From 5abec270e9a64305e74f309f03ab0ff007dcfd6e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 16 Jun 2010 13:23:15 +0000 Subject: [PATCH] - Update to upstream Add const qualifiers to public API where appropriate by KaiGai Kohei. --- .cvsignore | 3 + libselinux-rhat.patch | 237 +++++++++++++++++++++++++++++++++++++----- libselinux.spec | 92 +++++++++++++++- sources | 2 +- 4 files changed, 301 insertions(+), 33 deletions(-) diff --git a/.cvsignore b/.cvsignore index 049ca93..fd86183 100644 --- a/.cvsignore +++ b/.cvsignore @@ -176,3 +176,6 @@ libselinux-2.0.89.tgz libselinux-2.0.90.tgz libselinux-2.0.91.tgz libselinux-2.0.92.tgz +libselinux-2.0.93.tgz +libselinux-2.0.94.tgz +libselinux-2.0.96.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 6bb9404..0578c30 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,23 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_selinux_enabled.3 libselinux-2.0.92/man/man3/is_selinux_enabled.3 ---- nsalibselinux/man/man3/is_selinux_enabled.3 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.92/man/man3/is_selinux_enabled.3 2010-03-07 07:40:57.000000000 -0500 -@@ -1,4 +1,4 @@ --.TH "is_selinux_enabled" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation" -+.TH "is_selinux_enabled" "3" "7 Mar 2010" "russell@coker.com.au" "SELinux API documentation" - .SH "NAME" - is_selinux_enabled \- check whether SELinux is enabled - -@@ -14,6 +14,7 @@ - .SH "DESCRIPTION" - .B is_selinux_enabled - returns 1 if SELinux is running or 0 if it is not. -+On error, \-1 is returned. - - .B is_selinux_mls_enabled - returns 1 if SELinux is running in MLS mode or 0 if it is not. -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.92/man/man8/selinuxconlist.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.96/man/man8/selinuxconlist.8 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.92/man/man8/selinuxconlist.8 2010-03-07 07:38:19.000000000 -0500 ++++ libselinux-2.0.96/man/man8/selinuxconlist.8 2010-06-16 09:20:34.000000000 -0400 @@ -0,0 +1,18 @@ +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -37,9 +20,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib + +.SH "SEE ALSO" +secon(8), selinuxdefcon(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.92/man/man8/selinuxdefcon.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.96/man/man8/selinuxdefcon.8 --- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.92/man/man8/selinuxdefcon.8 2010-03-07 07:38:19.000000000 -0500 ++++ libselinux-2.0.96/man/man8/selinuxdefcon.8 2010-06-16 09:20:34.000000000 -0400 @@ -0,0 +1,24 @@ +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -65,9 +48,94 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs + +.SH "SEE ALSO" +secon(8), selinuxconlist(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.92/src/callbacks.c ---- nsalibselinux/src/callbacks.c 2009-04-08 09:06:23.000000000 -0400 -+++ libselinux-2.0.92/src/callbacks.c 2010-03-07 07:38:19.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.96/src/audit2why.c +--- nsalibselinux/src/audit2why.c 2010-05-19 14:45:51.000000000 -0400 ++++ libselinux-2.0.96/src/audit2why.c 2010-06-16 09:20:34.000000000 -0400 +@@ -1,3 +1,6 @@ ++/* Workaround for http://bugs.python.org/issue4835 */ ++#define SIZEOF_SOCKET_T SIZEOF_INT ++ + #include + #include + #include +@@ -287,8 +290,10 @@ + static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) { + int result; + char *init_path=NULL; +- if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) +- result = __policy_init(init_path); ++ if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) { ++ return NULL; ++ } ++ result = __policy_init(init_path); + return Py_BuildValue("i", result); + } + +@@ -353,7 +358,11 @@ + strObj = PyList_GetItem(listObj, i); /* Can't fail */ + + /* make it a string */ ++#if PY_MAJOR_VERSION >= 3 ++ permstr = PyBytes_AsString( strObj ); ++#else + permstr = PyString_AsString( strObj ); ++#endif + + perm = string_to_av_perm(tclass, permstr); + if (!perm) { +@@ -423,10 +432,39 @@ + {NULL, NULL, 0, NULL} /* Sentinel */ + }; + ++#if PY_MAJOR_VERSION >= 3 ++/* Module-initialization logic specific to Python 3 */ ++struct module_state { ++ /* empty for now */ ++}; ++static struct PyModuleDef moduledef = { ++ PyModuleDef_HEAD_INIT, ++ "audit2why", ++ NULL, ++ sizeof(struct module_state), ++ audit2whyMethods, ++ NULL, ++ NULL, ++ NULL, ++ NULL ++}; ++ ++PyMODINIT_FUNC ++PyInit_audit2why(void) ++#else + PyMODINIT_FUNC + initaudit2why(void) ++#endif + { +- PyObject *m = Py_InitModule("audit2why", audit2whyMethods); ++ PyObject *m; ++#if PY_MAJOR_VERSION >= 3 ++ m = PyModule_Create(&moduledef); ++ if (m == NULL) { ++ return NULL; ++ } ++#else ++ m = Py_InitModule("audit2why", audit2whyMethods); ++#endif + PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN); + PyModule_AddIntConstant(m,"BADSCON", BADSCON); + PyModule_AddIntConstant(m,"BADTCON", BADTCON); +@@ -440,4 +478,8 @@ + PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN); + PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT); + PyModule_AddIntConstant(m,"RBAC", RBAC); ++ ++#if PY_MAJOR_VERSION >= 3 ++ return m; ++#endif + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.96/src/callbacks.c +--- nsalibselinux/src/callbacks.c 2010-05-19 14:45:51.000000000 -0400 ++++ libselinux-2.0.96/src/callbacks.c 2010-06-16 09:20:34.000000000 -0400 @@ -16,6 +16,7 @@ { int rc; @@ -76,9 +144,65 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2. va_start(ap, fmt); rc = vfprintf(stderr, fmt, ap); va_end(ap); -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.92/src/matchpathcon.c ---- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500 -+++ libselinux-2.0.92/src/matchpathcon.c 2010-03-07 07:38:19.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.96/src/Makefile +--- nsalibselinux/src/Makefile 2010-05-19 14:45:51.000000000 -0400 ++++ libselinux-2.0.96/src/Makefile 2010-06-16 09:20:39.000000000 -0400 +@@ -1,9 +1,10 @@ + # Installation directories. ++PYTHON ?= python + PREFIX ?= $(DESTDIR)/usr + LIBDIR ?= $(PREFIX)/lib + SHLIBDIR ?= $(DESTDIR)/lib + INCLUDEDIR ?= $(PREFIX)/include +-PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]') ++PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])') + PYINC ?= /usr/include/$(PYLIBVER) + PYLIB ?= /usr/lib/$(PYLIBVER) + PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) +@@ -23,13 +24,13 @@ + SWIGRUBYIF= selinuxswig_ruby.i + SWIGCOUT= selinuxswig_wrap.c + SWIGRUBYCOUT= selinuxswig_ruby_wrap.c +-SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) ++SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT)) + SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) +-SWIGSO=_selinux.so ++SWIGSO=$(PYPREFIX)_selinux.so + SWIGFILES=$(SWIGSO) selinux.py selinuxswig_python_exception.i + SWIGRUBYSO=_rubyselinux.so + LIBSO=$(TARGET).$(LIBVERSION) +-AUDIT2WHYSO=audit2why.so ++AUDIT2WHYSO=$(PYPREFIX)audit2why.so + + ifeq ($(DISABLE_AVC),y) + UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c +@@ -91,10 +92,10 @@ + selinuxswig_python_exception.i: ../include/selinux/selinux.h + bash exception.sh > $@ + +-audit2why.lo: audit2why.c ++$(PYPREFIX)audit2why.lo: audit2why.c + $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< + +-$(AUDIT2WHYSO): audit2why.lo ++$(AUDIT2WHYSO): $(PYPREFIX)audit2why.lo + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@ + + %.o: %.c policy.h +@@ -123,8 +124,8 @@ + + install-pywrap: pywrap + test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux +- install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux +- install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux ++ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux/_selinux.so ++ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux/audit2why.so + install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py + + install-rubywrap: rubywrap +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.96/src/matchpathcon.c +--- nsalibselinux/src/matchpathcon.c 2010-05-19 14:45:51.000000000 -0400 ++++ libselinux-2.0.96/src/matchpathcon.c 2010-06-16 09:20:34.000000000 -0400 @@ -2,6 +2,7 @@ #include #include @@ -96,3 +220,62 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux va_end(ap); } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.96/src/selinuxswig_python.i +--- nsalibselinux/src/selinuxswig_python.i 2010-06-16 08:03:38.000000000 -0400 ++++ libselinux-2.0.96/src/selinuxswig_python.i 2010-06-16 09:20:34.000000000 -0400 +@@ -45,7 +45,7 @@ + PyObject* list = PyList_New(*$2); + int i; + for (i = 0; i < *$2; i++) { +- PyList_SetItem(list, i, PyString_FromString((*$1)[i])); ++ PyList_SetItem(list, i, PyBytes_FromString((*$1)[i])); + } + $result = SWIG_Python_AppendOutput($result, list); + } +@@ -74,7 +74,9 @@ + len++; + plist = PyList_New(len); + for (i = 0; i < len; i++) { +- PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); ++ PyList_SetItem(plist, i, ++ PyBytes_FromString((*$1)[i]) ++ ); + } + } else { + plist = PyList_New(0); +@@ -91,7 +93,9 @@ + if (*$1) { + plist = PyList_New(result); + for (i = 0; i < result; i++) { +- PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); ++ PyList_SetItem(plist, i, ++ PyBytes_FromString((*$1)[i]) ++ ); + } + } else { + plist = PyList_New(0); +@@ -144,16 +148,20 @@ + $1 = (char**) malloc(size + 1); + + for(i = 0; i < size; i++) { +- if (!PyString_Check(PySequence_GetItem($input, i))) { +- PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings"); ++ if (!PyBytes_Check(PySequence_GetItem($input, i))) { ++ PyErr_SetString(PyExc_ValueError, "Sequence must contain only bytes"); ++ + return NULL; + } ++ + } + + for(i = 0; i < size; i++) { + s = PySequence_GetItem($input, i); +- $1[i] = (char*) malloc(PyString_Size(s) + 1); +- strcpy($1[i], PyString_AsString(s)); ++ ++ $1[i] = (char*) malloc(PyBytes_Size(s) + 1); ++ strcpy($1[i], PyBytes_AsString(s)); ++ + } + $1[size] = NULL; + } diff --git a/libselinux.spec b/libselinux.spec index 5a579a4..7e9623d 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,18 +1,24 @@ +%global with_python3 1 + %define ruby_sitearch %(ruby -rrbconfig -e "puts Config::CONFIG['sitearchdir']") %define libsepolver 2.0.32-1 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.92 +Version: 2.0.96 Release: 1%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz -Patch: libselinux-rhat.patch +Patch1: libselinux-rhat.patch + URL: http://www.selinuxproject.org BuildRequires: python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig +%if 0%{?with_python3} +BuildRequires: python3-devel +%endif # if with_python3 Requires: libsepol >= %{libsepolver} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -48,6 +54,17 @@ Requires: libselinux = %{version}-%{release} The libselinux-python package contains the python bindings for developing SELinux applications. +%if 0%{?with_python3} +%package python3 +Summary: SELinux python 3 bindings for libselinux +Group: Development/Libraries +Requires: libselinux = %{version}-%{release} + +%description python3 +The libselinux-python3 package contains python 3 bindings for developing +SELinux applications. +%endif # with_python3 + %package ruby Summary: SELinux ruby bindings for libselinux Group: Development/Libraries @@ -79,15 +96,51 @@ needed for developing SELinux applications. %prep %setup -q -%patch -p1 -b .rhat +%patch1 -p1 -b .rhat %build +# To support building the Python wrapper against multiple Python runtimes +# Define a function, for how to perform a "build" of the python wrapper against +# a specific runtime: +BuildPythonWrapper() { + BinaryName=$1 + Prefix=$2 + + # Perform the build from the upstream Makefile: + make \ + PYTHON=$BinaryName PYPREFIX=$Prefix \ + LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} \ + pywrap +} + make clean make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} swigify -make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} all pywrap +make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} all + +BuildPythonWrapper %{__python} python2 +%if 0%{?with_python3} +BuildPythonWrapper %{__python3} python3 +%endif # with_python3 + make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} rubywrap %install +InstallPythonWrapper() { + BinaryName=$1 + Prefix=$2 + + make \ + PYTHON=$BinaryName PYPREFIX=$Prefix \ + LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} \ + pywrap + + make \ + PYTHON=$BinaryName PYPREFIX=$Prefix \ + DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" \ + SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_sbindir}" \ + install install-pywrap +} + rm -rf %{buildroot} mkdir -p %{buildroot}/%{_lib} mkdir -p %{buildroot}/%{_libdir} @@ -95,7 +148,11 @@ mkdir -p %{buildroot}%{_includedir} mkdir -p %{buildroot}%{_sbindir} mkdir -p %{buildroot}/var/run/setrans -make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_sbindir}" install install-pywrap +InstallPythonWrapper %{__python} python2 +%if 0%{?with_python3} +InstallPythonWrapper %{__python3} python3 +%endif # with_python3 + make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_sbindir}" install install-rubywrap # Nuke the files we don't want to distribute @@ -161,11 +218,36 @@ exit 0 %dir %{python_sitearch}/selinux %{python_sitearch}/selinux/* +%if 0%{?with_python3} +%files python3 +%defattr(-,root,root,-) +%dir %{python3_sitearch}/selinux +%{python3_sitearch}/selinux/* +%endif with_python3 + %files ruby %defattr(-,root,root,-) %{ruby_sitearch}/selinux.so %changelog +* Wed Mar 24 2010 Dan Walsh - 2.0.96-1 +- Update to upstream + * Add const qualifiers to public API where appropriate by KaiGai Kohei. + +2.0.95 2010-06-10 + * Remove duplicate slashes in paths in selabel_lookup from Chad Sellers + * Adds a chcon method to the libselinux python bindings from Steve Lawrence +- add python3 subpackage from David Malcolm + +* Wed Mar 24 2010 Dan Walsh - 2.0.94-1 + * Set errno=EINVAL for invalid contexts from Dan Walsh. + +* Sun Mar 16 2010 Dan Walsh - 2.0.93-1 +- Update to upstream + * Show strerror for security_getenforce() by Colin Waters. + * Merged selabel database support by KaiGai Kohei. + * Modify netlink socket blocking code by KaiGai Kohei. + * Sun Mar 7 2010 Dan Walsh - 2.0.92-1 - Update to upstream * Fix from Eric Paris to fix leak on non-selinux systems. diff --git a/sources b/sources index 63eece4..90e0980 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8650382d4d4a7c6ad2a27220815bc624 libselinux-2.0.92.tgz +d42e6ee6f34563cffe03bd5e6d45cea2 libselinux-2.0.96.tgz