bed7f30855
Fixed policy file leaks in semanage_load_module and semanage_write_module. Merged further database work from Ivan Gyurdiev. Fixed bug in semanage_direct_disconnect.
230 lines
8.9 KiB
RPMSpec
230 lines
8.9 KiB
RPMSpec
%define libsepolver 1.9.23-1
|
|
Summary: SELinux binary policy manipulation library
|
|
Name: libsemanage
|
|
Version: 1.3.30
|
|
Release: 1
|
|
License: GPL
|
|
Group: System Environment/Libraries
|
|
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
|
|
BuildRoot: %{_tmppath}/%{name}-buildroot
|
|
BuildRequires: libsepol-devel >= %{libsepolver}
|
|
|
|
%description
|
|
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
|
of utilities with enhanced security functionality designed to add
|
|
mandatory access controls to Linux. The Security-enhanced Linux
|
|
kernel contains new architectural components originally developed to
|
|
improve the security of the Flask operating system. These
|
|
architectural components provide general support for the enforcement
|
|
of many kinds of mandatory access control policies, including those
|
|
based on the concepts of Type Enforcement®, Role-based Access
|
|
Control, and Multi-level Security.
|
|
|
|
libsemanage provides an API for the manipulation of SELinux binary policies.
|
|
It is used by checkpolicy (the policy compiler) and similar tools, as well
|
|
as by programs like load_policy that need to perform specific transformations
|
|
on binary policies such as customizing policy boolean settings.
|
|
|
|
%package devel
|
|
Summary: Header files and libraries used to build policy manipulation tools
|
|
Group: Development/Libraries
|
|
Requires: libsemanage = %{version}
|
|
|
|
%description devel
|
|
The semanage-devel package contains the static libraries and header files
|
|
needed for developing applications that manipulate binary policies.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
%build
|
|
make CFLAGS="%{optflags}"
|
|
|
|
%install
|
|
rm -rf ${RPM_BUILD_ROOT}
|
|
mkdir -p ${RPM_BUILD_ROOT}/%{_lib}
|
|
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}
|
|
mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
|
|
make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" install
|
|
|
|
%clean
|
|
rm -rf ${RPM_BUILD_ROOT}
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%config(noreplace) /usr/share/semanage/semanage.conf
|
|
/%{_lib}/libsemanage.so.1
|
|
%{_libdir}/libsemanage.so
|
|
|
|
%post -p /sbin/ldconfig
|
|
|
|
%postun -p /sbin/ldconfig
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
%{_libdir}/libsemanage.a
|
|
%{_includedir}/semanage/*.h
|
|
|
|
%changelog
|
|
* Fri Oct 21 2005 Dan Walsh <dwalsh@redhat.com> 1.3.30-1
|
|
- Update from NSA
|
|
* Fixed policy file leaks in semanage_load_module and
|
|
semanage_write_module.
|
|
* Merged further database work from Ivan Gyurdiev.
|
|
* Fixed bug in semanage_direct_disconnect.
|
|
|
|
* Thu Oct 20 2005 Dan Walsh <dwalsh@redhat.com> 1.3.28-1
|
|
- Update from NSA
|
|
* Merged interface renaming patch from Ivan Gyurdiev.
|
|
* Merged policy component patch from Ivan Gyurdiev.
|
|
* Renamed 'check=' configuration value to 'expand-check=' for
|
|
clarity.
|
|
* Changed semanage_commit_sandbox to check for and report errors
|
|
on rename(2) calls performed during rollback.
|
|
* Added optional check= configuration value to semanage.conf
|
|
and updated call to sepol_expand_module to pass its value
|
|
to control assertion and hierarchy checking on module expansion.
|
|
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
|
|
|
|
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.24-1
|
|
- Update from NSA
|
|
* Merged default database from Ivan Gyurdiev.
|
|
* Merged removal of connect requirement in policydb backend from
|
|
Ivan Gyurdiev.
|
|
* Merged commit locking fix and lock rename from Joshua Brindle.
|
|
* Merged transaction rollback in lock patch from Joshua Brindle.
|
|
* Changed default args for load_policy to be null, as it no longer
|
|
takes a pathname argument and we want to preserve booleans.
|
|
* Merged move local dbase initialization patch from Ivan Gyurdiev.
|
|
* Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
|
|
* Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
|
|
* Added calls to sepol_policy_file_set_handle interface prior
|
|
to invoking sepol operations on policy files.
|
|
* Updated call to sepol_policydb_from_image to pass the handle.
|
|
|
|
|
|
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.20-1
|
|
- Update from NSA
|
|
* Changed default args for load_policy to be null, as it no longer
|
|
takes a pathname argument and we want to preserve booleans.
|
|
* Merged move local dbase initialization patch from Ivan Gyurdiev.
|
|
* Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
|
|
* Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
|
|
* Added calls to sepol_policy_file_set_handle interface prior
|
|
to invoking sepol operations on policy files.
|
|
* Updated call to sepol_policydb_from_image to pass the handle.
|
|
|
|
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.20-1
|
|
- Update from NSA
|
|
* Merged user and port APIs - policy database patch from Ivan
|
|
Gyurdiev.
|
|
* Converted calls to sepol link_packages and expand_module interfaces
|
|
from using buffers to using sepol handles for error reporting, and
|
|
changed direct_connect/disconnect to create/destroy sepol handles.
|
|
|
|
* Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.3.18-1
|
|
- Update from NSA
|
|
* Merged bugfix patch from Ivan Gyurdiev.
|
|
* Merged seuser database patch from Ivan Gyurdiev.
|
|
Merged direct user/port databases to the handle from Ivan Gyurdiev.
|
|
* Removed obsolete include/semanage/commit_api.h (leftover).
|
|
Merged seuser record patch from Ivan Gyurdiev.
|
|
* Merged boolean and interface databases from Ivan Gyurdiev.
|
|
|
|
* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.14-1
|
|
- Update from NSA
|
|
* Updated to use get interfaces for hidden sepol_module_package type.
|
|
* Changed semanage_expand_sandbox and semanage_install_active
|
|
to generate/install the latest policy version supported by libsepol
|
|
by default (unless overridden by semanage.conf), since libselinux
|
|
will now downgrade automatically for load_policy.
|
|
* Merged new callback-based error reporting system and ongoing
|
|
database work from Ivan Gyurdiev.
|
|
|
|
* Wed Oct 12 2005 Dan Walsh <dwalsh@redhat.com> 1.3.11-1
|
|
- Update from NSA
|
|
* Fixed semanage_install_active() to use the same logic for
|
|
selecting a policy version as semanage_expand_sandbox(). Dropped
|
|
dead code from semanage_install_sandbox().
|
|
|
|
* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.3.10-1
|
|
- Update from NSA
|
|
* Updated for changes to libsepol, and to only use types and interfaces
|
|
provided by the shared libsepol.
|
|
|
|
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.3.9-1
|
|
- Update from NSA
|
|
* Merged further database work from Ivan Gyurdiev.
|
|
|
|
* Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.3.8-1
|
|
- Update from NSA
|
|
* Merged iterate, redistribute, and dbase split patches from
|
|
Ivan Gyurdiev.
|
|
|
|
* Mon Oct 3 2005 Dan Walsh <dwalsh@redhat.com> 1.3.7-1
|
|
- Update from NSA
|
|
* Merged patch series from Ivan Gyurdiev.
|
|
(pointer typedef elimination, file renames, dbase work, backend
|
|
separation)
|
|
* Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
|
|
* Separated handle create from connect interface.
|
|
* Added a constructor for initialization.
|
|
* Moved up src/include/*.h to src.
|
|
* Created a symbol map file; dropped dso.h and hidden markings.
|
|
|
|
* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.3.5-1
|
|
- Update from NSA
|
|
* Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
|
|
* Separated handle create from connect interface.
|
|
* Added a constructor for initialization.
|
|
* Moved up src/include/*.h to src.
|
|
* Created a symbol map file; dropped dso.h and hidden markings.
|
|
|
|
* Fri Sep 23 2005 Dan Walsh <dwalsh@redhat.com> 1.3.4-1
|
|
- Update from NSA
|
|
* Merged dbase redesign patch from Ivan Gyurdiev.
|
|
|
|
* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.3.3-1
|
|
- Update from NSA
|
|
* Merged boolean record, stub record handler, and status codes
|
|
patches from Ivan Gyurdiev.
|
|
|
|
* Tue Sep 20 2005 Dan Walsh <dwalsh@redhat.com> 1.3.2-1
|
|
- Update from NSA
|
|
* Merged stub iterator functionality from Ivan Gyurdiev.
|
|
* Merged interface record patch from Ivan Gyurdiev.
|
|
|
|
* Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.1-1
|
|
- Update from NSA
|
|
* Merged stub functionality for managing user and port records,
|
|
and record table code from Ivan Gyurdiev.
|
|
* Updated version for release.
|
|
|
|
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.1.6-1
|
|
- Update from NSA
|
|
* Merged semod.conf template patch from Dan Walsh (Red Hat),
|
|
but restored location to /usr/share/semod/semod.conf.
|
|
* Fixed several bugs found by valgrind.
|
|
* Fixed bug in prior patch for the semod_build_module_list leak.
|
|
* Merged errno fix from Joshua Brindle (Tresys).
|
|
* Merged fix for semod_build_modules_list leak on error path
|
|
from Serge Hallyn (IBM). Bug found by Coverity.
|
|
|
|
* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.1.3-1
|
|
- Update from NSA
|
|
* Merged errno fix from Joshua Brindle (Tresys).
|
|
* Merged fix for semod_build_modules_list leak on error path
|
|
from Serge Hallyn (IBM). Bug found by Coverity.
|
|
* Merged several fixes from Serge Hallyn (IBM). Bugs found by
|
|
Coverity.
|
|
* Fixed several other bugs and warnings.
|
|
* Merged patch to move module read/write code from libsemanage
|
|
to libsepol from Jason Tang (Tresys).
|
|
* Merged relay records patch from Ivan Gyurdiev.
|
|
* Merged key extract patch from Ivan Gyurdiev.
|
|
|
|
- Initial version
|
|
- Created by Stephen Smalley <sds@epoch.ncsc.mil>
|
|
|
|
|