Compare commits
91 Commits
Author | SHA1 | Date |
---|---|---|
Fedora Release Engineering | 5de48ec88c | |
Bill Nottingham | 3928913179 | |
Jesse Keating | acd9219435 | |
Daniel J Walsh | 16acab0f27 | |
Daniel J Walsh | 9c9d481a4b | |
Daniel J Walsh | 461a02eedf | |
Daniel J Walsh | 579acb9162 | |
Daniel J Walsh | cd28658f64 | |
Daniel J Walsh | 93459f3b45 | |
Daniel J Walsh | 1282c0e5a9 | |
Daniel J Walsh | 2efeea2789 | |
Daniel J Walsh | 214f5339bb | |
Daniel J Walsh | 21aa2ed195 | |
Daniel J Walsh | 62b7303696 | |
Daniel J Walsh | 8ff0e0fca7 | |
Jesse Keating | 6a400ab571 | |
Daniel J Walsh | 6baaba704b | |
Daniel J Walsh | f56f78e5ae | |
Daniel J Walsh | 5db0579bc0 | |
Daniel J Walsh | 7d2520af04 | |
Daniel J Walsh | 35ac8f6097 | |
Daniel J Walsh | 60ed4a1a6f | |
Daniel J Walsh | 45e93c97bc | |
Daniel J Walsh | 0c909b882f | |
Daniel J Walsh | 3cc598939a | |
Ignacio Vazquez-Abrams | aafb6361de | |
Daniel J Walsh | 126f276f10 | |
Daniel J Walsh | 99905cd7c0 | |
Luke Macken | c0fc1965f1 | |
Luke Macken | 71a4836d3e | |
Luke Macken | 9e66b86064 | |
Daniel J Walsh | 8a44c08f8f | |
Daniel J Walsh | 9ffe7055f4 | |
Daniel J Walsh | dd2e2b527e | |
Daniel J Walsh | cba1f06577 | |
Daniel J Walsh | 0e009d1875 | |
Daniel J Walsh | 04f255833a | |
Daniel J Walsh | 3f4862aa50 | |
Daniel J Walsh | e0efde5c71 | |
Daniel J Walsh | b345116e69 | |
Daniel J Walsh | 3749fd562d | |
Daniel J Walsh | 2334f77efa | |
Daniel J Walsh | c1dc979568 | |
Daniel J Walsh | cfc65b86e8 | |
Daniel J Walsh | 94f8e1311f | |
Daniel J Walsh | 88ff8b4d77 | |
Daniel J Walsh | 635e0db15f | |
Daniel J Walsh | d208cdfe5a | |
Daniel J Walsh | 0a9cae3f9f | |
Daniel J Walsh | b55a298f12 | |
Daniel J Walsh | 1a95852bbc | |
Daniel J Walsh | be8a68f5bf | |
Daniel J Walsh | 2a35c4ea7e | |
Daniel J Walsh | 6137b9cef1 | |
Daniel J Walsh | a04c45bb3c | |
Daniel J Walsh | dbb0f81588 | |
Daniel J Walsh | 1d1c78c33c | |
Daniel J Walsh | 9febc28cb3 | |
Daniel J Walsh | f0516a2d2f | |
Daniel J Walsh | 26bf9ee124 | |
Daniel J Walsh | e3d5ff4c59 | |
Daniel J Walsh | 75251b66dc | |
Daniel J Walsh | 2c1ed78f5d | |
Daniel J Walsh | e9ec090367 | |
Daniel J Walsh | b34e3c1ee5 | |
Daniel J Walsh | 16cf16def0 | |
Daniel J Walsh | 6733aca1fe | |
Daniel J Walsh | 38e5d285bd | |
Daniel J Walsh | 24d74eb2e2 | |
Daniel J Walsh | 803514943e | |
Daniel J Walsh | 79486e1dd9 | |
Daniel J Walsh | ddc69b7c31 | |
Daniel J Walsh | aa39c132f2 | |
Daniel J Walsh | 3b9535a4cd | |
Daniel J Walsh | bd4c7a0125 | |
Daniel J Walsh | 42412504a0 | |
Daniel J Walsh | f76abb2481 | |
Daniel J Walsh | ef1dcc597e | |
Daniel J Walsh | abdefd232e | |
Daniel J Walsh | 44c89dba39 | |
Daniel J Walsh | 3186b9a32a | |
Daniel J Walsh | 2f17074f5d | |
Daniel J Walsh | 1dd1cdbe64 | |
Daniel J Walsh | d6ff486acb | |
Daniel J Walsh | 4e565fc29e | |
Daniel J Walsh | 7f273c7839 | |
Daniel J Walsh | 5ef86fb37a | |
Daniel J Walsh | 328ee684e8 | |
Daniel J Walsh | b4a90445c5 | |
Daniel J Walsh | 83ed9037cf | |
Bill Nottingham | 22210ef8a0 |
|
@ -132,3 +132,35 @@ libselinux-2.0.34.tgz
|
|||
libselinux-2.0.35.tgz
|
||||
libselinux-2.0.36.tgz
|
||||
libselinux-2.0.37.tgz
|
||||
libselinux-2.0.40.tgz
|
||||
libselinux-2.0.42.tgz
|
||||
libselinux-2.0.43.tgz
|
||||
libselinux-2.0.45.tgz
|
||||
libselinux-2.0.46.tgz
|
||||
libselinux-2.0.47.tgz
|
||||
libselinux-2.0.48.tgz
|
||||
libselinux-2.0.49.tgz
|
||||
libselinux-2.0.50.tgz
|
||||
libselinux-2.0.52.tgz
|
||||
libselinux-2.0.53.tgz
|
||||
libselinux-2.0.55.tgz
|
||||
libselinux-2.0.56.tgz
|
||||
libselinux-2.0.57.tgz
|
||||
libselinux-2.0.58.tgz
|
||||
libselinux-2.0.59.tgz
|
||||
libselinux-2.0.60.tgz
|
||||
libselinux-2.0.61.tgz
|
||||
libselinux-2.0.64.tgz
|
||||
libselinux-2.0.65.tgz
|
||||
libselinux-2.0.67.tgz
|
||||
libselinux-2.0.69.tgz
|
||||
libselinux-2.0.70.tgz
|
||||
libselinux-2.0.71.tgz
|
||||
libselinux-2.0.73.tgz
|
||||
libselinux-2.0.74.tgz
|
||||
libselinux-2.0.75.tgz
|
||||
libselinux-2.0.76.tgz
|
||||
libselinux-2.0.77.tgz
|
||||
libselinux-2.0.78.tgz
|
||||
libselinux-2.0.79.tgz
|
||||
libselinux-2.0.80.tgz
|
6
Makefile
6
Makefile
|
@ -1,6 +0,0 @@
|
|||
# Makefile for source rpm: libselinux
|
||||
# $Id$
|
||||
NAME := libselinux
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
include ../common/Makefile.common
|
|
@ -0,0 +1,106 @@
|
|||
diff -up libselinux-2.0.77/include/selinux/avc.h.jx libselinux-2.0.77/include/selinux/avc.h
|
||||
--- libselinux-2.0.77/include/selinux/avc.h.jx 2009-01-27 14:47:32.000000000 -0500
|
||||
+++ libselinux-2.0.77/include/selinux/avc.h 2009-03-02 13:58:11.000000000 -0500
|
||||
@@ -427,6 +427,29 @@ void avc_av_stats(void);
|
||||
*/
|
||||
void avc_sid_stats(void);
|
||||
|
||||
+/**
|
||||
+ * avc_netlink_acquire_fd - Acquire netlink socket fd.
|
||||
+ *
|
||||
+ * Allows the application to manage messages from the netlink socket in
|
||||
+ * its own main loop.
|
||||
+ */
|
||||
+int avc_netlink_acquire_fd(void);
|
||||
+
|
||||
+/**
|
||||
+ * avc_netlink_release_fd - Release netlink socket fd.
|
||||
+ *
|
||||
+ * Returns ownership of the netlink socket to the library.
|
||||
+ */
|
||||
+void avc_netlink_release_fd(void);
|
||||
+
|
||||
+/**
|
||||
+ * avc_netlink_check_nb - Check netlink socket for new messages.
|
||||
+ *
|
||||
+ * Called by the application when using avc_netlink_acquire_fd() to
|
||||
+ * process kernel netlink events.
|
||||
+ */
|
||||
+int avc_netlink_check_nb(void);
|
||||
+
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
diff -up libselinux-2.0.77/src/avc.c.jx libselinux-2.0.77/src/avc.c
|
||||
--- libselinux-2.0.77/src/avc.c.jx 2009-01-27 14:47:32.000000000 -0500
|
||||
+++ libselinux-2.0.77/src/avc.c 2009-03-02 13:58:11.000000000 -0500
|
||||
@@ -812,7 +812,7 @@ int avc_has_perm_noaudit(security_id_t s
|
||||
access_vector_t denied;
|
||||
struct avc_entry_ref ref;
|
||||
|
||||
- if (!avc_using_threads) {
|
||||
+ if (!avc_using_threads && !avc_app_main_loop) {
|
||||
(void)avc_netlink_check_nb();
|
||||
}
|
||||
|
||||
diff -up libselinux-2.0.77/src/avc_internal.c.jx libselinux-2.0.77/src/avc_internal.c
|
||||
--- libselinux-2.0.77/src/avc_internal.c.jx 2009-01-27 14:47:32.000000000 -0500
|
||||
+++ libselinux-2.0.77/src/avc_internal.c 2009-03-02 13:58:11.000000000 -0500
|
||||
@@ -34,6 +34,7 @@ void (*avc_func_log) (const char *, ...)
|
||||
void (*avc_func_audit) (void *, security_class_t, char *, size_t) = NULL;
|
||||
|
||||
int avc_using_threads = 0;
|
||||
+int avc_app_main_loop = 0;
|
||||
void *(*avc_func_create_thread) (void (*)(void)) = NULL;
|
||||
void (*avc_func_stop_thread) (void *) = NULL;
|
||||
|
||||
@@ -250,3 +251,15 @@ void avc_netlink_loop(void)
|
||||
"%s: netlink thread: errors encountered, terminating\n",
|
||||
avc_prefix);
|
||||
}
|
||||
+
|
||||
+int avc_netlink_acquire_fd(void)
|
||||
+{
|
||||
+ avc_app_main_loop = 1;
|
||||
+
|
||||
+ return fd;
|
||||
+}
|
||||
+
|
||||
+void avc_netlink_release_fd(void)
|
||||
+{
|
||||
+ avc_app_main_loop = 0;
|
||||
+}
|
||||
diff -up libselinux-2.0.77/src/avc_internal.h.jx libselinux-2.0.77/src/avc_internal.h
|
||||
--- libselinux-2.0.77/src/avc_internal.h.jx 2009-01-27 14:47:32.000000000 -0500
|
||||
+++ libselinux-2.0.77/src/avc_internal.h 2009-03-02 13:58:11.000000000 -0500
|
||||
@@ -35,6 +35,7 @@ extern void (*avc_func_log) (const char
|
||||
extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden;
|
||||
|
||||
extern int avc_using_threads hidden;
|
||||
+extern int avc_app_main_loop hidden;
|
||||
extern void *(*avc_func_create_thread) (void (*)(void))hidden;
|
||||
extern void (*avc_func_stop_thread) (void *)hidden;
|
||||
|
||||
@@ -184,7 +185,6 @@ int avc_ss_set_auditdeny(security_id_t s
|
||||
/* netlink kernel message code */
|
||||
extern int avc_netlink_trouble hidden;
|
||||
int avc_netlink_open(int blocking) hidden;
|
||||
-int avc_netlink_check_nb(void) hidden;
|
||||
void avc_netlink_loop(void) hidden;
|
||||
void avc_netlink_close(void) hidden;
|
||||
|
||||
diff -up libselinux-2.0.77/src/selinuxswig.i.jx libselinux-2.0.77/src/selinuxswig.i
|
||||
--- libselinux-2.0.77/src/selinuxswig.i.jx 2009-03-02 13:58:11.000000000 -0500
|
||||
+++ libselinux-2.0.77/src/selinuxswig.i 2009-03-02 14:07:42.000000000 -0500
|
||||
@@ -78,6 +78,11 @@
|
||||
%ignore selinux_set_mapping;
|
||||
%ignore security_id;
|
||||
|
||||
+/* Ignore netlink stuff for now */
|
||||
+%ignore avc_netlink_acquire_fd;
|
||||
+%ignore avc_netlink_release_fd;
|
||||
+%ignore avc_netlink_check_nb;
|
||||
+
|
||||
%include "../include/selinux/selinux.h"
|
||||
%include "../include/selinux/avc.h"
|
||||
%include "../include/selinux/get_default_type.h"
|
17236
libselinux-rhat.patch
17236
libselinux-rhat.patch
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,236 @@
|
|||
diff -up libselinux-2.0.77/include/selinux/avc.h.pre.create.cache libselinux-2.0.77/include/selinux/avc.h
|
||||
--- libselinux-2.0.77/include/selinux/avc.h.pre.create.cache 2009-01-27 14:47:32.000000000 -0500
|
||||
+++ libselinux-2.0.77/include/selinux/avc.h 2009-03-02 14:52:40.859167987 -0500
|
||||
@@ -353,6 +353,7 @@ int avc_compute_member(security_id_t ssi
|
||||
#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
|
||||
#define AVC_CALLBACK_AUDITDENY_ENABLE 64
|
||||
#define AVC_CALLBACK_AUDITDENY_DISABLE 128
|
||||
+#define AVC_CALLBACK_ADD_CREATE 256
|
||||
|
||||
/**
|
||||
* avc_add_callback - Register a callback for security events.
|
||||
diff -up libselinux-2.0.77/src/avc.c.pre.create.cache libselinux-2.0.77/src/avc.c
|
||||
--- libselinux-2.0.77/src/avc.c.pre.create.cache 2009-01-27 14:47:32.000000000 -0500
|
||||
+++ libselinux-2.0.77/src/avc.c 2009-03-02 15:57:54.764288907 -0500
|
||||
@@ -20,6 +20,8 @@ struct avc_entry {
|
||||
security_id_t tsid;
|
||||
security_class_t tclass;
|
||||
struct av_decision avd;
|
||||
+ security_id_t create_sid;
|
||||
+ unsigned create_decided :1;
|
||||
int used; /* used recently */
|
||||
};
|
||||
|
||||
@@ -58,6 +60,11 @@ static struct avc_cache_stats cache_stat
|
||||
static struct avc_callback_node *avc_callbacks = NULL;
|
||||
static struct sidtab avc_sidtab;
|
||||
|
||||
+/* forward declaration */
|
||||
+static int avc_update_cache(uint32_t event, security_id_t ssid,
|
||||
+ security_id_t tsid, security_class_t tclass,
|
||||
+ access_vector_t perms, security_id_t create_sid);
|
||||
+
|
||||
static inline int avc_hash(security_id_t ssid,
|
||||
security_id_t tsid, security_class_t tclass)
|
||||
{
|
||||
@@ -340,6 +347,16 @@ static inline struct avc_node *avc_recla
|
||||
return cur;
|
||||
}
|
||||
|
||||
+static inline void avc_clear_avc_entry(struct avc_entry *ae)
|
||||
+{
|
||||
+ ae->ssid = ae->tsid = ae->create_sid = NULL;
|
||||
+ ae->tclass = 0;
|
||||
+ ae->create_decided = 0;
|
||||
+ ae->avd.allowed = ae->avd.decided = 0;
|
||||
+ ae->avd.auditallow = ae->avd.auditdeny = 0;
|
||||
+ ae->used = 0;
|
||||
+}
|
||||
+
|
||||
static inline struct avc_node *avc_claim_node(security_id_t ssid,
|
||||
security_id_t tsid,
|
||||
security_class_t tclass)
|
||||
@@ -361,6 +378,7 @@ static inline struct avc_node *avc_claim
|
||||
}
|
||||
|
||||
hvalue = avc_hash(ssid, tsid, tclass);
|
||||
+ avc_clear_avc_entry(&new->ae);
|
||||
new->ae.used = 1;
|
||||
new->ae.ssid = ssid;
|
||||
new->ae.tsid = tsid;
|
||||
@@ -498,8 +516,8 @@ static int avc_insert(security_id_t ssid
|
||||
* avc_remove - Remove AVC and sidtab entries for SID.
|
||||
* @sid: security identifier to be removed
|
||||
*
|
||||
- * Remove all AVC entries containing @sid as source
|
||||
- * or target, and remove @sid from the SID table.
|
||||
+ * Remove all AVC entries containing @sid as source, target, or
|
||||
+ * create_sid, and remove @sid from the SID table.
|
||||
* Free the memory allocated for the structure corresponding
|
||||
* to @sid. After this function has been called, @sid must
|
||||
* not be used until another call to avc_context_to_sid() has
|
||||
@@ -514,19 +532,15 @@ static void avc_remove(security_id_t sid
|
||||
cur = avc_cache.slots[i];
|
||||
prev = NULL;
|
||||
while (cur) {
|
||||
- if (sid == cur->ae.ssid || sid == cur->ae.tsid) {
|
||||
+ if (sid == cur->ae.ssid || sid == cur->ae.tsid ||
|
||||
+ (cur->ae.create_decided && sid == cur->ae.create_sid)) {
|
||||
if (prev)
|
||||
prev->next = cur->next;
|
||||
else
|
||||
avc_cache.slots[i] = cur->next;
|
||||
tmp = cur;
|
||||
cur = cur->next;
|
||||
- tmp->ae.ssid = tmp->ae.tsid = NULL;
|
||||
- tmp->ae.tclass = 0;
|
||||
- tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
|
||||
- tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny =
|
||||
- 0;
|
||||
- tmp->ae.used = 0;
|
||||
+ avc_clear_avc_entry(&tmp->ae);
|
||||
tmp->next = avc_node_freelist;
|
||||
avc_node_freelist = tmp;
|
||||
avc_cache.active_nodes--;
|
||||
@@ -570,11 +584,7 @@ int avc_reset(void)
|
||||
while (node) {
|
||||
tmp = node;
|
||||
node = node->next;
|
||||
- tmp->ae.ssid = tmp->ae.tsid = NULL;
|
||||
- tmp->ae.tclass = 0;
|
||||
- tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
|
||||
- tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = 0;
|
||||
- tmp->ae.used = 0;
|
||||
+ avc_clear_avc_entry(&tmp->ae);
|
||||
tmp->next = avc_node_freelist;
|
||||
avc_node_freelist = tmp;
|
||||
avc_cache.active_nodes--;
|
||||
@@ -896,24 +906,52 @@ int avc_compute_create(security_id_t ssi
|
||||
security_class_t tclass, security_id_t *newsid)
|
||||
{
|
||||
int rc;
|
||||
+ struct avc_entry_ref aeref;
|
||||
+ security_context_t ctx = NULL;
|
||||
+
|
||||
*newsid = NULL;
|
||||
+
|
||||
+ avc_entry_ref_init(&aeref);
|
||||
+retry:
|
||||
avc_get_lock(avc_lock);
|
||||
- if (ssid->refcnt > 0 && tsid->refcnt > 0) {
|
||||
- security_context_t ctx = NULL;
|
||||
- rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
|
||||
- &ctx);
|
||||
- if (rc)
|
||||
- goto out;
|
||||
- rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
|
||||
- if (!rc)
|
||||
- (*newsid)->refcnt++;
|
||||
- freecon(ctx);
|
||||
- } else {
|
||||
+ if (ssid->refcnt <= 0 || tsid->refcnt <= 0) {
|
||||
errno = EINVAL; /* bad reference count */
|
||||
rc = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ rc = avc_lookup(ssid, tsid, tclass, 0, &aeref);
|
||||
+ if (!rc) {
|
||||
+ /* we found something in the avc */
|
||||
+ if (aeref.ae->create_decided) {
|
||||
+ *newsid = aeref.ae->create_sid;
|
||||
+ goto out;
|
||||
+ } else {
|
||||
+ goto compute;
|
||||
+ }
|
||||
}
|
||||
+ /* there is nothing in the avd for this tuple, so, lets get something */
|
||||
+ avc_release_lock(avc_lock);
|
||||
+ avc_has_perm_noaudit(ssid, tsid, tclass, 0, &aeref, NULL);
|
||||
+ goto retry;
|
||||
+
|
||||
+compute:
|
||||
+ rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
|
||||
+ &ctx);
|
||||
+ if (rc)
|
||||
+ goto out;
|
||||
+ rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
|
||||
+ if (rc)
|
||||
+ goto out;
|
||||
+
|
||||
+ avc_update_cache(AVC_CALLBACK_ADD_CREATE, ssid, tsid, tclass, 0,
|
||||
+ *newsid);
|
||||
+
|
||||
out:
|
||||
+ if (*newsid)
|
||||
+ (*newsid)->refcnt++;
|
||||
avc_release_lock(avc_lock);
|
||||
+ freecon(ctx);
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -978,7 +1016,8 @@ static inline int avc_sidcmp(security_id
|
||||
}
|
||||
|
||||
static inline void avc_update_node(uint32_t event, struct avc_node *node,
|
||||
- access_vector_t perms)
|
||||
+ access_vector_t perms,
|
||||
+ security_id_t create_sid)
|
||||
{
|
||||
switch (event) {
|
||||
case AVC_CALLBACK_GRANT:
|
||||
@@ -1000,12 +1039,16 @@ static inline void avc_update_node(uint3
|
||||
case AVC_CALLBACK_AUDITDENY_DISABLE:
|
||||
node->ae.avd.auditdeny &= ~perms;
|
||||
break;
|
||||
+ case AVC_CALLBACK_ADD_CREATE:
|
||||
+ node->ae.create_sid = create_sid;
|
||||
+ node->ae.create_decided = 1;
|
||||
+ break;
|
||||
}
|
||||
}
|
||||
|
||||
static int avc_update_cache(uint32_t event, security_id_t ssid,
|
||||
security_id_t tsid, security_class_t tclass,
|
||||
- access_vector_t perms)
|
||||
+ access_vector_t perms, security_id_t create_sid)
|
||||
{
|
||||
struct avc_node *node;
|
||||
int i;
|
||||
@@ -1019,7 +1062,7 @@ static int avc_update_cache(uint32_t eve
|
||||
if (avc_sidcmp(ssid, node->ae.ssid) &&
|
||||
avc_sidcmp(tsid, node->ae.tsid) &&
|
||||
tclass == node->ae.tclass) {
|
||||
- avc_update_node(event, node, perms);
|
||||
+ avc_update_node(event, node, perms, create_sid);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1027,7 +1070,7 @@ static int avc_update_cache(uint32_t eve
|
||||
/* apply to one node */
|
||||
node = avc_search_node(ssid, tsid, tclass, 0);
|
||||
if (node) {
|
||||
- avc_update_node(event, node, perms);
|
||||
+ avc_update_node(event, node, perms, create_sid);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1058,7 +1101,7 @@ static int avc_control(uint32_t event, s
|
||||
* been invoked to update the cache state.
|
||||
*/
|
||||
if (event != AVC_CALLBACK_TRY_REVOKE)
|
||||
- avc_update_cache(event, ssid, tsid, tclass, perms);
|
||||
+ avc_update_cache(event, ssid, tsid, tclass, perms, NULL);
|
||||
|
||||
for (c = avc_callbacks; c; c = c->next) {
|
||||
if ((c->events & event) &&
|
||||
@@ -1080,7 +1123,7 @@ static int avc_control(uint32_t event, s
|
||||
if (event == AVC_CALLBACK_TRY_REVOKE) {
|
||||
/* revoke any unretained permissions */
|
||||
perms &= ~tretained;
|
||||
- avc_update_cache(event, ssid, tsid, tclass, perms);
|
||||
+ avc_update_cache(event, ssid, tsid, tclass, perms, NULL);
|
||||
*out_retained = tretained;
|
||||
}
|
||||
|
||||
|
385
libselinux.spec
385
libselinux.spec
|
@ -1,14 +1,18 @@
|
|||
%define libsepolver 2.0.10-1
|
||||
%define ruby_sitearch %(ruby -rrbconfig -e "puts Config::CONFIG['sitearchdir']")
|
||||
%define libsepolver 2.0.32-1
|
||||
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
||||
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 2.0.37
|
||||
Version: 2.0.80
|
||||
Release: 1%{?dist}
|
||||
License: Public domain (uncopyrighted)
|
||||
License: Public Domain
|
||||
Group: System Environment/Libraries
|
||||
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
|
||||
Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
|
||||
Patch: libselinux-rhat.patch
|
||||
URL: http://www.selinuxproject.org
|
||||
|
||||
BuildRequires: libsepol-devel >= %{libsepolver} swig
|
||||
BuildRequires: python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig
|
||||
Requires: libsepol >= %{libsepolver}
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
|
@ -27,15 +31,31 @@ libselinux provides an API for SELinux applications to get and set
|
|||
process and file security contexts and to obtain security policy
|
||||
decisions. Required for any applications that use the SELinux API.
|
||||
|
||||
%package python
|
||||
Summary: python bindings for libselinux
|
||||
%package utils
|
||||
Summary: SELinux libselinux utilies
|
||||
Group: Development/Libraries
|
||||
Requires: libselinux = %{version}-%{release}
|
||||
|
||||
%description utils
|
||||
The libselinux-utils package contains the utilities
|
||||
|
||||
%package python
|
||||
Summary: SELinux python bindings for libselinux
|
||||
Group: Development/Libraries
|
||||
Requires: libselinux = %{version}-%{release}
|
||||
BuildRequires: python-devel
|
||||
|
||||
%description python
|
||||
The libselinux-python package contains the python bindings for developing SELinux
|
||||
applications.
|
||||
The libselinux-python package contains the python bindings for developing
|
||||
SELinux applications.
|
||||
|
||||
%package ruby
|
||||
Summary: SELinux ruby bindings for libselinux
|
||||
Group: Development/Libraries
|
||||
Requires: libselinux = %{version}-%{release}
|
||||
|
||||
%description ruby
|
||||
The libselinux-ruby package contains the ruby bindings for developing
|
||||
SELinux applications.
|
||||
|
||||
%package devel
|
||||
Summary: Header files and libraries used to build SELinux
|
||||
|
@ -44,7 +64,16 @@ Requires: libselinux = %{version}-%{release}
|
|||
Requires: libsepol-devel >= %{libsepolver}
|
||||
|
||||
%description devel
|
||||
The libselinux-devel package contains the static libraries and header files
|
||||
The libselinux-devel package contains the libraries and header files
|
||||
needed for developing SELinux applications.
|
||||
|
||||
%package static
|
||||
Summary: Static libraries used to build SELinux
|
||||
Group: Development/Libraries
|
||||
Requires: libselinux-devel = %{version}-%{release}
|
||||
|
||||
%description static
|
||||
The libselinux-static package contains the static libraries
|
||||
needed for developing SELinux applications.
|
||||
|
||||
%prep
|
||||
|
@ -53,8 +82,9 @@ needed for developing SELinux applications.
|
|||
|
||||
%build
|
||||
make clean
|
||||
make CFLAGS="-g %{optflags}" swigify
|
||||
make CFLAGS="-g %{optflags}" all pywrap
|
||||
make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} swigify
|
||||
make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} all pywrap
|
||||
make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} rubywrap
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
|
@ -65,14 +95,12 @@ mkdir -p %{buildroot}%{_sbindir}
|
|||
mkdir -p %{buildroot}/var/run/setrans
|
||||
|
||||
make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_sbindir}" install install-pywrap
|
||||
make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_sbindir}" install install-rubywrap
|
||||
|
||||
# Nuke the files we don't want to distribute
|
||||
rm -f %{buildroot}%{_sbindir}/compute_*
|
||||
rm -f %{buildroot}%{_sbindir}/deftype
|
||||
rm -f %{buildroot}%{_sbindir}/execcon
|
||||
rm -f %{buildroot}%{_sbindir}/getcon
|
||||
rm -f %{buildroot}%{_sbindir}/getconlist
|
||||
rm -f %{buildroot}%{_sbindir}/getdefaultcon
|
||||
rm -f %{buildroot}%{_sbindir}/getenforcemode
|
||||
rm -f %{buildroot}%{_sbindir}/getfilecon
|
||||
rm -f %{buildroot}%{_sbindir}/getpidcon
|
||||
|
@ -83,46 +111,339 @@ rm -f %{buildroot}%{_sbindir}/selinuxconfig
|
|||
rm -f %{buildroot}%{_sbindir}/selinuxdisable
|
||||
rm -f %{buildroot}%{_sbindir}/getseuser
|
||||
rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
|
||||
mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
|
||||
mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
||||
%post
|
||||
/sbin/ldconfig
|
||||
[ -x /sbin/telinit -a -p /dev/initctl -a -f /proc/1/exe -a -d /proc/1/root ] &&
|
||||
/sbin/telinit u
|
||||
exit 0
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,0755)
|
||||
%defattr(-,root,root,-)
|
||||
/%{_lib}/libselinux.so.*
|
||||
%{_libdir}/libselinux.so
|
||||
/var/run/setrans
|
||||
/sbin/matchpathcon
|
||||
|
||||
%files utils
|
||||
%defattr(-,root,root,-)
|
||||
%{_sbindir}/avcstat
|
||||
%{_sbindir}/getenforce
|
||||
%{_sbindir}/getsebool
|
||||
%{_sbindir}/matchpathcon
|
||||
%{_sbindir}/selinuxconlist
|
||||
%{_sbindir}/selinuxdefcon
|
||||
%{_sbindir}/selinuxenabled
|
||||
%{_sbindir}/setenforce
|
||||
%{_sbindir}/togglesebool
|
||||
%{_mandir}/man5/*
|
||||
%{_mandir}/man8/*
|
||||
/var/run/setrans
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libselinux.a
|
||||
%defattr(-,root,root,-)
|
||||
%{_libdir}/libselinux.so
|
||||
%dir %{_includedir}/selinux
|
||||
%{_includedir}/selinux/*
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%files static
|
||||
%defattr(-,root,root,-)
|
||||
%{_libdir}/libselinux.a
|
||||
|
||||
%files python
|
||||
%defattr(-,root,root,0755)
|
||||
%{_libdir}/python*/site-packages/_selinux.so
|
||||
%{_libdir}/python*/site-packages/selinux.py*
|
||||
%defattr(-,root,root,-)
|
||||
%dir %{python_sitearch}/selinux
|
||||
%{python_sitearch}/selinux/*
|
||||
|
||||
%files ruby
|
||||
%defattr(-,root,root,-)
|
||||
%{ruby_sitearch}/selinux.so
|
||||
|
||||
%changelog
|
||||
* Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.80-1
|
||||
- Update to upstream
|
||||
* deny_unknown wrapper function from KaiGai Kohei.
|
||||
* security_compute_av_flags API from KaiGai Kohei.
|
||||
* Netlink socket management and callbacks from KaiGai Kohei.
|
||||
|
||||
* Fri Apr 3 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-6
|
||||
- Fix Memory Leak
|
||||
|
||||
* Thu Apr 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-5
|
||||
- Fix crash in python
|
||||
|
||||
* Sun Mar 29 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-4
|
||||
- Add back in additional interfaces
|
||||
|
||||
* Fri Mar 27 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-3
|
||||
- Add back in av_decision to python swig
|
||||
|
||||
* Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-1
|
||||
- Update to upstream
|
||||
* Netlink socket handoff patch from Adam Jackson.
|
||||
* AVC caching of compute_create results by Eric Paris.
|
||||
|
||||
* Tue Mar 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-5
|
||||
- Add patch from ajax to accellerate X SELinux
|
||||
- Update eparis patch
|
||||
|
||||
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-4
|
||||
- Add eparis patch to accellerate Xwindows performance
|
||||
|
||||
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-3
|
||||
- Fix URL
|
||||
|
||||
* Fri Mar 6 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-2
|
||||
- Add substitute pattern
|
||||
- matchpathcon output <<none>> on ENOENT
|
||||
|
||||
* Mon Mar 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-1
|
||||
- Update to upstream
|
||||
* Fix incorrect conversion in discover_class code.
|
||||
|
||||
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.77-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||
|
||||
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.77-5
|
||||
- Add
|
||||
- selinux_virtual_domain_context_path
|
||||
- selinux_virtual_image_context_path
|
||||
|
||||
* Tue Jan 6 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.77-3
|
||||
- Throw exeptions in python swig bindings on failures
|
||||
|
||||
* Tue Jan 6 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.77-2
|
||||
- Fix restorecon python code
|
||||
|
||||
* Tue Jan 6 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.77-1
|
||||
- Update to upstream
|
||||
|
||||
* Tue Dec 16 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.76-6
|
||||
- Strip trailing / for matchpathcon
|
||||
|
||||
* Tue Dec 16 2008 Dan Walsh <dwalsh@redhat.com>l - 2.0.76-5
|
||||
- Fix segfault if seusers file does not work
|
||||
|
||||
* Fri Dec 12 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.76-4
|
||||
- Add new function getseuser which will take username and service and return
|
||||
- seuser and level. ipa will populate file in future.
|
||||
- Change selinuxdefcon to return just the context by default
|
||||
|
||||
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.76-2
|
||||
- Rebuild for Python 2.6
|
||||
|
||||
* Mon Nov 17 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.76-1
|
||||
- Update to Upstream
|
||||
* Allow shell-style wildcards in x_contexts file.
|
||||
|
||||
* Mon Nov 17 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.75-2
|
||||
- Eamon Walsh Patch - libselinux: allow shell-style wildcarding in X names
|
||||
- Add Restorecon/Install python functions from Luke Macken
|
||||
|
||||
* Fri Nov 7 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.75-1
|
||||
- Update to Upstream
|
||||
* Correct message types in AVC log messages.
|
||||
* Make matchpathcon -V pass mode from Dan Walsh.
|
||||
* Add man page for selinux_file_context_cmp from Dan Walsh.
|
||||
|
||||
* Tue Sep 30 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.73-1
|
||||
- Update to Upstream
|
||||
* New man pages from Dan Walsh.
|
||||
* Update flask headers from refpolicy trunk from Dan Walsh.
|
||||
|
||||
* Fri Sep 26 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-6
|
||||
- Fix matchpathcon -V call
|
||||
|
||||
* Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-5
|
||||
- Add flask definitions for open, X and nlmsg_tty_audit
|
||||
|
||||
* Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-4
|
||||
- Add missing get/setkeycreatecon man pages
|
||||
|
||||
* Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-3
|
||||
- Split out utilities
|
||||
|
||||
* Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-2
|
||||
- Add missing man page links for [lf]getfilecon
|
||||
|
||||
* Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-1
|
||||
- Update to Upstream
|
||||
* Add group support to seusers using %groupname syntax from Dan Walsh.
|
||||
* Mark setrans socket close-on-exec from Stephen Smalley.
|
||||
* Only apply nodups checking to base file contexts from Stephen Smalley.
|
||||
|
||||
* Fri Aug 1 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.70-1
|
||||
- Update to Upstream
|
||||
* Merge ruby bindings from Dan Walsh.
|
||||
- Add support for Linux groups to getseuserbyname
|
||||
|
||||
* Fri Aug 1 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.69-2
|
||||
- Allow group handling in getseuser call
|
||||
|
||||
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.69-1
|
||||
- Update to Upstream
|
||||
* Handle duplicate file context regexes as a fatal error from Stephen Smalley.
|
||||
This prevents adding them via semanage.
|
||||
* Fix audit2why shadowed variables from Stephen Smalley.
|
||||
* Note that freecon NULL is legal in man page from Karel Zak.
|
||||
|
||||
* Wed Jul 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.67-4
|
||||
- Add ruby support for puppet
|
||||
|
||||
* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.67-3
|
||||
- Rebuild for new libsepol
|
||||
|
||||
* Sun Jun 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.67-2
|
||||
- Add Karel Zak patch for freecon man page
|
||||
|
||||
* Sun Jun 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.67-1
|
||||
- Update to Upstream
|
||||
* New and revised AVC, label, and mapping man pages from Eamon Walsh.
|
||||
* Add swig python bindings for avc interfaces from Dan Walsh.
|
||||
|
||||
* Sun Jun 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.65-1
|
||||
- Update to Upstream
|
||||
* Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized.
|
||||
* Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status.
|
||||
|
||||
* Fri May 16 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.64-3
|
||||
- libselinux no longer neets to telnet -u in post install
|
||||
|
||||
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.64-2
|
||||
- Add sedefaultcon and setconlist commands to dump login context
|
||||
|
||||
* Tue Apr 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.64-1
|
||||
- Update to Upstream
|
||||
* Fixed selinux_set_callback man page.
|
||||
* Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.
|
||||
* Fix memory leaks in matchpathcon from Eamon Walsh.
|
||||
|
||||
* Wed Apr 16 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-4
|
||||
- Add Xavior Toth patch for security_id_t in swig
|
||||
|
||||
* Thu Apr 10 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-3
|
||||
- Add avc.h to swig code
|
||||
|
||||
* Wed Apr 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-2
|
||||
- Grab the latest policy for the kernel
|
||||
|
||||
* Tue Apr 1 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.61-1
|
||||
- Update to Upstream
|
||||
* Man page typo fix from Jim Meyering.
|
||||
|
||||
* Sun Mar 23 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.60-1
|
||||
- Update to Upstream
|
||||
* Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.
|
||||
|
||||
* Thu Mar 13 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.59-2
|
||||
- Fix matchpathcon memory leak
|
||||
|
||||
* Fri Feb 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.59-1
|
||||
- Update to Upstream
|
||||
* Merged new X label "poly_selection" namespace from Eamon Walsh.
|
||||
|
||||
* Thu Feb 28 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.58-1
|
||||
- Update to Upstream
|
||||
* Merged reset_selinux_config() for load policy from Dan Walsh.
|
||||
|
||||
* Thu Feb 28 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.57-2
|
||||
- Reload library on loading of policy to handle chroot
|
||||
|
||||
* Mon Feb 25 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.57-1
|
||||
- Update to Upstream
|
||||
* Merged avc_has_perm() errno fix from Eamon Walsh.
|
||||
|
||||
* Fri Feb 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.56-1
|
||||
- Update to Upstream
|
||||
* Regenerated Flask headers from refpolicy flask definitions.
|
||||
|
||||
* Wed Feb 13 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.55-1
|
||||
- Update to Upstream
|
||||
* Merged compute_member AVC function and manpages from Eamon Walsh.
|
||||
* Provide more error reporting on load policy failures from Stephen Smalley.
|
||||
|
||||
* Fri Feb 8 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.53-1
|
||||
- Update to Upstream
|
||||
* Merged new X label "poly_prop" namespace from Eamon Walsh.
|
||||
|
||||
* Wed Feb 6 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.52-1
|
||||
- Update to Upstream
|
||||
* Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley.
|
||||
* Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley.
|
||||
|
||||
* Tue Jan 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.50-1
|
||||
- Update to Upstream
|
||||
* Merged fix for audit2why from Dan Walsh.
|
||||
|
||||
* Fri Jan 25 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.49-2
|
||||
- Fix audit2why to grab latest policy versus the one selected by the kernel
|
||||
|
||||
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.49-1
|
||||
* Merged audit2why python binding from Dan Walsh.
|
||||
|
||||
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.48-1
|
||||
* Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
|
||||
|
||||
* Mon Jan 21 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.47-4
|
||||
- Update to use libsepol-static library
|
||||
|
||||
* Wed Jan 16 2008 Adel Gadllah <adel.gadllah@gmail.com> - 2.0.47-3
|
||||
- Move libselinux.a to -static package
|
||||
- Spec cleanups
|
||||
|
||||
* Tue Jan 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.47-2
|
||||
- Put back libselinux.a
|
||||
|
||||
* Fri Jan 11 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.47-1
|
||||
- Fix memory references in audit2why and change to use tuples
|
||||
- Update to Upstream
|
||||
* Fix for the avc: granted null message bug from Stephen Smalley.
|
||||
|
||||
* Fri Jan 11 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-6
|
||||
- Fix __init__.py specification
|
||||
|
||||
* Tue Jan 8 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-5
|
||||
- Add audit2why python bindings
|
||||
|
||||
* Tue Jan 8 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-4
|
||||
- Add pid_t typemap for swig bindings
|
||||
|
||||
* Thu Jan 3 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-3
|
||||
- smp_mflag
|
||||
|
||||
* Thu Jan 3 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-2
|
||||
- Fix spec file caused by spec review
|
||||
|
||||
* Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1
|
||||
- Upgrade to upstream
|
||||
* matchpathcon(8) man page update from Dan Walsh.
|
||||
|
||||
* Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.45-1
|
||||
- Upgrade to upstream
|
||||
* dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
|
||||
* Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley.
|
||||
* A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD.
|
||||
|
||||
* Thu Nov 15 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.43-1
|
||||
- Upgrade to upstream
|
||||
* Regenerated Flask headers from policy.
|
||||
|
||||
* Thu Nov 15 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.42-1
|
||||
- Upgrade to upstream
|
||||
* AVC enforcing mode override patch from Eamon Walsh.
|
||||
* Aligned attributes in AVC netlink code from Eamon Walsh.
|
||||
- Move libselinux.so back into devel package, procps has been fixed
|
||||
|
||||
* Tue Nov 6 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.40-1
|
||||
- Upgrade to upstream
|
||||
* Merged refactored AVC netlink code from Eamon Walsh.
|
||||
* Merged new X label namespaces from Eamon Walsh.
|
||||
* Bux fix and minor refactoring in string representation code.
|
||||
|
||||
* Fri Oct 5 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.37-1
|
||||
- Upgrade to upstream
|
||||
* Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.
|
||||
|
@ -299,7 +620,7 @@ exit 0
|
|||
|
||||
* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.0-1
|
||||
* Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
|
||||
of the use of the non-standard format %as. (original patch changed
|
||||
of the use of the non-standard format (original patch changed
|
||||
for style).
|
||||
* Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
|
||||
|
||||
|
@ -463,8 +784,8 @@ Resolves: #200110
|
|||
* Fri Jun 16 2006 Dan Walsh <dwalsh@redhat.com> 1.30.15-1
|
||||
- Upgrade to latest from NSA
|
||||
* Merged patch from Dan Walsh with:
|
||||
* Added selinux_getpolicytype() function.
|
||||
* Modified setrans code to skip processing if !mls_enabled.
|
||||
* Added selinux_getpolicytype() function.
|
||||
* Modified setrans code to skip processing if !mls_enabled.
|
||||
* Set errno in the !selinux_mnt case.
|
||||
* Allocate large buffers from the heap, not on stack.
|
||||
Affects is_context_customizable, selinux_init_load_policy,
|
||||
|
@ -839,7 +1160,7 @@ Resolves: #200110
|
|||
- Update from NSA
|
||||
* Merged several fixes for error handling paths in the
|
||||
AVC sidtab, matchpathcon, booleans, context, and get_context_list
|
||||
code from Serge Hallyn (IBM). Bugs found by Coverity.
|
||||
code from Serge Hallyn (IBM). Bugs found by Coverity.
|
||||
* Removed setupns; migrated to pam.
|
||||
* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
|
||||
Original symbol is temporarily retained for compatibility until
|
||||
|
@ -947,7 +1268,7 @@ Resolves: #200110
|
|||
|
||||
* Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.21.9-1
|
||||
- Update from NSA
|
||||
* Changed relabel Makefile target to use restorecon.
|
||||
* Changed relabel Makefile target to use restorecon.
|
||||
|
||||
* Tue Feb 8 2005 Dan Walsh <dwalsh@redhat.com> 1.21.8-1
|
||||
- Update from NSA
|
||||
|
@ -1048,7 +1369,7 @@ Resolves: #200110
|
|||
|
||||
* Thu Oct 28 2004 Steve Grubb <sgrubb@redhat.com> 1.17.15-2
|
||||
- Changed the location of the utilities to /usr/sbin since
|
||||
normal users can't use them anyways.
|
||||
normal users can't use them anyways.
|
||||
|
||||
* Wed Oct 27 2004 Steve Grubb <sgrubb@redhat.com> 1.17.15-2
|
||||
- Updated various utilities, removed utilities that are for testing,
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
require 'selinux'
|
||||
print "selinux\n"
|
||||
print "Is selinux enabled? " + Selinux.is_selinux_enabled().to_s + "\n"
|
||||
print "Is selinux enforce? " + Selinux.security_getenforce().to_s + "\n"
|
||||
print "Setfscreatecon? " + Selinux.setfscreatecon("system_u:object_r:etc_t:s0").to_s + "\n"
|
||||
print "/etc -> " + Selinux.matchpathcon("/etc", 0)[1] + "\n"
|
Loading…
Reference in New Issue