From 47b511b0945fe0a9aa8d9bd5e3692b3495f2309c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 9 Apr 2007 19:50:05 +0000 Subject: [PATCH] - Upgrade to upstream Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh. Merged sidput(NULL) patch from Eamon Walsh. --- .cvsignore | 1 + libselinux-rhat.patch | 160 +++++++++++------------------------------- libselinux.spec | 9 ++- sources | 2 +- 4 files changed, 49 insertions(+), 123 deletions(-) diff --git a/.cvsignore b/.cvsignore index aca2226..411a185 100644 --- a/.cvsignore +++ b/.cvsignore @@ -114,3 +114,4 @@ libselinux-2.0.5.tgz libselinux-2.0.7.tgz libselinux-2.0.8.tgz libselinux-2.0.9.tgz +libselinux-2.0.11.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index eeec055..1901611 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,18 +1,31 @@ +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-2.0.9/man/man8/matchpathcon.8 +--- nsalibselinux/man/man8/matchpathcon.8 2007-01-17 11:11:35.000000000 -0500 ++++ libselinux-2.0.9/man/man8/matchpathcon.8 2007-04-05 13:20:43.000000000 -0400 +@@ -28,4 +28,4 @@ + + .SH "SEE ALSO" + .BR selinux "(8), " +-.BR mathpathcon "(3), " ++.BR matchpathcon "(3), " diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.9/src/selinuxswig.i --- nsalibselinux/src/selinuxswig.i 2007-02-22 08:53:23.000000000 -0500 -+++ libselinux-2.0.9/src/selinuxswig.i 2007-04-05 11:53:17.000000000 -0400 -@@ -115,9 +115,34 @@ ++++ libselinux-2.0.9/src/selinuxswig.i 2007-04-05 16:47:42.000000000 -0400 +@@ -115,9 +115,38 @@ extern const char *selinux_path(void); extern int selinux_check_passwd_access(access_vector_t requested); extern int checkPasswdAccess(access_vector_t requested); + +// This tells SWIG to treat char ** as a special case -+%typemap(in) char ** { ++%typemap(python,in) char ** { + /* Check if is a list */ + if (PyList_Check($input)) { + int size = PyList_Size($input); + int i = 0; + $1 = (char **) malloc((size+1)*sizeof(char *)); ++ if ($1 == NULL) { ++ PyErr_SetString(PyExc_MemoryError,"Out of memory"); ++ return NULL; ++ } + for (i = 0; i < size; i++) { + PyObject *o = PyList_GetItem($input,i); + if (PyString_Check(o)) @@ -37,125 +50,32 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux- extern int is_context_customizable (security_context_t scontext); -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.9/src/selinuxswig_wrap.c ---- nsalibselinux/src/selinuxswig_wrap.c 2007-02-22 08:53:23.000000000 -0500 -+++ libselinux-2.0.9/src/selinuxswig_wrap.c 2007-04-05 11:45:04.000000000 -0400 -@@ -4145,18 +4145,14 @@ - PyObject *resultobj = 0; - unsigned int arg1 ; - char *arg2 = (char *) 0 ; -- char **arg3 ; -- char **arg4 ; -+ char **arg3 = (char **) 0 ; -+ char **arg4 = (char **) 0 ; - int result; - unsigned int val1 ; - int ecode1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; -- void *argp3 = 0 ; -- int res3 = 0 ; -- void *argp4 = 0 ; -- int res4 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; -@@ -4173,17 +4169,51 @@ - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); -- res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_p_char, 0 | 0 ); -- if (!SWIG_IsOK(res3)) { -- SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "rpm_execcon" "', argument " "3"" of type '" "char *const []""'"); -- } -- arg3 = (char **)(argp3); -- res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_p_char, 0 | 0 ); -- if (!SWIG_IsOK(res4)) { -- SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "rpm_execcon" "', argument " "4"" of type '" "char *const []""'"); -- } -- arg4 = (char **)(argp4); -- result = (int)rpm_execcon(arg1,(char const *)arg2,(char *const (*))arg3,(char *const (*))arg4); -+ { -+ /* Check if is a list */ -+ if (PyList_Check(obj2)) { -+ int size = PyList_Size(obj2); -+ int i = 0; -+ arg3 = (char **) malloc((size+1)*sizeof(char *)); -+ for (i = 0; i < size; i++) { -+ PyObject *o = PyList_GetItem(obj2,i); -+ if (PyString_Check(o)) -+ arg3[i] = PyString_AsString(PyList_GetItem(obj2,i)); -+ else { -+ PyErr_SetString(PyExc_TypeError,"list must contain strings"); -+ free(arg3); -+ return NULL; -+ } -+ } -+ arg3[i] = 0; -+ } else { -+ PyErr_SetString(PyExc_TypeError,"not a list"); -+ return NULL; -+ } -+ } -+ { -+ /* Check if is a list */ -+ if (PyList_Check(obj3)) { -+ int size = PyList_Size(obj3); -+ int i = 0; -+ arg4 = (char **) malloc((size+1)*sizeof(char *)); -+ for (i = 0; i < size; i++) { -+ PyObject *o = PyList_GetItem(obj3,i); -+ if (PyString_Check(o)) -+ arg4[i] = PyString_AsString(PyList_GetItem(obj3,i)); -+ else { -+ PyErr_SetString(PyExc_TypeError,"list must contain strings"); -+ free(arg4); -+ return NULL; -+ } -+ } -+ arg4[i] = 0; -+ } else { -+ PyErr_SetString(PyExc_TypeError,"not a list"); -+ return NULL; -+ } -+ } -+ result = (int)rpm_execcon(arg1,(char const *)arg2,arg3,arg4); - resultobj = SWIG_From_int((int)(result)); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return resultobj; diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getsebool.c libselinux-2.0.9/utils/getsebool.c --- nsalibselinux/utils/getsebool.c 2006-11-16 17:15:17.000000000 -0500 -+++ libselinux-2.0.9/utils/getsebool.c 2007-04-05 10:53:29.000000000 -0400 -@@ -72,17 +72,23 @@ ++++ libselinux-2.0.9/utils/getsebool.c 2007-04-05 16:57:51.000000000 -0400 +@@ -14,7 +14,7 @@ + + int main(int argc, char **argv) + { +- int i, rc = 0, active, pending, len = 0, opt; ++ int i, get_all = 0, rc = 0, active, pending, len = 0, opt; + char **names; + + while ((opt = getopt(argc, argv, "a")) > 0) { +@@ -39,6 +39,7 @@ + printf("No booleans\n"); + return 0; + } ++ get_all = 1; + break; + default: + usage(argv[0]); +@@ -72,6 +73,8 @@ for (i = 0; i < len; i++) { active = security_get_boolean_active(names[i]); if (active < 0) { -- fprintf(stderr, "Error getting active value for %s\n", -- names[i]); -- rc = -1; -- goto out; -+ if (errno != EACCES) { -+ fprintf(stderr, "Error getting active value for %s\n", -+ names[i]); -+ rc = -1; -+ goto out; -+ } -+ continue; - } - pending = security_get_boolean_pending(names[i]); - if (pending < 0) { -- fprintf(stderr, "Error getting pending value for %s\n", -- names[i]); -- rc = -1; -- goto out; -+ if (errno != EACCES) { -+ fprintf(stderr, "Error getting pending value for %s\n", -+ names[i]); -+ rc = -1; -+ goto out; -+ } -+ continue; - } - if (pending != active) { - printf("%s --> %s pending: %s\n", names[i], ++ if (get_all && errno == EACCES) ++ continue; + fprintf(stderr, "Error getting active value for %s\n", + names[i]); + rc = -1; diff --git a/libselinux.spec b/libselinux.spec index 673e9b4..81a0e89 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,8 +1,8 @@ %define libsepolver 2.0.1-1 Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.9 -Release: 2%{?dist} +Version: 2.0.11 +Release: 1%{?dist} License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -121,6 +121,11 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Mon Apr 9 2007 Dan Walsh - 2.0.11-1 +- Upgrade to upstream + * Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh. + * Merged sidput(NULL) patch from Eamon Walsh. + * Thu Apr 5 2007 Dan Walsh - 2.0.9-2 - Make rpm_exec swig work diff --git a/sources b/sources index e1e2e0e..cee08b6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7db5494cb311293ac526bdd631fb6a45 libselinux-2.0.9.tgz +1ba54e7ad81fd4589bf4897260ee2071 libselinux-2.0.11.tgz