From 11efb1b8961cf42d5065da09f649e91fd8f62337 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 1 Mar 2010 20:17:56 +0000 Subject: [PATCH] - Allow disable of usepasswd --- libsemanage-rhat.patch | 135 ++++++++++++++++++++++++++++++++--------- libsemanage.spec | 5 +- 2 files changed, 110 insertions(+), 30 deletions(-) diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch index c1e58fb..0e13be2 100644 --- a/libsemanage-rhat.patch +++ b/libsemanage-rhat.patch @@ -1,6 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/modules.h libsemanage-2.0.43/include/semanage/modules.h +diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/modules.h libsemanage-2.0.44/include/semanage/modules.h --- nsalibsemanage/include/semanage/modules.h 2009-01-13 08:45:35.000000000 -0500 -+++ libsemanage-2.0.43/include/semanage/modules.h 2009-12-16 16:07:43.000000000 -0500 ++++ libsemanage-2.0.44/include/semanage/modules.h 2010-02-24 14:57:23.000000000 -0500 @@ -40,10 +40,12 @@ char *module_data, size_t data_len); int semanage_module_install_base_file(semanage_handle_t *, @@ -22,9 +22,66 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/modules.h l +int semanage_module_get_enabled(semanage_module_info_t *); #endif -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.43/src/direct_api.c ---- nsalibsemanage/src/direct_api.c 2009-09-17 08:59:43.000000000 -0400 -+++ libsemanage-2.0.43/src/direct_api.c 2009-12-16 16:07:43.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/conf-parse.y libsemanage-2.0.44/src/conf-parse.y +--- nsalibsemanage/src/conf-parse.y 2009-11-18 17:06:03.000000000 -0500 ++++ libsemanage-2.0.44/src/conf-parse.y 2010-02-25 09:57:09.000000000 -0500 +@@ -57,7 +57,7 @@ + } + + %token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED +-%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN ++%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD + %token BZIP_BLOCKSIZE BZIP_SMALL + %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END + %token PROG_PATH PROG_ARGS +@@ -82,6 +82,7 @@ + | save_previous + | save_linked + | disable_genhomedircon ++ | usepasswd + | handle_unknown + | bzip_blocksize + | bzip_small +@@ -153,6 +154,17 @@ + free($3); + } + ++usepasswd: USEPASSWD '=' ARG { ++ if (strcasecmp($3, "false") == 0) { ++ current_conf->usepasswd = 0; ++ } else if (strcasecmp($3, "true") == 0) { ++ current_conf->usepasswd = 1; ++ } else { ++ yyerror("usepasswd can only be 'true' or 'false'"); ++ } ++ free($3); ++ } ++ + handle_unknown: HANDLE_UNKNOWN '=' ARG { + if (strcasecmp($3, "deny") == 0) { + current_conf->handle_unknown = SEPOL_DENY_UNKNOWN; +@@ -252,6 +264,7 @@ + conf->policyvers = sepol_policy_kern_vers_max(); + conf->expand_check = 1; + conf->handle_unknown = -1; ++ conf->usepasswd = 1; + conf->file_mode = 0644; + conf->bzip_blocksize = 9; + conf->bzip_small = 0; +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/conf-scan.l libsemanage-2.0.44/src/conf-scan.l +--- nsalibsemanage/src/conf-scan.l 2009-08-05 15:10:56.000000000 -0400 ++++ libsemanage-2.0.44/src/conf-scan.l 2010-02-25 09:47:18.000000000 -0500 +@@ -46,6 +46,7 @@ + save-previous return SAVE_PREVIOUS; + save-linked return SAVE_LINKED; + disable-genhomedircon return DISABLE_GENHOMEDIRCON; ++usepasswd return USEPASSWD; + handle-unknown return HANDLE_UNKNOWN; + bzip-blocksize return BZIP_BLOCKSIZE; + bzip-small return BZIP_SMALL; +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.44/src/direct_api.c +--- nsalibsemanage/src/direct_api.c 2010-02-16 12:33:05.000000000 -0500 ++++ libsemanage-2.0.44/src/direct_api.c 2010-02-25 10:00:45.000000000 -0500 @@ -66,6 +66,8 @@ static int semanage_direct_install_base(semanage_handle_t * sh, char *base_data, size_t data_len); @@ -62,6 +119,15 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage return 0; } +@@ -959,7 +970,7 @@ + * which requires the out policydb */ + if (!sh->conf->disable_genhomedircon) { + if (out && (retval = +- semanage_genhomedircon(sh, out, 1)) != 0) { ++ semanage_genhomedircon(sh, out, sh->conf->usepasswd)) != 0) { + ERR(sh, "semanage_genhomedircon returned error code %d.", + retval); + goto cleanup; @@ -1273,6 +1284,107 @@ return retval; } @@ -187,8 +253,8 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage + int enabled = semanage_module_enabled(module_filenames[i]); if ((size = bunzip(sh, fp, &data)) > 0) { - fclose(fp); -@@ -1393,6 +1505,7 @@ + sepol_policy_file_set_mem(pf, data, size); +@@ -1389,6 +1501,7 @@ if (type == SEPOL_POLICY_MOD) { (*modinfo)[*num_modules].name = name; (*modinfo)[*num_modules].version = version; @@ -196,9 +262,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage (*num_modules)++; } else { /* file was not a module, so don't report it */ -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.43/src/genhomedircon.c +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.44/src/genhomedircon.c --- nsalibsemanage/src/genhomedircon.c 2009-09-17 08:59:43.000000000 -0400 -+++ libsemanage-2.0.43/src/genhomedircon.c 2009-12-16 16:07:43.000000000 -0500 ++++ libsemanage-2.0.44/src/genhomedircon.c 2010-02-24 14:57:23.000000000 -0500 @@ -310,6 +310,10 @@ } if (strcmp(pwbuf->pw_dir, "/") == 0) @@ -220,9 +286,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman if (push_user_entry(&head, name, seuname, prefix, pwent->pw_dir) != STATUS_SUCCESS) { *errors = STATUS_ERR; -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.43/src/libsemanage.map +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.44/src/libsemanage.map --- nsalibsemanage/src/libsemanage.map 2009-10-29 15:21:39.000000000 -0400 -+++ libsemanage-2.0.43/src/libsemanage.map 2009-12-16 16:07:43.000000000 -0500 ++++ libsemanage-2.0.44/src/libsemanage.map 2010-02-24 14:57:23.000000000 -0500 @@ -6,10 +6,13 @@ semanage_module_install; semanage_module_install_file; semanage_module_upgrade; semanage_module_upgrade_file; @@ -237,9 +303,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libseman semanage_reload_policy; semanage_set_reload; semanage_set_rebuild; semanage_user_*; semanage_bool_*; semanage_seuser_*; semanage_iface_*; semanage_port_*; semanage_context_*; -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile libsemanage-2.0.43/src/Makefile +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile libsemanage-2.0.44/src/Makefile --- nsalibsemanage/src/Makefile 2009-12-01 15:46:50.000000000 -0500 -+++ libsemanage-2.0.43/src/Makefile 2009-12-16 16:07:47.000000000 -0500 ++++ libsemanage-2.0.44/src/Makefile 2010-02-24 14:57:23.000000000 -0500 @@ -47,7 +47,7 @@ LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo CFLAGS ?= -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter @@ -249,9 +315,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile libsemanage-2.0 SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/module_internal.h libsemanage-2.0.43/src/module_internal.h +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/module_internal.h libsemanage-2.0.44/src/module_internal.h --- nsalibsemanage/src/module_internal.h 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.43/src/module_internal.h 2009-12-16 16:07:43.000000000 -0500 ++++ libsemanage-2.0.44/src/module_internal.h 2010-02-24 14:57:23.000000000 -0500 @@ -6,6 +6,7 @@ hidden_proto(semanage_module_get_name) @@ -260,9 +326,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/module_internal.h libsem hidden_proto(semanage_module_info_datum_destroy) hidden_proto(semanage_module_list_nth) #endif -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.c libsemanage-2.0.43/src/modules.c +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.c libsemanage-2.0.44/src/modules.c --- nsalibsemanage/src/modules.c 2009-09-17 08:59:43.000000000 -0400 -+++ libsemanage-2.0.43/src/modules.c 2009-12-16 16:07:43.000000000 -0500 ++++ libsemanage-2.0.44/src/modules.c 2010-02-24 14:57:23.000000000 -0500 @@ -154,6 +154,40 @@ return sh->funcs->install_base_file(sh, module_name); } @@ -318,9 +384,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.c libsemanage-2. const char *semanage_module_get_version(semanage_module_info_t * modinfo) { return modinfo->version; -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.h libsemanage-2.0.43/src/modules.h +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.h libsemanage-2.0.44/src/modules.h --- nsalibsemanage/src/modules.h 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.43/src/modules.h 2009-12-16 16:07:43.000000000 -0500 ++++ libsemanage-2.0.44/src/modules.h 2010-02-24 14:57:23.000000000 -0500 @@ -26,6 +26,7 @@ struct semanage_module_info { char *name; /* Key */ @@ -329,9 +395,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.h libsemanage-2. }; #endif -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/policy.h libsemanage-2.0.43/src/policy.h +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/policy.h libsemanage-2.0.44/src/policy.h --- nsalibsemanage/src/policy.h 2009-01-13 08:45:35.000000000 -0500 -+++ libsemanage-2.0.43/src/policy.h 2009-12-16 16:07:43.000000000 -0500 ++++ libsemanage-2.0.44/src/policy.h 2010-02-24 14:57:23.000000000 -0500 @@ -58,6 +58,12 @@ /* Upgrade a policy module */ int (*upgrade_file) (struct semanage_handle *, const char *); @@ -345,18 +411,29 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/policy.h libsemanage-2.0 /* Remove a policy module */ int (*remove) (struct semanage_handle *, char *); -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage.conf libsemanage-2.0.43/src/semanage.conf +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage.conf libsemanage-2.0.44/src/semanage.conf --- nsalibsemanage/src/semanage.conf 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.43/src/semanage.conf 2009-12-16 16:07:43.000000000 -0500 ++++ libsemanage-2.0.44/src/semanage.conf 2010-02-24 14:57:23.000000000 -0500 @@ -35,4 +35,4 @@ # given in . Change this setting if a different # version is necessary. #policy-version = 19 - +expand-check=0 -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.43/src/semanage_store.c ---- nsalibsemanage/src/semanage_store.c 2009-10-29 15:21:39.000000000 -0400 -+++ libsemanage-2.0.43/src/semanage_store.c 2009-12-16 16:07:43.000000000 -0500 +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_conf.h libsemanage-2.0.44/src/semanage_conf.h +--- nsalibsemanage/src/semanage_conf.h 2009-08-05 15:10:56.000000000 -0400 ++++ libsemanage-2.0.44/src/semanage_conf.h 2010-02-25 09:42:47.000000000 -0500 +@@ -38,6 +38,7 @@ + int save_previous; + int save_linked; + int disable_genhomedircon; ++ int usepasswd; + int handle_unknown; + mode_t file_mode; + int bzip_blocksize; +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.44/src/semanage_store.c +--- nsalibsemanage/src/semanage_store.c 2010-02-16 12:33:05.000000000 -0500 ++++ libsemanage-2.0.44/src/semanage_store.c 2010-02-24 14:57:23.000000000 -0500 @@ -57,6 +57,8 @@ #include "debug.h" @@ -450,7 +527,7 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsema /******************* routines that run external programs *******************/ /* Appends a single character to a string. Returns a pointer to the -@@ -1589,7 +1627,7 @@ +@@ -1585,7 +1623,7 @@ } /* get list of modules and load them */ @@ -459,9 +536,9 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsema -1 || semanage_load_module(sh, base_filename, base) == -1) { goto cleanup; } -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.43/src/semanage_store.h +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.44/src/semanage_store.h --- nsalibsemanage/src/semanage_store.h 2009-07-07 15:32:32.000000000 -0400 -+++ libsemanage-2.0.43/src/semanage_store.h 2009-12-16 16:07:43.000000000 -0500 ++++ libsemanage-2.0.44/src/semanage_store.h 2010-02-24 14:57:23.000000000 -0500 @@ -128,4 +128,6 @@ size_t buf_len, char **sorted_buf, size_t * sorted_buf_len); diff --git a/libsemanage.spec b/libsemanage.spec index 8de60f2..4454259 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -3,7 +3,7 @@ Summary: SELinux binary policy manipulation library Name: libsemanage Version: 2.0.44 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPLv2+ Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz @@ -106,6 +106,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_libdir}/python*/site-packages/* %changelog +* Thu Feb 25 2010 Dan Walsh - 2.0.44-2 +- Allow disable of usepasswd + * Wed Feb 17 2010 Dan Walsh - 2.0.44-1 - Update to upstream * Replace usage of fmemopen() with sepol_policy_file_set_mem() since