rpms/libsemanage/devel libsemanage-rhat.patch,1.38,1.39

Daniel J Walsh dwalsh at fedoraproject.org
Fri Aug 29 18:57:47 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/libsemanage/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28048

Modified Files:
	libsemanage-rhat.patch 
Log Message:
* Tue Aug 5 2008 Dan Walsh <dwalsh at redhat.com> - 2.0.27-2
- Don't rebuild on fcontext or seuser modifications


libsemanage-rhat.patch:

Index: libsemanage-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/libsemanage/devel/libsemanage-rhat.patch,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- libsemanage-rhat.patch	14 Aug 2008 20:17:18 -0000	1.38
+++ libsemanage-rhat.patch	29 Aug 2008 18:57:16 -0000	1.39
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.27/src/direct_api.c
 --- nsalibsemanage/src/direct_api.c	2008-06-12 23:25:16.000000000 -0400
-+++ libsemanage-2.0.27/src/direct_api.c	2008-08-14 11:51:15.000000000 -0400
++++ libsemanage-2.0.27/src/direct_api.c	2008-08-26 10:25:38.000000000 -0400
 @@ -489,12 +489,6 @@
  	modified |= ifaces->dtable->is_modified(ifaces->dbase);
  	modified |= nodes->dtable->is_modified(nodes->dbase);
@@ -14,56 +14,78 @@
  	/* If there were policy changes, or explicitly requested, rebuild the policy */
  	if (sh->do_rebuild || modified) {
  
-@@ -667,11 +661,34 @@
+@@ -667,11 +661,33 @@
  		retval = semanage_verify_kernel(sh);
  		if (retval < 0)
  			goto cleanup;
 -	}
 +	} else {
-+		sepol_policydb_create(&out);
-+		modified |= seusers_modified;
-+		modified |= fcontexts_modified;
-+		modified |= users_extra_modified;
++		retval = sepol_policydb_create(&out);
++		if (retval < 0)
++			goto cleanup;
 +		
 +		retval = semanage_read_policydb(sh, out);
 +		if (retval < 0)
 +			goto cleanup;
 +		
-+		dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase,out);
++		/*		dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase,out);
 +		dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out);
 +		dbase_policydb_attach((dbase_policydb_t *) pifaces->dbase, out);
 +		dbase_policydb_attach((dbase_policydb_t *) pbools->dbase, out);
 +		dbase_policydb_attach((dbase_policydb_t *) pnodes->dbase, out);
- 
--	/* FIXME: else if !modified, but seusers_modified, 
--	 * load the existing policy instead of rebuilding */
++		*/
 +		if (seusers_modified) {
 +			retval = pseusers->dtable->clear(sh, pseusers->dbase);
 +			if (retval < 0)
 +				goto cleanup;
 +		}
  
+-	/* FIXME: else if !modified, but seusers_modified, 
+-	 * load the existing policy instead of rebuilding */
 +		retval = semanage_base_merge_components(sh);
 +		if (retval < 0)
 +		  goto cleanup;
-+
+ 
 +		/* Seusers */
 +	}
  	/* ======= Post-process: Validate non-policydb components ===== */
  
  	/* Validate local modifications to file contexts.
+@@ -724,7 +740,8 @@
+ 	sepol_policydb_free(out);
+ 	out = NULL;
+ 
+-	if (sh->do_rebuild || modified) {
++	if (sh->do_rebuild || modified || 
++	    seusers_modified || fcontexts_modified || users_extra_modified) {
+ 		retval = semanage_install_sandbox(sh);
+ 	}
+ 
+@@ -733,12 +750,14 @@
+ 		free(mod_filenames[i]);
+ 	}
+ 
+-	/* Detach from policydb, so it can be freed */
+-	dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
+-	dbase_policydb_detach((dbase_policydb_t *) pports->dbase);
+-	dbase_policydb_detach((dbase_policydb_t *) pifaces->dbase);
+-	dbase_policydb_detach((dbase_policydb_t *) pnodes->dbase);
+-	dbase_policydb_detach((dbase_policydb_t *) pbools->dbase);
++	if (modified) {
++		/* Detach from policydb, so it can be freed */
++		dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
++		dbase_policydb_detach((dbase_policydb_t *) pports->dbase);
++		dbase_policydb_detach((dbase_policydb_t *) pifaces->dbase);
++		dbase_policydb_detach((dbase_policydb_t *) pnodes->dbase);
++		dbase_policydb_detach((dbase_policydb_t *) pbools->dbase);
++	}
+ 
+ 	free(mod_filenames);
+ 	sepol_policydb_free(out);
 diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.27/src/genhomedircon.c
 --- nsalibsemanage/src/genhomedircon.c	2008-08-05 09:57:28.000000000 -0400
-+++ libsemanage-2.0.27/src/genhomedircon.c	2008-08-08 14:00:37.000000000 -0400
-@@ -21,6 +21,7 @@
-  */
- 
- #include <semanage/handle.h>
-+#include <syslog.h>
- #include <semanage/seusers_policy.h>
- #include <semanage/users_policy.h>
- #include <semanage/user_record.h>
-@@ -487,7 +488,6 @@
++++ libsemanage-2.0.27/src/genhomedircon.c	2008-08-26 10:30:30.000000000 -0400
+@@ -487,7 +487,6 @@
  				  const char *role_prefix)
  {
  	replacement_pair_t repl[] = {
@@ -71,7 +93,7 @@
  		{.search_for = TEMPLATE_HOME_DIR,.replace_with = home},
  		{.search_for = TEMPLATE_ROLE,.replace_with = role_prefix},
  		{NULL, NULL}
-@@ -547,7 +547,6 @@
+@@ -547,7 +546,6 @@
  	replacement_pair_t repl[] = {
  		{.search_for = TEMPLATE_USER,.replace_with = user},
  		{.search_for = TEMPLATE_ROLE,.replace_with = role_prefix},
@@ -81,7 +103,7 @@
  	Ustr *line = USTR_NULL;
 diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage.conf libsemanage-2.0.27/src/semanage.conf
 --- nsalibsemanage/src/semanage.conf	2008-06-12 23:25:16.000000000 -0400
-+++ libsemanage-2.0.27/src/semanage.conf	2008-08-08 14:00:37.000000000 -0400
++++ libsemanage-2.0.27/src/semanage.conf	2008-08-14 14:53:32.000000000 -0400
 @@ -35,4 +35,4 @@
  # given in <sepol/policydb.h>.  Change this setting if a different
  # version is necessary.
@@ -90,7 +112,7 @@
 +expand-check=0
 diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.27/src/semanage_store.c
 --- nsalibsemanage/src/semanage_store.c	2008-06-12 23:25:16.000000000 -0400
-+++ libsemanage-2.0.27/src/semanage_store.c	2008-08-08 15:23:20.000000000 -0400
++++ libsemanage-2.0.27/src/semanage_store.c	2008-08-14 14:53:32.000000000 -0400
 @@ -1648,6 +1648,47 @@
  }
  
@@ -141,7 +163,7 @@
  int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out)
 diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.27/src/semanage_store.h
 --- nsalibsemanage/src/semanage_store.h	2008-06-12 23:25:16.000000000 -0400
-+++ libsemanage-2.0.27/src/semanage_store.h	2008-08-11 09:05:16.000000000 -0400
++++ libsemanage-2.0.27/src/semanage_store.h	2008-08-14 14:53:32.000000000 -0400
 @@ -97,6 +97,9 @@
  			    sepol_module_package_t * base,
  			    sepol_policydb_t ** policydb);
@@ -152,3 +174,79 @@
  int semanage_write_policydb(semanage_handle_t * sh,
  			    sepol_policydb_t * policydb);
  
+diff --exclude-from=exclude -N -u -r nsalibsemanage/tests/test_fcontext.c libsemanage-2.0.27/tests/test_fcontext.c
+--- nsalibsemanage/tests/test_fcontext.c	1969-12-31 19:00:00.000000000 -0500
++++ libsemanage-2.0.27/tests/test_fcontext.c	2008-08-15 10:59:48.000000000 -0400
+@@ -0,0 +1,72 @@
++#include <semanage/fcontext_record.h>
++#include <semanage/semanage.h>
++#include <semanage/fcontexts_local.h>
++#include <sepol/sepol.h>
++
++#include <errno.h>
++#include <stdio.h>
++#include <stdlib.h>
++
++int main(const int argc, const char **argv) {
++	semanage_handle_t *sh = NULL;
++	semanage_fcontext_t *fcontext;
++	semanage_context_t *con;
++	semanage_fcontext_key_t *k;
++
++	int exist = 0;
++	sh = semanage_handle_create();
++	if (sh == NULL) { 
++		perror("Can't create semanage handle\n");
++		return -1;
++	}
++        if (semanage_access_check(sh) < 0) {
++		perror("Semanage access check failed\n");
++		return -1;
++	}
++        if (semanage_connect(sh) < 0) {
++		perror("Semanage connect failed\n");
++		return -1;
++	}
++
++	if (semanage_fcontext_key_create(sh, argv[2], SEMANAGE_FCONTEXT_REG, &k) < 0) {
++		fprintf(stderr, "Could not create key for %s", argv[2]);
++		return -1;
++	}
++
++	if(semanage_fcontext_exists(sh, k, &exist) < 0) {
++		fprintf(stderr,"Could not check if key exists for %s", argv[2]);
++		return -1;
++	}
++	if (exist) {
++		fprintf(stderr,"Could create %s mapping already exists", argv[2]);
++		return -1;
++	}
++
++	if (semanage_fcontext_create(sh, &fcontext) < 0) {
++		fprintf(stderr,"Could not create file context for %s", argv[2]);
++		return -1;
++	}
++	semanage_fcontext_set_expr(sh, fcontext, argv[2]);
++
++	if (semanage_context_from_string(sh, argv[1], &con)) {
++		fprintf(stderr,"Could not create context using %s for file context %s", argv[1], argv[2]);
++		return -1;
++	}
++
++	if (semanage_fcontext_set_con(sh, fcontext, con) < 0) {
++		fprintf(stderr,"Could not set file context for %s", argv[2]);
++		return -1;
++	}
++
++	semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_REG);
++
++	if(semanage_fcontext_modify_local(sh, k, fcontext) < 0) {
++		fprintf(stderr,"Could not add file context for %s", argv[2]);
++		return -1;
++	}
++	semanage_fcontext_key_free(k);
++	semanage_fcontext_free(fcontext);
++
++	return 0;
++}
++

More information about the fedora-extras-commits mailing list