rpms/libselinux/devel libselinux-rhat.patch, 1.90, 1.91 libselinux.spec, 1.216, 1.217
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Aug 10 15:34:51 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/libselinux/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv25636
Modified Files:
libselinux-rhat.patch libselinux.spec
Log Message:
* Wed Aug 9 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.22-2
- Fix translation return codes to return size of buffer
libselinux-rhat.patch:
fgetfilecon.c | 3 +++
getfilecon.c | 2 ++
lgetfilecon.c | 2 ++
3 files changed, 7 insertions(+)
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/libselinux/devel/libselinux-rhat.patch,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- libselinux-rhat.patch 21 Jun 2006 19:58:52 -0000 1.90
+++ libselinux-rhat.patch 10 Aug 2006 15:34:46 -0000 1.91
@@ -1,291 +1,35 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.30.15/include/selinux/selinux.h
---- nsalibselinux/include/selinux/selinux.h 2006-06-16 15:08:24.000000000 -0400
-+++ libselinux-1.30.15/include/selinux/selinux.h 2006-06-21 15:26:36.000000000 -0400
-@@ -429,8 +429,19 @@
- Caller must free the returned strings via free. */
- extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
-
-+/* This function compares two file context, ignoring the user component */
-+int selinux_file_context_cmp(const security_context_t a, const security_context_t b);
-+
-+/* This function looks at the file context on disk and compares it to the
-+system defaults, it returns 0 on match non 0 on failure */
-+int selinux_file_context_verify(const char *path, mode_t mode);
-+
-+/* This function sets the file context on to the system defaults returns 0 on success */
-+int selinux_lsetfilecon_default(const char *path);
-+
- #ifdef __cplusplus
- }
- #endif
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.30.22/src/fgetfilecon.c
+--- nsalibselinux/src/fgetfilecon.c 2006-07-03 07:52:49.000000000 -0400
++++ libselinux-1.30.22/src/fgetfilecon.c 2006-08-10 11:09:07.000000000 -0400
+@@ -58,5 +58,8 @@
+ freecon(rcontext);
+ }
- #endif
++ if (ret >= 0)
++ return strlen(*context);
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-1.30.15/man/man8/matchpathcon.8
---- nsalibselinux/man/man8/matchpathcon.8 2006-05-15 09:43:24.000000000 -0400
-+++ libselinux-1.30.15/man/man8/matchpathcon.8 2006-06-21 15:26:36.000000000 -0400
-@@ -3,13 +3,25 @@
- matchpathcon \- get the default security context for the specified path from the file contexts configuration.
-
- .SH "SYNOPSIS"
--.B matchpathcon [-n] filepath...
--
-+.B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath...
- .SH "DESCRIPTION"
- .B matchpathcon
- Prints the file path and the default security context associated with it.
-+.SH OPTIONS
-+.B \-n
-+Do not display path.
-+.br
-+.B \-N
-+Do not use translations.
-+.br
-+.B \-f file_context_file
-+Use alternate file_context file
-+.br
-+.B \-p prefix
-+Use prefix to speed translations
- .br
--If the -n option is given, do not display path.
-+.B \-V
-+Verify file context on disk matches defaults
-
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.30.15/src/matchpathcon.c
---- nsalibselinux/src/matchpathcon.c 2006-05-18 12:11:17.000000000 -0400
-+++ libselinux-1.30.15/src/matchpathcon.c 2006-06-21 15:37:18.000000000 -0400
-@@ -20,10 +20,12 @@
- #endif
- default_printf(const char *fmt, ...)
- {
-+#ifdef DEBUG
- va_list ap;
- va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
- va_end(ap);
-+#endif
- }
-
- static void
-@@ -50,7 +52,7 @@
- static int default_canoncon(const char *path, unsigned lineno, char **context)
- {
- char *tmpcon;
-- if (security_canonicalize_context(*context, &tmpcon) < 0) {
-+ if (security_canonicalize_context_raw(*context, &tmpcon) < 0) {
- if (errno == ENOENT)
- return 0;
- if (lineno)
-@@ -74,7 +76,7 @@
- mycanoncon = &default_canoncon;
+ return ret;
}
-
--static unsigned int myflags;
-+static __thread unsigned int myflags;
-
- void set_matchpathcon_flags(unsigned int flags)
- {
-@@ -552,21 +554,6 @@
-
- skip_type:
- if (strcmp(context, "<<none>>")) {
-- char *tmpcon = NULL;
--
-- if (myflags & MATCHPATHCON_NOTRANS)
-- goto skip_trans;
--
-- if (selinux_raw_to_trans_context(context, &tmpcon)) {
-- myprintf("%s: line %u has invalid "
-- "context %s\n",
-- path, lineno, context);
-- return 0;
-- }
-- free(context);
-- context = tmpcon;
--
--skip_trans:
- if (myflags & MATCHPATHCON_VALIDATE) {
- if (myinvalidcon) {
- /* Old-style validation of context. */
-@@ -831,7 +818,12 @@
- spec_arr[i].context_valid = 1;
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.30.22/src/getfilecon.c
+--- nsalibselinux/src/getfilecon.c 2006-07-03 07:52:49.000000000 -0400
++++ libselinux-1.30.22/src/getfilecon.c 2006-08-10 11:09:59.000000000 -0400
+@@ -57,6 +57,8 @@
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
}
++ if (ret >= 0)
++ return strlen(*context);
-- *con = strdup(spec_arr[i].context);
-+ if (myflags & MATCHPATHCON_NOTRANS) {
-+ *con = strdup(spec_arr[i].context);
-+ } else {
-+ if (selinux_raw_to_trans_context(spec_arr[i].context, con))
-+ return -1;
-+ }
- if (!(*con))
- return -1;
-
-@@ -877,3 +869,72 @@
- }
- }
+ return ret;
}
-+
-+/* Compare two contexts to see if their differences are "significant",
-+ * or whether the only difference is in the user. */
-+int selinux_file_context_cmp(const security_context_t a, const security_context_t b)
-+{
-+ char *rest_a, *rest_b; /* Rest of the context after the user */
-+ if (!a && !b) return 0;
-+ if (!a && b) return -1;
-+ if (a && !b) return 1;
-+ rest_a = strchr((char *)a, ':');
-+ rest_b = strchr((char *)b, ':');
-+ if (!rest_a && !rest_b) return 0;
-+ if (!rest_a && rest_b) return -1;
-+ if (rest_a && !rest_b) return 1;
-+ return strcmp(rest_a, rest_b);
-+}
-+
-+int selinux_file_context_verify(const char *path, mode_t mode)
-+{
-+ security_context_t con = NULL;
-+ security_context_t fcontext = NULL;
-+ unsigned int localflags=myflags;
-+ int rc=0;
-+
-+ rc = lgetfilecon_raw(path, &con);
-+ if (rc == -1) {
-+ if (errno != ENOTSUP)
-+ return 1;
-+ else
-+ return 0;
-+ }
-+
-+ set_matchpathcon_flags(myflags | MATCHPATHCON_NOTRANS);
-+ if (matchpathcon(path,mode,&fcontext) != 0) {
-+ if (errno != ENOENT)
-+ rc = 1;
-+ else
-+ rc = 0;
-+ }
-+ else
-+ rc = (selinux_file_context_cmp(fcontext, con) == 0);
-+ set_matchpathcon_flags(localflags);
-+ freecon(con);
-+ freecon(fcontext);
-+ return rc;
-+}
-+
-+
-+int selinux_lsetfilecon_default(const char *path) {
-+ struct stat st;
-+ int rc = -1;
-+ security_context_t scontext=NULL;
-+ unsigned int localflags=myflags;
-+ if (lstat(path, &st) != 0)
-+ return rc;
-+
-+ set_matchpathcon_flags(myflags | MATCHPATHCON_NOTRANS);
-+
-+ /* If there's an error determining the context, or it has none,
-+ return to allow default context */
-+ if (matchpathcon(path, st.st_mode, &scontext)) {
-+ if (errno == ENOENT) rc = 0;
-+ } else {
-+ rc = lsetfilecon_raw(path, scontext);
-+ freecon(scontext);
-+ }
-+ set_matchpathcon_flags(localflags);
-+ return rc;
-+}
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-1.30.15/utils/matchpathcon.c
---- nsalibselinux/utils/matchpathcon.c 2006-05-18 12:11:17.000000000 -0400
-+++ libselinux-1.30.15/utils/matchpathcon.c 2006-06-21 15:26:36.000000000 -0400
-@@ -12,19 +12,44 @@
- exit(1);
- }
-
-+int printmatchpathcon(char *path, int header) {
-+ char *buf;
-+ int rc = matchpathcon(path, 0, &buf);
-+ if (rc < 0) {
-+ fprintf(stderr, "matchpathcon(%s) failed: %s\n", path, strerror(errno));
-+ return 1;
-+ }
-+ if (header)
-+ printf("%s\t%s\n", path, buf);
-+ else
-+ printf("%s\n", buf);
-+
-+ freecon(buf);
-+ return 0;
-+}
-+
- int main(int argc, char **argv)
- {
-- char *buf;
-- int rc, i, init = 0;
-+ int i, init = 0;
- int header=1, opt;
-+ int verify=0;
-+ int notrans=0;
-+ int error=0;
-
- if (argc < 2) usage(argv[0]);
-
-- while ((opt = getopt(argc, argv, "nf:p:")) > 0) {
-+ while ((opt = getopt(argc, argv, "Nnf:p:V")) > 0) {
- switch (opt) {
- case 'n':
- header=0;
- break;
-+ case 'V':
-+ verify=1;
-+ break;
-+ case 'N':
-+ notrans=1;
-+ set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
-+ break;
- case 'f':
- if (init) {
- fprintf(stderr, "%s: -f and -p are exclusive\n", argv[0]);
-@@ -54,18 +79,30 @@
- }
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.30.22/src/lgetfilecon.c
+--- nsalibselinux/src/lgetfilecon.c 2006-07-03 07:52:49.000000000 -0400
++++ libselinux-1.30.22/src/lgetfilecon.c 2006-08-10 11:06:59.000000000 -0400
+@@ -58,5 +58,7 @@
+ freecon(rcontext);
}
- for (i = optind; i < argc; i++) {
-- rc = matchpathcon(argv[i], 0, &buf);
-- if (rc < 0) {
-- fprintf(stderr, "%s: matchpathcon(%s) failed\n", argv[0], argv[i]);
-- return 2;
-- }
-- if (header)
-- printf("%s\t%s\n", argv[i], buf);
-- else
-- printf("%s\n", buf);
-+ if (verify) {
-+ if (selinux_file_context_verify(argv[i], 0)) {
-+ printf("%s verified.\n", argv[i]);
-+ } else {
-+ security_context_t con;
-+ int rc;
-+ if (notrans)
-+ rc = lgetfilecon_raw(argv[i], &con);
-+ else
-+ rc = lgetfilecon(argv[i], &con);
-- freecon(buf);
-+ if (rc >= 0) {
-+ printf("%s has context %s, should be ", argv[i], con);
-+ error += printmatchpathcon(argv[i], 0);
-+ freecon(con);
-+ } else {
-+ printf("actual context unknown: %s, should be ", strerror(errno));
-+ error += printmatchpathcon(argv[i], 0);
-+ }
-+ }
-+ } else {
-+ error += printmatchpathcon(argv[i], header);
-+ }
- }
- matchpathcon_fini();
-- return 0;
-+ return error;
++ if (ret >= 0)
++ return strlen(*context);
+ return ret;
}
Index: libselinux.spec
===================================================================
RCS file: /cvs/dist/rpms/libselinux/devel/libselinux.spec,v
retrieving revision 1.216
retrieving revision 1.217
diff -u -r1.216 -r1.217
--- libselinux.spec 4 Aug 2006 22:49:48 -0000 1.216
+++ libselinux.spec 10 Aug 2006 15:34:47 -0000 1.217
@@ -2,10 +2,12 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 1.30.22
-Release: 1
+Release: 2
License: Public domain (uncopyrighted)
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
+Patch: libselinux-rhat.patch
+
BuildRequires: libsepol-devel >= %{libsepolver} swig
Requires: libsepol >= %{libsepolver} setransd
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -46,6 +48,7 @@
%prep
%setup -q
+%patch -p1 -b .rhat
%build
make clean
@@ -115,6 +118,9 @@
%{_libdir}/python*/site-packages/selinux.py*
%changelog
+* Wed Aug 9 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.22-2
+- Fix translation return codes to return size of buffer
+
* Tue Aug 1 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.22-1
- Upgrade to latest from NSA
* Merged no-tls-direct-seg-refs patch from Jeremy Katz.
More information about the fedora-cvs-commits
mailing list