avc_netlink_recieve should continue to poll if it receinves an EINTR rather

Change python binding for restorecon to check if the context matches.
2012-02-03 10:44:40 -05:00 · 2012-02-03 10:41:03 -05:00 · 2011-11-29 10:14:35 -05:00 · 2011-11-29 09:52:39 -05:00 · 2011-10-24 14:41:47 -04:00 · 2011-09-22 09:40:40 -04:00
5 changed files with 440 additions and 1808 deletions
--- a/.gitignore
+++ b/.gitignore
@ -184,3 +184,7 @@ libselinux-2.0.96.tgz
 /libselinux-2.0.99.tgz
 /libselinux-2.0.101.tgz
 /libselinux-2.0.102.tgz
+/libselinux-2.1.0.tgz
+/libselinux-2.1.4.tgz
+/libselinux-2.1.5.tgz
+/libselinux-2.1.6.tgz
--- a/libselinux-eintr.patch
+++ b/libselinux-eintr.patch
@ -0,0 +1,14 @@
+diff -up libselinux-2.1.6/src/avc_internal.c.f17 libselinux-2.1.6/src/avc_internal.c
+--- libselinux-2.1.6/src/avc_internal.c.f17	2012-02-03 10:36:34.813636649 -0500
+++ libselinux-2.1.6/src/avc_internal.c	2012-02-03 10:37:04.499679138 -0500
+@@ -101,7 +101,9 @@ static int avc_netlink_receive(char *buf
+ 	socklen_t nladdrlen = sizeof nladdr;
+ 	struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
+ 
+-	rc = poll(&pfd, 1, (blocking ? -1 : 0));
+	do {
+		rc = poll(&pfd, 1, (blocking ? -1 : 0));
+	} while (rc < 0 && errno == EINTR);
+ 
+ 	if (rc == 0 && !blocking) {
+ 		errno = EWOULDBLOCK;
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
--- a/libselinux.spec
+++ b/libselinux.spec
@ -1,20 +1,19 @@
 %global with_python3 1

 %define ruby_sitearch %(ruby -rrbconfig -e "puts Config::CONFIG['sitearchdir']")
-%define libsepolver 2.0.44-2
+%define libsepolver 2.1.1-1
 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}

 Summary: SELinux library and simple utilities
 Name: libselinux
-Version: 2.0.102
+Version: 2.1.6
 Release: 6%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
-Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
+Source: %{name}-%{version}.tgz
+Url: http://oss.tresys.com/git/selinux.git
 Patch1: libselinux-rhat.patch
-
-URL: http://www.selinuxproject.org
-
+Patch2: libselinux-eintr.patch
 BuildRequires: python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig
 %if 0%{?with_python3}
 BuildRequires: python3-devel
@ -96,7 +95,8 @@ needed for developing SELinux applications.

 %prep
 %setup -q
-%patch1 -p2 -b .rhat
+%patch1 -p1 -b .rhat
+%patch2 -p1 -b .eintr

 %build
 # To support building the Python wrapper against multiple Python runtimes
@ -104,11 +104,10 @@ needed for developing SELinux applications.
 # a specific runtime:
 BuildPythonWrapper() {
  BinaryName=$1
-  Prefix=$2

  # Perform the build from the upstream Makefile:
  make \
-    PYTHON=$BinaryName PYPREFIX=$Prefix \
+    PYTHON=$BinaryName \
    LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} \
    pywrap
 }
@ -117,9 +116,9 @@ make clean
 make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} swigify
 make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} all

-BuildPythonWrapper %{__python} python2
+BuildPythonWrapper %{__python}
 %if 0%{?with_python3}
-BuildPythonWrapper %{__python3} python3
+BuildPythonWrapper %{__python3}
 %endif # with_python3

 make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} rubywrap
@ -127,15 +126,14 @@ make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} rubywrap
 %install
 InstallPythonWrapper() {
  BinaryName=$1
-  Prefix=$2

  make \
-    PYTHON=$BinaryName PYPREFIX=$Prefix \
+    PYTHON=$BinaryName \
    LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} \
    pywrap

  make \
-    PYTHON=$BinaryName PYPREFIX=$Prefix \
+    PYTHON=$BinaryName \
    DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" \
    SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_sbindir}" \
    install install-pywrap
@ -150,9 +148,9 @@ mkdir -p %{buildroot}/var/run/setrans
 mkdir -p %{buildroot}/etc/tmpfiles.d
 echo "d /var/run/setrans 0755 root root" > %{buildroot}/etc/tmpfiles.d/libselinux.conf

-InstallPythonWrapper %{__python} python2
+InstallPythonWrapper %{__python}
 %if 0%{?with_python3}
-InstallPythonWrapper %{__python3} python3
+InstallPythonWrapper %{__python3}
 %endif # with_python3

 make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_sbindir}" install install-rubywrap
@ -177,9 +175,7 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
 %clean
 rm -rf %{buildroot}

-%post
-/sbin/ldconfig
-exit 0
+%post -p /sbin/ldconfig

 %postun -p /sbin/ldconfig

@ -227,7 +223,7 @@ exit 0
 %defattr(-,root,root,-)
 %dir %{python3_sitearch}/selinux
 %dir %{python3_sitearch}/selinux/__pycache__
-%{python3_sitearch}/selinux/*.py
+%{python3_sitearch}/selinux/*.py*
 %{python3_sitearch}/selinux/*.so
 %{python3_sitearch}/selinux/__pycache__/*
 %endif with_python3
@ -237,6 +233,93 @@ exit 0
 %{ruby_sitearch}/selinux.so

 %changelog
+* Fri Feb 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.6-6
+- avc_netlink_recieve should continue to poll if it receinves an EINTR rather 
+
+* Tue Nov 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-5
+- Change python binding for restorecon to check if the context matches.
+- If it does do not reset
+
+* Mon Oct 24 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-4
+- Apply libselinux patch to handle large groups in seusers.
+
+* Wed Oct 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-3
+- Add selinux_check_access function. Needed for passwd, chfn, chsh
+
+* Thu Sep 22 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
+- Handle situation where selinux=0 passed to the kernel and both /selinux and 
+
+* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1
+-Update to upstream
+	* utils: matchpathcon: remove duplicate declaration
+	* src: matchpathcon: use myprintf not fprintf
+	* src: matchpathcon: make sure resolved path starts
+	* put libselinux.so.1 in /lib not /usr/lib
+	* tree: default make target to all not
+
+* Wed Sep 14 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-5
+- Switch to use ":" as prefix separator rather then ";"
+
+* Thu Sep  8 2011 Ville Skyttä <ville.skytta@iki.fi> - 2.1.5-4
+- Avoid unnecessary shell invocation in %%post.
+
+* Tue Sep 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
+- Fix handling of subset labeling that is causing segfault in restorecon
+
+* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
+- Change matchpathcon_init_prefix and selabel_open to allow multiple initial 
+prefixes.  Now you can specify a ";" separated list of prefixes and the 
+labeling system will only load regular expressions that match these prefixes.
+
+* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
+- Change matchpatcon to use proper myprintf
+- Fix symlink_realpath to always include "/"
+- Update to upstream
+	* selinux_file_context_verify function returns wrong value.
+	* move realpath helper to matchpathcon library
+	* python wrapper makefile changes
+
+* Mon Aug 22 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
+- Move to new Makefile that can build with or without PYTHON being set
+
+* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
+-Update to upstream
+2.1.4 2011-0817
+	* mapping fix for invalid class/perms after selinux_set_mapping
+	* audit2why: work around python bug not defining
+	* resolv symlinks and dot directories before matching
+
+2.1.2 2011-0803
+	* audit2allow: do not print statistics
+	* make python bindings for restorecon work on relative path
+	* fix python audit2why binding error
+	* support new python3 functions
+	* do not check fcontext duplicates on use
+	* Patch for python3 for libselinux
+
+2.1.1 2011-08-02
+	* move .gitignore into utils
+	* new setexecon utility
+	* selabel_open fix processing of substitution files
+	* mountpoint changing patch.
+	* simplify SRCS in Makefile
+
+2.1.1 2011-08-01
+	* Remove generated files, introduce more .gitignore
+
+
+
+* Thu Jul 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.0-1
+-Update to upstream
+	* Release, minor version bump
+	* Give correct names to mount points in load_policy by Dan Walsh.
+	* Make sure selinux state is reported correctly if selinux is disabled or
+	fails to load by Dan Walsh.
+	* Fix crash if selinux_key_create was never called by Dan Walsh.
+	* Add new file_context.subs_dist for distro specific filecon substitutions
+	by Dan Walsh.
+	* Update man pages for selinux_color_* functions by Richard Haines.
+
 * Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.102-6
 - Only call dups check within selabel/matchpathcon if you are validating the 
 context
--- a/2
+++ b/2
@ -1 +1 @@
-148de887b85cbe1e1da46af360a911f0  libselinux-2.0.102.tgz
+94fa8daf439f79db14821d4ff7f68f98  libselinux-2.1.6.tgz
Author	SHA1	Message	Date
Dan Walsh	aee5a016a4	avc_netlink_recieve should continue to poll if it receinves an EINTR rather	2012-02-03 10:44:40 -05:00
Dan Walsh	98393f1aaa	avc_netlink_recieve should continue to poll if it receinves an EINTR rather	2012-02-03 10:41:03 -05:00
Dan Walsh	60ebb758f7	Change python binding for restorecon to check if the context matches. If it does do not reset	2011-11-29 10:14:35 -05:00
Dan Walsh	b02e059741	Change python binding for restorecon to check if the context matches. If it does do not reset	2011-11-29 09:52:39 -05:00
Dan Walsh	fb2ea7dbfb	Apply libselinux patch to handle large groups in seusers.	2011-10-24 14:41:47 -04:00
Dan Walsh	a702adc23c	Handle situation where selinux=0 passed to the kernel and both /selinux and	2011-09-22 09:40:40 -04:00
Dan Walsh	37244b5b3b	Switch to use ":" as prefix separator rather then ";"	2011-09-14 22:02:29 -04:00
Dan Walsh	8530670002	Avoid unnecessary shell invocation in %post.	2011-09-12 16:33:28 -04:00
Dan Walsh	0ae97d39a1	Move to new Makefile that can build with or without PYTHON being set	2011-08-23 09:20:39 -04:00