Compare commits
13 Commits
Author | SHA1 | Date |
---|---|---|
Miroslav Grepl | 33d978fa03 | |
Miroslav Grepl | e69aa1c48f | |
Dan Walsh | 79ff1192ff | |
Dan Walsh | 43c1b465a4 | |
Dan Walsh | d708d71aeb | |
Fedora Release Engineering | 1d643ddfa6 | |
Daniel J Walsh | e1907f7cb7 | |
Daniel J Walsh | 253c1ee2d2 | |
Daniel J Walsh | 585a9bce59 | |
Daniel J Walsh | 347903e1a7 | |
Daniel J Walsh | 94d7ef9bf6 | |
Daniel J Walsh | 3b1c3d50c8 | |
Jesse Keating | e807029788 |
|
@ -174,3 +174,7 @@ libselinux-2.0.87.tgz
|
|||
libselinux-2.0.88.tgz
|
||||
libselinux-2.0.89.tgz
|
||||
libselinux-2.0.90.tgz
|
||||
libselinux-2.0.91.tgz
|
||||
libselinux-2.0.92.tgz
|
||||
libselinux-2.0.93.tgz
|
||||
libselinux-2.0.94.tgz
|
21
Makefile
21
Makefile
|
@ -1,21 +0,0 @@
|
|||
# Makefile for source rpm: libselinux
|
||||
# $Id: Makefile,v 1.2 2007/10/15 19:04:13 notting Exp $
|
||||
NAME := libselinux
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attempt a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
|
@ -0,0 +1,18 @@
|
|||
diff -up libselinux-2.0.94/src/selinuxswig_python.i.chcon libselinux-2.0.94/src/selinuxswig_python.i
|
||||
--- libselinux-2.0.94/src/selinuxswig_python.i.chcon 2010-08-23 10:23:50.000000000 -0400
|
||||
+++ libselinux-2.0.94/src/selinuxswig_python.i 2010-08-23 10:23:54.000000000 -0400
|
||||
@@ -21,6 +21,14 @@ def restorecon(path, recursive=False):
|
||||
map(restorecon, [os.path.join(dirname, fname)
|
||||
for fname in fnames]), None)
|
||||
|
||||
+def chcon(path, context, recursive=False):
|
||||
+ """ Set the SELinux context on a given path """
|
||||
+ lsetfilecon(path, context)
|
||||
+ if recursive:
|
||||
+ for root, dirs, files in os.walk(path):
|
||||
+ for name in files + dirs:
|
||||
+ lsetfilecon(os.path.join(root,name), context)
|
||||
+
|
||||
def copytree(src, dest):
|
||||
""" An SELinux-friendly shutil.copytree method """
|
||||
shutil.copytree(src, dest)
|
|
@ -0,0 +1,124 @@
|
|||
--- libselinux-2.0.94/src/matchpathcon.c.leak 2011-02-04 08:49:46.498334051 +0100
|
||||
+++ libselinux-2.0.94/src/matchpathcon.c 2011-02-04 08:52:48.979090294 +0100
|
||||
@@ -16,6 +16,9 @@
|
||||
static __thread int con_array_size;
|
||||
static __thread int con_array_used;
|
||||
|
||||
+static pthread_once_t once = PTHREAD_ONCE_INIT;
|
||||
+static pthread_key_t destructor_key;
|
||||
+
|
||||
static int add_array_elt(char *con)
|
||||
{
|
||||
if (con_array_size) {
|
||||
@@ -283,11 +286,19 @@
|
||||
fl_head = NULL;
|
||||
}
|
||||
|
||||
+static void matchpathcon_init_once(void)
|
||||
+{
|
||||
+ __selinux_key_create(&destructor_key, free_array_elts);
|
||||
+}
|
||||
+
|
||||
int matchpathcon_init_prefix(const char *path, const char *subset)
|
||||
{
|
||||
if (!mycanoncon)
|
||||
mycanoncon = default_canoncon;
|
||||
|
||||
+ __selinux_once(once, matchpathcon_init_once);
|
||||
+ __selinux_setspecific(destructor_key, (void *)1);
|
||||
+
|
||||
options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET;
|
||||
options[SELABEL_OPT_SUBSET].value = subset;
|
||||
options[SELABEL_OPT_PATH].type = SELABEL_OPT_PATH;
|
||||
--- libselinux-2.0.94/src/selinux_internal.h.leak 2011-02-04 08:53:00.618332791 +0100
|
||||
+++ libselinux-2.0.94/src/selinux_internal.h 2011-02-04 08:56:24.917090558 +0100
|
||||
@@ -97,6 +97,8 @@
|
||||
|
||||
/* Make pthread_once optional */
|
||||
#pragma weak pthread_once
|
||||
+#pragma weak pthread_key_create
|
||||
+#pragma weak pthread_setspecific
|
||||
|
||||
/* Call handler iff the first call. */
|
||||
#define __selinux_once(ONCE_CONTROL, INIT_FUNCTION) \
|
||||
@@ -109,4 +111,15 @@
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
+/* Pthread key macros */
|
||||
+#define __selinux_key_create(KEY, DESTRUCTOR) \
|
||||
+ do { \
|
||||
+ if (pthread_key_create != NULL) \
|
||||
+ pthread_key_create(KEY, DESTRUCTOR); \
|
||||
+ } while (0)
|
||||
|
||||
+#define __selinux_setspecific(KEY, VALUE) \
|
||||
+ do { \
|
||||
+ if (pthread_setspecific != NULL) \
|
||||
+ pthread_setspecific(KEY, VALUE); \
|
||||
+ } while (0)
|
||||
--- libselinux-2.0.94/src/setrans_client.c.leak 2011-02-04 08:56:43.229330202 +0100
|
||||
+++ libselinux-2.0.94/src/setrans_client.c 2011-02-04 09:00:04.176174970 +0100
|
||||
@@ -34,6 +34,8 @@
|
||||
static __thread security_context_t prev_r2c_raw = NULL;
|
||||
|
||||
static pthread_once_t once = PTHREAD_ONCE_INIT;
|
||||
+static pthread_key_t destructor_key;
|
||||
+static __thread char destructor_initialized;
|
||||
|
||||
/*
|
||||
* setransd_open
|
||||
@@ -240,8 +242,27 @@
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static void setrans_thread_destructor(void __attribute__((unused)) *unused)
|
||||
+{
|
||||
+ free(prev_t2r_trans);
|
||||
+ free(prev_t2r_raw);
|
||||
+ free(prev_r2t_trans);
|
||||
+ free(prev_r2t_raw);
|
||||
+ free(prev_r2c_trans);
|
||||
+ free(prev_r2c_raw);
|
||||
+}
|
||||
+
|
||||
+static inline void init_thread_destructor(void)
|
||||
+{
|
||||
+ if (destructor_initialized == 0) {
|
||||
+ __selinux_setspecific(destructor_key, (void *)1);
|
||||
+ destructor_initialized = 1;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void init_context_translations(void)
|
||||
{
|
||||
+ __selinux_key_create(&destructor_key, setrans_thread_destructor);
|
||||
mls_enabled = is_selinux_mls_enabled();
|
||||
}
|
||||
|
||||
@@ -254,6 +275,7 @@
|
||||
}
|
||||
|
||||
__selinux_once(once, init_context_translations);
|
||||
+ init_thread_destructor();
|
||||
|
||||
if (!mls_enabled) {
|
||||
*rawp = strdup(trans);
|
||||
@@ -295,6 +317,7 @@
|
||||
}
|
||||
|
||||
__selinux_once(once, init_context_translations);
|
||||
+ init_thread_destructor();
|
||||
|
||||
if (!mls_enabled) {
|
||||
*transp = strdup(raw);
|
||||
@@ -334,6 +357,9 @@
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ __selinux_once(once, init_context_translations);
|
||||
+ init_thread_destructor();
|
||||
+
|
||||
if (prev_r2c_raw && strcmp(prev_r2c_raw, raw) == 0) {
|
||||
*transp = strdup(prev_r2c_trans);
|
||||
} else {
|
|
@ -1,6 +1,6 @@
|
|||
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.90/man/man8/selinuxconlist.8
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.93/man/man8/selinuxconlist.8
|
||||
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ libselinux-2.0.90/man/man8/selinuxconlist.8 2010-01-18 16:52:28.000000000 -0500
|
||||
+++ libselinux-2.0.93/man/man8/selinuxconlist.8 2010-03-16 12:33:32.000000000 -0400
|
||||
@@ -0,0 +1,18 @@
|
||||
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
||||
+.SH "NAME"
|
||||
|
@ -20,9 +20,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib
|
|||
+
|
||||
+.SH "SEE ALSO"
|
||||
+secon(8), selinuxdefcon(8)
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.90/man/man8/selinuxdefcon.8
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.93/man/man8/selinuxdefcon.8
|
||||
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ libselinux-2.0.90/man/man8/selinuxdefcon.8 2010-01-18 16:52:28.000000000 -0500
|
||||
+++ libselinux-2.0.93/man/man8/selinuxdefcon.8 2010-03-16 12:33:32.000000000 -0400
|
||||
@@ -0,0 +1,24 @@
|
||||
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
||||
+.SH "NAME"
|
||||
|
@ -48,9 +48,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs
|
|||
+
|
||||
+.SH "SEE ALSO"
|
||||
+secon(8), selinuxconlist(8)
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.90/src/callbacks.c
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.93/src/callbacks.c
|
||||
--- nsalibselinux/src/callbacks.c 2009-04-08 09:06:23.000000000 -0400
|
||||
+++ libselinux-2.0.90/src/callbacks.c 2010-01-18 16:52:28.000000000 -0500
|
||||
+++ libselinux-2.0.93/src/callbacks.c 2010-03-16 12:33:32.000000000 -0400
|
||||
@@ -16,6 +16,7 @@
|
||||
{
|
||||
int rc;
|
||||
|
@ -59,37 +59,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
|
|||
va_start(ap, fmt);
|
||||
rc = vfprintf(stderr, fmt, ap);
|
||||
va_end(ap);
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-2.0.90/src/init.c
|
||||
--- nsalibselinux/src/init.c 2009-07-14 11:16:03.000000000 -0400
|
||||
+++ libselinux-2.0.90/src/init.c 2010-01-18 16:52:28.000000000 -0500
|
||||
@@ -59,8 +59,10 @@
|
||||
}
|
||||
fclose(fp);
|
||||
|
||||
- if (!exists)
|
||||
+ if (!exists) {
|
||||
+ free(buf);
|
||||
return;
|
||||
+ }
|
||||
|
||||
/* At this point, the usual spot doesn't have an selinuxfs so
|
||||
* we look around for it */
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/label_file.c libselinux-2.0.90/src/label_file.c
|
||||
--- nsalibselinux/src/label_file.c 2009-05-18 13:53:14.000000000 -0400
|
||||
+++ libselinux-2.0.90/src/label_file.c 2010-01-18 16:53:54.000000000 -0500
|
||||
@@ -20,6 +20,9 @@
|
||||
#include "callbacks.h"
|
||||
#include "label_internal.h"
|
||||
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/stat.h>
|
||||
+
|
||||
/*
|
||||
* Internals, mostly moved over from matchpathcon.c
|
||||
*/
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.90/src/matchpathcon.c
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.93/src/matchpathcon.c
|
||||
--- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500
|
||||
+++ libselinux-2.0.90/src/matchpathcon.c 2010-01-18 16:52:28.000000000 -0500
|
||||
+++ libselinux-2.0.93/src/matchpathcon.c 2010-03-16 12:33:32.000000000 -0400
|
||||
@@ -2,6 +2,7 @@
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
|
|
|
@ -4,12 +4,14 @@
|
|||
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 2.0.90
|
||||
Version: 2.0.94
|
||||
Release: 3%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Libraries
|
||||
Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
|
||||
Patch: libselinux-rhat.patch
|
||||
Patch2: libselinux-2.0.94_chcon.patch
|
||||
Patch3: libselinux-2.0.94_leak.patch
|
||||
URL: http://www.selinuxproject.org
|
||||
|
||||
BuildRequires: python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig
|
||||
|
@ -80,6 +82,8 @@ needed for developing SELinux applications.
|
|||
%prep
|
||||
%setup -q
|
||||
%patch -p1 -b .rhat
|
||||
%patch2 -p1 -b .chcon
|
||||
%patch3 -p1 -b .leak
|
||||
|
||||
%build
|
||||
make clean
|
||||
|
@ -166,6 +170,40 @@ exit 0
|
|||
%{ruby_sitearch}/selinux.so
|
||||
|
||||
%changelog
|
||||
* Fri Feb 4 2011 Miroslav Grepl <mgrepl@redhat.com> - 2.0.94-3
|
||||
- Thread local storage fixes from Eamon Walsh.
|
||||
|
||||
* Wed Aug 23 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-2
|
||||
- Add chcon function to python bindings.
|
||||
|
||||
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-1
|
||||
* Set errno=EINVAL for invalid contexts from Dan Walsh.
|
||||
|
||||
* Sun Mar 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.93-1
|
||||
- Update to upstream
|
||||
* Show strerror for security_getenforce() by Colin Waters.
|
||||
* Merged selabel database support by KaiGai Kohei.
|
||||
* Modify netlink socket blocking code by KaiGai Kohei.
|
||||
|
||||
* Sun Mar 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.92-1
|
||||
- Update to upstream
|
||||
* Fix from Eric Paris to fix leak on non-selinux systems.
|
||||
* regenerate swig wrappers
|
||||
* pkgconfig fix to respect LIBDIR from Dan Walsh.
|
||||
|
||||
* Wed Feb 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.91-1
|
||||
- Update to upstream
|
||||
* Change the AVC to only audit the permissions specified by the
|
||||
policy, excluding any permissions specified via dontaudit or not
|
||||
specified via auditallow.
|
||||
* Fix compilation of label_file.c with latest glibc headers.
|
||||
|
||||
* Mon Feb 22 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-5
|
||||
- Fix potential doublefree on init
|
||||
|
||||
* Thu Feb 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-4
|
||||
- Fix libselinux.pc
|
||||
|
||||
* Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-3
|
||||
- Fix man page for selinuxdefcon
|
||||
|
||||
|
|
Loading…
Reference in New Issue