- Update to latest from NSA

Added security_canonicalize_context() interface and set_matchpathcon_canoncon() interface for obtaining canonical contexts. Changed matchpathcon internals to obtain canonical contexts by default. Provided fallback for kernels that lack extended selinuxfs context interface. - Patch to not translate mls when calling setfiles
2005-11-08 23:41:10 +00:00 · 2005-11-08 23:41:10 +00:00 · e6236defe6
parent 70810f17e4
commit e6236defe6
4 changed files with 13 additions and 38 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -60,3 +60,4 @@ libselinux-1.27.14.tgz
 libselinux-1.27.17.tgz
 libselinux-1.27.18.tgz
 libselinux-1.27.19.tgz
+libselinux-1.27.20.tgz
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@ -39,37 +39,4 @@ diff -u -p -r1.32 matchpathcon.c
 			if (myinvalidcon) {
 				/* Old-style validation of context. */
 				if (myinvalidcon(path, lineno, context)) 
-Index: policycoreutils/setfiles/setfiles.c
-===================================================================
-RCS file: /nfshome/pal/CVS/selinux-usr/policycoreutils/setfiles/setfiles.c,v
-retrieving revision 1.38
-diff -u -p -r1.38 setfiles.c
--- policycoreutils/setfiles/setfiles.c	7 Nov 2005 19:31:55 -0000	1.38
-+++ policycoreutils/setfiles/setfiles.c	8 Nov 2005 19:12:31 -0000
-@@ -388,13 +388,7 @@ int canoncon(const char *path, unsigned 
- 	int valid = 1;
- 
- 	if (policyfile) {
-		char *raw;
-		if (selinux_trans_to_raw_context(context, &raw))
-			valid = 0;
-		if (valid) {
-			valid = (sepol_check_context (raw) >= 0);
-			freecon(raw);
-		}
-+		valid = (sepol_check_context (context) >= 0);
- 	} else if (security_canonicalize_context(context, &tmpcon) < 0) {
- 		if (errno != ENOENT) {
- 			valid = 0;
-@@ -447,8 +441,9 @@ int main(int argc, char **argv)
- 			fclose(policystream);
- 
- 			/* Only process the specified file_contexts file, not
-			   any .homedirs or .local files. */
-			set_matchpathcon_flags(MATCHPATHCON_BASEONLY);
-+			   any .homedirs or .local files, and do not perform
-+			   context translations. */
-+			set_matchpathcon_flags(MATCHPATHCON_BASEONLY|MATCHPATHCON_NOTRANS);
- 			
- 			break;
 		}
--- a/libselinux.spec
+++ b/libselinux.spec
@ -1,8 +1,8 @@
-%define libsepolver 1.9.37-1
+%define libsepolver 1.9.38-1
 Summary: SELinux library and simple utilities
 Name: libselinux
-Version: 1.27.19
-Release: 2
+Version: 1.27.20
+Release: 1
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@ -92,7 +92,14 @@ exit 0
 %{_mandir}/man8/*

 %changelog
-* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-2
+* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.20-1
+- Update to latest from NSA
+	* Added security_canonicalize_context() interface and
+	  set_matchpathcon_canoncon() interface for obtaining
+	  canonical contexts.  Changed matchpathcon internals
+	  to obtain canonical contexts by default.  Provided
+	  fallback for kernels that lack extended selinuxfs context
+	  interface.
 - Patch to not translate mls when calling setfiles

 * Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-1
--- a/2
+++ b/2
@ -1 +1 @@
-46a510fa47234ec5f503dd1294df2229  libselinux-1.27.19.tgz
+471ee3d38e16f722c12289ec3b209dff  libselinux-1.27.20.tgz