rpms/libselinux
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Update to upstream

Browse Source 
Fix improper use of thread local storage from Tomas Mraz
    <tmraz@redhat.com>.
Label substitution support from Dan Walsh.
Support for labeling virtual machine images from Dan Walsh.
This commit is contained in:
Daniel J Walsh 2009-06-23 19:40:42 +00:00
parent 403bfa5085
commit d6966f294b
1 changed files with 34 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

289
libselinux-rhat.patch
View File

@ -1,19 +1,7 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-2.0.80/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h 2009-04-08 09:06:23.000000000 -0400
+++ libselinux-2.0.80/include/selinux/selinux.h 2009-04-08 09:08:28.000000000 -0400
@@ -481,8 +481,11 @@
extern const char *selinux_file_context_path(void);
extern const char *selinux_file_context_homedir_path(void);
extern const char *selinux_file_context_local_path(void);
+extern const char *selinux_file_context_subs_path(void);
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
+extern const char *selinux_virtual_domain_context_path(void);
+extern const char *selinux_virtual_image_context_path(void);
extern const char *selinux_x_context_path(void);
extern const char *selinux_contexts_path(void);
extern const char *selinux_securetty_types_path(void);
@@ -544,6 +547,14 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-2.0.81/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h 2009-06-23 15:36:07.000000000 -0400
+++ libselinux-2.0.81/include/selinux/selinux.h 2009-05-18 14:04:07.000000000 -0400
@@ -547,6 +547,14 @@
Caller must free the returned strings via free. */
extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
@ -28,9 +16,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h lib
/* Compare two file contexts, return 0 if equivalent. */
int selinux_file_context_cmp(const security_context_t a,
const security_context_t b);
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.80/man/man8/selinuxconlist.8
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.81/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.80/man/man8/selinuxconlist.8 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/man/man8/selinuxconlist.8 2009-05-18 14:04:07.000000000 -0400
@@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
@ -50,9 +38,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib
+
+.SH "SEE ALSO"
+secon(8), selinuxdefcon(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.80/man/man8/selinuxdefcon.8
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.81/man/man8/selinuxdefcon.8
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.80/man/man8/selinuxdefcon.8 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/man/man8/selinuxdefcon.8 2009-05-18 14:04:07.000000000 -0400
@@ -0,0 +1,19 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
@ -73,9 +61,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs
+
+.SH "SEE ALSO"
+secon(8), selinuxconlist(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.80/src/callbacks.c
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.81/src/callbacks.c
--- nsalibselinux/src/callbacks.c 2009-04-08 09:06:23.000000000 -0400
+++ libselinux-2.0.80/src/callbacks.c 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/src/callbacks.c 2009-05-18 14:04:07.000000000 -0400
@@ -16,6 +16,7 @@
{
int rc;
@ -84,9 +72,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
va_start(ap, fmt);
rc = vfprintf(stderr, fmt, ap);
va_end(ap);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2.0.80/src/exception.sh
diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2.0.81/src/exception.sh
--- nsalibselinux/src/exception.sh 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.80/src/exception.sh 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/src/exception.sh 2009-05-18 14:04:07.000000000 -0400
@@ -0,0 +1,12 @@
+function except() {
+echo "
@ -100,168 +88,15 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2
+"
+}
+for i in `grep "extern *int" ../include/selinux/selinux.h | awk '{ print $3 }' | cut -d '(' -f 1`; do except $i ; done
diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-2.0.80/src/file_path_suffixes.h
--- nsalibselinux/src/file_path_suffixes.h 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.80/src/file_path_suffixes.h 2009-04-08 09:08:28.000000000 -0400
@@ -20,3 +20,6 @@
S_(FILE_CONTEXTS_LOCAL, "/contexts/files/file_contexts.local")
S_(X_CONTEXTS, "/contexts/x_contexts")
S_(COLORS, "/secolor.conf")
+ S_(VIRTUAL_DOMAIN, "/contexts/virtual_domain_context")
+ S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context")
+ S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs")
diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.80/src/label.c
--- nsalibselinux/src/label.c 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.80/src/label.c 2009-04-08 09:08:28.000000000 -0400
@@ -5,10 +5,12 @@
*/
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.81/src/Makefile
--- nsalibselinux/src/Makefile 2009-06-23 15:36:07.000000000 -0400
+++ libselinux-2.0.81/src/Makefile 2009-05-18 14:04:07.000000000 -0400
@@ -79,9 +79,12 @@
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
#include <sys/types.h>
+#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <selinux/selinux.h>
#include "callbacks.h"
#include "label_internal.h"
@@ -23,6 +25,96 @@
&selabel_x_init
};
+typedef struct selabel_sub {
+ char *src;
+ int slen;
+ char *dst;
+ struct selabel_sub *next;
+} SELABELSUB;
+
+SELABELSUB *selabelsublist = NULL;
+
+static void selabel_subs_fini(void)
+{
+ SELABELSUB *ptr = selabelsublist;
+ SELABELSUB *next = NULL;
+ while (ptr) {
+ next = ptr->next;
+ free(ptr->src);
+ free(ptr->dst);
+ free(ptr);
+ ptr = next;
+ }
+ selabelsublist = NULL;
+}
+
+static char *selabel_sub(const char *src)
+{
+ char *dst = NULL;
+ SELABELSUB *ptr = selabelsublist;
+ while (ptr) {
+ if (strncmp(src, ptr->src, ptr->slen) == 0 ) {
+ if (src[ptr->slen] == '/' ||
+ src[ptr->slen] == 0) {
+ asprintf(&dst, "%s%s", ptr->dst, &src[ptr->slen]);
+ return dst;
+ }
+ }
+ ptr = ptr->next;
+ }
+ return NULL;
+}
+
+static int selabel_subs_init(void)
+{
+ char buf[1024];
+ FILE *cfg = fopen(selinux_file_context_subs_path(), "r");
+ if (cfg) {
+ while (fgets_unlocked(buf, sizeof(buf) - 1, cfg)) {
+ char *ptr = NULL;
+ char *src = buf;
+ char *dst = NULL;
+
+ while (*src && isspace(*src))
+ src++;
+ if (src[0] == '#') continue;
+ ptr = src;
+ while (*ptr && ! isspace(*ptr))
+ ptr++;
+ *ptr++ = 0;
+ if (! *src) continue;
+
+ dst = ptr;
+ while (*dst && isspace(*dst))
+ dst++;
+ ptr=dst;
+ while (*ptr && ! isspace(*ptr))
+ ptr++;
+ *ptr=0;
+ if (! *dst) continue;
+
+ SELABELSUB *sub = (SELABELSUB*) malloc(sizeof(SELABELSUB));
+ if (! sub) return -1;
+ sub->src=strdup(src);
+ if (! sub->src) {
+ free(sub);
+ return -1;
+ }
+ sub->dst=strdup(dst);
+ if (! sub->dst) {
+ free(sub);
+ free(sub->src);
+ return -1;
+ }
+ sub->slen = strlen(src);
+ sub->next = selabelsublist;
+ selabelsublist = sub;
+ }
+ fclose(cfg);
+ }
+ return 0;
+}
+
/*
* Validation functions
*/
@@ -67,6 +159,8 @@
goto out;
}
+ selabel_subs_init();
+
rec = (struct selabel_handle *)malloc(sizeof(*rec));
if (!rec)
goto out;
@@ -88,7 +182,14 @@
selabel_lookup_common(struct selabel_handle *rec, int translating,
const char *key, int type)
{
- struct selabel_lookup_rec *lr = rec->func_lookup(rec, key, type);
+ struct selabel_lookup_rec *lr;
+ char *ptr = selabel_sub(key);
+ if (ptr) {
+ lr = rec->func_lookup(rec, ptr, type);
+ free(ptr);
+ } else {
+ lr = rec->func_lookup(rec, key, type);
+ }
if (!lr)
return NULL;
@@ -132,6 +233,8 @@
{
rec->func_close(rec);
free(rec);
+
+ selabel_subs_fini();
}
void selabel_stats(struct selabel_handle *rec)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.80/src/Makefile
--- nsalibselinux/src/Makefile 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.80/src/Makefile 2009-04-08 09:08:28.000000000 -0400
@@ -82,6 +82,9 @@
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
$(LIBSO): $(LOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -lpthread -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
+selinuxswig_exception.i: ../include/selinux/selinux.h
@ -290,9 +125,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.8
distclean: clean
rm -f $(GENERATED) $(SWIGFILES)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.80/src/matchpathcon.c
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.81/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.80/src/matchpathcon.c 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/src/matchpathcon.c 2009-05-18 14:04:07.000000000 -0400
@@ -2,6 +2,7 @@
#include <string.h>
#include <errno.h>
@ -310,65 +145,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
va_end(ap);
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-2.0.80/src/selinux_config.c
--- nsalibselinux/src/selinux_config.c 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.80/src/selinux_config.c 2009-04-08 09:08:28.000000000 -0400
@@ -40,7 +40,10 @@
#define SECURETTY_TYPES 18
#define X_CONTEXTS 19
#define COLORS 20
-#define NEL 21
+#define VIRTUAL_DOMAIN 21
+#define VIRTUAL_IMAGE 22
+#define FILE_CONTEXT_SUBS 23
+#define NEL 24
/* New layout is relative to SELINUXDIR/policytype. */
static char *file_paths[NEL];
@@ -391,3 +394,24 @@
}
hidden_def(selinux_x_context_path)
+
+const char *selinux_virtual_domain_context_path()
+{
+ return get_path(VIRTUAL_DOMAIN);
+}
+
+hidden_def(selinux_virtual_domain_context_path)
+
+const char *selinux_virtual_image_context_path()
+{
+ return get_path(VIRTUAL_IMAGE);
+}
+
+hidden_def(selinux_virtual_image_context_path)
+
+const char * selinux_file_context_subs_path(void) {
+ return get_path(FILE_CONTEXT_SUBS);
+}
+
+hidden_def(selinux_file_context_subs_path)
+
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-2.0.80/src/selinux_internal.h
--- nsalibselinux/src/selinux_internal.h 2009-04-08 09:06:23.000000000 -0400
+++ libselinux-2.0.80/src/selinux_internal.h 2009-04-08 09:08:28.000000000 -0400
@@ -59,9 +59,12 @@
hidden_proto(selinux_securetty_types_path)
hidden_proto(selinux_failsafe_context_path)
hidden_proto(selinux_removable_context_path)
+ hidden_proto(selinux_virtual_domain_context_path)
+ hidden_proto(selinux_virtual_image_context_path)
hidden_proto(selinux_file_context_path)
hidden_proto(selinux_file_context_homedir_path)
hidden_proto(selinux_file_context_local_path)
+ hidden_proto(selinux_file_context_subs_path)
hidden_proto(selinux_netfilter_context_path)
hidden_proto(selinux_homedir_context_path)
hidden_proto(selinux_user_contexts_path)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.80/src/selinux.py
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.81/src/selinux.py
--- nsalibselinux/src/selinux.py 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.80/src/selinux.py 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/src/selinux.py 2009-05-18 14:04:07.000000000 -0400
@@ -1,12 +1,26 @@
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.35
@ -2580,9 +2359,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0
+selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.80/src/selinuxswig.i
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.81/src/selinuxswig.i
--- nsalibselinux/src/selinuxswig.i 2009-03-12 08:48:48.000000000 -0400
+++ libselinux-2.0.80/src/selinuxswig.i 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/src/selinuxswig.i 2009-05-18 14:04:07.000000000 -0400
@@ -4,11 +4,14 @@
%module selinux
@ -2616,9 +2395,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-
+%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/label.h"
+%include "../include/selinux/selinux.h"
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.80/src/selinuxswig_python.i
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.81/src/selinuxswig_python.i
--- nsalibselinux/src/selinuxswig_python.i 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.80/src/selinuxswig_python.i 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/src/selinuxswig_python.i 2009-05-18 14:04:07.000000000 -0400
@@ -21,6 +21,15 @@
map(restorecon, [os.path.join(dirname, fname)
for fname in fnames]), None)
@ -2641,9 +2420,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libs
+%include "selinuxswig_exception.i"
%include "selinuxswig.i"
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.80/src/selinuxswig_wrap.c
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.81/src/selinuxswig_wrap.c
--- nsalibselinux/src/selinuxswig_wrap.c 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.80/src/selinuxswig_wrap.c 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/src/selinuxswig_wrap.c 2009-05-18 14:04:07.000000000 -0400
@@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
@ -17029,9 +16808,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
+#endif
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.80/src/seusers.c
diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.81/src/seusers.c
--- nsalibselinux/src/seusers.c 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.80/src/seusers.c 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/src/seusers.c 2009-05-18 14:04:07.000000000 -0400
@@ -243,3 +243,67 @@
*r_level = NULL;
return 0;
@ -17100,9 +16879,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.
+
+ return (ret ? getseuserbyname(username, r_seuser, r_level) : ret);
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.80/utils/matchpathcon.c
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.81/utils/matchpathcon.c
--- nsalibselinux/utils/matchpathcon.c 2009-05-18 13:53:14.000000000 -0400
+++ libselinux-2.0.80/utils/matchpathcon.c 2009-04-08 09:08:28.000000000 -0400
+++ libselinux-2.0.81/utils/matchpathcon.c 2009-05-18 14:04:07.000000000 -0400
@@ -22,9 +22,13 @@
char *buf;
int rc = matchpathcon(path, mode, &buf);