From 3da9d84fdc7f8a7b6267d9401e08af4227ecb159 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 6 Mar 2009 21:31:10 +0000 Subject: [PATCH] - Add substitute pattern - matchpathcon output <> on ENOENT --- libselinux-rhat.patch | 288 ++++++++++++++++++++++++++++++++++-------- libselinux.spec | 6 +- 2 files changed, 239 insertions(+), 55 deletions(-) diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 03e162b..704f0da 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,8 +1,11 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-2.0.77/include/selinux/selinux.h ---- nsalibselinux/include/selinux/selinux.h 2009-01-05 17:45:35.000000000 -0500 -+++ libselinux-2.0.77/include/selinux/selinux.h 2009-02-18 14:18:54.000000000 -0500 -@@ -459,6 +459,8 @@ +diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-2.0.78/include/selinux/selinux.h +--- nsalibselinux/include/selinux/selinux.h 2009-03-06 14:41:44.000000000 -0500 ++++ libselinux-2.0.78/include/selinux/selinux.h 2009-03-06 16:27:32.000000000 -0500 +@@ -457,8 +457,11 @@ + extern const char *selinux_file_context_path(void); + extern const char *selinux_file_context_homedir_path(void); extern const char *selinux_file_context_local_path(void); ++extern const char *selinux_file_context_subs_path(void); extern const char *selinux_homedir_context_path(void); extern const char *selinux_media_context_path(void); +extern const char *selinux_virtual_domain_context_path(void); @@ -10,7 +13,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib extern const char *selinux_x_context_path(void); extern const char *selinux_contexts_path(void); extern const char *selinux_securetty_types_path(void); -@@ -520,6 +522,14 @@ +@@ -520,6 +523,14 @@ Caller must free the returned strings via free. */ extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); @@ -25,9 +28,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib /* Compare two file contexts, return 0 if equivalent. */ int selinux_file_context_cmp(const security_context_t a, const security_context_t b); -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.77/man/man8/selinuxconlist.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.78/man/man8/selinuxconlist.8 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.77/man/man8/selinuxconlist.8 2009-02-18 14:18:54.000000000 -0500 ++++ libselinux-2.0.78/man/man8/selinuxconlist.8 2009-03-06 16:27:32.000000000 -0500 @@ -0,0 +1,18 @@ +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -47,9 +50,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib + +.SH "SEE ALSO" +secon(8), selinuxdefcon(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.77/man/man8/selinuxdefcon.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.78/man/man8/selinuxdefcon.8 --- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.77/man/man8/selinuxdefcon.8 2009-02-18 14:18:54.000000000 -0500 ++++ libselinux-2.0.78/man/man8/selinuxdefcon.8 2009-03-06 16:27:32.000000000 -0500 @@ -0,0 +1,19 @@ +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -70,9 +73,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs + +.SH "SEE ALSO" +secon(8), selinuxconlist(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.77/src/callbacks.c ---- nsalibselinux/src/callbacks.c 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.77/src/callbacks.c 2009-02-18 14:18:54.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.78/src/callbacks.c +--- nsalibselinux/src/callbacks.c 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/callbacks.c 2009-03-06 16:27:32.000000000 -0500 @@ -16,6 +16,7 @@ { int rc; @@ -81,18 +84,166 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2. va_start(ap, fmt); rc = vfprintf(stderr, fmt, ap); va_end(ap); -diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-2.0.77/src/file_path_suffixes.h ---- nsalibselinux/src/file_path_suffixes.h 2009-01-05 17:45:35.000000000 -0500 -+++ libselinux-2.0.77/src/file_path_suffixes.h 2009-02-18 14:18:54.000000000 -0500 -@@ -20,3 +20,5 @@ +diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-2.0.78/src/file_path_suffixes.h +--- nsalibselinux/src/file_path_suffixes.h 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/file_path_suffixes.h 2009-03-06 16:27:32.000000000 -0500 +@@ -20,3 +20,6 @@ S_(FILE_CONTEXTS_LOCAL, "/contexts/files/file_contexts.local") S_(X_CONTEXTS, "/contexts/x_contexts") S_(COLORS, "/secolor.conf") + S_(VIRTUAL_DOMAIN, "/contexts/virtual_domain_context") + S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context") -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.77/src/matchpathcon.c ---- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.77/src/matchpathcon.c 2009-02-18 14:18:54.000000000 -0500 ++ S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs") +diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.78/src/label.c +--- nsalibselinux/src/label.c 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/label.c 2009-03-06 16:27:32.000000000 -0500 +@@ -5,10 +5,12 @@ + */ + + #include ++#include + #include + #include + #include + #include ++#include + #include "callbacks.h" + #include "label_internal.h" + +@@ -23,6 +25,96 @@ + &selabel_x_init + }; + ++typedef struct selabel_sub { ++ char *src; ++ int slen; ++ char *dst; ++ struct selabel_sub *next; ++} SELABELSUB; ++ ++SELABELSUB *selabelsublist = NULL; ++ ++static void selabel_subs_fini(void) ++{ ++ SELABELSUB *ptr = selabelsublist; ++ SELABELSUB *next = NULL; ++ while (ptr) { ++ next = ptr->next; ++ free(ptr->src); ++ free(ptr->dst); ++ free(ptr); ++ ptr = next; ++ } ++ selabelsublist = NULL; ++} ++ ++static char *selabel_sub(const char *src) ++{ ++ char *dst = NULL; ++ SELABELSUB *ptr = selabelsublist; ++ while (ptr) { ++ if (strncmp(src, ptr->src, ptr->slen) == 0 ) { ++ if (src[ptr->slen] == '/' || ++ src[ptr->slen] == 0) { ++ asprintf(&dst, "%s%s", ptr->dst, &src[ptr->slen]); ++ return dst; ++ } ++ } ++ ptr = ptr->next; ++ } ++ return NULL; ++} ++ ++static int selabel_subs_init(void) ++{ ++ char buf[1024]; ++ FILE *cfg = fopen(selinux_file_context_subs_path(), "r"); ++ if (cfg) { ++ while (fgets_unlocked(buf, sizeof(buf) - 1, cfg)) { ++ char *ptr = NULL; ++ char *src = buf; ++ char *dst = NULL; ++ ++ while (*src && isspace(*src)) ++ src++; ++ if (src[0] == '#') continue; ++ ptr = src; ++ while (*ptr && ! isspace(*ptr)) ++ ptr++; ++ *ptr++ = 0; ++ if (! *src) continue; ++ ++ dst = ptr; ++ while (*dst && isspace(*dst)) ++ dst++; ++ ptr=dst; ++ while (*ptr && ! isspace(*ptr)) ++ ptr++; ++ *ptr=0; ++ if (! *dst) continue; ++ ++ SELABELSUB *sub = (SELABELSUB*) malloc(sizeof(SELABELSUB)); ++ if (! sub) return -1; ++ sub->src=strdup(src); ++ if (! sub->src) { ++ free(sub); ++ return -1; ++ } ++ sub->dst=strdup(dst); ++ if (! sub->dst) { ++ free(sub); ++ free(sub->src); ++ return -1; ++ } ++ sub->slen = strlen(src); ++ sub->next = selabelsublist; ++ selabelsublist = sub; ++ } ++ fclose(cfg); ++ } ++ return 0; ++} ++ + /* + * Validation functions + */ +@@ -67,6 +159,8 @@ + goto out; + } + ++ selabel_subs_init(); ++ + rec = (struct selabel_handle *)malloc(sizeof(*rec)); + if (!rec) + goto out; +@@ -88,7 +182,14 @@ + selabel_lookup_common(struct selabel_handle *rec, int translating, + const char *key, int type) + { +- struct selabel_lookup_rec *lr = rec->func_lookup(rec, key, type); ++ struct selabel_lookup_rec *lr; ++ char *ptr = selabel_sub(key); ++ if (ptr) { ++ lr = rec->func_lookup(rec, ptr, type); ++ free(ptr); ++ } else { ++ lr = rec->func_lookup(rec, key, type); ++ } + if (!lr) + return NULL; + +@@ -132,6 +233,8 @@ + { + rec->func_close(rec); + free(rec); ++ ++ selabel_subs_fini(); + } + + void selabel_stats(struct selabel_handle *rec) +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.78/src/matchpathcon.c +--- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/matchpathcon.c 2009-03-06 16:27:32.000000000 -0500 @@ -2,6 +2,7 @@ #include #include @@ -110,21 +261,22 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux va_end(ap); } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-2.0.77/src/selinux_config.c ---- nsalibselinux/src/selinux_config.c 2009-01-05 17:45:35.000000000 -0500 -+++ libselinux-2.0.77/src/selinux_config.c 2009-02-18 14:18:54.000000000 -0500 -@@ -40,7 +40,9 @@ +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-2.0.78/src/selinux_config.c +--- nsalibselinux/src/selinux_config.c 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/selinux_config.c 2009-03-06 16:27:32.000000000 -0500 +@@ -40,7 +40,10 @@ #define SECURETTY_TYPES 18 #define X_CONTEXTS 19 #define COLORS 20 -#define NEL 21 +#define VIRTUAL_DOMAIN 21 +#define VIRTUAL_IMAGE 22 -+#define NEL 23 ++#define FILE_CONTEXT_SUBS 23 ++#define NEL 24 /* New layout is relative to SELINUXDIR/policytype. */ static char *file_paths[NEL]; -@@ -391,3 +393,17 @@ +@@ -391,3 +394,24 @@ } hidden_def(selinux_x_context_path) @@ -142,10 +294,17 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin +} + +hidden_def(selinux_virtual_image_context_path) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-2.0.77/src/selinux_internal.h ---- nsalibselinux/src/selinux_internal.h 2009-01-05 17:45:35.000000000 -0500 -+++ libselinux-2.0.77/src/selinux_internal.h 2009-02-18 14:18:54.000000000 -0500 -@@ -56,6 +56,8 @@ ++ ++const char * selinux_file_context_subs_path(void) { ++ return get_path(FILE_CONTEXT_SUBS); ++} ++ ++hidden_def(selinux_file_context_subs_path) ++ +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-2.0.78/src/selinux_internal.h +--- nsalibselinux/src/selinux_internal.h 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/selinux_internal.h 2009-03-06 16:27:32.000000000 -0500 +@@ -56,9 +56,12 @@ hidden_proto(selinux_securetty_types_path) hidden_proto(selinux_failsafe_context_path) hidden_proto(selinux_removable_context_path) @@ -154,9 +313,13 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libsel hidden_proto(selinux_file_context_path) hidden_proto(selinux_file_context_homedir_path) hidden_proto(selinux_file_context_local_path) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.77/src/selinux.py ---- nsalibselinux/src/selinux.py 2009-01-13 08:45:35.000000000 -0500 -+++ libselinux-2.0.77/src/selinux.py 2009-02-18 14:18:54.000000000 -0500 ++ hidden_proto(selinux_file_context_subs_path) + hidden_proto(selinux_netfilter_context_path) + hidden_proto(selinux_homedir_context_path) + hidden_proto(selinux_user_contexts_path) +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.78/src/selinux.py +--- nsalibselinux/src/selinux.py 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/selinux.py 2009-03-06 16:27:32.000000000 -0500 @@ -1,5 +1,5 @@ # This file was automatically generated by SWIG (http://www.swig.org). -# Version 1.3.35 @@ -555,9 +718,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0 selinux_default_type_path = _selinux.selinux_default_type_path get_default_type = _selinux.get_default_type SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.77/src/selinuxswig.i ---- nsalibselinux/src/selinuxswig.i 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.77/src/selinuxswig.i 2009-02-18 14:18:54.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.78/src/selinuxswig.i +--- nsalibselinux/src/selinuxswig.i 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/selinuxswig.i 2009-03-06 16:27:32.000000000 -0500 @@ -47,8 +47,36 @@ %ignore set_matchpathcon_printf; %ignore set_matchpathcon_invalidcon; @@ -596,9 +759,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux- %include "../include/selinux/selinux.h" %include "../include/selinux/avc.h" -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.77/src/selinuxswig_python.i ---- nsalibselinux/src/selinuxswig_python.i 2009-01-13 08:45:35.000000000 -0500 -+++ libselinux-2.0.77/src/selinuxswig_python.i 2009-02-18 14:18:54.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.78/src/selinuxswig_python.i +--- nsalibselinux/src/selinuxswig_python.i 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/selinuxswig_python.i 2009-03-06 16:27:32.000000000 -0500 @@ -21,6 +21,15 @@ map(restorecon, [os.path.join(dirname, fname) for fname in fnames]), None) @@ -628,9 +791,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libs +} + %include "selinuxswig.i" -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.77/src/selinuxswig_wrap.c ---- nsalibselinux/src/selinuxswig_wrap.c 2009-01-13 08:45:35.000000000 -0500 -+++ libselinux-2.0.77/src/selinuxswig_wrap.c 2009-02-18 14:18:54.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.78/src/selinuxswig_wrap.c +--- nsalibselinux/src/selinuxswig_wrap.c 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/selinuxswig_wrap.c 2009-03-06 16:27:32.000000000 -0500 @@ -1,6 +1,6 @@ /* ---------------------------------------------------------------------------- * This file was automatically generated by SWIG (http://www.swig.org). @@ -10291,9 +10454,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel _swigc__p_selinux_opt, _swigc__p_unsigned_int, _swigc__p_unsigned_short, -diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.77/src/seusers.c ---- nsalibselinux/src/seusers.c 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.77/src/seusers.c 2009-02-18 14:18:54.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.78/src/seusers.c +--- nsalibselinux/src/seusers.c 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/src/seusers.c 2009-03-06 16:27:32.000000000 -0500 @@ -243,3 +243,67 @@ *r_level = NULL; return 0; @@ -10362,9 +10525,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0. + + return (ret ? getseuserbyname(username, r_seuser, r_level) : ret); +} -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getdefaultcon.c libselinux-2.0.77/utils/getdefaultcon.c ---- nsalibselinux/utils/getdefaultcon.c 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.77/utils/getdefaultcon.c 2009-02-18 14:18:54.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getdefaultcon.c libselinux-2.0.78/utils/getdefaultcon.c +--- nsalibselinux/utils/getdefaultcon.c 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/utils/getdefaultcon.c 2009-03-06 16:27:32.000000000 -0500 @@ -22,8 +22,9 @@ security_context_t usercon = NULL, cur_context = NULL; char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL; @@ -10410,9 +10573,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getdefaultcon.c libseli - return 0; + return ret >= 0; } -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/Makefile libselinux-2.0.77/utils/Makefile ---- nsalibselinux/utils/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.77/utils/Makefile 2009-02-18 14:18:54.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibselinux/utils/Makefile libselinux-2.0.78/utils/Makefile +--- nsalibselinux/utils/Makefile 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/utils/Makefile 2009-03-06 16:27:32.000000000 -0500 @@ -2,28 +2,33 @@ PREFIX ?= $(DESTDIR)/usr LIBDIR ?= $(PREFIX)/lib @@ -10451,10 +10614,27 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/utils/Makefile libselinux-2.0 indent: ../../scripts/Lindent $(wildcard *.[ch]) -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.77/utils/matchpathcon.c ---- nsalibselinux/utils/matchpathcon.c 2008-10-28 10:06:51.000000000 -0400 -+++ libselinux-2.0.77/utils/matchpathcon.c 2009-02-18 14:18:54.000000000 -0500 -@@ -101,6 +101,11 @@ +diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.78/utils/matchpathcon.c +--- nsalibselinux/utils/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.78/utils/matchpathcon.c 2009-03-06 16:29:27.000000000 -0500 +@@ -22,9 +22,13 @@ + char *buf; + int rc = matchpathcon(path, mode, &buf); + if (rc < 0) { +- fprintf(stderr, "matchpathcon(%s) failed: %s\n", path, +- strerror(errno)); +- return 1; ++ if (errno == ENOENT) { ++ buf=strdup("<>"); ++ } else { ++ fprintf(stderr, "matchpathcon(%s) failed: %s\n", path, ++ strerror(errno)); ++ return 1; ++ } + } + if (header) + printf("%s\t%s\n", path, buf); +@@ -101,6 +105,11 @@ for (i = optind; i < argc; i++) { int mode = 0; struct stat buf; diff --git a/libselinux.spec b/libselinux.spec index 646fb12..cc683fc 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -5,7 +5,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.0.78 -Release: 1%{?dist} +Release: 2%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -164,6 +164,10 @@ exit 0 %{ruby_sitearch}/selinux.so %changelog +* Fri Mar 6 2009 Dan Walsh - 2.0.78-2 +- Add substitute pattern +- matchpathcon output <> on ENOENT + * Mon Mar 2 2009 Dan Walsh - 2.0.78-1 - Update to upstream * Fix incorrect conversion in discover_class code.