Compare commits
No commits in common. "master" and "libsemanage-2_0_45-4_fc14" have entirely different histories.
master
...
libsemanag
|
|
@ -118,31 +118,3 @@ libsemanage-2.0.42.tgz
|
|||
libsemanage-2.0.43.tgz
|
||||
libsemanage-2.0.44.tgz
|
||||
libsemanage-2.0.45.tgz
|
||||
/libsemanage-2.0.46.tgz
|
||||
/libsemanage-2.1.0.tgz
|
||||
/libsemanage-2.1.2.tgz
|
||||
/libsemanage-2.1.3.tgz
|
||||
/libsemanage-2.1.4.tgz
|
||||
/libsemanage-2.1.5.tgz
|
||||
/libsemanage-2.1.6.tgz
|
||||
/libsemanage-2.1.7.tgz
|
||||
/libsemanage-2.1.8.tgz
|
||||
/libsemanage-2.1.9.tgz
|
||||
/libsemanage-2.1.10.tgz
|
||||
/libsemanage-2.2.tgz
|
||||
/libsemanage-2.3.tgz
|
||||
/libsemanage-2.4.tar.gz
|
||||
/libsemanage-2.5-rc1.tar.gz
|
||||
/libsemanage-2.5.tar.gz
|
||||
/libsemanage-2.6.tar.gz
|
||||
/libsemanage-2.7.tar.gz
|
||||
/libsemanage-2.8-rc1.tar.gz
|
||||
/libsemanage-2.8-rc2.tar.gz
|
||||
/libsemanage-2.8-rc3.tar.gz
|
||||
/libsemanage-2.8.tar.gz
|
||||
/libsemanage-2.9-rc1.tar.gz
|
||||
/libsemanage-2.9-rc2.tar.gz
|
||||
/libsemanage-2.9.tar.gz
|
||||
/libsemanage-3.0-rc1.tar.gz
|
||||
/libsemanage-3.0.tar.gz
|
||||
/libsemanage-3.1.tar.gz
|
||||
|
|
@ -1,233 +0,0 @@
|
|||
From b46406de8a93abe10e685c422597516517c0bff3 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Fri, 9 Oct 2020 15:00:50 +0200
|
||||
Subject: [PATCH] libsemanage: Remove legacy and duplicate symbols
|
||||
|
||||
Versioned duplicate symbols cause problems for LTO. These symbols were
|
||||
introduced during the CIL integration several releases ago and were only
|
||||
consumed by other SELinux userspace components.
|
||||
|
||||
Related: https://github.com/SELinuxProject/selinux/issues/245
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
libsemanage/include/semanage/modules.h | 2 +-
|
||||
libsemanage/src/libsemanage.map | 5 --
|
||||
libsemanage/src/modules.c | 100 +------------------------
|
||||
libsemanage/src/modules.h | 9 +--
|
||||
libsemanage/src/semanageswig_python.i | 2 -
|
||||
5 files changed, 4 insertions(+), 114 deletions(-)
|
||||
|
||||
diff --git a/libsemanage/include/semanage/modules.h b/libsemanage/include/semanage/modules.h
|
||||
index ac4039314857..b51f61f033d5 100644
|
||||
--- a/libsemanage/include/semanage/modules.h
|
||||
+++ b/libsemanage/include/semanage/modules.h
|
||||
@@ -33,7 +33,7 @@ typedef struct semanage_module_key semanage_module_key_t;
|
||||
*/
|
||||
|
||||
extern int semanage_module_install(semanage_handle_t *,
|
||||
- char *module_data, size_t data_len, char *name, char *ext_lang);
|
||||
+ char *module_data, size_t data_len, const char *name, const char *ext_lang);
|
||||
extern int semanage_module_install_file(semanage_handle_t *,
|
||||
const char *module_name);
|
||||
extern int semanage_module_remove(semanage_handle_t *, char *module_name);
|
||||
diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
|
||||
index 1375a8ca0ea7..4bec06aaae27 100644
|
||||
--- a/libsemanage/src/libsemanage.map
|
||||
+++ b/libsemanage/src/libsemanage.map
|
||||
@@ -167,18 +167,13 @@ LIBSEMANAGE_1.0 {
|
||||
semanage_mls_enabled;
|
||||
semanage_module_disable;
|
||||
semanage_module_enable;
|
||||
- semanage_module_get_enabled;
|
||||
semanage_module_get_name;
|
||||
semanage_module_get_version;
|
||||
semanage_module_info_datum_destroy;
|
||||
- semanage_module_install;
|
||||
- semanage_module_install_base;
|
||||
- semanage_module_install_base_file;
|
||||
semanage_module_install_file;
|
||||
semanage_module_list;
|
||||
semanage_module_list_nth;
|
||||
semanage_module_remove;
|
||||
- semanage_module_upgrade;
|
||||
semanage_module_upgrade_file;
|
||||
semanage_msg_get_channel;
|
||||
semanage_msg_get_fname;
|
||||
diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c
|
||||
index 6d3eb60ae462..8b36801038df 100644
|
||||
--- a/libsemanage/src/modules.c
|
||||
+++ b/libsemanage/src/modules.c
|
||||
@@ -42,70 +42,7 @@
|
||||
#include "modules.h"
|
||||
#include "debug.h"
|
||||
|
||||
-asm(".symver semanage_module_get_enabled_1_1,semanage_module_get_enabled@@LIBSEMANAGE_1.1");
|
||||
-asm(".symver semanage_module_get_enabled_1_0,semanage_module_get_enabled@LIBSEMANAGE_1.0");
|
||||
-asm(".symver semanage_module_install_pp,semanage_module_install@LIBSEMANAGE_1.0");
|
||||
-asm(".symver semanage_module_install_hll,semanage_module_install@@LIBSEMANAGE_1.1");
|
||||
-
|
||||
-/* Takes a module stored in 'module_data' and parses its headers.
|
||||
- * Sets reference variables 'module_name' to module's name and
|
||||
- * 'version' to module's version. The caller is responsible for
|
||||
- * free()ing 'module_name' and 'version'; they will be
|
||||
- * set to NULL upon entering this function. Returns 0 on success, -1
|
||||
- * if out of memory, or -2 if data did not represent a module.
|
||||
- */
|
||||
-static int parse_module_headers(semanage_handle_t * sh, char *module_data,
|
||||
- size_t data_len, char **module_name, char **version)
|
||||
-{
|
||||
- struct sepol_policy_file *pf;
|
||||
- int file_type;
|
||||
- *version = NULL;
|
||||
-
|
||||
- if (sepol_policy_file_create(&pf)) {
|
||||
- ERR(sh, "Out of memory!");
|
||||
- return -1;
|
||||
- }
|
||||
- sepol_policy_file_set_mem(pf, module_data, data_len);
|
||||
- sepol_policy_file_set_handle(pf, sh->sepolh);
|
||||
- if (module_data == NULL ||
|
||||
- data_len == 0 ||
|
||||
- sepol_module_package_info(pf, &file_type, module_name, version) == -1) {
|
||||
- sepol_policy_file_free(pf);
|
||||
- ERR(sh, "Could not parse module data.");
|
||||
- return -2;
|
||||
- }
|
||||
- sepol_policy_file_free(pf);
|
||||
- if (file_type != SEPOL_POLICY_MOD) {
|
||||
- ERR(sh, "Data did not represent a pp module. Please upgrade to the latest version of libsemanage to support hll modules.");
|
||||
- return -2;
|
||||
- }
|
||||
-
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-/* This function is used to preserve ABI compatibility with
|
||||
- * versions of semodule using LIBSEMANAGE_1.0
|
||||
- */
|
||||
-int semanage_module_install_pp(semanage_handle_t * sh,
|
||||
- char *module_data, size_t data_len)
|
||||
-{
|
||||
- char *name = NULL;
|
||||
- char *version = NULL;
|
||||
- int status;
|
||||
-
|
||||
- if ((status = parse_module_headers(sh, module_data, data_len, &name, &version)) != 0) {
|
||||
- goto cleanup;
|
||||
- }
|
||||
-
|
||||
- status = semanage_module_install_hll(sh, module_data, data_len, name, "pp");
|
||||
-
|
||||
-cleanup:
|
||||
- free(name);
|
||||
- free(version);
|
||||
- return status;
|
||||
-}
|
||||
-
|
||||
-int semanage_module_install_hll(semanage_handle_t * sh,
|
||||
+int semanage_module_install(semanage_handle_t * sh,
|
||||
char *module_data, size_t data_len, const char *name, const char *ext_lang)
|
||||
{
|
||||
if (sh->funcs->install == NULL) {
|
||||
@@ -160,16 +97,6 @@ int semanage_module_extract(semanage_handle_t * sh,
|
||||
return sh->funcs->extract(sh, modkey, extract_cil, mapped_data, data_len, modinfo);
|
||||
}
|
||||
|
||||
-/* Legacy function that remains to preserve ABI
|
||||
- * compatibility. Please use semanage_module_install instead.
|
||||
- */
|
||||
-int semanage_module_upgrade(semanage_handle_t * sh,
|
||||
- char *module_data, size_t data_len)
|
||||
-{
|
||||
- return semanage_module_install_pp(sh, module_data, data_len);
|
||||
-
|
||||
-}
|
||||
-
|
||||
/* Legacy function that remains to preserve ABI
|
||||
* compatibility. Please use semanage_module_install_file instead.
|
||||
*/
|
||||
@@ -179,24 +106,6 @@ int semanage_module_upgrade_file(semanage_handle_t * sh,
|
||||
return semanage_module_install_file(sh, module_name);
|
||||
}
|
||||
|
||||
-/* Legacy function that remains to preserve ABI
|
||||
- * compatibility. Please use semanage_module_install instead.
|
||||
- */
|
||||
-int semanage_module_install_base(semanage_handle_t * sh,
|
||||
- char *module_data, size_t data_len)
|
||||
-{
|
||||
- return semanage_module_install_pp(sh, module_data, data_len);
|
||||
-}
|
||||
-
|
||||
-/* Legacy function that remains to preserve ABI
|
||||
- * compatibility. Please use semanage_module_install_file instead.
|
||||
- */
|
||||
-int semanage_module_install_base_file(semanage_handle_t * sh,
|
||||
- const char *module_name)
|
||||
-{
|
||||
- return semanage_module_install_file(sh, module_name);
|
||||
-}
|
||||
-
|
||||
int semanage_module_remove(semanage_handle_t * sh, char *module_name)
|
||||
{
|
||||
if (sh->funcs->remove == NULL) {
|
||||
@@ -780,7 +689,7 @@ int semanage_module_key_set_priority(semanage_handle_t *sh,
|
||||
}
|
||||
|
||||
|
||||
-int semanage_module_get_enabled_1_1(semanage_handle_t *sh,
|
||||
+int semanage_module_get_enabled(semanage_handle_t *sh,
|
||||
const semanage_module_key_t *modkey,
|
||||
int *enabled)
|
||||
{
|
||||
@@ -800,11 +709,6 @@ int semanage_module_get_enabled_1_1(semanage_handle_t *sh,
|
||||
return sh->funcs->get_enabled(sh, modkey, enabled);
|
||||
}
|
||||
|
||||
-int semanage_module_get_enabled_1_0(semanage_module_info_t *modinfo)
|
||||
-{
|
||||
- return modinfo->enabled;
|
||||
-}
|
||||
-
|
||||
int semanage_module_set_enabled(semanage_handle_t *sh,
|
||||
const semanage_module_key_t *modkey,
|
||||
int enabled)
|
||||
diff --git a/libsemanage/src/modules.h b/libsemanage/src/modules.h
|
||||
index 2d3576fb15df..64d4a157f5ca 100644
|
||||
--- a/libsemanage/src/modules.h
|
||||
+++ b/libsemanage/src/modules.h
|
||||
@@ -26,16 +26,9 @@
|
||||
|
||||
#include "semanage/modules.h"
|
||||
|
||||
-int semanage_module_install_pp(semanage_handle_t * sh,
|
||||
- char *module_data, size_t data_len);
|
||||
-int semanage_module_install_hll(semanage_handle_t * sh,
|
||||
- char *module_data, size_t data_len, const char *name, const char *ext_lang);
|
||||
-int semanage_module_upgrade(semanage_handle_t * sh,
|
||||
- char *module_data, size_t data_len);
|
||||
+
|
||||
int semanage_module_upgrade_file(semanage_handle_t * sh,
|
||||
const char *module_name);
|
||||
-int semanage_module_install_base(semanage_handle_t * sh,
|
||||
- char *module_data, size_t data_len);
|
||||
int semanage_module_install_base_file(semanage_handle_t * sh,
|
||||
const char *module_name);
|
||||
|
||||
diff --git a/libsemanage/src/semanageswig_python.i b/libsemanage/src/semanageswig_python.i
|
||||
index 8dd79fc24213..5f0113966962 100644
|
||||
--- a/libsemanage/src/semanageswig_python.i
|
||||
+++ b/libsemanage/src/semanageswig_python.i
|
||||
@@ -30,8 +30,6 @@
|
||||
%}
|
||||
|
||||
%include "stdint.i"
|
||||
-%ignore semanage_module_install_pp;
|
||||
-%ignore semanage_module_install_hll;
|
||||
|
||||
%wrapper %{
|
||||
|
||||
--
|
||||
2.29.0
|
||||
|
||||
|
|
@ -1,100 +0,0 @@
|
|||
From c08b73d7183e2dbab0ba43c3df32f4214abbc9c6 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Fri, 9 Oct 2020 15:00:51 +0200
|
||||
Subject: [PATCH] libsemanage: Drop deprecated functions
|
||||
|
||||
semanage_module_enable() and semanage_module_disable() were deprecated
|
||||
by commit 9fbc6d14418f ("libsemanage: add back original module
|
||||
enable/disable functions for ABI compatability") in 2014 in order to
|
||||
preserve ABI compatibility. As we the libsemanage ABI is changed by the
|
||||
previous commit, it makes sense to drop them completely.
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
libsemanage/src/libsemanage.map | 2 --
|
||||
libsemanage/src/modules.c | 56 ---------------------------------
|
||||
2 files changed, 58 deletions(-)
|
||||
|
||||
diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
|
||||
index 4bec06aaae27..3ea7b60f97bb 100644
|
||||
--- a/libsemanage/src/libsemanage.map
|
||||
+++ b/libsemanage/src/libsemanage.map
|
||||
@@ -165,8 +165,6 @@ LIBSEMANAGE_1.0 {
|
||||
semanage_is_connected;
|
||||
semanage_is_managed;
|
||||
semanage_mls_enabled;
|
||||
- semanage_module_disable;
|
||||
- semanage_module_enable;
|
||||
semanage_module_get_name;
|
||||
semanage_module_get_version;
|
||||
semanage_module_info_datum_destroy;
|
||||
diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c
|
||||
index 8b36801038df..b6dd456cac32 100644
|
||||
--- a/libsemanage/src/modules.c
|
||||
+++ b/libsemanage/src/modules.c
|
||||
@@ -734,62 +734,6 @@ int semanage_module_set_enabled(semanage_handle_t *sh,
|
||||
}
|
||||
|
||||
|
||||
-/* This function exists only for ABI compatibility. It has been deprecated and
|
||||
- * should not be used. Instead, use semanage_module_set_enabled() */
|
||||
-int semanage_module_enable(semanage_handle_t *sh, char *module_name)
|
||||
-{
|
||||
- int rc = -1;
|
||||
- semanage_module_key_t *modkey = NULL;
|
||||
-
|
||||
- rc = semanage_module_key_create(sh, &modkey);
|
||||
- if (rc != 0)
|
||||
- goto exit;
|
||||
-
|
||||
- rc = semanage_module_key_set_name(sh, modkey, module_name);
|
||||
- if (rc != 0)
|
||||
- goto exit;
|
||||
-
|
||||
- rc = semanage_module_set_enabled(sh, modkey, 1);
|
||||
- if (rc != 0)
|
||||
- goto exit;
|
||||
-
|
||||
- rc = 0;
|
||||
-
|
||||
-exit:
|
||||
- semanage_module_key_destroy(sh, modkey);
|
||||
- free(modkey);
|
||||
-
|
||||
- return rc;
|
||||
-}
|
||||
-
|
||||
-/* This function exists only for ABI compatibility. It has been deprecated and
|
||||
- * should not be used. Instead, use semanage_module_set_enabled() */
|
||||
-int semanage_module_disable(semanage_handle_t *sh, char *module_name)
|
||||
-{
|
||||
- int rc = -1;
|
||||
- semanage_module_key_t *modkey = NULL;
|
||||
-
|
||||
- rc = semanage_module_key_create(sh, &modkey);
|
||||
- if (rc != 0)
|
||||
- goto exit;
|
||||
-
|
||||
- rc = semanage_module_key_set_name(sh, modkey, module_name);
|
||||
- if (rc != 0)
|
||||
- goto exit;
|
||||
-
|
||||
- rc = semanage_module_set_enabled(sh, modkey, 0);
|
||||
- if (rc != 0)
|
||||
- goto exit;
|
||||
-
|
||||
- rc = 0;
|
||||
-
|
||||
-exit:
|
||||
- semanage_module_key_destroy(sh, modkey);
|
||||
- free(modkey);
|
||||
-
|
||||
- return rc;
|
||||
-}
|
||||
-
|
||||
/* Converts a string to a priority
|
||||
*
|
||||
* returns -1 if str is not a valid priority.
|
||||
--
|
||||
2.29.0
|
||||
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
From 6ebb35d261eaa8701b53b9f68184b05de8dfd868 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Fri, 9 Oct 2020 15:00:52 +0200
|
||||
Subject: [PATCH] libsemanage: Bump libsemanage.so version
|
||||
|
||||
Previous commits removed some symbols and broke ABI, therefore we need to change
|
||||
SONAME.
|
||||
|
||||
See the following quotes from distribution guidelines:
|
||||
|
||||
https://www.debian.org/doc/debian-policy/ch-sharedlibs.html#run-time-shared-libraries
|
||||
|
||||
Every time the shared library ABI changes in a way that may break
|
||||
binaries linked against older versions of the shared library, the SONAME
|
||||
of the library and the corresponding name for the binary package
|
||||
containing the runtime shared library should change.
|
||||
|
||||
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_downstream_so_name_versioning
|
||||
|
||||
When new versions of the library are released, you should use an ABI
|
||||
comparison tool to check for ABI differences in the built shared
|
||||
libraries. If it detects any incompatibilities, bump the n number by
|
||||
one.
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
libsemanage/src/Makefile | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
|
||||
index a0eb3747d74b..ab6cae51f5c3 100644
|
||||
--- a/libsemanage/src/Makefile
|
||||
+++ b/libsemanage/src/Makefile
|
||||
@@ -32,7 +32,7 @@ YACC = bison
|
||||
YFLAGS = -d
|
||||
|
||||
VERSION = $(shell cat ../VERSION)
|
||||
-LIBVERSION = 1
|
||||
+LIBVERSION = 2
|
||||
|
||||
LIBA=libsemanage.a
|
||||
TARGET=libsemanage.so
|
||||
--
|
||||
2.29.0
|
||||
|
||||
|
|
@ -1,66 +0,0 @@
|
|||
From fc966a746653cc15a14d1e1a80f01fc2f567ee08 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Wed, 7 Nov 2018 18:17:34 +0100
|
||||
Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity
|
||||
scan defects
|
||||
|
||||
---
|
||||
libsemanage/src/direct_api.c | 21 ++++++++-------------
|
||||
1 file changed, 8 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
|
||||
index d2b91fb24292..f445cd4d6fb5 100644
|
||||
--- a/libsemanage/src/direct_api.c
|
||||
+++ b/libsemanage/src/direct_api.c
|
||||
@@ -1028,7 +1028,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
|
||||
|
||||
fp = NULL;
|
||||
|
||||
- ret = 0;
|
||||
+ return 0;
|
||||
|
||||
cleanup:
|
||||
if (fp != NULL) fclose(fp);
|
||||
@@ -2184,7 +2184,6 @@ cleanup:
|
||||
semanage_module_info_destroy(sh, modinfo);
|
||||
free(modinfo);
|
||||
|
||||
- if (fp != NULL) fclose(fp);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -2349,16 +2348,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
|
||||
free(tmp);
|
||||
tmp = NULL;
|
||||
|
||||
- if (fclose(fp) != 0) {
|
||||
- ERR(sh,
|
||||
- "Unable to close %s module lang ext file.",
|
||||
- (*modinfo)->name);
|
||||
- status = -1;
|
||||
- goto cleanup;
|
||||
- }
|
||||
-
|
||||
- fp = NULL;
|
||||
-
|
||||
/* lookup enabled/disabled status */
|
||||
ret = semanage_module_get_path(sh,
|
||||
*modinfo,
|
||||
@@ -2402,7 +2391,13 @@ cleanup:
|
||||
free(modinfos);
|
||||
}
|
||||
|
||||
- if (fp != NULL) fclose(fp);
|
||||
+ if (fp != NULL && fclose(fp) != 0) {
|
||||
+ ERR(sh,
|
||||
+ "Unable to close %s module lang ext file.",
|
||||
+ (*modinfo)->name);
|
||||
+ status = -1;
|
||||
+ }
|
||||
+
|
||||
return status;
|
||||
}
|
||||
|
||||
--
|
||||
2.29.0
|
||||
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
From 511f8bbf779e10152d5af491e8b6a408b8ad666c Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Fri, 30 Oct 2020 17:42:17 +0100
|
||||
Subject: [PATCH] libsemanage/genhomedircon: check usepasswd
|
||||
|
||||
Only add user homedir contexts when usepasswd = True
|
||||
|
||||
Resolves:
|
||||
# grep usepasswd /etc/selinux/semanage.conf
|
||||
usepasswd=False
|
||||
# useradd -Z unconfined_u -d /tmp test
|
||||
# matchpathcon /tmp
|
||||
/tmp unconfined_u:object_r:user_home_dir_t:s0
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
---
|
||||
libsemanage/src/genhomedircon.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
|
||||
index d08c88de99a7..18d3d99a1254 100644
|
||||
--- a/libsemanage/src/genhomedircon.c
|
||||
+++ b/libsemanage/src/genhomedircon.c
|
||||
@@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
|
||||
s->fallback->home = NULL;
|
||||
}
|
||||
}
|
||||
- if (user_context_tpl || username_context_tpl) {
|
||||
+ if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) {
|
||||
if (write_username_context(s, out, username_context_tpl,
|
||||
s->fallback) != STATUS_SUCCESS) {
|
||||
retval = STATUS_ERR;
|
||||
--
|
||||
2.29.2
|
||||
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
# Makefile for source rpm: libsemanage
|
||||
# $Id$
|
||||
NAME := libsemanage
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attempt a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
||||
16
gating.yaml
16
gating.yaml
|
|
@ -1,16 +0,0 @@
|
|||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_testing
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_stable
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
|
||||
index 7acf63d..cdd8388 100644
|
||||
--- a/libsemanage/src/Makefile
|
||||
+++ b/libsemanage/src/Makefile
|
||||
@@ -1,9 +1,15 @@
|
||||
+# Support building the Python bindings multiple times, against various Python
|
||||
+# runtimes (e.g. Python 2 vs Python 3) by optionally prefixing the build
|
||||
+# targets with "PYPREFIX":
|
||||
+PYTHON ?= python
|
||||
+PYPREFIX ?=
|
||||
+
|
||||
# Installation directories.
|
||||
PREFIX ?= $(DESTDIR)/usr
|
||||
LIBDIR ?= $(PREFIX)/lib
|
||||
SHLIBDIR ?= $(PREFIX)/lib
|
||||
INCLUDEDIR ?= $(PREFIX)/include
|
||||
-PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
|
||||
+PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
|
||||
PYINC ?= /usr/include/${PYLIBVER}
|
||||
PYLIBDIR ?= $(LIBDIR)/${PYLIBVER}
|
||||
RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
|
||||
@@ -34,9 +40,9 @@ SWIGIF= semanageswig_python.i
|
||||
SWIGRUBYIF= semanageswig_ruby.i
|
||||
SWIGCOUT= semanageswig_wrap.c
|
||||
SWIGRUBYCOUT= semanageswig_ruby_wrap.c
|
||||
-SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
|
||||
+SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
|
||||
SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT))
|
||||
-SWIGSO=_semanage.so
|
||||
+SWIGSO=$(PYPREFIX)_semanage.so
|
||||
SWIGFILES=$(SWIGSO) semanage.py
|
||||
SWIGRUBYSO=_rubysemanage.so
|
||||
LIBSO=$(TARGET).$(LIBVERSION)
|
||||
@@ -132,7 +138,9 @@ install: all
|
||||
|
||||
install-pywrap: pywrap
|
||||
test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
|
||||
- install -m 755 $(SWIGFILES) $(PYLIBDIR)/site-packages
|
||||
+ install -m 755 $(SWIGSO) $(PYLIBDIR)/site-packages/_semanage.so
|
||||
+ install -m 755 semanage.py $(PYLIBDIR)/site-packages
|
||||
+
|
||||
|
||||
install-rubywrap: rubywrap
|
||||
test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
Index: libsemanage/src/semanage_store.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/selinux/nsa/selinux-usr/libsemanage/src/semanage_store.c,v
|
||||
retrieving revision 1.21
|
||||
diff -u -r1.21 semanage_store.c
|
||||
--- libsemanage/src/semanage_store.c 9 Nov 2005 14:52:55 -0000 1.21
|
||||
+++ libsemanage/src/semanage_store.c 14 Nov 2005 21:43:09 -0000
|
||||
@@ -950,11 +950,6 @@
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- if ((r = semanage_exec_prog(sh, sh->conf->genhomedircon, sh->conf->store_path, "")) != 0) {
|
||||
- ERR(sh, "genhomedircon returned error code %d.", r);
|
||||
- goto cleanup;
|
||||
- }
|
||||
-
|
||||
retval = 0;
|
||||
cleanup:
|
||||
free(storepath);
|
||||
@@ -1070,6 +1065,12 @@
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ if ((retval = semanage_exec_prog(sh, sh->conf->genhomedircon, sh->conf->store_path, "")) != 0) {
|
||||
+ ERR(sh, "genhomedircon returned error code %d.", retval);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+
|
||||
cleanup:
|
||||
return retval;
|
||||
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.44/src/genhomedircon.c
|
||||
--- nsalibsemanage/src/genhomedircon.c 2009-09-17 08:59:43.000000000 -0400
|
||||
+++ libsemanage-2.0.44/src/genhomedircon.c 2010-02-24 14:57:23.000000000 -0500
|
||||
@@ -310,6 +310,10 @@
|
||||
}
|
||||
if (strcmp(pwbuf->pw_dir, "/") == 0)
|
||||
continue;
|
||||
+ if (strcmp(pwbuf->pw_dir, "/root") == 0) {
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
if (semanage_str_count(pwbuf->pw_dir, '/') <= 1)
|
||||
continue;
|
||||
if (!(path = strdup(pwbuf->pw_dir))) {
|
||||
@@ -803,6 +807,9 @@
|
||||
* /root */
|
||||
continue;
|
||||
}
|
||||
+ if (strcmp(pwent->pw_dir, "/root") == 0) {
|
||||
+ continue;
|
||||
+ }
|
||||
if (push_user_entry(&head, name, seuname,
|
||||
prefix, pwent->pw_dir) != STATUS_SUCCESS) {
|
||||
*errors = STATUS_ERR;
|
||||
693
libsemanage.spec
693
libsemanage.spec
|
|
@ -1,36 +1,35 @@
|
|||
%define libsepolver 3.1-5
|
||||
%define libselinuxver 3.1-5
|
||||
%global with_python3 1
|
||||
|
||||
Summary: SELinux binary policy manipulation library
|
||||
%define libsepolver 2.0.37-1
|
||||
%define libselinuxver 2.0.0-1
|
||||
|
||||
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
||||
|
||||
Summary: SELinux binary policy manipulation library
|
||||
Name: libsemanage
|
||||
Version: 3.1
|
||||
Release: 5%{?dist}
|
||||
Version: 2.0.45
|
||||
Release: 4%{?dist}
|
||||
License: LGPLv2+
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/libsemanage-3.1.tar.gz
|
||||
# fedora-selinux/selinux: git format-patch -N libsemanage-3.1 -- libsemanage
|
||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||
# Patch list start
|
||||
Patch0001: 0001-libsemanage-Remove-legacy-and-duplicate-symbols.patch
|
||||
Patch0002: 0002-libsemanage-Drop-deprecated-functions.patch
|
||||
Patch0003: 0003-libsemanage-Bump-libsemanage.so-version.patch
|
||||
Patch0004: 0004-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
|
||||
Patch0005: 0005-libsemanage-genhomedircon-check-usepasswd.patch
|
||||
# Patch list end
|
||||
URL: https://github.com/SELinuxProject/selinux/wiki
|
||||
Group: System Environment/Libraries
|
||||
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
|
||||
Patch: libsemanage-rhat.patch
|
||||
URL: http://www.selinuxproject.org
|
||||
Source1: semanage.conf
|
||||
|
||||
BuildRequires: gcc make
|
||||
BuildRequires: libselinux-devel >= %{libselinuxver} swig
|
||||
# Add support to src/Makefile to support building the python bindings multiple
|
||||
# times, against different Python runtimes:
|
||||
Patch1: libsemanage-2.0.45-support-multiple-python-builds.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: libselinux-devel >= %{libselinuxver} swig ustr-devel
|
||||
BuildRequires: libsepol-devel >= %{libsepolver}
|
||||
BuildRequires: audit-libs-devel
|
||||
BuildRequires: bison flex bzip2-devel
|
||||
BuildRequires: python-devel bison flex bzip2-devel
|
||||
|
||||
BuildRequires: python3
|
||||
%if 0%{?with_python3}
|
||||
BuildRequires: python3-devel
|
||||
%endif # if with_python3
|
||||
|
||||
Requires: bzip2-libs audit-libs
|
||||
Requires: libselinux%{?_isa} >= %{libselinuxver}
|
||||
Obsoletes: libsemanage-compat = 3.1-4
|
||||
Requires: bzip2-libs
|
||||
|
||||
%description
|
||||
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
||||
|
|
@ -50,7 +49,8 @@ on binary policies such as customizing policy boolean settings.
|
|||
|
||||
%package static
|
||||
Summary: Static library used to build policy manipulation tools
|
||||
Requires: libsemanage-devel%{_isa} = %{version}-%{release}
|
||||
Group: Development/Libraries
|
||||
Requires: libsemanage-devel = %{version}-%{release}
|
||||
|
||||
%description static
|
||||
The semanage-static package contains the static libraries
|
||||
|
|
@ -58,595 +58,124 @@ needed for developing applications that manipulate binary policies.
|
|||
|
||||
%package devel
|
||||
Summary: Header files and libraries used to build policy manipulation tools
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Group: Development/Libraries
|
||||
Requires: libsemanage = %{version}-%{release} ustr
|
||||
|
||||
%description devel
|
||||
The semanage-devel package contains the libraries and header files
|
||||
needed for developing applications that manipulate binary policies.
|
||||
|
||||
%package -n python3-libsemanage
|
||||
Summary: semanage python 3 bindings for libsemanage
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: libselinux-python3
|
||||
%{?python_provide:%python_provide python3-libsemanage}
|
||||
# Remove before F30
|
||||
Provides: %{name}-python3 = %{version}-%{release}
|
||||
Provides: %{name}-python3%{?_isa} = %{version}-%{release}
|
||||
Obsoletes: %{name}-python3 < %{version}-%{release}
|
||||
%package python
|
||||
Summary: semanage python bindings for libsemanage
|
||||
Group: Development/Libraries
|
||||
Requires: libsemanage = %{version}-%{release}
|
||||
|
||||
%description -n python3-libsemanage
|
||||
%description python
|
||||
The libsemanage-python package contains the python bindings for developing
|
||||
SELinux management applications.
|
||||
|
||||
%if 0%{?with_python3}
|
||||
%package python3
|
||||
Summary: semanage python 3 bindings for libsemanage
|
||||
Group: Development/Libraries
|
||||
Requires: libsemanage = %{version}-%{release}
|
||||
|
||||
%description python3
|
||||
The libsemanage-python3 package contains the python 3 bindings for developing
|
||||
SELinux management applications.
|
||||
%endif # if with_python3
|
||||
|
||||
%prep
|
||||
%autosetup -n libsemanage-%{version} -p 2
|
||||
|
||||
%setup -q
|
||||
%patch -p1 -b .rhat
|
||||
%patch1 -p2 -b .support-multiple-python-builds
|
||||
|
||||
%build
|
||||
%set_build_flags
|
||||
CFLAGS="$CFLAGS -fno-semantic-interposition"
|
||||
|
||||
# To support building the Python wrapper against multiple Python runtimes
|
||||
# Define a function, for how to perform a "build" of the python wrapper against
|
||||
# a specific runtime:
|
||||
BuildPythonWrapper() {
|
||||
BinaryName=$1
|
||||
Prefix=$2
|
||||
|
||||
# Perform the build from the upstream Makefile:
|
||||
make \
|
||||
PYTHON=$BinaryName \
|
||||
LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \
|
||||
PYTHON=$BinaryName PYPREFIX=$Prefix \
|
||||
CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \
|
||||
pywrap
|
||||
}
|
||||
|
||||
make clean
|
||||
make swigify
|
||||
%make_build LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all
|
||||
make CFLAGS="%{optflags}" swigify
|
||||
make CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all
|
||||
|
||||
BuildPythonWrapper \
|
||||
%{__python3}
|
||||
BuildPythonWrapper %{__python} python2
|
||||
%if 0%{?with_python3}
|
||||
BuildPythonWrapper %{__python3} python3
|
||||
%endif # with_python3
|
||||
|
||||
%install
|
||||
InstallPythonWrapper() {
|
||||
BinaryName=$1
|
||||
Prefix=$2
|
||||
|
||||
make \
|
||||
PYTHON=$BinaryName \
|
||||
DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" \
|
||||
PYTHON=$BinaryName PYPREFIX=$Prefix \
|
||||
DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" \
|
||||
install-pywrap
|
||||
}
|
||||
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}
|
||||
rm -rf ${RPM_BUILD_ROOT}
|
||||
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux/tmp
|
||||
%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}"
|
||||
make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" install
|
||||
|
||||
InstallPythonWrapper %{__python} python2
|
||||
%if 0%{?with_python3}
|
||||
InstallPythonWrapper %{__python3} python3
|
||||
%endif # with_python3
|
||||
|
||||
InstallPythonWrapper \
|
||||
%{__python3} \
|
||||
$(python3-config --extension-suffix)
|
||||
|
||||
cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf
|
||||
ln -sf %{_libdir}/libsemanage.so.1 ${RPM_BUILD_ROOT}/%{_libdir}/libsemanage.so
|
||||
|
||||
%clean
|
||||
rm -rf ${RPM_BUILD_ROOT}
|
||||
|
||||
%files
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%dir %{_sysconfdir}/selinux
|
||||
%config(noreplace) %{_sysconfdir}/selinux/semanage.conf
|
||||
%{_libdir}/libsemanage.so.2
|
||||
%{_mandir}/man5/*
|
||||
%{_mandir}/ru/man5/*
|
||||
%dir %{_libexecdir}/selinux
|
||||
%dir %{_sharedstatedir}/selinux
|
||||
%dir %{_sharedstatedir}/selinux/tmp
|
||||
%defattr(-,root,root)
|
||||
%config(noreplace) /etc/selinux/semanage.conf
|
||||
/%{_libdir}/libsemanage.so.1
|
||||
|
||||
%ldconfig_scriptlets
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files static
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libsemanage.a
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/libsemanage.so
|
||||
%{_libdir}/pkgconfig/libsemanage.pc
|
||||
%dir %{_includedir}/semanage
|
||||
%{_includedir}/semanage/*.h
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%files -n python3-libsemanage
|
||||
%{python3_sitearch}/*.so
|
||||
%files python
|
||||
%defattr(-,root,root)
|
||||
%{python_sitearch}/_semanage.so
|
||||
%{python_sitearch}/semanage.py*
|
||||
|
||||
%if 0%{?with_python3}
|
||||
%files python3
|
||||
%defattr(-,root,root)
|
||||
%{python3_sitearch}/_semanage.so
|
||||
%{python3_sitearch}/semanage.py*
|
||||
%{python3_sitearch}/__pycache__/semanage*
|
||||
%{_libexecdir}/selinux/semanage_migrate_store
|
||||
%endif # if with_python3
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-5
|
||||
- Drop and obsolete libsemanage-compat
|
||||
- genhomedircon: check usepasswd
|
||||
|
||||
* Fri Oct 30 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-4
|
||||
- Drop deprecated functions and duplicated symbols
|
||||
- Change library version to libsemanage.so.2
|
||||
- Temporary ship -compat with libsemanage.so.1
|
||||
- Based on upstream db0f2f382e31
|
||||
- Re-enable lto flags
|
||||
|
||||
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
- Use -fno-semantic-interposition and more make macros
|
||||
|
||||
* Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
|
||||
- SELinux userspace 3.1 release
|
||||
|
||||
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-4
|
||||
- Rebuilt for Python 3.9
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Jan 22 2020 Ondrej Mosnacek <omosnace@redhat.com> - 3.0-2
|
||||
- Enable policy optimization
|
||||
|
||||
* Fri Dec 6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
|
||||
- SELinux userspace 3.0 release
|
||||
|
||||
* Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.rc1.1
|
||||
- SELinux userspace 3.0-rc1 release candidate
|
||||
|
||||
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 2.9-5
|
||||
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||
|
||||
* Sun Aug 18 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.9-4
|
||||
- Rebuilt for Python 3.8
|
||||
|
||||
* Tue Aug 13 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-3
|
||||
- Drop python2-libsemanage (#1738466)
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
|
||||
- SELinux userspace 2.9 release
|
||||
|
||||
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
|
||||
- SELinux userspace 2.9-rc2 release
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
|
||||
- SELinux userspace 2.9-rc1 release
|
||||
|
||||
* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-8
|
||||
- Always set errno to 0 before calling getpwent()
|
||||
- Set selinux policy root around calls to selinux_boolean_sub
|
||||
|
||||
* Mon Dec 10 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-7
|
||||
- genhomedircon - improve handling large groups
|
||||
|
||||
* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-6
|
||||
- Fix RESOURCE_LEAK and USE_AFTER_FREE coverity scan defects
|
||||
|
||||
* Mon Sep 17 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
|
||||
- Include user name in ROLE_REMOVE audit events
|
||||
|
||||
* Tue Sep 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4
|
||||
- Reset umask before creating directories (#1186422)
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8-2
|
||||
- Rebuilt for Python 3.7
|
||||
|
||||
* Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
|
||||
- SELinux userspace 2.8 release
|
||||
|
||||
* Mon May 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc3.1
|
||||
- SELinux userspace 2.8-rc3 release candidate
|
||||
|
||||
* Fri May 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc2.1
|
||||
- SELinux userspace 2.8-rc2 release candidate
|
||||
|
||||
* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
|
||||
- SELinux userspace 2.8-rc1 release candidate
|
||||
|
||||
* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-12
|
||||
- build: Replace PYSITEDIR with PYTHONLIBDIR
|
||||
- direct_api.c: Fix iterating over array (#1557468)
|
||||
|
||||
* Fri Mar 16 2018 Petr Lautrbach <plautrba@workstation> - 2.7-11
|
||||
- Revert "remove access() check to make setuid programs work" (#1557468)
|
||||
|
||||
* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-10
|
||||
- properly check return value of iterate function
|
||||
- Use umask(0077) for fopen() write operations
|
||||
- Return commit number if save-previous false
|
||||
- Allow tmp files to be kept if a compile fails
|
||||
- build: follow standard semantics for DESTDIR and PREFIX
|
||||
- Improve warning for installing disabled module
|
||||
- silence clang static analyzer report
|
||||
- remove access() check to make setuid programs work
|
||||
|
||||
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.7-9
|
||||
- Escape macros in %%changelog
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.7-7
|
||||
- Switch to %%ldconfig_scriptlets
|
||||
|
||||
* Tue Jan 09 2018 Iryna Shcherbina <ishcherb@redhat.com> - 2.7-6
|
||||
- Update Python 2 dependency declarations to new packaging standards
|
||||
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
|
||||
|
||||
* Wed Nov 22 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
|
||||
- free genhomedircon fallback user
|
||||
- Rebuild with libsepol-2.7-3 and libselinux-2.7-6
|
||||
|
||||
* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
|
||||
- Add support for listing fcontext.homedirs file (#1409813)
|
||||
|
||||
* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-3
|
||||
- Add Provides for the old names without %%_isa
|
||||
|
||||
* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-2
|
||||
- Python 2 binary package renamed to python2-libsemanage
|
||||
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
|
||||
- Python 3 binary package renamed to python3-libsemanage
|
||||
|
||||
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
|
||||
- Update to upstream release 2017-08-04
|
||||
- Use 'sefcontext_compile -r' when it's run during SELinux policy build
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Fri Apr 28 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-4
|
||||
- Follow upstream and rename _semanage.so to _semanage.cpython-36m-x86_64-linux-gnu.so
|
||||
|
||||
* Tue Apr 18 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-3
|
||||
- Do not list duplicate port entries after setting a boolean (#1439875)
|
||||
|
||||
* Thu Mar 02 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-2
|
||||
- Fix FTBFS - fatal error (#1427903)
|
||||
|
||||
* Mon Feb 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-1.1
|
||||
- Update to upstream release 2016-10-14
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.5-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Fri Dec 09 2016 Charalampos Stratakis <cstratak@redhat.com> - 2.5-9
|
||||
- Rebuild for Python 3.6
|
||||
|
||||
* Mon Oct 03 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-8
|
||||
- Fixes bug preventing the installation of base modules
|
||||
- make distclean target work
|
||||
- Do not always print a module name warning
|
||||
- Use pp module name instead of filename when installing module
|
||||
- tests: Do not force using gcc
|
||||
- genhomedircon: remove hardcoded refpolicy strings
|
||||
- genhomedircon: add support for %%group syntax
|
||||
- genhomedircon: generate contexts for logins mapped to the default user
|
||||
- Validate and compile file contexts before installing
|
||||
- Swap tcp and udp protocol numbers
|
||||
|
||||
* Mon Aug 01 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-7
|
||||
- Rebuilt with libsepol-2.5-9 and libselinux-2.5-11
|
||||
|
||||
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5-6
|
||||
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
|
||||
|
||||
* Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-5
|
||||
- Sort object files for deterministic linking order
|
||||
- Support overriding Makefile RANLIB
|
||||
- Respect CC and PKG_CONFIG environment variable
|
||||
|
||||
* Fri May 06 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
|
||||
- Fix multiple spelling errors
|
||||
- genhomedircon: %%{USERID} and %%{USERNAME} support and code cleanup
|
||||
|
||||
* Mon Mar 21 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-3
|
||||
- Enable expand-check by default (#1319652)
|
||||
|
||||
* Sun Feb 28 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-2
|
||||
- Use fully versioned arch-specific requires
|
||||
|
||||
* Tue Feb 23 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-1
|
||||
- Update to upstream release 2016-02-23
|
||||
|
||||
* Sun Feb 21 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-0.1.rc1
|
||||
- Update to upstream rc1 release 2016-01-07
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Wed Nov 04 2015 Robert Kuska <rkuska@redhat.com> - 2.4-5
|
||||
- Rebuilt for Python3.5 rebuild
|
||||
|
||||
* Fri Sep 04 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-4
|
||||
- Save homedir_template in the policy store for genhomedircon
|
||||
https://bugs.gentoo.org/558686
|
||||
|
||||
* Fri Aug 14 2015 Adam Jackson <ajax@redhat.com> 2.4-3
|
||||
- Pass ldflags into the build so hardening works
|
||||
|
||||
* Thu Jul 30 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-2
|
||||
- semanage_migrate_store: use /usr/bin/python3
|
||||
- move semanage_migrate_store script to libsemanage-python3
|
||||
|
||||
* Wed Jun 24 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.6
|
||||
- Allow to use compressed modules without a compression extension
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Tue Jun 16 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.5
|
||||
- add /var/lib/selinux/tmp directory
|
||||
|
||||
* Tue May 12 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.4
|
||||
- semanage_migrate_store: add -r <root> option for migrating inside chroots
|
||||
|
||||
* Mon Apr 13 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.3
|
||||
- Update to upstream release 2.4
|
||||
|
||||
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Wed Jul 30 2014 Miroslav Grepl <mgrepl@fedoraproject.org> - 2.3-5
|
||||
- Skip policy module re-link when only setting booleans.
|
||||
* patch from Stephen Smalley
|
||||
|
||||
* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> - 2.3-4
|
||||
- fix license handling
|
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Wed May 28 2014 Kalev Lember <kalevlember@gmail.com> - 2.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
|
||||
|
||||
* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1
|
||||
- Update to upstream
|
||||
* Fix memory leak in semanage_genhomedircon from Thomas Hurd.
|
||||
|
||||
* Sun Mar 30 2014 Dan Walsh <dwalsh@redhat.com> - 2.2-3
|
||||
- libsemanage: fix memory leak in semanage_genhomedircon
|
||||
- Patch from THomas Hurd
|
||||
|
||||
* Tue Feb 11 2014 Dan Walsh <dwalsh@redhat.com> - 2.2-2
|
||||
- Move semanage.conf man page from devel package to main package
|
||||
|
||||
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
|
||||
- Update to upstream
|
||||
* Avoid duplicate list entries from Dan Walsh.
|
||||
* Add audit support to libsemanage from Dan Walsh.
|
||||
* Remove policy.kern and replace with symlink from Dan Walsh.
|
||||
* Apply a MAX_UID check for genhomedircon from Laurent Bigonville.
|
||||
* Fix man pages from Laurent Bigonville.
|
||||
|
||||
* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-14
|
||||
- Cleanup handling of missing mls_range to fix problems with useradd -Z
|
||||
- Fix auditing of login record changes, roles were not working correctly.
|
||||
Resolves: #952237
|
||||
|
||||
* Fri Oct 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-13
|
||||
- Fix errors found by coverity
|
||||
Resolves: #952237
|
||||
|
||||
* Wed Sep 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-12
|
||||
- Do not fail on missing SELinux User Record when adding login record
|
||||
|
||||
* Mon Sep 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-11
|
||||
- Add msg to audit records
|
||||
|
||||
* Thu Sep 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-10
|
||||
- Do not write error message to screen when looking for previous record for auditing.
|
||||
- Add mls_range from user record if the MLS range is not specified by the seuser add record.
|
||||
- Error out if seuser or mls range is not specified when adding user records
|
||||
|
||||
* Mon Sep 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-9
|
||||
- Create symlink from policy.kern to active kernel.
|
||||
|
||||
* Fri Sep 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-8
|
||||
- Unlink policy.kern when done to save space.
|
||||
|
||||
* Fri Jul 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-7
|
||||
- Move handling of role audit records into the library
|
||||
- Patch stops semanage from removing user record while in use
|
||||
|
||||
* Tue Jul 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-6
|
||||
- Remove dependance on selinux-policy, /etc/selinux should be owned by libsemanage, and selinux-policy can require it.
|
||||
|
||||
* Fri Jun 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5
|
||||
- Allways build python3 version
|
||||
|
||||
* Mon Apr 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
|
||||
-
|
||||
|
||||
* Thu Apr 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-3
|
||||
- Fix test suite to build
|
||||
|
||||
* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-2
|
||||
- Revert some changes which are causing the wrong policy version file to be created
|
||||
|
||||
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1
|
||||
- Update to upstream
|
||||
* Add sefcontext_compile to compile regex everytime policy is rebuilt
|
||||
* Cleanup/fix enable/disable/remove module.
|
||||
* redo genhomedircon minuid
|
||||
* fixes from coverity
|
||||
* semanage_store: do not leak memory in semanage_exec_prog
|
||||
* genhomedircon: remove useless conditional in get_home_dirs
|
||||
* genhomedircon: double free in get_home_dirs
|
||||
* fcontext_record: do not leak on error in semanage_fcontext_key_create
|
||||
* genhomedircon: do not leak on failure in write_gen_home_dir_context
|
||||
* semanage_store: do not leak fd
|
||||
* genhomedircon: do not leak shells list
|
||||
* semanage_store: do not leak on strdup failure
|
||||
* semanage_store: rewrite for readability
|
||||
|
||||
* Wed Jan 16 2013 Dan Walsh <dwalsh@redhat.com> 2.1.9-4
|
||||
- Add selinux-policy as a requires to get /etc/selinux owned
|
||||
|
||||
* Sat Jan 5 2013 Dan Walsh <dwalsh@redhat.com> 2.1.9-3
|
||||
- Update to latest patches from eparis/Upstream
|
||||
- libsemanage: fixes from coverity
|
||||
- libsemange: redo genhomedircon minuid
|
||||
|
||||
* Wed Nov 21 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-2
|
||||
- Fix handling of missing semanage permissive -d foo, not failing correctly
|
||||
- Previous to this fix the first module beginning with foo would get deleted.
|
||||
|
||||
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1
|
||||
- Update to upstream
|
||||
* libsemanage: do not set soname needlessly
|
||||
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
|
||||
* do boolean name substitution
|
||||
* Fix segfault for building standard policies.
|
||||
|
||||
* Fri Aug 03 2012 David Malcolm <dmalcolm@redhat.com> - 2.1.8-6
|
||||
- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3
|
||||
|
||||
* Wed Aug 1 2012 David Malcolm <dmalcolm@redhat.com> - 2.1.8-5
|
||||
- remove rhel logic from with_python3 conditional
|
||||
|
||||
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.8-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Fri Jul 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-3
|
||||
- Attempt to allocate memory for selinux_binary_policy_path and free memory
|
||||
- allocated by asprintf.
|
||||
|
||||
* Thu Jul 12 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-2
|
||||
- Fix asprintf within an asprintf call
|
||||
|
||||
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1
|
||||
- Update to upstream
|
||||
* remove build warning when build swig c files
|
||||
* additional makefile support for rubywrap
|
||||
* ignore 80 column limit for readability
|
||||
* semanage_store: fix snprintf length argument by using asprintf
|
||||
* Use default semanage.conf as a fallback
|
||||
* use after free in python bindings
|
||||
|
||||
* Tue May 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2
|
||||
- Apply patch from Sven Vermeulen to fix problem with python3 bindings.
|
||||
|
||||
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-1
|
||||
- Update to upstream
|
||||
* Alternate path for semanage.conf
|
||||
* do not link against libpython, this is considered bad in Debian
|
||||
* Allow to build for several ruby version
|
||||
* fallback-user-level
|
||||
|
||||
* Wed Feb 15 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.6-3
|
||||
- Check in correct patch.
|
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.6-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Fri Jan 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
|
||||
- Add patch form Xin Ouyang to make library use private semanage.conf
|
||||
|
||||
* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1
|
||||
-Update to upstream
|
||||
* add ignoredirs config for genhomedircon
|
||||
* Fallback_user_level can be NULL if you are not using MLS
|
||||
|
||||
* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-4
|
||||
- Rebuild with latest libsepol
|
||||
|
||||
* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
|
||||
- Rebuild with latest libsepol
|
||||
|
||||
* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
|
||||
- Add support for ignoredirs param in /etc/selinux/semanage.conf
|
||||
|
||||
* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
|
||||
- Upgrade to upstream
|
||||
* regenerate .pc on VERSION change
|
||||
* maintain mode even if umask is tighter
|
||||
* semanage.conf man page
|
||||
* create man5dir if not exist
|
||||
|
||||
* Wed Oct 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
|
||||
- Fix handling of umask, so files get created with the correct label.
|
||||
|
||||
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
|
||||
- Add Guido Trentalancia semanage.conf man page
|
||||
|
||||
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
|
||||
-Update to upstream
|
||||
* Create a new preserve_tunables flag
|
||||
* tree: default make target to all not
|
||||
* fix semanage_store_access_check calling arguments
|
||||
|
||||
* Wed Sep 14 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-2
|
||||
- Add support for preserving tunables
|
||||
|
||||
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-1
|
||||
-Update to upstream
|
||||
* python wrapper makefile changes
|
||||
|
||||
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-1
|
||||
-Update to upstream
|
||||
2.1.2 2011-08-17
|
||||
* print error debug info for buggy fc
|
||||
* introduce semanage_set_root and friends
|
||||
* throw exceptions in python rather than return
|
||||
* python3 support.
|
||||
* patch for MCS/MLS in user files
|
||||
|
||||
2.1.1 2011-08-01
|
||||
* Remove generated files, expand .gitignore
|
||||
* Use -Werror and change a few prototypes to support it
|
||||
|
||||
* Thu Jul 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.0-1
|
||||
- Update to upstream
|
||||
* Release, minor version bump
|
||||
|
||||
* Wed Jun 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-6
|
||||
- More fixes for disabled modules
|
||||
|
||||
* Tue Jun 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-5
|
||||
- Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module
|
||||
indicating the module is disabled. MODULE.pp.disabled, it will no longer rename the module. This way we can
|
||||
ship active modules in rpm.
|
||||
|
||||
* Wed Jun 1 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-4
|
||||
- Add semanage_set_selinux_path, to allow semodule to work on alternate selinux pools
|
||||
|
||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.46-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Thu Dec 30 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.46-2
|
||||
- big reworking of the support-multiple-python-builds patch to deal with
|
||||
PEP 3149: the latest Python 3.2 onwards uses include paths and library names
|
||||
that don't fit prior naming patterns, and so we must query python3-config for
|
||||
this information. To complicate things further, python 2's python-config
|
||||
doesn't understand all of the options needed ("--extension-suffix"). I've
|
||||
thus added new Makefile variables as needed, to be supplied by the specfile by
|
||||
invoking the appropriate config tool (or by hardcoding the old value for
|
||||
"--extension-suffix" i.e. ".so")
|
||||
- rework python3 manifest for PEP 3149, and rebuild for newer python3
|
||||
|
||||
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1
|
||||
- Update to upstream
|
||||
* Fix compliation under GCC 4.6 by Justin Mattock
|
||||
|
||||
* Wed Aug 25 2010 Thomas Spura <tomspur@fedoraproject.org> - 2.0.45-6
|
||||
- rebuild with python3.2
|
||||
http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html
|
||||
|
||||
* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.45-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
||||
|
||||
* Tue Apr 27 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.45-4
|
||||
- add python3 subpackage
|
||||
|
||||
|
|
@ -727,11 +256,11 @@ invoking the appropriate config tool (or by hardcoding the old value for
|
|||
- Make sure /root is not used in genhomedircon
|
||||
|
||||
* Wed Aug 5 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1
|
||||
- Revert hard linking of files between tmp/active/previous.
|
||||
- Enable configuration of bzip behavior from Stephen Smalley.
|
||||
- bzip-blocksize=0 to disable compression and decompression support.
|
||||
- bzip-blocksize=1..9 to set the blocksize for compression.
|
||||
- bzip-small=true to reduce memory usage for decompression.
|
||||
* Revert hard linking of files between tmp/active/previous.
|
||||
* Enable configuration of bzip behavior from Stephen Smalley.
|
||||
bzip-blocksize=0 to disable compression and decompression support.
|
||||
bzip-blocksize=1..9 to set the blocksize for compression.
|
||||
bzip-small=true to reduce memory usage for decompression.
|
||||
|
||||
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.33-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
|
@ -770,7 +299,7 @@ invoking the appropriate config tool (or by hardcoding the old value for
|
|||
- Rebuild for Python 2.6
|
||||
|
||||
* Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1
|
||||
- Add semanage_mls_enabled() interface from Stephen Smalley.
|
||||
* Add semanage_mls_enabled() interface from Stephen Smalley.
|
||||
|
||||
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.29-2
|
||||
- Rebuild for Python 2.6
|
||||
|
|
@ -797,12 +326,12 @@ invoking the appropriate config tool (or by hardcoding the old value for
|
|||
* Modify genhomedircon to skip groupname entries.
|
||||
Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the groupname syntax.
|
||||
|
||||
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.26-1
|
||||
* Wed Jul 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.26-1
|
||||
- Update to upstream
|
||||
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
|
||||
Strip any trailing slash before appending /*$.
|
||||
|
||||
* Tue Jun 17 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.25-3
|
||||
* Thu Jun 17 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.25-3
|
||||
- Another fix for genhomedircon
|
||||
|
||||
* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.25-2
|
||||
|
|
@ -930,18 +459,18 @@ invoking the appropriate config tool (or by hardcoding the old value for
|
|||
|
||||
* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.2-1
|
||||
- Upgrade to latest from NSA
|
||||
- Merged optimizations from Stephen Smalley.
|
||||
- do not set all booleans upon commit, only those whose values have changed
|
||||
- only install the sandbox upon commit if something was rebuilt
|
||||
* Merged optimizations from Stephen Smalley.
|
||||
- do not set all booleans upon commit, only those whose values have changed
|
||||
- only install the sandbox upon commit if something was rebuilt
|
||||
|
||||
* Sat Mar 17 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-2
|
||||
- Add SELinux to Man page Names so man -k will work
|
||||
|
||||
* Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1
|
||||
- Merged dbase_file_flush patch from Dan Walsh.
|
||||
- This removes any mention of specific tools (e.g. semanage)
|
||||
- from the comment header of the auto-generated files,
|
||||
- since there are multiple front-end tools.
|
||||
* Merged dbase_file_flush patch from Dan Walsh.
|
||||
This removes any mention of specific tools (e.g. semanage)
|
||||
from the comment header of the auto-generated files,
|
||||
since there are multiple front-end tools.
|
||||
|
||||
* Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.0-1
|
||||
- Upgrade to latest from NSA
|
||||
|
|
@ -1172,14 +701,14 @@ invoking the appropriate config tool (or by hardcoding the old value for
|
|||
bug noticed by Steve Grubb.
|
||||
* Merged cleanups after add/set removal patch from Ivan Gyurdiev.
|
||||
|
||||
* Sat Jan 7 2006 Dan Walsh <dwalsh@redhat.com> 1.5.9-1
|
||||
* Fri Jan 7 2006 Dan Walsh <dwalsh@redhat.com> 1.5.9-1
|
||||
- Upgrade to latest from NSA
|
||||
* Merged const in APIs patch from Ivan Gyurdiev.
|
||||
* Merged validation of local file contexts patch from Ivan Gyurdiev.
|
||||
* Merged compare2 function patch from Ivan Gyurdiev.
|
||||
* Merged hidden def/proto update patch from Ivan Gyurdiev.
|
||||
|
||||
* Fri Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 1.5.8-1
|
||||
* Thu Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 1.5.8-1
|
||||
- Upgrade to latest from NSA
|
||||
* Re-applied string and file optimization patch from Russell Coker,
|
||||
with bug fix.
|
||||
|
|
@ -1187,7 +716,7 @@ invoking the appropriate config tool (or by hardcoding the old value for
|
|||
* Clarified error messages from parse_module_headers and
|
||||
parse_base_headers for base/module mismatches.
|
||||
|
||||
* Fri Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 1.5.6-1
|
||||
* Thu Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 1.5.6-1
|
||||
- Upgrade to latest from NSA
|
||||
* Clarified error messages from parse_module_headers and
|
||||
parse_base_headers for base/module mismatches.
|
||||
|
|
@ -1200,10 +729,10 @@ invoking the appropriate config tool (or by hardcoding the old value for
|
|||
* Merged man pages for dbase functions patch from Ivan Gyurdiev.
|
||||
* Merged pywrap tests patch from Ivan Gyurdiev.
|
||||
|
||||
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.5.4-2
|
||||
* Wed Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.5.4-2
|
||||
- Patch to fix add
|
||||
|
||||
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.5.4-1
|
||||
* Wed Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.5.4-1
|
||||
- Upgrade to latest from NSA
|
||||
* Merged patch series from Ivan Gyurdiev.
|
||||
This includes patches to:
|
||||
|
|
@ -1280,7 +809,7 @@ invoking the appropriate config tool (or by hardcoding the old value for
|
|||
* Wed Nov 23 2005 Dan Walsh <dwalsh@redhat.com> 1.3.56-2
|
||||
- Add additional swig objects
|
||||
|
||||
* Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.3.56-1
|
||||
* Fri Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.3.56-1
|
||||
- Upgrade to latest from NSA
|
||||
* Fixed free->key_free bug.
|
||||
* Merged clear obsolete patch from Ivan Gyurdiev.
|
||||
|
|
@ -1542,3 +1071,5 @@ invoking the appropriate config tool (or by hardcoding the old value for
|
|||
|
||||
- Initial version
|
||||
- Created by Stephen Smalley <sds@epoch.ncsc.mil>
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -36,9 +36,8 @@ module-store = direct
|
|||
# version is necessary.
|
||||
#policy-version = 19
|
||||
|
||||
# expand-check check neverallow rules when executing all semanage
|
||||
# commands. There might be a penalty in execution time if this
|
||||
# option is enabled.
|
||||
# expand-check check neverallow rules when executing all semanage commands.
|
||||
# Large penalty in time if you turn this on.
|
||||
expand-check=0
|
||||
|
||||
# usepasswd check tells semanage to scan all pass word records for home directories
|
||||
|
|
@ -47,12 +46,3 @@ expand-check=0
|
|||
# For example, if you had home dirs in /althome directory you would have to execute
|
||||
# semanage fcontext -a -e /home /althome
|
||||
usepasswd=False
|
||||
bzip-small=true
|
||||
bzip-blocksize=5
|
||||
ignoredirs=/root
|
||||
optimize-policy=true
|
||||
|
||||
[sefcontext_compile]
|
||||
path = /usr/sbin/sefcontext_compile
|
||||
args = -r $@
|
||||
[end]
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (libsemanage-3.1.tar.gz) = 8609ca7d13b5c603677740f2b14558fea3922624af182d20d618237ba11fcf2559fab82fc68d1efa6ff118f064d426f005138521652c761de92cd66150102197
|
||||
9a1b8cf612052daab7d5cb2676f2098a libsemanage-2.0.45.tgz
|
||||
|
|
|
|||
|
|
@ -1,63 +0,0 @@
|
|||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/libsemanage/Sanity/semanage-handle-functions
|
||||
# Description: Test functions from handle.h
|
||||
# Author: Jan Zarsky <jzarsky@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2017 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/libsemanage/Sanity/semanage-handle-functions
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE functions.c test_*.c
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Jan Zarsky <jzarsky@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Test functions from handle.h" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: libsemanage" >> $(METADATA)
|
||||
@echo "Requires: libsemanage libsemanage-devel glibc gcc" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2+" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
PURPOSE of /CoreOS/libsemanage/Sanity/semanage-handle-functions
|
||||
Description: Test functions from handle.h
|
||||
Author: Jan Zarsky <jzarsky@redhat.com>
|
||||
|
|
@ -1,132 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
void check_result_int(const char *expected, int real) {
|
||||
int exp = strtol(expected, NULL, 10);
|
||||
|
||||
if (exp != real) {
|
||||
fprintf(stderr, "Expected %d but got %d\n", exp, real);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
semanage_handle_t *test_handle_create() {
|
||||
semanage_handle_t *sh = NULL;
|
||||
|
||||
sh = semanage_handle_create();
|
||||
printf("semanage_handle_create(): %p\n", (void *) sh);
|
||||
|
||||
if (sh == NULL) {
|
||||
perror("semanage_handle_create");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
return sh;
|
||||
}
|
||||
|
||||
int test_connect(semanage_handle_t *sh) {
|
||||
int result = semanage_connect(sh);
|
||||
printf("semanage_connect(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0) {
|
||||
perror("semanage_connect");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
int test_disconnect(semanage_handle_t *sh) {
|
||||
int result = semanage_disconnect(sh);
|
||||
printf("semanage_disconnect(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0) {
|
||||
perror("semanage_disconnect");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
int test_begin_transaction(semanage_handle_t *sh) {
|
||||
int result = semanage_begin_transaction(sh);
|
||||
printf("semanage_begin_transaction(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0) {
|
||||
perror("semanage_begin_transaction");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
int test_commit(semanage_handle_t *sh) {
|
||||
int result = semanage_commit(sh);
|
||||
printf("semanage_commit(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0) {
|
||||
perror("semanage_commit");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
#define STATE_INIT 1
|
||||
#define STATE_HANDLE 2
|
||||
#define STATE_CONN 3
|
||||
#define STATE_TRANS 4
|
||||
|
||||
int get_state(const char *state_str) {
|
||||
if (strcmp(state_str, "init") == 0)
|
||||
return STATE_INIT;
|
||||
if (strcmp(state_str, "handle") == 0)
|
||||
return STATE_HANDLE;
|
||||
if (strcmp(state_str, "conn") == 0)
|
||||
return STATE_CONN;
|
||||
if (strcmp(state_str, "trans") == 0)
|
||||
return STATE_TRANS;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
semanage_handle_t * get_handle(const char *state_str) {
|
||||
int state;
|
||||
semanage_handle_t *sh = NULL;
|
||||
|
||||
state = get_state(state_str);
|
||||
|
||||
if (state >= STATE_INIT)
|
||||
sh = NULL;
|
||||
|
||||
if (state >= STATE_HANDLE)
|
||||
sh = test_handle_create();
|
||||
|
||||
if (state >= STATE_CONN)
|
||||
test_connect(sh);
|
||||
|
||||
if (state >= STATE_TRANS)
|
||||
test_begin_transaction(sh);
|
||||
|
||||
return sh;
|
||||
}
|
||||
|
||||
void destroy_handle(semanage_handle_t *sh, const char *state_str) {
|
||||
int state;
|
||||
|
||||
state = get_state(state_str);
|
||||
|
||||
if (state >= STATE_TRANS)
|
||||
test_commit(sh);
|
||||
|
||||
if (state >= STATE_CONN)
|
||||
test_disconnect(sh);
|
||||
|
||||
if (state >= STATE_HANDLE) {
|
||||
semanage_handle_destroy(sh);
|
||||
printf("semanage_handle_destroy(%p)\n", (void *) sh);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
init handle conn trans
|
||||
semanage_set_root x ok ok ok -
|
||||
semanage_root x ok ok ok -
|
||||
semanage_handle_create x ok - - -
|
||||
semanage_set_rebuild fail ok ok -
|
||||
semanage_set_reload fail ok ok -
|
||||
semanage_get_hll_compiler_path fail ? ? -
|
||||
semanage_set_create_store fail ok ok - should be called after connect
|
||||
semanage_get_disable_dontaudit fail ? ? -
|
||||
semanage_set_disable_dontaudit fail ? ? -
|
||||
semanage_get_preserve_tunables fail ? ? -
|
||||
semanage_set_preserve_tunables fail ? ? -
|
||||
semanage_get_ignore_module_cache fail ? ? -
|
||||
semanage_set_ignore_module_cache fail ? ? -
|
||||
semanage_set_check_contexts fail ok ok -
|
||||
semanage_get_default_priority fail ok ok -
|
||||
semanage_set_default_priority fail ok ok -
|
||||
semanage_is_connected x fail ok ok -
|
||||
semanage_select_store fail ok ok - should be called before connect
|
||||
semanage_set_store_root fail ok ok -
|
||||
semanage_is_managed x fail ok fail -
|
||||
semanage_mls_enabled x fail ? ok -
|
||||
semanage_connect x fail ok ? -
|
||||
semanage_access_check x fail ok ? -
|
||||
semanage_disconnect x fail fail ok - ok when disconnected twice
|
||||
semanage_handle_destroy x fail ok ok -
|
||||
semanage_begin_transaction x fail fail ok ok ok when begin twice
|
||||
semanage_commit x fail fail fail ok
|
||||
semanage_reload_policy fail ? ? ?
|
||||
|
|
@ -1,122 +0,0 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/libsemanage/Sanity/semanage-handle-functions
|
||||
# Description: Test functions from handle.h
|
||||
# Author: Jan Zarsky <jzarsky@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2017 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="libsemanage"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlAssertRpm ${PACKAGE}-devel
|
||||
rlAssertRpm "glibc"
|
||||
rlAssertRpm "gcc"
|
||||
|
||||
if rlIsRHEL ">=7" || rlIsFedora; then
|
||||
rlRun -l "gcc test_root.c -o test_root -lsemanage -Wall -Wextra -std=c99"
|
||||
fi
|
||||
|
||||
rlRun -l "gcc test_handle_create.c -o test_handle_create -lsemanage -Wall -Wextra -Wno-unused-parameter -std=c99"
|
||||
rlRun -l "gcc test_access_check.c -o test_access_check -lsemanage -Wall -Wextra -std=c99"
|
||||
rlRun -l "gcc test_is_managed.c -o test_is_managed -lsemanage -Wall -Wextra -std=c99"
|
||||
rlRun -l "gcc test_connect.c -o test_connect -lsemanage -Wall -Wextra -std=c99"
|
||||
rlRun -l "gcc test_is_connected.c -o test_is_connected -lsemanage -Wall -Wextra -std=c99"
|
||||
rlRun -l "gcc test_mls_enabled.c -o test_mls_enabled -lsemanage -Wall -Wextra -std=c99"
|
||||
rlRun -l "gcc test_transaction.c -o test_transaction -lsemanage -Wall -Wextra -std=c99"
|
||||
|
||||
ERR_FAIL=1
|
||||
ERR_ABORT=134
|
||||
rlPhaseEnd
|
||||
|
||||
if rlIsRHEL ">=7" || rlIsFedora; then
|
||||
rlPhaseStartTest "semanage_root, semanage_test_root"
|
||||
rlRun "./test_root init"
|
||||
rlRun "./test_root handle"
|
||||
rlRun "./test_root conn"
|
||||
rlRun "./test_root init /somepath"
|
||||
rlRun "./test_root handle /somepath"
|
||||
rlRun "./test_root conn /somepath"
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartTest "semanage_handle_create, semanage_handle_destroy"
|
||||
rlRun "./test_handle_create init"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_access_check"
|
||||
rlRun "./test_access_check init" $ERR_ABORT
|
||||
rlRun "./test_access_check handle 2"
|
||||
rlRun "./test_access_check conn 2"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_is_managed"
|
||||
rlRun "./test_is_managed init" $ERR_ABORT
|
||||
rlRun "./test_is_managed handle 1"
|
||||
rlRun "./test_is_managed conn" $ERR_FAIL
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_connect, semanage_disconnect"
|
||||
rlRun "./test_connect init" $ERR_ABORT
|
||||
rlRun "./test_connect init reversed" $ERR_ABORT
|
||||
rlRun "./test_connect handle"
|
||||
rlRun "./test_connect handle twice"
|
||||
rlRun "./test_connect handle reversed" $ERR_ABORT
|
||||
# why does it work??
|
||||
rlRun "./test_connect conn"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_is_connected"
|
||||
rlRun "./test_is_connected init" $ERR_ABORT
|
||||
rlRun "./test_is_connected handle 0"
|
||||
rlRun "./test_is_connected conn 1"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_mls_enabled"
|
||||
rlRun "./test_mls_enabled init" $ERR_ABORT
|
||||
rlRun "./test_mls_enabled handle" $ERR_ABORT
|
||||
rlRun "./test_mls_enabled conn 1"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_begin_transaction, semanage_commit"
|
||||
rlRun "./test_transaction init" $ERR_ABORT
|
||||
rlRun "./test_transaction init reversed" $ERR_ABORT
|
||||
rlRun "./test_transaction handle" $ERR_ABORT
|
||||
rlRun "./test_transaction handle reversed" $ERR_ABORT
|
||||
rlRun "./test_transaction conn"
|
||||
rlRun "./test_transaction conn twice"
|
||||
rlRun "./test_transaction conn reversed" $ERR_FAIL
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "rm -f output test_root test_handle_create test_access_check \
|
||||
test_is_managed test_connect test_is_connected \
|
||||
test_mls_enabled test_transaction"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
|
||||
if (argc < 2)
|
||||
exit(1);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
int result = semanage_access_check(sh);
|
||||
printf("semanage_access_check(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result < 0 || (result != 0 && result != SEMANAGE_CAN_READ
|
||||
&& result != SEMANAGE_CAN_WRITE)) {
|
||||
perror("semanage_access_check");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (argc >= 3)
|
||||
check_result_int(argv[2], result);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
|
||||
if (argc < 2)
|
||||
exit(1);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
if (argc >= 3 && strcmp(argv[2], "reversed") == 0) {
|
||||
test_disconnect(sh);
|
||||
test_connect(sh);
|
||||
}
|
||||
else {
|
||||
test_connect(sh);
|
||||
test_disconnect(sh);
|
||||
}
|
||||
|
||||
if (argc >= 3 && strcmp(argv[2], "twice") == 0) {
|
||||
test_disconnect(sh);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh = test_handle_create();
|
||||
|
||||
semanage_handle_destroy(sh);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
int result;
|
||||
|
||||
if (argc < 2)
|
||||
exit(1);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
result = semanage_is_connected(sh);
|
||||
printf("semanage_is_connected(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0 && result != 1) {
|
||||
perror("semanage_is_connected");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (argc >= 3)
|
||||
check_result_int(argv[2], result);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
int result;
|
||||
|
||||
if (argc < 2)
|
||||
exit(1);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
result = semanage_is_managed(sh);
|
||||
printf("semanage_is_managed(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0 && result != 1) {
|
||||
perror("semanage_is_managed");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (argc >= 3)
|
||||
check_result_int(argv[2], result);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
int result;
|
||||
|
||||
if (argc < 2)
|
||||
exit(1);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
result = semanage_mls_enabled(sh);
|
||||
printf("semanage_mls_enabled(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0 && result != 1) {
|
||||
perror("semanage_mls_enabled");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (argc >= 4)
|
||||
check_result_int(argv[3], result);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,53 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
const char *root;
|
||||
int result;
|
||||
|
||||
if (argc < 2)
|
||||
exit(1);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
root = semanage_root();
|
||||
printf("semanage_root(): %s\n", root);
|
||||
|
||||
if (root == NULL) {
|
||||
perror("semanage_root");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (argc >= 3) {
|
||||
result = semanage_set_root(argv[2]);
|
||||
printf("semanage_set_root(\"%s\"): %d\n", argv[2], result);
|
||||
|
||||
if (root == NULL) {
|
||||
perror("semanage_set_root");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
root = semanage_root();
|
||||
printf("semanage_root(): %s\n", root);
|
||||
|
||||
if (result != 0) {
|
||||
perror("semanage_root");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (strcmp(root, argv[2]) != 0) {
|
||||
fprintf(stderr, "Expected \"%s\" but got \"%s\"\n", argv[2], root);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
|
||||
if (argc < 2)
|
||||
exit(1);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
if (argc >= 3 && strcmp(argv[2], "reversed") == 0) {
|
||||
test_commit(sh);
|
||||
test_begin_transaction(sh);
|
||||
}
|
||||
else if (argc >= 3 && strcmp(argv[2], "twice") == 0) {
|
||||
test_begin_transaction(sh);
|
||||
test_begin_transaction(sh);
|
||||
test_commit(sh);
|
||||
}
|
||||
else {
|
||||
test_begin_transaction(sh);
|
||||
test_commit(sh);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/libsemanage/Sanity/semanage-seuser-functions
|
||||
# Description: Test semanage_seuser_* functions
|
||||
# Author: Jan Zarsky <jzarsky@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2017 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/libsemanage/Sanity/semanage-seuser-functions
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE functions.c test_*.c
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Jan Zarsky <jzarsky@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Test semanage_seuser_* functions" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: libsemanage" >> $(METADATA)
|
||||
@echo "Requires: libsemanage libsemanage-devel glibc gcc" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2+" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
PURPOSE of /CoreOS/libsemanage/Sanity/semanage-seuser-functions
|
||||
Description: Test semanage_seuser_* functions
|
||||
Author: Jan Zarsky <jzarsky@redhat.com>
|
||||
|
|
@ -1,263 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
void check_result_int(const char *expected, int real) {
|
||||
int exp = strtol(expected, NULL, 10);
|
||||
|
||||
if (exp != real) {
|
||||
fprintf(stderr, "Expected %d but got %d\n", exp, real);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
semanage_handle_t *test_handle_create() {
|
||||
semanage_handle_t *sh = NULL;
|
||||
|
||||
sh = semanage_handle_create();
|
||||
printf("semanage_handle_create(): %p\n", (void *) sh);
|
||||
|
||||
if (sh == NULL) {
|
||||
perror("semanage_handle_create");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
return sh;
|
||||
}
|
||||
|
||||
int test_connect(semanage_handle_t *sh) {
|
||||
int result = semanage_connect(sh);
|
||||
printf("semanage_connect(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0) {
|
||||
perror("semanage_connect");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
int test_disconnect(semanage_handle_t *sh) {
|
||||
int result = semanage_disconnect(sh);
|
||||
printf("semanage_disconnect(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0) {
|
||||
perror("semanage_disconnect");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
int test_begin_transaction(semanage_handle_t *sh) {
|
||||
int result = semanage_begin_transaction(sh);
|
||||
printf("semanage_begin_transaction(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0) {
|
||||
perror("semanage_begin_transaction");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
int test_commit(semanage_handle_t *sh) {
|
||||
int result = semanage_commit(sh);
|
||||
printf("semanage_commit(%p): %d\n", (void *) sh, result);
|
||||
|
||||
if (result != 0) {
|
||||
perror("semanage_commit");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
semanage_seuser_key_t *test_get_key(semanage_handle_t *sh, const char *name) {
|
||||
semanage_seuser_key_t *key;
|
||||
int result = semanage_seuser_key_create(sh, name, &key);
|
||||
printf("semanage_seuser_key_create(%p, %s, %p): %d\n",
|
||||
(void *) sh, name, (void *) &key, result);
|
||||
|
||||
if (key == NULL || result < 0) {
|
||||
perror("semanage_seuser_key_create");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
return key;
|
||||
}
|
||||
|
||||
semanage_seuser_t *test_get_seuser_nth(semanage_handle_t *sh, unsigned int index) {
|
||||
int result;
|
||||
semanage_seuser_t **records;
|
||||
unsigned int count;
|
||||
|
||||
result = semanage_seuser_list(sh, &records, &count);
|
||||
printf("semanage_seuser_list(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) &records, (void *) &count, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_list");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
if (count < index + 1)
|
||||
exit(2);
|
||||
|
||||
return records[index];
|
||||
}
|
||||
|
||||
semanage_seuser_t *test_get_seuser_new(semanage_handle_t *sh) {
|
||||
int result;
|
||||
semanage_seuser_t *seuser;
|
||||
|
||||
result = semanage_seuser_create(sh, &seuser);
|
||||
printf("semanage_seuser_create(%p, %p): %d\n",
|
||||
(void *) sh, (void *) seuser, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_create");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
return seuser;
|
||||
}
|
||||
|
||||
semanage_seuser_t *test_get_seuser(semanage_handle_t *sh, const char *param) {
|
||||
if (strcmp(param, "new") == 0)
|
||||
return test_get_seuser_new(sh);
|
||||
|
||||
if (strcmp(param, "first") == 0)
|
||||
return test_get_seuser_nth(sh, 0);
|
||||
|
||||
if (strcmp(param, "second") == 0)
|
||||
return test_get_seuser_nth(sh, 1);
|
||||
|
||||
fprintf(stderr, "Unknown seuser \"%s\" specified\n", param);
|
||||
exit(2);
|
||||
}
|
||||
|
||||
void test_add_local_seuser(semanage_handle_t *sh, semanage_seuser_t *seuser) {
|
||||
int result;
|
||||
semanage_seuser_key_t *key;
|
||||
|
||||
result = semanage_seuser_key_extract(sh, seuser, &key);
|
||||
printf("semanage_seuser_key_extract(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) seuser, (void *) &key, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_key_extract");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
result = semanage_seuser_modify_local(sh, key, seuser);
|
||||
printf("semanage_seuser_modify_local(%p, %p, %p): %d\n",
|
||||
(void *) seuser, (void *) key, (void *) seuser, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_modify_local");
|
||||
exit(2);
|
||||
}
|
||||
}
|
||||
|
||||
void test_del_local_seuser(semanage_handle_t *sh, semanage_seuser_t *seuser) {
|
||||
int result;
|
||||
semanage_seuser_key_t *key;
|
||||
|
||||
result = semanage_seuser_key_extract(sh, seuser, &key);
|
||||
printf("semanage_seuser_key_extract(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) seuser, (void *) &key, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_key_extract");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
result = semanage_seuser_del_local(sh, key);
|
||||
printf("semanage_seuser_del_local(%p, %p): %d\n",
|
||||
(void *) seuser, (void *) key, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_del_local");
|
||||
exit(2);
|
||||
}
|
||||
}
|
||||
|
||||
#define STATE_INIT 1
|
||||
#define STATE_HANDLE 2
|
||||
#define STATE_CONN 3
|
||||
#define STATE_TRANS 4
|
||||
|
||||
int get_state(const char *state_str) {
|
||||
if (strcmp(state_str, "init") == 0)
|
||||
return STATE_INIT;
|
||||
if (strcmp(state_str, "handle") == 0)
|
||||
return STATE_HANDLE;
|
||||
if (strcmp(state_str, "conn") == 0)
|
||||
return STATE_CONN;
|
||||
if (strcmp(state_str, "trans") == 0)
|
||||
return STATE_TRANS;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
semanage_handle_t * get_handle(const char *state_str) {
|
||||
int state;
|
||||
semanage_handle_t *sh = NULL;
|
||||
|
||||
state = get_state(state_str);
|
||||
|
||||
if (state >= STATE_INIT)
|
||||
sh = NULL;
|
||||
|
||||
if (state >= STATE_HANDLE)
|
||||
sh = test_handle_create();
|
||||
|
||||
if (state >= STATE_CONN)
|
||||
test_connect(sh);
|
||||
|
||||
if (state >= STATE_TRANS)
|
||||
test_begin_transaction(sh);
|
||||
|
||||
return sh;
|
||||
}
|
||||
|
||||
void destroy_handle(semanage_handle_t *sh, const char *state_str) {
|
||||
int state;
|
||||
|
||||
state = get_state(state_str);
|
||||
|
||||
if (state >= STATE_TRANS)
|
||||
test_commit(sh);
|
||||
|
||||
if (state >= STATE_CONN)
|
||||
test_disconnect(sh);
|
||||
|
||||
if (state >= STATE_HANDLE) {
|
||||
semanage_handle_destroy(sh);
|
||||
printf("semanage_handle_destroy(%p)\n", (void *) sh);
|
||||
}
|
||||
}
|
||||
|
||||
int strcmp_null(const char *str1, const char *str2) {
|
||||
if (str1 == NULL && str2 == NULL)
|
||||
return 0;
|
||||
|
||||
if (str1 == NULL) {
|
||||
if (strcmp(str2, "NULL") == 0)
|
||||
return 0;
|
||||
else
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (str2 == NULL) {
|
||||
if (strcmp(str1, "NULL") == 0)
|
||||
return 0;
|
||||
else
|
||||
return 1;
|
||||
}
|
||||
|
||||
return strcmp(str1, str2);
|
||||
}
|
||||
|
|
@ -1,255 +0,0 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/libsemanage/Sanity/semanage-seuser-functions
|
||||
# Description: Test semanage_seuser_* functions
|
||||
# Author: Jan Zarsky <jzarsky@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2017 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="libsemanage"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlAssertRpm ${PACKAGE}-devel
|
||||
rlAssertRpm "glibc"
|
||||
rlAssertRpm "gcc"
|
||||
|
||||
for f in test_*.c ; do
|
||||
out=$(echo -n $f | cut -d'.' -f1)
|
||||
rlRun "gcc $f -o $out -lsemanage -Wall -Wextra -Werror -std=c99"
|
||||
done
|
||||
|
||||
POLICY_TYPE="$(grep -E '^SELINUXTYPE=' /etc/selinux/config | cut -d'=' -f2 | tr '[:upper:]' '[:lower:]' | tr -d ' ')"
|
||||
|
||||
if rlIsFedora; then
|
||||
SEUSERS_PATH="/var/lib/selinux/$POLICY_TYPE/active/seusers"
|
||||
elif rlIsRHEL '>=7'; then
|
||||
SEUSERS_PATH="/etc/selinux/$POLICY_TYPE/active/seusers"
|
||||
else
|
||||
SEUSERS_PATH="/etc/selinux/$POLICY_TYPE/seusers"
|
||||
fi
|
||||
|
||||
rlRun "cat $SEUSERS_PATH"
|
||||
|
||||
SEUSERS_COUNT="$(cat $SEUSERS_PATH | grep -vE '^#|^$' | wc -l)"
|
||||
rlRun "[[ \"$SEUSERS_COUNT\" -gt 0 ]]"
|
||||
|
||||
SEUSERS="$(cat $SEUSERS_PATH | grep -vE '^#|^$' | cut -d':' -f1 | tr '\n' ' ')"
|
||||
rlRun "[[ -n \"$SEUSERS\" ]]"
|
||||
|
||||
first_line="$(cat $SEUSERS_PATH | grep -vE '^#|^$' | head -n 1)"
|
||||
SEUSER="$(echo -n $first_line | cut -d':' -f1)"
|
||||
rlRun "[[ -n \"$SEUSER\" ]]"
|
||||
SEUSER_SENAME="$(echo -n $first_line | cut -d':' -f2)"
|
||||
rlRun "[[ -n \"$SEUSER_SENAME\" ]]"
|
||||
SEUSER_MLSRANGE="$(echo -n $first_line | cut -d':' -f3-4)"
|
||||
rlRun "[[ -n \"$SEUSER_MLSRANGE\" ]]"
|
||||
|
||||
SEUSER_NONEXISTENT="nonuser"
|
||||
SEUSER_DEFAULT="__default__"
|
||||
|
||||
ERR_FAIL=1
|
||||
ERR_ABORT=134
|
||||
ERR_SEGFAULT=139
|
||||
|
||||
# note: each test_*.c program takes first argument which specifies setup
|
||||
# before executing specified function
|
||||
# init semanage handle == NULL
|
||||
# handle semanage handle obtained via semanage_handle_create
|
||||
# conn connected via semanage_connect
|
||||
# trans inside transaction, via semanage_begin_transaction
|
||||
# program returns 1 on error in function, 2 on error in setup
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_key_create, semanage_seuser_key_free"
|
||||
# FIXME
|
||||
# rlRun "./test_key_create init $SEUSER" $ERR_ABORT,$ERR_SEGFAULT
|
||||
# rlRun "./test_key_create handle $SEUSER" $ERR_FAIL
|
||||
rlRun "./test_key_create conn $SEUSER"
|
||||
rlRun "./test_key_create trans $SEUSER"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_key_extract"
|
||||
# FIXME
|
||||
#rlRun "./test_key_extract conn new"
|
||||
rlRun "./test_key_extract conn first"
|
||||
# FIXME
|
||||
#rlRun "./test_key_extract trans new"
|
||||
rlRun "./test_key_extract trans first"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_compare"
|
||||
rlRun "./test_compare conn $SEUSER same"
|
||||
rlRun "./test_compare conn $SEUSER_NONEXISTENT different"
|
||||
rlRun "./test_compare trans $SEUSER same"
|
||||
rlRun "./test_compare trans $SEUSER_NONEXISTENT different"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_compare2"
|
||||
rlRun "./test_compare2 conn NULL 0" $ERR_ABORT,$ERR_SEGFAULT
|
||||
rlRun "./test_compare2 conn 0 NULL" $ERR_ABORT,$ERR_SEGFAULT
|
||||
rlRun "./test_compare2 conn NULL NULL" $ERR_ABORT,$ERR_SEGFAULT
|
||||
rlRun "./test_compare2 conn 0 0"
|
||||
rlRun "./test_compare2 conn 0 1"
|
||||
rlRun "./test_compare2 trans NULL 0" $ERR_ABORT,$ERR_SEGFAULT
|
||||
rlRun "./test_compare2 trans 0 NULL" $ERR_ABORT,$ERR_SEGFAULT
|
||||
rlRun "./test_compare2 trans NULL NULL" $ERR_ABORT,$ERR_SEGFAULT
|
||||
rlRun "./test_compare2 trans 0 0"
|
||||
rlRun "./test_compare2 trans 0 1"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_count"
|
||||
rlRun "./test_count init" $ERR_ABORT,$ERR_SEGFAULT
|
||||
rlRun "./test_count handle" $ERR_FAIL
|
||||
rlRun "./test_count conn $SEUSERS_COUNT"
|
||||
rlRun "./test_count trans $SEUSERS_COUNT"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_list"
|
||||
rlRun "./test_list init" $ERR_ABORT,$ERR_SEGFAULT
|
||||
rlRun "./test_list handle" $ERR_FAIL
|
||||
rlRun "./test_list conn $SEUSERS_COUNT $SEUSERS"
|
||||
rlRun "./test_list trans $SEUSERS_COUNT $SEUSERS"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_iterate"
|
||||
rlRun "./test_iterate init" $ERR_ABORT,$ERR_SEGFAULT
|
||||
rlRun "./test_iterate handle" $ERR_FAIL
|
||||
rlRun "./test_iterate conn $SEUSERS"
|
||||
rlRun "./test_iterate trans $SEUSERS"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_exists"
|
||||
rlRun "./test_exists conn $SEUSER_NONEXISTENT 0"
|
||||
rlRun "./test_exists conn $SEUSER_DEFAULT 1"
|
||||
rlRun "./test_exists conn $USER 1"
|
||||
rlRun "./test_exists trans $SEUSER_NONEXISTENT 0"
|
||||
rlRun "./test_exists trans $SEUSER_DEFAULT 1"
|
||||
rlRun "./test_exists trans $SEUSER 1"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_query"
|
||||
rlRun "./test_query conn $SEUSER_NONEXISTENT" $ERR_FAIL
|
||||
rlRun "./test_query conn $SEUSER_DEFAULT"
|
||||
rlRun "./test_query conn $SEUSER"
|
||||
rlRun "./test_query trans $SEUSER_NONEXISTENT" $ERR_FAIL
|
||||
rlRun "./test_query trans $SEUSER_DEFAULT"
|
||||
rlRun "./test_query trans $SEUSER"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_get_name"
|
||||
rlRun "./test_get_name conn new NULL"
|
||||
rlRun "./test_get_name conn first $SEUSER"
|
||||
rlRun "./test_get_name trans new NULL"
|
||||
rlRun "./test_get_name trans first $SEUSER"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_set_name"
|
||||
name="someuser"
|
||||
rlRun "./test_set_name conn $name"
|
||||
rlRun "./test_set_name trans $name"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_get_sename"
|
||||
rlRun "./test_get_sename conn new NULL"
|
||||
rlRun "./test_get_sename conn first $SEUSER_SENAME"
|
||||
rlRun "./test_get_sename trans new NULL"
|
||||
rlRun "./test_get_sename trans first $SEUSER_SENAME"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_set_sename"
|
||||
sename="someuser_u"
|
||||
rlRun "./test_set_sename conn $sename"
|
||||
rlRun "./test_set_sename trans $sename"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_get_mlsrange"
|
||||
rlRun "./test_get_mlsrange conn new NULL"
|
||||
rlRun "./test_get_mlsrange conn first $SEUSER_MLSRANGE"
|
||||
rlRun "./test_get_mlsrange trans new NULL"
|
||||
rlRun "./test_get_mlsrange trans first $SEUSER_MLSRANGE"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_set_mlsrange"
|
||||
mlsrange="c0-s1:c0.c42"
|
||||
rlRun "./test_set_mlsrange conn $mlsrange"
|
||||
rlRun "./test_set_mlsrange trans $mlsrange"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_clone"
|
||||
# FIXME
|
||||
#rlRun "./test_clone conn new"
|
||||
rlRun "./test_clone conn first"
|
||||
# FIXME
|
||||
#rlRun "./test_clone trans new"
|
||||
rlRun "./test_clone trans first"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_create"
|
||||
# FIXME
|
||||
#rlRun "./test_create init" $ERR_ABORT,$ERR_SEGFAULT
|
||||
#rlRun "./test_create handle" $ERR_ABORT,$ERR_SEGFAULT
|
||||
rlRun "./test_create conn"
|
||||
rlRun "./test_create trans"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_modify_local"
|
||||
# function requires transaction
|
||||
#rlRun "./test_modify_local conn new" $ERR_FAIL
|
||||
#rlRun "./test_modify_local conn first" $ERR_FAIL
|
||||
#rlRun "./test_modify_local trans new" $ERR_FAIL
|
||||
rlRun "./test_modify_local trans first"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_del_local"
|
||||
# adding local seuser requires transaction
|
||||
# FIXME
|
||||
#rlRun "./test_del_local trans first new"
|
||||
#rlRun "./test_del_local trans first second"
|
||||
rlRun "./test_del_local trans first first"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_exists_local"
|
||||
# adding local seuser requires transaction
|
||||
rlRun "./test_exists_local trans first first 1"
|
||||
rlRun "./test_exists_local trans first second 0"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "semanage_seuser_count_local"
|
||||
# adding local seuser requires transaction
|
||||
# FIXME
|
||||
#rlRun "./test_count_local trans 0"
|
||||
rlRun "./test_count_local trans 1"
|
||||
rlRun "./test_count_local trans 2"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
testfiles="$(ls -1 test_* | grep -v '\.c' | tr '\n' ' ')"
|
||||
rlRun "rm -f $testfiles"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
|
@ -1,60 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
semanage_seuser_t *seuser_clone;
|
||||
int result;
|
||||
const char *str;
|
||||
const char *str_clone;
|
||||
|
||||
if (argc < 3)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
seuser = test_get_seuser(sh, argv[2]);
|
||||
|
||||
result = semanage_seuser_clone(sh, seuser, &seuser_clone);
|
||||
printf("semanage_seuser_clone(%p, %p): %d\n",
|
||||
(void *) seuser, (void *) seuser_clone, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_clone");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
str = semanage_seuser_get_name(seuser);
|
||||
str_clone = semanage_seuser_get_name(seuser_clone);
|
||||
|
||||
if (strcmp(str, str_clone) != 0) {
|
||||
fprintf(stderr, "Different in get_name\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
str = semanage_seuser_get_sename(seuser);
|
||||
str_clone = semanage_seuser_get_sename(seuser_clone);
|
||||
|
||||
if (strcmp(str, str_clone) != 0) {
|
||||
fprintf(stderr, "Different in get_sename\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
str = semanage_seuser_get_mlsrange(seuser);
|
||||
str_clone = semanage_seuser_get_mlsrange(seuser_clone);
|
||||
|
||||
if (strcmp(str, str_clone) != 0) {
|
||||
fprintf(stderr, "Different in get_mlsrange\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
semanage_seuser_key_t *key;
|
||||
int result;
|
||||
|
||||
if (argc < 3)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
seuser = test_get_seuser(sh, "first");
|
||||
|
||||
key = test_get_key(sh, argv[2]);
|
||||
|
||||
result = semanage_seuser_compare(seuser, key);
|
||||
printf("semanage_seuser_compare(%p, %p): %d\n",
|
||||
(void *) seuser, (void *) key, result);
|
||||
|
||||
if (argc >= 4) {
|
||||
if (strcmp(argv[3], "same") == 0 && result != 0) {
|
||||
fprintf(stderr, "Expected same but got different\n");
|
||||
exit(1);
|
||||
}
|
||||
else if (strcmp(argv[3], "different") == 0 && result == 0) {
|
||||
fprintf(stderr, "Expected different but got same\n");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
semanage_seuser_key_free(key);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,54 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
semanage_seuser_t *seuser2;
|
||||
int result;
|
||||
int first = -1;
|
||||
int second = -1;
|
||||
|
||||
if (argc < 4)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
if (strcmp(argv[2], "NULL") == 0) {
|
||||
seuser = NULL;
|
||||
}
|
||||
else {
|
||||
first = strtol(argv[2], NULL, 10);
|
||||
seuser = test_get_seuser_nth(sh, first);
|
||||
}
|
||||
|
||||
if (strcmp(argv[3], "NULL") == 0) {
|
||||
seuser2 = NULL;
|
||||
}
|
||||
else {
|
||||
second = strtol(argv[3], NULL, 10);
|
||||
seuser2 = test_get_seuser_nth(sh, second);
|
||||
}
|
||||
|
||||
result = semanage_seuser_compare2(seuser, seuser2);
|
||||
printf("semanage_seuser_compare(%p, %p): %d\n",
|
||||
(void *) seuser, (void *) seuser2, result);
|
||||
|
||||
if (first == second && result != 0) {
|
||||
fprintf(stderr, "Expected same but got different\n");
|
||||
exit(1);
|
||||
}
|
||||
else if (first != second && result == 0) {
|
||||
fprintf(stderr, "Expected different but got same\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
unsigned int response;
|
||||
int result;
|
||||
|
||||
if (argc < 2)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
result = semanage_seuser_count(sh, &response);
|
||||
printf("semanage_seuser_count(%p, %p): %d, response: %u\n",
|
||||
(void *) sh, (void *) &response, result, response);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_count");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (argc >= 3)
|
||||
check_result_int(argv[2], response);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
int result;
|
||||
unsigned int response;
|
||||
int num;
|
||||
|
||||
if (argc < 2)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
num = strtol(argv[2], NULL, 10);
|
||||
|
||||
for (int i = 0; i < num; i++) {
|
||||
seuser = test_get_seuser_nth(sh, i);
|
||||
|
||||
test_add_local_seuser(sh, seuser);
|
||||
}
|
||||
|
||||
result = semanage_seuser_count_local(sh, &response);
|
||||
printf("semanage_seuser_count_local(%p, %p): %d, response: %d\n",
|
||||
(void *) sh, (void *) &response, result, response);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_count_local");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (argc >= 3)
|
||||
check_result_int(argv[2], response);
|
||||
|
||||
test_del_local_seuser(sh, seuser);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,53 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
int result;
|
||||
const char *str;
|
||||
|
||||
if (argc < 2)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
result = semanage_seuser_create(sh, &seuser);
|
||||
printf("semanage_seuser_create(%p, %p): %d\n",
|
||||
(void *) sh, (void *) seuser, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_create");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
str = semanage_seuser_get_name(seuser);
|
||||
|
||||
if (str != NULL) {
|
||||
fprintf(stderr, "Expected name == NULL, got %s\n", str);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
str = semanage_seuser_get_sename(seuser);
|
||||
|
||||
if (str != NULL) {
|
||||
fprintf(stderr, "Expected sename == NULL, got %s\n", str);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
str = semanage_seuser_get_mlsrange(seuser);
|
||||
|
||||
if (str != NULL) {
|
||||
fprintf(stderr, "Expected mlsrange == NULL, got %s\n", str);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,64 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
semanage_seuser_t *seuser_del;
|
||||
semanage_seuser_key_t *key;
|
||||
semanage_seuser_t **records;
|
||||
int result;
|
||||
unsigned int count;
|
||||
|
||||
if (argc < 4)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
seuser = test_get_seuser(sh, argv[2]);
|
||||
|
||||
test_add_local_seuser(sh, seuser);
|
||||
|
||||
seuser_del = test_get_seuser(sh, argv[3]);
|
||||
|
||||
result = semanage_seuser_key_extract(sh, seuser_del, &key);
|
||||
printf("semanage_seuser_key_extract(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) seuser_del, (void *) &key, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_key_extract");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
result = semanage_seuser_del_local(sh, key);
|
||||
printf("semanage_seuser_del_local(%p, %p): %d\n",
|
||||
(void *) seuser, (void *) key, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_del_local");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
result = semanage_seuser_list_local(sh, &records, &count);
|
||||
printf("semanage_seuser_list_local(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) &records, (void *) &count, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_list_local");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
if (count != 0) {
|
||||
fprintf(stderr, "Number of local seusers is not 0!\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_key_t *key;
|
||||
int result;
|
||||
int response;
|
||||
|
||||
if (argc < 3)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
key = test_get_key(sh, argv[2]);
|
||||
|
||||
result = semanage_seuser_exists(sh, key, &response);
|
||||
printf("semanage_seuser_exists(%p, %p, %p): %d, response: %d\n",
|
||||
(void *) sh, (void *) key, (void *) &response, result, response);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_exists");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (argc >= 4)
|
||||
check_result_int(argv[3], response);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,59 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
semanage_seuser_t *seuser_exists;
|
||||
semanage_seuser_key_t *key;
|
||||
int result;
|
||||
int response;
|
||||
int exp;
|
||||
|
||||
if (argc < 4)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
seuser = test_get_seuser(sh, argv[2]);
|
||||
seuser_exists = test_get_seuser(sh, argv[3]);
|
||||
|
||||
test_add_local_seuser(sh, seuser);
|
||||
|
||||
result = semanage_seuser_key_extract(sh, seuser_exists, &key);
|
||||
printf("semanage_seuser_key_extract(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) seuser_exists, (void *) &key, result);
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_key_extract");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
result = semanage_seuser_exists_local(sh, key, &response);
|
||||
printf("semanage_seuser_exists_local(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) key, (void *) &response, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_exists_local");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (argc >= 5) {
|
||||
exp = strtol(argv[4], NULL, 10);
|
||||
|
||||
if (response != exp) {
|
||||
fprintf(stderr, "Expected %d but got %d\n", exp, response);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
test_del_local_seuser(sh, seuser);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
|
||||
if (argc < 4)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
seuser = test_get_seuser(sh, argv[2]);
|
||||
|
||||
const char *name = semanage_seuser_get_mlsrange(seuser);
|
||||
printf("semanage_seuser_get_mlsrange(%p): %s\n",
|
||||
(void *) seuser, name);
|
||||
|
||||
if (strcmp_null(argv[3], name) != 0) {
|
||||
fprintf(stderr, "Expected %s but got %s\n", argv[2], name);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
|
||||
if (argc < 4)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
seuser = test_get_seuser(sh, argv[2]);
|
||||
|
||||
const char *name = semanage_seuser_get_name(seuser);
|
||||
printf("semanage_seuser_get_name(%p): %s\n",
|
||||
(void *) seuser, name);
|
||||
|
||||
if (strcmp_null(argv[3], name) != 0) {
|
||||
fprintf(stderr, "Expected %s but got %s\n", argv[2], name);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
|
||||
if (argc < 4)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
seuser = test_get_seuser(sh, argv[2]);
|
||||
|
||||
const char *name = semanage_seuser_get_sename(seuser);
|
||||
printf("semanage_seuser_get_sename(%p): %s\n",
|
||||
(void *) seuser, name);
|
||||
|
||||
if (strcmp_null(argv[3], name) != 0) {
|
||||
fprintf(stderr, "Expected %s but got %s\n", argv[2], name);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,49 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int counter = 0;
|
||||
|
||||
int handler(const semanage_seuser_t *record, void *varg) {
|
||||
char **args = (char **) varg;
|
||||
|
||||
const char *name = semanage_seuser_get_name(record);
|
||||
|
||||
if (strcmp(name, args[2 + counter++]) != 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
int result;
|
||||
|
||||
if (argc < 2)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
char **param = NULL;
|
||||
|
||||
if (argc >= 3) {
|
||||
param = argv;
|
||||
}
|
||||
|
||||
result = semanage_seuser_iterate(sh, &handler, (void *) param);
|
||||
printf("semanage_seuser_iterate(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) &handler, (void *) param, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_iterate");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_key_t *key;
|
||||
const char *name;
|
||||
int result;
|
||||
|
||||
if (argc < 3)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
if (strcmp(argv[2], "NULL") == 0)
|
||||
name = NULL;
|
||||
else
|
||||
name = argv[2];
|
||||
|
||||
result = semanage_seuser_key_create(sh, name, &key);
|
||||
printf("semanage_seuser_key_create(%p, %s, %p): %d\n",
|
||||
(void *) sh, name, (void *) &key, result);
|
||||
|
||||
if (result < 0 || key == NULL) {
|
||||
perror("semanage_seuser_key_create");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
semanage_seuser_key_free(key);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
semanage_seuser_key_t *key;
|
||||
int result;
|
||||
|
||||
if (argc < 3)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
seuser = test_get_seuser(sh, argv[2]);
|
||||
|
||||
result = semanage_seuser_key_extract(sh, seuser, &key);
|
||||
printf("semanage_seuser_key_extract(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) seuser, (void *) &key, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_key_extract");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
result = semanage_seuser_compare(seuser, key);
|
||||
printf("semanage_seuser_compare(%p, %p): %d\n",
|
||||
(void *) seuser, (void *) key, result);
|
||||
|
||||
if (result != 0) {
|
||||
perror("semanage_seuser_compare");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
semanage_seuser_key_free(key);
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t **records;
|
||||
unsigned int count;
|
||||
int result;
|
||||
|
||||
if (argc < 2)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
result = semanage_seuser_list(sh, &records, &count);
|
||||
printf("semanage_seuser_list(%p, %p, %p): %d",
|
||||
(void *) sh, (void *) &records, (void *) &count, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_list");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
printf(", count: %u, records: ", count);
|
||||
|
||||
const char *name;
|
||||
|
||||
for (unsigned int i = 0; i < count; i++) {
|
||||
name = semanage_seuser_get_name(records[i]);
|
||||
printf("%p (%s), ", (void *) records[i], name);
|
||||
}
|
||||
|
||||
printf("\n");
|
||||
|
||||
if (argc >= 3) {
|
||||
unsigned int exp_count = strtoul(argv[2], NULL, 10);
|
||||
|
||||
if (count != exp_count) {
|
||||
printf("Expected %u but got %u\n", exp_count, count);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
const char *name;
|
||||
|
||||
for (unsigned int i = 0; i < count; i++) {
|
||||
name = semanage_seuser_get_name(records[i]);
|
||||
|
||||
if (strcmp(name, argv[3 + i]) != 0) {
|
||||
printf("Expected %s but got %s\n", name, argv[3 + i]);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,64 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *seuser;
|
||||
semanage_seuser_key_t *key;
|
||||
semanage_seuser_t **records;
|
||||
int result;
|
||||
unsigned int count;
|
||||
|
||||
if (argc < 3)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
seuser = test_get_seuser(sh, argv[2]);
|
||||
|
||||
result = semanage_seuser_key_extract(sh, seuser, &key);
|
||||
printf("semanage_seuser_key_extract(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) seuser, (void *) &key, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_key_extract");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
result = semanage_seuser_modify_local(sh, key, seuser);
|
||||
printf("semanage_seuser_modify_local(%p, %p, %p): %d\n",
|
||||
(void *) seuser, (void *) key, (void *) seuser, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_modify_local");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
result = semanage_seuser_list_local(sh, &records, &count);
|
||||
printf("semanage_seuser_list_local(%p, %p, %p): %d\n",
|
||||
(void *) sh, (void *) &records, (void *) &count, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_list_local");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
if (count != 1) {
|
||||
fprintf(stderr, "Number of local seusers is %u, expected 1!\n", count);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (semanage_seuser_compare(records[0], key) != 0) {
|
||||
fprintf(stderr, "Local seuser is different!\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_key_t *key;
|
||||
semanage_seuser_t *response;
|
||||
int result;
|
||||
|
||||
if (argc < 3)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
result = semanage_seuser_key_create(sh, argv[2], &key);
|
||||
printf("semanage_seuser_key_create(%p, %s, %p): %d\n",
|
||||
(void *) sh, argv[2], (void *) &key, result);
|
||||
|
||||
if (result < 0 || key == NULL) {
|
||||
perror("semanage_seuser_key_create");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
result = semanage_seuser_query(sh, key, &response);
|
||||
printf("semanage_seuser_query(%p, %p, %p): %d, response: %p\n",
|
||||
(void *) sh, (void *) key, (void *) &response, result, (void *) response);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_query");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
const char *name = semanage_seuser_get_name(response);
|
||||
printf("semanage_seuser_get_name(%p): %s\n",
|
||||
(void *) response, name);
|
||||
|
||||
if (strcmp(argv[2], name) != 0) {
|
||||
perror("semanage_seuser_get_name");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,62 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *user;
|
||||
int result;
|
||||
const char *mlsrange;
|
||||
|
||||
if (argc < 3)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
user = test_get_seuser(sh, "first");
|
||||
|
||||
if (strcmp(argv[2], "NULL") == 0)
|
||||
mlsrange = NULL;
|
||||
else
|
||||
mlsrange = argv[2];
|
||||
|
||||
const char *old_mlsrange = semanage_seuser_get_mlsrange(user);
|
||||
printf("semanage_seuser_get_mlsrange(%p): %s\n",
|
||||
(void *) user, old_mlsrange);
|
||||
|
||||
if (old_mlsrange == NULL) {
|
||||
perror("semanage_seuser_get_mlsrange");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
if (strcmp(old_mlsrange, mlsrange) == 0) {
|
||||
printf("New mlsrange is the same\n");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
result = semanage_seuser_set_mlsrange(sh, user, mlsrange);
|
||||
printf("semanage_seuser_set_mlsrange(%p, %p, %s): %d\n",
|
||||
(void *) sh, (void *) user, mlsrange, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_set_mlsrange");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
const char *new_mlsrange = semanage_seuser_get_mlsrange(user);
|
||||
printf("semanage_seuser_get_mlsrange(%p): %s\n",
|
||||
(void *) user, new_mlsrange);
|
||||
|
||||
if (strcmp(new_mlsrange, mlsrange) != 0) {
|
||||
perror("semanage_seuser_get_mlsrange");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,62 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *user;
|
||||
int result;
|
||||
const char *name;
|
||||
|
||||
if (argc < 3)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
user = test_get_seuser(sh, "first");
|
||||
|
||||
if (strcmp(argv[2], "NULL") == 0)
|
||||
name = NULL;
|
||||
else
|
||||
name = argv[2];
|
||||
|
||||
const char *old_name = semanage_seuser_get_name(user);
|
||||
printf("semanage_seuser_get_name(%p): %s\n",
|
||||
(void *) user, old_name);
|
||||
|
||||
if (old_name == NULL) {
|
||||
perror("semanage_seuser_get_name");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
if (strcmp(old_name, name) == 0) {
|
||||
printf("New name is the same\n");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
result = semanage_seuser_set_name(sh, user, name);
|
||||
printf("semanage_seuser_set_name(%p, %p, %s): %d\n",
|
||||
(void *) sh, (void *) user, name, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_set_name");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
const char *new_name = semanage_seuser_get_name(user);
|
||||
printf("semanage_seuser_get_name(%p): %s\n",
|
||||
(void *) user, new_name);
|
||||
|
||||
if (strcmp(new_name, name) != 0) {
|
||||
perror("semanage_seuser_get_name");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,62 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <semanage/semanage.h>
|
||||
|
||||
#include "functions.c"
|
||||
|
||||
int main (int argc, char **argv) {
|
||||
semanage_handle_t *sh;
|
||||
semanage_seuser_t *user;
|
||||
int result;
|
||||
const char *name;
|
||||
|
||||
if (argc < 3)
|
||||
exit(2);
|
||||
|
||||
sh = get_handle(argv[1]);
|
||||
|
||||
user = test_get_seuser(sh, "first");
|
||||
|
||||
if (strcmp(argv[2], "NULL") == 0)
|
||||
name = NULL;
|
||||
else
|
||||
name = argv[2];
|
||||
|
||||
const char *old_name = semanage_seuser_get_sename(user);
|
||||
printf("semanage_seuser_get_sename(%p): %s\n",
|
||||
(void *) user, old_name);
|
||||
|
||||
if (old_name == NULL) {
|
||||
perror("semanage_seuser_get_sename");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
if (strcmp(old_name, name) == 0) {
|
||||
printf("New name is the same\n");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
result = semanage_seuser_set_sename(sh, user, name);
|
||||
printf("semanage_seuser_set_sename(%p, %p, %s): %d\n",
|
||||
(void *) sh, (void *) user, name, result);
|
||||
|
||||
if (result < 0) {
|
||||
perror("semanage_seuser_set_sename");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
const char *new_name = semanage_seuser_get_sename(user);
|
||||
printf("semanage_seuser_get_sename(%p): %s\n",
|
||||
(void *) user, new_name);
|
||||
|
||||
if (strcmp(new_name, name) != 0) {
|
||||
perror("semanage_seuser_get_sename");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
destroy_handle(sh, argv[1]);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
---
|
||||
# Tests that run in all contexts
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
repositories:
|
||||
- repo: "https://src.fedoraproject.org/tests/selinux.git"
|
||||
dest: "selinux"
|
||||
fmf_filter: "tier: 1 | component: libsemanage & tags: generic"
|
||||
required_packages:
|
||||
- libsemanage # Required for sanity-tests
|
||||
- libsemanage-devel # Required for sanity-tests
|
||||
- glibc # Required for sanity-tests
|
||||
- gcc # Required for sanity-tests
|
||||
- CUnit-devel # Required for sanity-tests
|
||||
- libselinux # Required for verify-options-in-semanage-conf
|
||||
- libselinux-utils # Required for verify-options-in-semanage-conf
|
||||
- policycoreutils # Required for verify-options-in-semanage-conf
|
||||
- policycoreutils-python-utils # Required for verify-options-in-semanage-conf
|
||||
- selinux-policy # Required for verify-options-in-semanage-conf
|
||||
- selinux-policy-devel # Required for verify-options-in-semanage-conf
|
||||
- lksctp-tools # sctp_test
|
||||
- psmisc # sctp_test
|
||||
|
|
@ -1,64 +0,0 @@
|
|||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/libsemanage/Sanity/verify-options-in-semanage-conf
|
||||
# Description: Are the verify options in semanage.conf honored?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2016 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/libsemanage/Sanity/verify-options-in-semanage-conf
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE empty.te
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Are the verify options in semanage.conf honored?" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 10m" >> $(METADATA)
|
||||
@echo "RunFor: libsemanage" >> $(METADATA)
|
||||
@echo "Requires: libselinux libselinux-utils libsemanage policycoreutils policycoreutils-python selinux-policy selinux-policy-devel" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
PURPOSE of /CoreOS/libsemanage/Sanity/verify-options-in-semanage-conf
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
||||
|
||||
Are the verify options in semanage.conf honored?
|
||||
Tested options: verify kernel, verify module, verify linked
|
||||
Tested tools: semodule, semanage
|
||||
Positive and negative cases are tested.
|
||||
Original information found at http://selinuxproject.org/page/PolicyValidate
|
||||
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
policy_module(empty,1.0)
|
||||
|
||||
|
|
@ -1,142 +0,0 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/libsemanage/Sanity/verify-options-in-semanage-conf
|
||||
# Description: Are the verify options in semanage.conf honored?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2016 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="libsemanage"
|
||||
MODULE_NAME="empty"
|
||||
SEMANAGE_CONF="/etc/selinux/semanage.conf"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}
|
||||
rlAssertRpm policycoreutils
|
||||
rlAssertRpm selinux-policy
|
||||
rlFileBackup ${SEMANAGE_CONF}
|
||||
rlRun "rpm -qf /usr/sbin/semanage"
|
||||
rlRun "grep -v -e '^#' -e '^$' ${SEMANAGE_CONF}"
|
||||
OUTPUT_FILE=`mktemp`
|
||||
|
||||
rlRun "setenforce 1"
|
||||
rlRun "sestatus"
|
||||
rlRun "ls -l ${MODULE_NAME}.te"
|
||||
rlRun "make -f /usr/share/selinux/devel/Makefile"
|
||||
rlRun "ls -l ${MODULE_NAME}.pp"
|
||||
rlPhaseEnd
|
||||
|
||||
rlLog "positive cases follow"
|
||||
# TODO: /bin/true could be replaced a script, which prints the supplied arguments into a file for further inspection
|
||||
|
||||
rlPhaseStartTest "verify kernel"
|
||||
rlRun "semodule -r ${MODULE_NAME}" 0,1
|
||||
rlFileRestore
|
||||
rlRun "echo -en '[verify kernel]\npath = /bin/true\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}"
|
||||
rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertNotGrep "semodule.*failed" ${OUTPUT_FILE} -i
|
||||
rlRun "semodule -l | grep ${MODULE_NAME}"
|
||||
rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertNotGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei
|
||||
rlRun "semanage module -l | grep ${MODULE_NAME}"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "verify module"
|
||||
rlRun "semodule -r ${MODULE_NAME}" 0,1
|
||||
rlFileRestore
|
||||
rlRun "echo -en '[verify module]\npath = /bin/true\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}"
|
||||
rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertNotGrep "semodule.*failed" ${OUTPUT_FILE} -i
|
||||
rlRun "semodule -l | grep ${MODULE_NAME}"
|
||||
rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertNotGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei
|
||||
rlRun "semanage module -l | grep ${MODULE_NAME}"
|
||||
rlPhaseEnd
|
||||
|
||||
if rlIsRHEL '<7.3' ; then # because "[verify linked]" was dropped
|
||||
rlPhaseStartTest "verify linked"
|
||||
rlRun "semodule -r ${MODULE_NAME}" 0,1
|
||||
rlFileRestore
|
||||
rlRun "echo -en '[verify linked]\npath = /bin/true\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}"
|
||||
rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertNotGrep "semodule.*failed" ${OUTPUT_FILE} -i
|
||||
rlRun "semodule -l | grep ${MODULE_NAME}"
|
||||
rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertNotGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei
|
||||
rlRun "semanage module -l | grep ${MODULE_NAME}"
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlLog "negative cases follow"
|
||||
# TODO: /bin/false could be replaced a script, which prints the supplied arguments into a file for further inspection
|
||||
|
||||
rlPhaseStartTest "verify kernel"
|
||||
rlRun "semodule -r ${MODULE_NAME}" 0,1
|
||||
rlFileRestore
|
||||
rlRun "echo -en '[verify kernel]\npath = /bin/false\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}"
|
||||
rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "semodule.*failed" ${OUTPUT_FILE} -i
|
||||
rlRun "semodule -l | grep ${MODULE_NAME}" 1
|
||||
rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei
|
||||
rlRun "semanage module -l | grep ${MODULE_NAME}" 1
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "verify module"
|
||||
rlRun "semodule -r ${MODULE_NAME}" 0,1
|
||||
rlFileRestore
|
||||
rlRun "echo -en '[verify module]\npath = /bin/false\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}"
|
||||
rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "semodule.*failed" ${OUTPUT_FILE} -i
|
||||
rlRun "semodule -l | grep ${MODULE_NAME}" 1
|
||||
rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei
|
||||
rlRun "semanage module -l | grep ${MODULE_NAME}" 1
|
||||
rlPhaseEnd
|
||||
|
||||
if rlIsRHEL '<7.3' ; then # because "[verify linked]" was dropped
|
||||
rlPhaseStartTest "verify linked"
|
||||
rlRun "semodule -r ${MODULE_NAME}" 0,1
|
||||
rlFileRestore
|
||||
rlRun "echo -en '[verify linked]\npath = /bin/false\nargs = \$@\n[end]\n' >> ${SEMANAGE_CONF}"
|
||||
rlRun "semodule -i ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "semodule.*failed" ${OUTPUT_FILE} -i
|
||||
rlRun "semodule -l | grep ${MODULE_NAME}" 1
|
||||
rlRun "semanage module -a ${MODULE_NAME}.pp 2>&1 | tee ${OUTPUT_FILE}"
|
||||
rlAssertGrep "could not commit semanage transaction|no such file or directory" ${OUTPUT_FILE} -Ei
|
||||
rlRun "semanage module -l | grep ${MODULE_NAME}" 1
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "rm -f ${MODULE_NAME}.pp ${OUTPUT_FILE}"
|
||||
rlFileRestore
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
||||
Loading…
Reference in New Issue