rpms/libselinux/devel libselinux-rhat.patch, 1.90, 1.91 libselinux.spec, 1.216, 1.217

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Aug 10 15:34:51 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/libselinux/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv25636

Modified Files:
	libselinux-rhat.patch libselinux.spec 
Log Message:
* Wed Aug  9 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.22-2
- Fix translation return codes to return size of buffer


libselinux-rhat.patch:
 fgetfilecon.c |    3 +++
 getfilecon.c  |    2 ++
 lgetfilecon.c |    2 ++
 3 files changed, 7 insertions(+)

Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/libselinux/devel/libselinux-rhat.patch,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- libselinux-rhat.patch	21 Jun 2006 19:58:52 -0000	1.90
+++ libselinux-rhat.patch	10 Aug 2006 15:34:46 -0000	1.91
@@ -1,291 +1,35 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.30.15/include/selinux/selinux.h
---- nsalibselinux/include/selinux/selinux.h	2006-06-16 15:08:24.000000000 -0400
-+++ libselinux-1.30.15/include/selinux/selinux.h	2006-06-21 15:26:36.000000000 -0400
-@@ -429,8 +429,19 @@
-    Caller must free the returned strings via free. */
- extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
- 
-+/* This function compares two file context, ignoring the user component */
-+int selinux_file_context_cmp(const security_context_t a, const security_context_t b);
-+
-+/* This function looks at the file context on disk and compares it to the 
-+system defaults, it returns 0 on match non 0 on failure */
-+int selinux_file_context_verify(const char *path, mode_t mode);
-+
-+/* This function sets the file context on to the system defaults returns 0 on success */
-+int selinux_lsetfilecon_default(const char *path);
-+
- #ifdef __cplusplus
- }
- #endif
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.30.22/src/fgetfilecon.c
+--- nsalibselinux/src/fgetfilecon.c	2006-07-03 07:52:49.000000000 -0400
++++ libselinux-1.30.22/src/fgetfilecon.c	2006-08-10 11:09:07.000000000 -0400
+@@ -58,5 +58,8 @@
+ 		freecon(rcontext);
+ 	}
  
- #endif
++	if (ret >= 0)
++		return strlen(*context);
 +
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-1.30.15/man/man8/matchpathcon.8
---- nsalibselinux/man/man8/matchpathcon.8	2006-05-15 09:43:24.000000000 -0400
-+++ libselinux-1.30.15/man/man8/matchpathcon.8	2006-06-21 15:26:36.000000000 -0400
-@@ -3,13 +3,25 @@
- matchpathcon \- get the default security context for the specified path from the file contexts configuration.
- 
- .SH "SYNOPSIS"
--.B matchpathcon [-n] filepath...
--
-+.B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath...
- .SH "DESCRIPTION"
- .B matchpathcon
- Prints the file path and the default security context associated with it.
-+.SH OPTIONS
-+.B \-n
-+Do not display path.
-+.br
-+.B \-N
-+Do not use translations.
-+.br
-+.B \-f file_context_file
-+Use alternate file_context file
-+.br
-+.B \-p prefix
-+Use prefix to speed translations
- .br
--If the -n option is given, do not display path.
-+.B \-V
-+Verify file context on disk matches defaults
- 
- .SH AUTHOR	
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.30.15/src/matchpathcon.c
---- nsalibselinux/src/matchpathcon.c	2006-05-18 12:11:17.000000000 -0400
-+++ libselinux-1.30.15/src/matchpathcon.c	2006-06-21 15:37:18.000000000 -0400
-@@ -20,10 +20,12 @@
- #endif
- default_printf(const char *fmt, ...) 
- {
-+#ifdef DEBUG
- 	va_list ap;
- 	va_start(ap, fmt);
- 	vfprintf(stderr, fmt, ap);
- 	va_end(ap);
-+#endif
- }
- 
- static void 
-@@ -50,7 +52,7 @@
- static int default_canoncon(const char *path, unsigned lineno, char **context)
- {
- 	char *tmpcon;
--	if (security_canonicalize_context(*context, &tmpcon) < 0) {
-+	if (security_canonicalize_context_raw(*context, &tmpcon) < 0) {
- 		if (errno == ENOENT)
- 			return 0;
- 		if (lineno)
-@@ -74,7 +76,7 @@
- 		mycanoncon = &default_canoncon;
+ 	return ret;
  }
- 
--static unsigned int myflags;
-+static __thread unsigned int myflags;
- 
- void set_matchpathcon_flags(unsigned int flags)
- {
-@@ -552,21 +554,6 @@
- 		
- 	skip_type:
- 		if (strcmp(context, "<<none>>")) {
--			char *tmpcon = NULL;
--
--			if (myflags & MATCHPATHCON_NOTRANS)
--				goto skip_trans;
--
--			if (selinux_raw_to_trans_context(context, &tmpcon)) {
--				myprintf("%s: line %u has invalid "
--					 "context %s\n",
--					 path, lineno, context);
--				return 0;
--			}
--			free(context);
--			context = tmpcon;
--
--skip_trans:
- 			if (myflags & MATCHPATHCON_VALIDATE) {
- 				if (myinvalidcon) {
- 					/* Old-style validation of context. */
-@@ -831,7 +818,12 @@
- 		spec_arr[i].context_valid = 1;
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.30.22/src/getfilecon.c
+--- nsalibselinux/src/getfilecon.c	2006-07-03 07:52:49.000000000 -0400
++++ libselinux-1.30.22/src/getfilecon.c	2006-08-10 11:09:59.000000000 -0400
+@@ -57,6 +57,8 @@
+ 		ret = selinux_raw_to_trans_context(rcontext, context);
+ 		freecon(rcontext);
  	}
++	if (ret >= 0)
++		return strlen(*context);
  
--	*con = strdup(spec_arr[i].context);
-+	if (myflags & MATCHPATHCON_NOTRANS) {
-+		*con = strdup(spec_arr[i].context);
-+	} else {
-+		if (selinux_raw_to_trans_context(spec_arr[i].context, con)) 
-+			return -1;
-+	}
- 	if (!(*con))
- 		return -1;
- 
-@@ -877,3 +869,72 @@
- 		}
- 	}
+ 	return ret;
  }
-+
-+/* Compare two contexts to see if their differences are "significant",
-+ * or whether the only difference is in the user. */
-+int selinux_file_context_cmp(const security_context_t a, const security_context_t b)
-+{
-+	char *rest_a, *rest_b; /* Rest of the context after the user */
-+	if (!a && !b) return 0;
-+	if (!a && b) return -1;
-+	if (a && !b) return 1;
-+	rest_a = strchr((char *)a, ':');
-+	rest_b = strchr((char *)b, ':');
-+	if (!rest_a && !rest_b) return 0;
-+	if (!rest_a && rest_b) return -1;
-+	if (rest_a && !rest_b) return 1;
-+	return  strcmp(rest_a, rest_b);
-+}
-+
-+int selinux_file_context_verify(const char *path, mode_t mode)
-+{
-+ 	security_context_t con = NULL;
-+ 	security_context_t fcontext = NULL;
-+	unsigned int localflags=myflags;
-+	int rc=0;
-+
-+	rc = lgetfilecon_raw(path, &con);
-+	if (rc == -1) {
-+		if (errno != ENOTSUP)
-+			return 1;
-+	        else
-+			return 0;
-+	}
-+
-+	set_matchpathcon_flags(myflags | MATCHPATHCON_NOTRANS);
-+	if (matchpathcon(path,mode,&fcontext) != 0)  {
-+		if (errno != ENOENT) 
-+			rc = 1;
-+		else
-+			rc = 0;
-+	} 
-+	else 
-+		rc = (selinux_file_context_cmp(fcontext, con) == 0);
-+	set_matchpathcon_flags(localflags);
-+	freecon(con);
-+	freecon(fcontext); 
-+	return rc;
-+}
-+
-+
-+int selinux_lsetfilecon_default(const char *path) {
-+	struct stat st;
-+	int rc = -1;
-+	security_context_t scontext=NULL;
-+	unsigned int localflags=myflags;
-+	if (lstat(path, &st) != 0)
-+		return rc;
-+
-+	set_matchpathcon_flags(myflags | MATCHPATHCON_NOTRANS);
-+
-+	/* If there's an error determining the context, or it has none, 
-+	   return to allow default context */
-+	if (matchpathcon(path, st.st_mode, &scontext)) {
-+		if (errno == ENOENT) rc = 0;
-+	} else 	{
-+		rc = lsetfilecon_raw(path, scontext);
-+		freecon(scontext);
-+	}
-+	set_matchpathcon_flags(localflags);
-+	return rc;
-+}
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-1.30.15/utils/matchpathcon.c
---- nsalibselinux/utils/matchpathcon.c	2006-05-18 12:11:17.000000000 -0400
-+++ libselinux-1.30.15/utils/matchpathcon.c	2006-06-21 15:26:36.000000000 -0400
-@@ -12,19 +12,44 @@
- 	exit(1);
- }
- 
-+int printmatchpathcon(char *path, int header) {
-+	char *buf;
-+	int rc = matchpathcon(path, 0, &buf);
-+	if (rc < 0) {
-+		fprintf(stderr, "matchpathcon(%s) failed: %s\n", path, strerror(errno));
-+		return 1;
-+	}
-+	if (header)
-+		printf("%s\t%s\n", path, buf);
-+	else
-+		printf("%s\n", buf);
-+	
-+	freecon(buf);
-+	return 0;
-+}
-+
- int main(int argc, char **argv) 
- {
--	char *buf;
--	int rc, i, init = 0;
-+	int i, init = 0;
- 	int header=1, opt;
-+	int verify=0;
-+	int notrans=0;
-+	int error=0;
- 
- 	if (argc < 2) usage(argv[0]);
- 
--	while ((opt = getopt(argc, argv, "nf:p:")) > 0) {
-+	while ((opt = getopt(argc, argv, "Nnf:p:V")) > 0) {
- 		switch (opt) {
- 		case 'n':
- 			header=0;
- 			break;
-+		case 'V':
-+			verify=1;
-+			break;
-+		case 'N':
-+			notrans=1;
-+			set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
-+			break;
- 		case 'f':
- 			if (init) {
- 				fprintf(stderr, "%s:  -f and -p are exclusive\n", argv[0]);
-@@ -54,18 +79,30 @@
- 		}
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.30.22/src/lgetfilecon.c
+--- nsalibselinux/src/lgetfilecon.c	2006-07-03 07:52:49.000000000 -0400
++++ libselinux-1.30.22/src/lgetfilecon.c	2006-08-10 11:06:59.000000000 -0400
+@@ -58,5 +58,7 @@
+ 		freecon(rcontext);
  	}
- 	for (i = optind; i < argc; i++) {
--		rc = matchpathcon(argv[i], 0, &buf);
--		if (rc < 0) {
--			fprintf(stderr, "%s:  matchpathcon(%s) failed\n", argv[0], argv[i]);
--			return 2;
--		}
--		if (header)
--			printf("%s\t%s\n", argv[i], buf);
--		else
--			printf("%s\n", buf);
-+		if (verify) {
-+			if (selinux_file_context_verify(argv[i], 0)) {
-+				printf("%s verified.\n", argv[i]);
-+			} else {
-+				security_context_t con;
-+				int rc;
-+				if (notrans) 
-+					rc = lgetfilecon_raw(argv[i], &con);
-+				else
-+					rc = lgetfilecon(argv[i], &con);
  
--		freecon(buf);
-+				if (rc >= 0) {
-+					printf("%s has context %s, should be ", argv[i], con);
-+					error += printmatchpathcon(argv[i], 0);
-+					freecon(con);
-+				} else {
-+					printf("actual context unknown: %s, should be ", strerror(errno));
-+					error += printmatchpathcon(argv[i], 0);
-+				}
-+			}
-+		} else {
-+			error += printmatchpathcon(argv[i], header);
-+		}
- 	}
- 	matchpathcon_fini();
--	return 0;
-+	return error;
++	if (ret >= 0)
++		return strlen(*context);
+ 	return ret;
  }


Index: libselinux.spec
===================================================================
RCS file: /cvs/dist/rpms/libselinux/devel/libselinux.spec,v
retrieving revision 1.216
retrieving revision 1.217
diff -u -r1.216 -r1.217
--- libselinux.spec	4 Aug 2006 22:49:48 -0000	1.216
+++ libselinux.spec	10 Aug 2006 15:34:47 -0000	1.217
@@ -2,10 +2,12 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 1.30.22
-Release: 1
+Release: 2
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
+Patch: libselinux-rhat.patch
+
 BuildRequires: libsepol-devel >= %{libsepolver} swig
 Requires: libsepol >= %{libsepolver} setransd
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -46,6 +48,7 @@
 
 %prep
 %setup -q
+%patch -p1 -b .rhat
 
 %build
 make clean
@@ -115,6 +118,9 @@
 %{_libdir}/python*/site-packages/selinux.py*
 
 %changelog
+* Wed Aug  9 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.22-2
+- Fix translation return codes to return size of buffer
+
 * Tue Aug  1 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.22-1
 - Upgrade to latest from NSA
 	* Merged no-tls-direct-seg-refs patch from Jeremy Katz.

More information about the fedora-cvs-commits mailing list