 09:37:21.000000000 -0400
+++ libselinux-2.0.61/src/load_policy.c 2008-04-09 09:02:16.000000000 -0400
@@ -43,6 +43,9 @@
int load_setlocaldefs hidden = 1;
+#undef max
+#define max(a, b) (((a) > (b)) ? (a) : (b))
+
int selinux_mkload_policy(int preservebools)
{
int kernvers = security_policyvers();
@@ -127,11 +130,6 @@
#endif
- if (usesepol) {
- maxvers = vers_max();
- minvers = vers_min();
- }
-
/*
* Check whether we need to support local boolean and user definitions.
*/
@@ -157,6 +155,13 @@
if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0)
preservebools = 0;
+ if (usesepol) {
+ maxvers = vers_max();
+ minvers = vers_min();
+ if (!setlocaldefs && !preservebools)
+ maxvers = max(kernvers, maxvers);
+ }
+
vers = maxvers;
search:
snprintf(path, sizeof(path), "%s.%d",
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.61/src/matchpathcon.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.61/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2007-09-28 09:48:58.000000000 -0400 --- nsalibselinux/src/matchpathcon.c 2007-09-28 09:48:58.000000000 -0400
+++ libselinux-2.0.61/src/matchpathcon.c 2008-04-09 08:54:15.000000000 -0400 +++ libselinux-2.0.61/src/matchpathcon.c 2008-04-16 13:25:25.000000000 -0400
@@ -2,6 +2,7 @@ @@ -2,6 +2,7 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
@ -79,7 +20,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.61/src/selinux.py diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.61/src/selinux.py
--- nsalibselinux/src/selinux.py 2008-01-23 14:36:29.000000000 -0500 --- nsalibselinux/src/selinux.py 2008-01-23 14:36:29.000000000 -0500
+++ libselinux-2.0.61/src/selinux.py 2008-04-10 16:21:08.000000000 -0400 +++ libselinux-2.0.61/src/selinux.py 2008-04-16 13:25:25.000000000 -0400
@@ -300,6 +300,204 @@ @@ -300,6 +300,204 @@
selinux_file_context_cmp = _selinux.selinux_file_context_cmp selinux_file_context_cmp = _selinux.selinux_file_context_cmp
selinux_file_context_verify = _selinux.selinux_file_context_verify selinux_file_context_verify = _selinux.selinux_file_context_verify
@ -287,7 +228,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0
SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.61/src/selinuxswig.i diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.61/src/selinuxswig.i
--- nsalibselinux/src/selinuxswig.i 2008-01-23 14:36:29.000000000 -0500 --- nsalibselinux/src/selinuxswig.i 2008-01-23 14:36:29.000000000 -0500
+++ libselinux-2.0.61/src/selinuxswig.i 2008-04-10 16:20:59.000000000 -0400 +++ libselinux-2.0.61/src/selinuxswig.i 2008-04-16 13:25:25.000000000 -0400
@@ -5,6 +5,7 @@ @@ -5,6 +5,7 @@
%module selinux %module selinux
%{ %{
@ -307,9 +248,33 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-
%include "../include/selinux/get_default_type.h" %include "../include/selinux/get_default_type.h"
%include "../include/selinux/get_context_list.h" %include "../include/selinux/get_context_list.h"
+ +
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.61/src/selinuxswig_python.i
--- nsalibselinux/src/selinuxswig_python.i 2007-10-01 09:54:35.000000000 -0400
+++ libselinux-2.0.61/src/selinuxswig_python.i 2008-04-16 13:25:25.000000000 -0400
@@ -16,6 +16,20 @@
$result = SWIG_Python_AppendOutput($result, list);
}
+/* return a sid along with the result */
+%typemap(argout) (security_id_t * sid) {
+ if (*$1) {
+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
+ } else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+}
+
+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
+ $1 = &temp;
+}
+
/* Makes security_compute_user() return a Python list of contexts */
%typemap(argout) (security_context_t **con) {
PyObject* plist;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.61/src/selinuxswig_wrap.c diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.61/src/selinuxswig_wrap.c
--- nsalibselinux/src/selinuxswig_wrap.c 2008-01-23 14:36:29.000000000 -0500 --- nsalibselinux/src/selinuxswig_wrap.c 2008-01-23 14:36:29.000000000 -0500
+++ libselinux-2.0.61/src/selinuxswig_wrap.c 2008-04-10 16:21:08.000000000 -0400 +++ libselinux-2.0.61/src/selinuxswig_wrap.c 2008-04-16 13:25:25.000000000 -0400
@@ -2458,21 +2458,36 @@ @@ -2458,21 +2458,36 @@
#define SWIGTYPE_p_SELboolean swig_types[0] #define SWIGTYPE_p_SELboolean swig_types[0]

13
libselinux.spec
View File

@ -3,8 +3,8 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.0.61 Version: 2.0.64
Release: 3%{?dist} Release: 1%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@ -137,6 +137,15 @@ exit 0
%{python_sitearch}/selinux/* %{python_sitearch}/selinux/*
%changelog %changelog
* Tue Apr 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.64-1
- Update to Upstream
* Fixed selinux_set_callback man page.
* Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.
* Fix memory leaks in matchpathcon from Eamon Walsh.
* Wed Apr 16 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-4
- Add Xavior Toth patch for security_id_t in swig
* Thu Apr 10 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-3 * Thu Apr 10 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-3
- Add avc.h to swig code - Add avc.h to swig code

2
sources
View File

@ -1 +1 @@
52f5ba3c4948f8739dde19d283f35ae0 libselinux-2.0.61.tgz 6d2df9a800e1960c96ddef129c83dc34 libselinux-2.0.64.tgz