rpms
/
libselinux
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Update to upstream 

Add per-service seuser support from Dan Walsh.
Let load_policy gracefully handle selinuxfs being mounted from Stephen
    Smalley.
Check /proc/filesystems before /proc/mounts for selinuxfs from Eric Paris.
This commit is contained in:
Daniel J Walsh 2009-07-07 16:26:11 +00:00
parent 94187eeda7
commit 23660c5dba
4 changed files with 42 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -166,3 +166,5 @@ libselinux-2.0.79.tgz
libselinux-2.0.80.tgz
libselinux-2.0.81.tgz
libselinux-2.0.82.tgz
libselinux-2.0.83.tgz
libselinux-2.0.84.tgz

149
libselinux-rhat.patch
View File

@ -1,24 +1,6 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-2.0.82/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h 2009-06-23 15:36:07.000000000 -0400
+++ libselinux-2.0.82/include/selinux/selinux.h 2009-06-23 15:49:12.000000000 -0400
@@ -547,6 +547,14 @@
Caller must free the returned strings via free. */
extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
+/* Get the SELinux username and level to use for a given Linux username and service.
+ These values may then be passed into the get_ordered_context_list*
+ and get_default_context* functions to obtain a context for the user.
+ Returns 0 on success or -1 otherwise.
+ Caller must free the returned strings via free. */
+extern int getseuser(const char *username, const char *service,
+ char **r_seuser, char **r_level);
+
/* Compare two file contexts, return 0 if equivalent. */
int selinux_file_context_cmp(const security_context_t a,
const security_context_t b);
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.82/man/man8/selinuxconlist.8
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.83/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.82/man/man8/selinuxconlist.8 2009-06-23 15:49:12.000000000 -0400
+++ libselinux-2.0.83/man/man8/selinuxconlist.8 2009-07-07 12:22:39.298209000 -0400
@@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
@ -38,9 +20,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib
+
+.SH "SEE ALSO"
+secon(8), selinuxdefcon(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.82/man/man8/selinuxdefcon.8
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.83/man/man8/selinuxdefcon.8
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.82/man/man8/selinuxdefcon.8 2009-06-23 15:49:12.000000000 -0400
+++ libselinux-2.0.83/man/man8/selinuxdefcon.8 2009-07-07 12:22:39.309211000 -0400
@@ -0,0 +1,19 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
@ -61,9 +43,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs
+
+.SH "SEE ALSO"
+secon(8), selinuxconlist(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.82/src/callbacks.c
--- nsalibselinux/src/callbacks.c 2009-04-08 09:06:23.000000000 -0400
+++ libselinux-2.0.82/src/callbacks.c 2009-06-23 15:49:12.000000000 -0400
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.83/src/callbacks.c
--- nsalibselinux/src/callbacks.c 2009-07-07 11:10:42.003951000 -0400
+++ libselinux-2.0.83/src/callbacks.c 2009-07-07 12:22:39.312210000 -0400
@@ -16,6 +16,7 @@
{
int rc;
@ -72,9 +54,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
va_start(ap, fmt);
rc = vfprintf(stderr, fmt, ap);
va_end(ap);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2.0.82/src/exception.sh
diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2.0.83/src/exception.sh
--- nsalibselinux/src/exception.sh 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.82/src/exception.sh 2009-06-23 15:49:12.000000000 -0400
+++ libselinux-2.0.83/src/exception.sh 2009-07-07 12:22:39.318209000 -0400
@@ -0,0 +1,12 @@
+function except() {
+echo "
@ -88,9 +70,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2
+"
+}
+for i in `grep "extern *int" ../include/selinux/selinux.h | awk '{ print $3 }' | cut -d '(' -f 1`; do except $i ; done
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.82/src/Makefile
--- nsalibselinux/src/Makefile 2009-06-23 15:36:07.000000000 -0400
+++ libselinux-2.0.82/src/Makefile 2009-06-23 15:50:58.000000000 -0400
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.83/src/Makefile
--- nsalibselinux/src/Makefile 2009-07-07 11:10:41.995958000 -0400
+++ libselinux-2.0.83/src/Makefile 2009-07-07 12:22:39.322212000 -0400
@@ -82,6 +82,9 @@
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -lpthread -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
@ -121,9 +103,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.8
distclean: clean
rm -f $(GENERATED) $(SWIGFILES)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.82/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.82/src/matchpathcon.c 2009-06-23 15:49:12.000000000 -0400
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.83/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
+++ libselinux-2.0.83/src/matchpathcon.c 2009-07-07 12:22:39.328209000 -0400
@@ -2,6 +2,7 @@
#include <string.h>
#include <errno.h>
@ -141,9 +123,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
va_end(ap);
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.82/src/selinux.py
--- nsalibselinux/src/selinux.py 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.82/src/selinux.py 2009-06-23 15:49:12.000000000 -0400
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.83/src/selinux.py
--- nsalibselinux/src/selinux.py 2009-01-13 08:09:54.000000000 -0500
+++ libselinux-2.0.83/src/selinux.py 2009-07-07 12:22:39.337212000 -0400
@@ -1,12 +1,26 @@
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.35
@ -2355,9 +2337,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0
+selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.82/src/selinuxswig.i
--- nsalibselinux/src/selinuxswig.i 2009-03-12 08:48:48.000000000 -0400
+++ libselinux-2.0.82/src/selinuxswig.i 2009-06-23 15:49:12.000000000 -0400
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.83/src/selinuxswig.i
--- nsalibselinux/src/selinuxswig.i 2009-07-07 11:10:42.024956000 -0400
+++ libselinux-2.0.83/src/selinuxswig.i 2009-07-07 12:22:39.343210000 -0400
@@ -4,11 +4,14 @@
%module selinux
@ -2391,9 +2373,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-
+%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/label.h"
+%include "../include/selinux/selinux.h"
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.82/src/selinuxswig_python.i
--- nsalibselinux/src/selinuxswig_python.i 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.82/src/selinuxswig_python.i 2009-06-23 15:49:12.000000000 -0400
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.83/src/selinuxswig_python.i
--- nsalibselinux/src/selinuxswig_python.i 2009-01-13 08:09:54.000000000 -0500
+++ libselinux-2.0.83/src/selinuxswig_python.i 2009-07-07 12:22:39.355211000 -0400
@@ -21,6 +21,15 @@
map(restorecon, [os.path.join(dirname, fname)
for fname in fnames]), None)
@ -2416,9 +2398,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libs
+%include "selinuxswig_exception.i"
%include "selinuxswig.i"
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.82/src/selinuxswig_wrap.c
--- nsalibselinux/src/selinuxswig_wrap.c 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.82/src/selinuxswig_wrap.c 2009-06-23 15:49:12.000000000 -0400
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.83/src/selinuxswig_wrap.c
--- nsalibselinux/src/selinuxswig_wrap.c 2009-01-13 08:09:54.000000000 -0500
+++ libselinux-2.0.83/src/selinuxswig_wrap.c 2009-07-07 12:22:39.385216000 -0400
@@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
@ -16804,80 +16786,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
+#endif
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.82/src/seusers.c
--- nsalibselinux/src/seusers.c 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.82/src/seusers.c 2009-06-23 15:49:12.000000000 -0400
@@ -243,3 +243,67 @@
*r_level = NULL;
return 0;
}
+
+int getseuser(const char *username, const char *service,
+ char **r_seuser, char **r_level) {
+ int ret = -1;
+ int len = 0;
+ char *seuser = NULL;
+ char *level = NULL;
+ char *buffer = NULL;
+ size_t size = 0;
+ size_t lineno = 0;
+ char *rec = NULL;
+ char *path=NULL;
+ if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), username) < 0)
+ goto err;
+ FILE *fp = fopen(path, "r");
+ free(path);
+ if (fp == NULL) goto err;
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ while (getline(&buffer, &size, fp) > 0) {
+ ++lineno;
+
+ if (strncmp(buffer, "*:", 2) == 0) {
+ free(rec);
+ rec = strdup(buffer);
+ continue;
+ }
+ len = strlen(service);
+ if ((strncmp(buffer, service, len) == 0) &&
+ (buffer[len] == ':')) {
+ free(rec);
+ rec = strdup(buffer);
+ break;
+ }
+ }
+
+ if (! rec) goto err;
+ seuser = strchr(rec, ':');
+ if (! seuser) goto err;
+
+ seuser++;
+ level = strchr(seuser, ':');
+ *level = 0;
+ level++;
+ *r_seuser = strdup(seuser);
+ if (! *r_seuser) goto err;
+
+ len = strlen(level);
+ if (len && level[len-1] == '\n')
+ level[len-1] = 0;
+
+ *r_level = strdup(level);
+ if (! *r_level) {
+ free(*r_seuser);
+ goto err;
+ }
+ ret = 0;
+
+ err:
+ free(buffer);
+ if (fp) fclose(fp);
+ free(rec);
+
+ return (ret ? getseuserbyname(username, r_seuser, r_level) : ret);
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.82/utils/matchpathcon.c
--- nsalibselinux/utils/matchpathcon.c 2009-05-18 13:53:14.000000000 -0400
+++ libselinux-2.0.82/utils/matchpathcon.c 2009-06-23 15:49:12.000000000 -0400
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.83/utils/matchpathcon.c
--- nsalibselinux/utils/matchpathcon.c 2009-07-07 11:10:42.033956000 -0400
+++ libselinux-2.0.83/utils/matchpathcon.c 2009-07-07 12:22:39.395209000 -0400
@@ -22,9 +22,13 @@
char *buf;
int rc = matchpathcon(path, mode, &buf);

11
libselinux.spec
View File

@ -4,8 +4,8 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.0.82
Release: 2%{?dist}
Version: 2.0.84
Release: 1%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
@ -165,6 +165,13 @@ exit 0
%{ruby_sitearch}/selinux.so
%changelog
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.84-1
- Update to upstream
* Add per-service seuser support from Dan Walsh.
* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.
* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
Paris.
* Wed Jun 24 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.82-2
- Add provices ruby(selinux)

2
sources
View File

@ -1 +1 @@
d5539180258f0a66bceb466aab806589 libselinux-2.0.82.tgz
952674efe604477d00b787c262da17e2 libselinux-2.0.84.tgz