rpms
/
libsemanage
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Wed Jul 30 2014 Miroslav Grepl <mgrepl@fedoraproject.org> - 2.3-5 

- Skip policy module re-link when only setting booleans.
    * patch from Stephen Smalley
This commit is contained in:
Miroslav Grepl 2014-07-30 19:07:08 +02:00
parent 3b4c09022e
commit bc9b70b7c6
2 changed files with 91 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
libsemanage-rhat.patch
View File

@ -1,39 +1,89 @@
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index f3b9b5c..1aea839 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -1070,8 +1070,10 @@ int semanage_genhomedircon(semanage_handle_t * sh,
s.fallback_user = strdup(FALLBACK_USER);
s.fallback_user_prefix = strdup(FALLBACK_USER_PREFIX);
s.fallback_user_level = strdup(FALLBACK_USER_LEVEL);
- if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL)
- return STATUS_ERR;
+ if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL) {
+ retval = STATUS_ERR;
+ goto done;
diff --git a/src/direct_api.c b/src/direct_api.c
index 64dc7d9..5b94725 100644
--- a/src/direct_api.c
+++ b/src/direct_api.c
@@ -690,7 +690,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
/* Declare some variables */
int modified = 0, fcontexts_modified, ports_modified,
seusers_modified, users_extra_modified, dontaudit_modified,
- preserve_tunables_modified;
+ preserve_tunables_modified, bools_modified;
dbase_config_t *users = semanage_user_dbase_local(sh);
dbase_config_t *users_base = semanage_user_base_dbase_local(sh);
dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh);
@@ -771,11 +771,11 @@ static int semanage_direct_commit(semanage_handle_t * sh)
users_extra_modified =
users_extra->dtable->is_modified(users_extra->dbase);
ports_modified = ports->dtable->is_modified(ports->dbase);
+ bools_modified = bools->dtable->is_modified(bools->dbase);
modified = sh->modules_modified;
modified |= ports_modified;
modified |= users->dtable->is_modified(users_base->dbase);
- modified |= bools->dtable->is_modified(bools->dbase);
modified |= ifaces->dtable->is_modified(ifaces->dbase);
modified |= nodes->dtable->is_modified(nodes->dbase);
modified |= dontaudit_modified;
@@ -891,15 +891,26 @@ static int semanage_direct_commit(semanage_handle_t * sh)
/* ==================== Policydb-backed ================ */
- /* Create new policy object, then attach to policy databases
- * that work with a policydb */
+ /* Create new policy object */
retval = semanage_expand_sandbox(sh, base, &out);
if (retval < 0)
goto cleanup;
sepol_module_package_free(base);
base = NULL;
+ } else {
+ /* Load already linked policy */
+ retval = sepol_policydb_create(&out);
+ if (retval < 0)
+ goto cleanup;
+
+ retval = semanage_read_policydb(sh, out);
+ if (retval < 0)
+ goto cleanup;
+ }
if (ignoredirs) ignore_setup(ignoredirs);
+ if (sh->do_rebuild || modified || bools_modified) {
+ /* Attach to policy databases that work with a policydb. */
dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase,
out);
dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out);
@@ -921,14 +932,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
if (retval < 0)
goto cleanup;
} else {
- retval = sepol_policydb_create(&out);
- if (retval < 0)
- goto cleanup;
-
- retval = semanage_read_policydb(sh, out);
- if (retval < 0)
- goto cleanup;
-
+ /* Changes to non-kernel policy configurations only. */
if (seusers_modified || users_extra_modified) {
retval = semanage_link_base(sh, &base);
if (retval < 0)
@@ -1007,7 +1011,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
sepol_policydb_free(out);
out = NULL;
@@ -1082,15 +1084,19 @@ int semanage_genhomedircon(semanage_handle_t * sh,
if (!(out = fopen(s.fcfilepath, "w"))) {
/* couldn't open output file */
ERR(sh, "Could not open the file_context file for writing");
- return STATUS_ERR;
+ retval = STATUS_ERR;
+ goto done;
- if (sh->do_rebuild || modified ||
+ if (sh->do_rebuild || modified || bools_modified ||
seusers_modified || fcontexts_modified || users_extra_modified) {
retval = semanage_install_sandbox(sh);
}
@@ -1017,7 +1021,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
free(mod_filenames[i]);
}
retval = write_context_file(&s, out);
- fclose(out);
+done:
+ if (out != NULL)
+ fclose(out);
free(s.fallback_user);
free(s.fallback_user_prefix);
+ free(s.fallback_user_level);
ignore_free();
return retval;
- if (modified) {
+ if (modified || bools_modified) {
/* Detach from policydb, so it can be freed */
dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
dbase_policydb_detach((dbase_policydb_t *) pports->dbase);

10
libsemanage.spec
View File

@ -7,11 +7,11 @@
Summary: SELinux binary policy manipulation library
Name: libsemanage
Version: 2.3
Release: 4%{?dist}
Release: 5%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
Source: libsemanage-%{version}.tgz
#Patch: libsemanage-rhat.patch
Patch: libsemanage-rhat.patch
URL: http://oss.tresys.com/git/selinux.git
Source1: semanage.conf
@ -83,7 +83,7 @@ SELinux management applications.
%prep
%setup -q
#%patch -p2 -b .rhat
%patch -p1 -b .rhat
%build
# To support building the Python wrapper against multiple Python runtimes
@ -181,6 +181,10 @@ rm -rf ${RPM_BUILD_ROOT}
%endif # if with_python3
%changelog
* Wed Jul 30 2014 Miroslav Grepl <mgrepl@fedoraproject.org> - 2.3-5
- Skip policy module re-link when only setting booleans.
* patch from Stephen Smalley
* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> - 2.3-4
- fix license handling