libselinux/libselinux-rhat.patch

329 lines
10 KiB
Diff

diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.96/man/man8/selinuxconlist.8
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.96/man/man8/selinuxconlist.8 2010-06-16 09:20:34.000000000 -0400
@@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+selinuxconlist \- list all SELinux context reachable for user
+.SH "SYNOPSIS"
+.B selinuxconlist [-l level] user [context]
+
+.SH "DESCRIPTION"
+.B selinuxconlist
+reports the list of context reachable for user from the current context or specified context
+
+.B \-l level
+mcs/mls level
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+secon(8), selinuxdefcon(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.96/man/man8/selinuxdefcon.8
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.96/man/man8/selinuxdefcon.8 2010-06-16 09:20:34.000000000 -0400
@@ -0,0 +1,24 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+selinuxdefcon \- report default SELinux context for user
+
+.SH "SYNOPSIS"
+.B selinuxdefcon [-l level] user fromcon
+
+.SH "DESCRIPTION"
+.B selinuxdefcon
+reports the default context for the specified user from the specified context
+
+.B \-l level
+mcs/mls level
+
+.SH EXAMPLE
+# selinuxdefcon jsmith system_u:system_r:sshd_t:s0
+.br
+unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+secon(8), selinuxconlist(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.96/src/audit2why.c
--- nsalibselinux/src/audit2why.c 2010-05-19 14:45:51.000000000 -0400
+++ libselinux-2.0.96/src/audit2why.c 2010-06-25 17:03:37.000000000 -0400
@@ -1,3 +1,6 @@
+/* Workaround for http://bugs.python.org/issue4835 */
+#define SIZEOF_SOCKET_T SIZEOF_INT
+
#include <Python.h>
#include <unistd.h>
#include <stdlib.h>
@@ -255,6 +258,8 @@
fclose(fp);
sepol_set_policydb(&avc->policydb->p);
avc->handle = sepol_handle_create();
+ /* Turn off messages */
+ sepol_msg_set_callback(avc->handle, NULL, NULL);
rc = sepol_bool_count(avc->handle,
avc->policydb, &cnt);
@@ -287,8 +292,10 @@
static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
int result;
char *init_path=NULL;
- if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
- result = __policy_init(init_path);
+ if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) {
+ return NULL;
+ }
+ result = __policy_init(init_path);
return Py_BuildValue("i", result);
}
@@ -353,7 +360,11 @@
strObj = PyList_GetItem(listObj, i); /* Can't fail */
/* make it a string */
+#if PY_MAJOR_VERSION >= 3
+ permstr = _PyUnicode_AsString( strObj );
+#else
permstr = PyString_AsString( strObj );
+#endif
perm = string_to_av_perm(tclass, permstr);
if (!perm) {
@@ -423,10 +434,39 @@
{NULL, NULL, 0, NULL} /* Sentinel */
};
+#if PY_MAJOR_VERSION >= 3
+/* Module-initialization logic specific to Python 3 */
+struct module_state {
+ /* empty for now */
+};
+static struct PyModuleDef moduledef = {
+ PyModuleDef_HEAD_INIT,
+ "audit2why",
+ NULL,
+ sizeof(struct module_state),
+ audit2whyMethods,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+PyMODINIT_FUNC
+PyInit_audit2why(void)
+#else
PyMODINIT_FUNC
initaudit2why(void)
+#endif
{
- PyObject *m = Py_InitModule("audit2why", audit2whyMethods);
+ PyObject *m;
+#if PY_MAJOR_VERSION >= 3
+ m = PyModule_Create(&moduledef);
+ if (m == NULL) {
+ return NULL;
+ }
+#else
+ m = Py_InitModule("audit2why", audit2whyMethods);
+#endif
PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN);
PyModule_AddIntConstant(m,"BADSCON", BADSCON);
PyModule_AddIntConstant(m,"BADTCON", BADTCON);
@@ -440,4 +480,8 @@
PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN);
PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT);
PyModule_AddIntConstant(m,"RBAC", RBAC);
+
+#if PY_MAJOR_VERSION >= 3
+ return m;
+#endif
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.96/src/callbacks.c
--- nsalibselinux/src/callbacks.c 2010-05-19 14:45:51.000000000 -0400
+++ libselinux-2.0.96/src/callbacks.c 2010-06-16 09:20:34.000000000 -0400
@@ -16,6 +16,7 @@
{
int rc;
va_list ap;
+ if (is_selinux_enabled() == 0) return 0;
va_start(ap, fmt);
rc = vfprintf(stderr, fmt, ap);
va_end(ap);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/get_context_list.c libselinux-2.0.96/src/get_context_list.c
--- nsalibselinux/src/get_context_list.c 2010-05-19 14:45:51.000000000 -0400
+++ libselinux-2.0.96/src/get_context_list.c 2010-07-27 13:09:08.000000000 -0400
@@ -286,7 +286,6 @@
if (buf[plen - 1] == '\n')
buf[plen - 1] = 0;
- retry:
nlen = strlen(user) + 1 + plen + 1;
*newcon = malloc(nlen);
if (!(*newcon))
@@ -306,10 +305,6 @@
if (security_check_context(*newcon) && errno != ENOENT) {
free(*newcon);
*newcon = 0;
- if (strcmp(user, SELINUX_DEFAULTUSER)) {
- user = SELINUX_DEFAULTUSER;
- goto retry;
- }
return -1;
}
@@ -418,13 +413,8 @@
/* Determine the set of reachable contexts for the user. */
rc = security_compute_user(fromcon, user, &reachable);
- if (rc < 0) {
- /* Retry with the default SELinux user identity. */
- user = SELINUX_DEFAULTUSER;
- rc = security_compute_user(fromcon, user, &reachable);
- if (rc < 0)
- goto failsafe;
- }
+ if (rc < 0)
+ goto failsafe;
nreach = 0;
for (ptr = reachable; *ptr; ptr++)
nreach++;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.96/src/Makefile
--- nsalibselinux/src/Makefile 2010-05-19 14:45:51.000000000 -0400
+++ libselinux-2.0.96/src/Makefile 2010-06-16 09:20:39.000000000 -0400
@@ -1,9 +1,10 @@
# Installation directories.
+PYTHON ?= python
PREFIX ?= $(DESTDIR)/usr
LIBDIR ?= $(PREFIX)/lib
SHLIBDIR ?= $(DESTDIR)/lib
INCLUDEDIR ?= $(PREFIX)/include
-PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
PYINC ?= /usr/include/$(PYLIBVER)
PYLIB ?= /usr/lib/$(PYLIBVER)
PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
@@ -23,13 +24,13 @@
SWIGRUBYIF= selinuxswig_ruby.i
SWIGCOUT= selinuxswig_wrap.c
SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
-SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
+SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT))
-SWIGSO=_selinux.so
+SWIGSO=$(PYPREFIX)_selinux.so
SWIGFILES=$(SWIGSO) selinux.py selinuxswig_python_exception.i
SWIGRUBYSO=_rubyselinux.so
LIBSO=$(TARGET).$(LIBVERSION)
-AUDIT2WHYSO=audit2why.so
+AUDIT2WHYSO=$(PYPREFIX)audit2why.so
ifeq ($(DISABLE_AVC),y)
UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c
@@ -91,10 +92,10 @@
selinuxswig_python_exception.i: ../include/selinux/selinux.h
bash exception.sh > $@
-audit2why.lo: audit2why.c
+$(PYPREFIX)audit2why.lo: audit2why.c
$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
-$(AUDIT2WHYSO): audit2why.lo
+$(AUDIT2WHYSO): $(PYPREFIX)audit2why.lo
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
%.o: %.c policy.h
@@ -123,8 +124,8 @@
install-pywrap: pywrap
test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux
- install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux
- install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux/_selinux.so
+ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux/audit2why.so
install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
install-rubywrap: rubywrap
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.96/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2010-05-19 14:45:51.000000000 -0400
+++ libselinux-2.0.96/src/matchpathcon.c 2010-07-26 14:55:18.000000000 -0400
@@ -2,6 +2,7 @@
#include <string.h>
#include <errno.h>
#include <stdio.h>
+#include <syslog.h>
#include "selinux_internal.h"
#include "label_internal.h"
#include "callbacks.h"
@@ -57,7 +58,7 @@
{
va_list ap;
va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
+ vsyslog(LOG_ERR, fmt, ap);
va_end(ap);
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.96/src/selinuxswig_python.i
--- nsalibselinux/src/selinuxswig_python.i 2010-06-16 08:03:38.000000000 -0400
+++ libselinux-2.0.96/src/selinuxswig_python.i 2010-06-16 09:20:34.000000000 -0400
@@ -45,7 +45,7 @@
PyObject* list = PyList_New(*$2);
int i;
for (i = 0; i < *$2; i++) {
- PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
+ PyList_SetItem(list, i, PyBytes_FromString((*$1)[i]));
}
$result = SWIG_Python_AppendOutput($result, list);
}
@@ -74,7 +74,9 @@
len++;
plist = PyList_New(len);
for (i = 0; i < len; i++) {
- PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+ PyList_SetItem(plist, i,
+ PyBytes_FromString((*$1)[i])
+ );
}
} else {
plist = PyList_New(0);
@@ -91,7 +93,9 @@
if (*$1) {
plist = PyList_New(result);
for (i = 0; i < result; i++) {
- PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+ PyList_SetItem(plist, i,
+ PyBytes_FromString((*$1)[i])
+ );
}
} else {
plist = PyList_New(0);
@@ -144,16 +148,20 @@
$1 = (char**) malloc(size + 1);
for(i = 0; i < size; i++) {
- if (!PyString_Check(PySequence_GetItem($input, i))) {
- PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ if (!PyBytes_Check(PySequence_GetItem($input, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only bytes");
+
return NULL;
}
+
}
for(i = 0; i < size; i++) {
s = PySequence_GetItem($input, i);
- $1[i] = (char*) malloc(PyString_Size(s) + 1);
- strcpy($1[i], PyString_AsString(s));
+
+ $1[i] = (char*) malloc(PyBytes_Size(s) + 1);
+ strcpy($1[i], PyBytes_AsString(s));
+
}
$1[size] = NULL;
}