libselinux/libselinux-rhat.patch
Daniel J Walsh e6236defe6 - Update to latest from NSA
Added security_canonicalize_context() interface and
    set_matchpathcon_canoncon() interface for obtaining canonical contexts.
    Changed matchpathcon internals to obtain canonical contexts by default.
    Provided fallback for kernels that lack extended selinuxfs context
    interface.
- Patch to not translate mls when calling setfiles
2005-11-08 23:41:10 +00:00

43 lines
1.7 KiB
Diff

Index: libselinux/include/selinux/selinux.h
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/include/selinux/selinux.h,v
retrieving revision 1.50
diff -u -p -r1.50 selinux.h
--- libselinux/include/selinux/selinux.h 7 Nov 2005 19:30:36 -0000 1.50
+++ libselinux/include/selinux/selinux.h 8 Nov 2005 19:04:31 -0000
@@ -292,6 +292,7 @@ extern void set_matchpathcon_canoncon(in
/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
+#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
extern void set_matchpathcon_flags(unsigned int flags);
/* Load the file contexts configuration specified by 'path'
Index: libselinux/src/matchpathcon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/matchpathcon.c,v
retrieving revision 1.32
diff -u -p -r1.32 matchpathcon.c
--- libselinux/src/matchpathcon.c 7 Nov 2005 19:30:37 -0000 1.32
+++ libselinux/src/matchpathcon.c 8 Nov 2005 19:08:05 -0000
@@ -570,6 +570,10 @@ static int process_line( const char *pat
skip_type:
if (strcmp(context, "<<none>>")) {
char *tmpcon = NULL;
+
+ if (myflags & MATCHPATHCON_NOTRANS)
+ goto skip_trans;
+
if (context_translations) {
if (raw_to_trans_context(context, &tmpcon)) {
myprintf("%s: line %u has invalid "
@@ -584,6 +588,7 @@ static int process_line( const char *pat
return -1;
}
+skip_trans:
if (myinvalidcon) {
/* Old-style validation of context. */
if (myinvalidcon(path, lineno, context))
}