- Patch to not translate mls when calling setfiles
This commit is contained in:
Daniel J Walsh
parent
69e4fdee5a
commit
70810f17e4
|
|
@ -1,12 +1,75 @@
|
|||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.27.19/src/matchpathcon.c
|
||||
--- nsalibselinux/src/matchpathcon.c 2005-10-06 09:20:38.000000000 -0400
|
||||
+++ libselinux-1.27.19/src/matchpathcon.c 2005-11-08 14:04:09.000000000 -0500
|
||||
@@ -605,7 +605,7 @@
|
||||
unsigned int lineno, pass, i, j, maxnspec;
|
||||
spec_t *spec_copy=NULL;
|
||||
int status=-1;
|
||||
- int mls_enabled=is_selinux_mls_enabled();
|
||||
+ int mls_enabled=is_selinux_mls_enabled() && ( is_selinux_enabled() > 0 );
|
||||
Index: libselinux/include/selinux/selinux.h
|
||||
===================================================================
|
||||
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/include/selinux/selinux.h,v
|
||||
retrieving revision 1.50
|
||||
diff -u -p -r1.50 selinux.h
|
||||
--- libselinux/include/selinux/selinux.h 7 Nov 2005 19:30:36 -0000 1.50
|
||||
+++ libselinux/include/selinux/selinux.h 8 Nov 2005 19:04:31 -0000
|
||||
@@ -292,6 +292,7 @@ extern void set_matchpathcon_canoncon(in
|
||||
|
||||
/* Open the specification file. */
|
||||
if (!path)
|
||||
/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
|
||||
#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
|
||||
+#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
|
||||
extern void set_matchpathcon_flags(unsigned int flags);
|
||||
|
||||
/* Load the file contexts configuration specified by 'path'
|
||||
Index: libselinux/src/matchpathcon.c
|
||||
===================================================================
|
||||
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/matchpathcon.c,v
|
||||
retrieving revision 1.32
|
||||
diff -u -p -r1.32 matchpathcon.c
|
||||
--- libselinux/src/matchpathcon.c 7 Nov 2005 19:30:37 -0000 1.32
|
||||
+++ libselinux/src/matchpathcon.c 8 Nov 2005 19:08:05 -0000
|
||||
@@ -570,6 +570,10 @@ static int process_line( const char *pat
|
||||
skip_type:
|
||||
if (strcmp(context, "<<none>>")) {
|
||||
char *tmpcon = NULL;
|
||||
+
|
||||
+ if (myflags & MATCHPATHCON_NOTRANS)
|
||||
+ goto skip_trans;
|
||||
+
|
||||
if (context_translations) {
|
||||
if (raw_to_trans_context(context, &tmpcon)) {
|
||||
myprintf("%s: line %u has invalid "
|
||||
@@ -584,6 +588,7 @@ static int process_line( const char *pat
|
||||
return -1;
|
||||
}
|
||||
|
||||
+skip_trans:
|
||||
if (myinvalidcon) {
|
||||
/* Old-style validation of context. */
|
||||
if (myinvalidcon(path, lineno, context))
|
||||
Index: policycoreutils/setfiles/setfiles.c
|
||||
===================================================================
|
||||
RCS file: /nfshome/pal/CVS/selinux-usr/policycoreutils/setfiles/setfiles.c,v
|
||||
retrieving revision 1.38
|
||||
diff -u -p -r1.38 setfiles.c
|
||||
--- policycoreutils/setfiles/setfiles.c 7 Nov 2005 19:31:55 -0000 1.38
|
||||
+++ policycoreutils/setfiles/setfiles.c 8 Nov 2005 19:12:31 -0000
|
||||
@@ -388,13 +388,7 @@ int canoncon(const char *path, unsigned
|
||||
int valid = 1;
|
||||
|
||||
if (policyfile) {
|
||||
- char *raw;
|
||||
- if (selinux_trans_to_raw_context(context, &raw))
|
||||
- valid = 0;
|
||||
- if (valid) {
|
||||
- valid = (sepol_check_context (raw) >= 0);
|
||||
- freecon(raw);
|
||||
- }
|
||||
+ valid = (sepol_check_context (context) >= 0);
|
||||
} else if (security_canonicalize_context(context, &tmpcon) < 0) {
|
||||
if (errno != ENOENT) {
|
||||
valid = 0;
|
||||
@@ -447,8 +441,9 @@ int main(int argc, char **argv)
|
||||
fclose(policystream);
|
||||
|
||||
/* Only process the specified file_contexts file, not
|
||||
- any .homedirs or .local files. */
|
||||
- set_matchpathcon_flags(MATCHPATHCON_BASEONLY);
|
||||
+ any .homedirs or .local files, and do not perform
|
||||
+ context translations. */
|
||||
+ set_matchpathcon_flags(MATCHPATHCON_BASEONLY|MATCHPATHCON_NOTRANS);
|
||||
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 1.27.19
|
||||
Release: 1
|
||||
Release: 2
|
||||
License: Public domain (uncopyrighted)
|
||||
Group: System Environment/Libraries
|
||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||
|
|
@ -92,6 +92,9 @@ exit 0
|
|||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-2
|
||||
- Patch to not translate mls when calling setfiles
|
||||
|
||||
* Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-1
|
||||
- Update to latest from NSA
|
||||
* Merged seusers parser changes from Ivan Gyurdiev.
|
||||
|
|
|
|||
Loading…
Reference in New Issue