diff --git a/.cvsignore b/.cvsignore index 1247d40..b37f6ae 100644 --- a/.cvsignore +++ b/.cvsignore @@ -153,3 +153,4 @@ libselinux-2.0.61.tgz libselinux-2.0.64.tgz libselinux-2.0.65.tgz libselinux-2.0.67.tgz +libselinux-2.0.69.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 4715d98..41e2dc3 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,18 +1,3 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.67/man/man3/freecon.3 ---- nsalibselinux/man/man3/freecon.3 2008-06-12 23:25:12.000000000 -0400 -+++ libselinux-2.0.67/man/man3/freecon.3 2008-07-09 16:52:33.000000000 -0400 -@@ -15,6 +15,11 @@ - .B freeconary - frees the memory allocated for a context array. - -+If -+.I con -+is NULL, no operation is performed. -+ -+ - .SH "SEE ALSO" - .BR selinux "(8)" - diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.67/man/man8/selinuxconlist.8 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 +++ libselinux-2.0.67/man/man8/selinuxconlist.8 2008-07-09 16:52:33.000000000 -0400 @@ -156,46 +141,17 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.6 indent: ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.67/src/audit2why.c ---- nsalibselinux/src/audit2why.c 2008-06-12 23:25:14.000000000 -0400 -+++ libselinux-2.0.67/src/audit2why.c 2008-07-09 16:52:33.000000000 -0400 -@@ -55,7 +55,7 @@ - return 0; - } - --static int check_booleans(struct avc_t *avc, struct boolean_t **bools) -+static int check_booleans(struct boolean_t **bools) +diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.67/src/callbacks.c +--- nsalibselinux/src/callbacks.c 2008-06-12 23:25:14.000000000 -0400 ++++ libselinux-2.0.67/src/callbacks.c 2008-07-18 11:15:56.000000000 -0400 +@@ -16,6 +16,7 @@ { - char errormsg[PATH_MAX]; - struct sepol_av_decision avd; -@@ -376,7 +376,7 @@ - avc->tsid = tsid; - avc->tclass = tclass; - avc->av = av; -- if (check_booleans(avc, &bools) == 0) { -+ if (check_booleans(&bools) == 0) { - if (av & ~avd.auditdeny) { - RETURN(DONTAUDIT) - } else { -@@ -390,15 +390,15 @@ - len++; b++; - } - b = bools; -- PyObject *boollist = PyTuple_New(len); -+ PyObject *outboollist = PyTuple_New(len); - len=0; - while(b->name) { - PyObject *bool = Py_BuildValue("(si)", b->name, b->active); -- PyTuple_SetItem(boollist, len++, bool); -+ PyTuple_SetItem(outboollist, len++, bool); - b++; - } - free(bools); -- PyTuple_SetItem(result, 1, boollist); -+ PyTuple_SetItem(result, 1, outboollist); - return result; - } - } + int rc; + va_list ap; ++ if (is_selinux_enabled() == 0) return 0; + va_start(ap, fmt); + rc = vfprintf(stderr, fmt, ap); + va_end(ap); diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.67/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2008-06-12 23:25:14.000000000 -0400 +++ libselinux-2.0.67/src/matchpathcon.c 2008-07-09 16:52:33.000000000 -0400 diff --git a/libselinux.spec b/libselinux.spec index 3b5257c..53c118c 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -4,8 +4,8 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.67 -Release: 4%{?dist} +Version: 2.0.69 +Release: 1%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -150,6 +150,13 @@ exit 0 %{ruby_sitearch}/selinux.so %changelog +* Tue Jul 29 2008 Dan Walsh - 2.0.69-1 +- Update to Upstream + * Handle duplicate file context regexes as a fatal error from Stephen Smalley. + This prevents adding them via semanage. + * Fix audit2why shadowed variables from Stephen Smalley. + * Note that freecon NULL is legal in man page from Karel Zak. + * Wed Jul 9 2008 Dan Walsh - 2.0.67-4 - Add ruby support for puppet diff --git a/rubytest.rb b/rubytest.rb new file mode 100644 index 0000000..b586e31 --- /dev/null +++ b/rubytest.rb @@ -0,0 +1,6 @@ +require 'selinux' +print "selinux\n" +print "Is selinux enabled? " + Selinux.is_selinux_enabled().to_s + "\n" +print "Is selinux enforce? " + Selinux.security_getenforce().to_s + "\n" +print "Setfscreatecon? " + Selinux.setfscreatecon("system_u:object_r:etc_t:s0").to_s + "\n" +print "/etc -> " + Selinux.matchpathcon("/etc", 0)[1] + "\n" diff --git a/sources b/sources index cb77d14..5512866 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -76f43d37b71d72ada3f5f698ece19bde libselinux-2.0.67.tgz +df1da9cc1131fa5ce102928ce1cd910b libselinux-2.0.69.tgz