rpms/libselinux/FC-6 libselinux-rhat.patch, 1.94, 1.95 libselinux.spec, 1.231, 1.232 sources, 1.123, 1.124
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 9 17:20:49 UTC 2007
- Previous message (by thread): rpms/policycoreutils/FC-6 policycoreutils-po.patch, 1.11, 1.12 policycoreutils-rhat.patch, 1.248, 1.249 policycoreutils.spec, 1.327, 1.328 sources, 1.131, 1.132
- Next message (by thread): rpms/libofx/devel libofx-0.8.3-xml++.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 libofx.spec, 1.23, 1.24 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/libselinux/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv27597
Modified Files:
libselinux-rhat.patch libselinux.spec sources
Log Message:
* Fri Jan 5 2007 Dan Walsh <dwalsh at redhat.com> - 1.33.3-2
- Add securetty handling
Resolves: #200110
libselinux-rhat.patch:
include/selinux/selinux.h | 5 ++
man/man3/selinux_binary_policy_path.3 | 4 ++
man/man3/selinux_check_securetty_context.3 | 13 +++++++
man/man3/selinux_securetty_context_path.3 | 1
src/file_path_suffixes.h | 1
src/selinux_check_securetty_context.c | 49 +++++++++++++++++++++++++++++
src/selinux_config.c | 9 ++++-
src/selinux_internal.h | 2 +
utils/selinux_check_securetty_context.c | 40 +++++++++++++++++++++++
9 files changed, 122 insertions(+), 2 deletions(-)
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/libselinux/FC-6/libselinux-rhat.patch,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- libselinux-rhat.patch 6 Dec 2006 19:38:55 -0000 1.94
+++ libselinux-rhat.patch 9 Jan 2007 17:20:47 -0000 1.95
@@ -1,64 +1,223 @@
-Binary files nsalibselinux/utils/matchpathcon and libselinux-1.33.2/utils/matchpathcon differ
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-1.33.2/utils/matchpathcon.c
---- nsalibselinux/utils/matchpathcon.c 2006-11-16 17:15:17.000000000 -0500
-+++ libselinux-1.33.2/utils/matchpathcon.c 2006-12-06 14:11:29.000000000 -0500
-@@ -4,20 +4,23 @@
- #include <getopt.h>
- #include <errno.h>
- #include <string.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <sys/errno.h>
- #include <selinux/selinux.h>
+diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.33.3/include/selinux/selinux.h
+--- nsalibselinux/include/selinux/selinux.h 2006-11-16 17:15:18.000000000 -0500
++++ libselinux-1.33.3/include/selinux/selinux.h 2007-01-05 11:57:44.000000000 -0500
+@@ -406,6 +406,7 @@
+ extern const char *selinux_homedir_context_path(void);
+ extern const char *selinux_media_context_path(void);
+ extern const char *selinux_contexts_path(void);
++ extern const char *selinux_securetty_context_path(void);
+ extern const char *selinux_booleans_path(void);
+ extern const char *selinux_customizable_types_path(void);
+ extern const char *selinux_users_path(void);
+@@ -413,12 +414,14 @@
+ extern const char *selinux_translations_path(void);
+ extern const char *selinux_netfilter_context_path(void);
+ extern const char *selinux_path(void);
+-
+ /* Check a permission in the passwd class.
+ Return 0 if granted or -1 otherwise. */
+ extern int selinux_check_passwd_access(access_vector_t requested);
+ extern int checkPasswdAccess(access_vector_t requested);
- void usage(const char *progname)
- {
- fprintf(stderr,
-- "usage: %s [-n] [-f file_contexts] [-p prefix] path...\n",
-+ "usage: %s [-N] [-n] [-f file_contexts] [-p prefix] [-V] path...\n",
- progname);
- exit(1);
- }
++/* Check if the tty_context is defined as a securetty
++ Return 1 if secure, 0 if not, or -1 if otherwise. */
++ extern int selinux_check_securetty_context(security_context_t tty_context);
+ /* Set the path to the selinuxfs mount point explicitly.
+ Normally, this is determined automatically during libselinux
+ initialization, but this is not always possible, e.g. for /sbin/init
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-1.33.3/man/man3/selinux_binary_policy_path.3
+--- nsalibselinux/man/man3/selinux_binary_policy_path.3 2006-11-16 17:15:30.000000000 -0500
++++ libselinux-1.33.3/man/man3/selinux_binary_policy_path.3 2007-01-05 11:57:44.000000000 -0500
+@@ -27,6 +27,8 @@
+ .br
+ extern const char *selinux_media_context_path(void);
+ .br
++extern const char *selinux_securetty_context_path(void);
++.br
+ extern const char *selinux_contexts_path(void);
+ .br
+ extern const char *selinux_booleans_path(void);
+@@ -56,6 +58,8 @@
+ .sp
+ selinux_contexts_path() - directory containing all of the context configuration files
+ .sp
++selinux_securetty_context_path() - defines terminal contexts for securetty
++.sp
+ selinux_booleans_path() - initial policy boolean settings
--int printmatchpathcon(char *path, int header)
-+int printmatchpathcon(char *path, int header, int mode)
+ .SH AUTHOR
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_securetty_context.3 libselinux-1.33.3/man/man3/selinux_check_securetty_context.3
+--- nsalibselinux/man/man3/selinux_check_securetty_context.3 1969-12-31 19:00:00.000000000 -0500
++++ libselinux-1.33.3/man/man3/selinux_check_securetty_context.3 2007-01-05 11:57:44.000000000 -0500
+@@ -0,0 +1,13 @@
++.TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh at redhat.com" "SE Linux API documentation"
++.SH "NAME"
++selinux_check_securetty_context \- check whether a tty security context is defined as a securetty context
++.SH "SYNOPSIS"
++.B #include <selinux/selinux.h>
++.sp
++.BI "int selinux_check_securetty_context(security_context_t "tty_context );
++
++.SH "DESCRIPTION"
++.B selinux_check_securetty_context
++returns 1 if tty_context is a securetty context
++returns 0 if tty_context is a not a securetty context
++returns -1 on error.
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_securetty_context_path.3 libselinux-1.33.3/man/man3/selinux_securetty_context_path.3
+--- nsalibselinux/man/man3/selinux_securetty_context_path.3 1969-12-31 19:00:00.000000000 -0500
++++ libselinux-1.33.3/man/man3/selinux_securetty_context_path.3 2007-01-05 11:57:44.000000000 -0500
+@@ -0,0 +1 @@
++.so man3/selinux_binary_policy_path.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-1.33.3/src/file_path_suffixes.h
+--- nsalibselinux/src/file_path_suffixes.h 2006-11-16 17:15:25.000000000 -0500
++++ libselinux-1.33.3/src/file_path_suffixes.h 2007-01-05 11:57:44.000000000 -0500
+@@ -7,6 +7,7 @@
+ S_(USER_CONTEXTS, "/contexts/users/")
+ S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
+ S_(DEFAULT_TYPE, "/contexts/default_type")
++ S_(SECURETTY_CONTEXTS, "/contexts/securetty_contexts")
+ S_(BOOLEANS, "/booleans")
+ S_(MEDIA_CONTEXTS, "/contexts/files/media")
+ S_(REMOVABLE_CONTEXT, "/contexts/removable_context")
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_context.c libselinux-1.33.3/src/selinux_check_securetty_context.c
+--- nsalibselinux/src/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500
++++ libselinux-1.33.3/src/selinux_check_securetty_context.c 2007-01-05 11:57:44.000000000 -0500
+@@ -0,0 +1,49 @@
++#include <unistd.h>
++#include <stdlib.h>
++#include <string.h>
++#include <stdio.h>
++#include <ctype.h>
++#include "selinux_internal.h"
++#include "context_internal.h"
++
++int selinux_check_securetty_context(security_context_t tty_context)
++{
++ char buf[250];
++ char *ptr = "", *end;
++ size_t len;
++ int found = -1;
++ FILE *fp;
++ fp = fopen(selinux_securetty_context_path(), "r");
++ if (fp) {
++ context_t con =context_new(tty_context);
++ if (con) {
++ char *type=context_type_get(con);
++ found = 0;
++ len = strlen(type);
++ while (!feof_unlocked(fp)) {
++ if (!fgets_unlocked(buf, sizeof buf, fp))
++ break;
++
++ if (buf[strlen(buf) - 1])
++ buf[strlen(buf) - 1] = 0;
++
++ ptr = buf;
++ while (*ptr && isspace(*ptr))
++ ptr++;
++ if (!(*ptr))
++ continue;
++
++ if (!strncmp(type, ptr, len)) {
++ found = 1;
++ break;
++ }
++ }
++ context_free(con);
++ }
++ fclose(fp);
++ }
++
++ return found;
++}
++
++hidden_def(selinux_check_securetty_context)
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.33.3/src/selinux_config.c
+--- nsalibselinux/src/selinux_config.c 2006-11-16 17:15:25.000000000 -0500
++++ libselinux-1.33.3/src/selinux_config.c 2007-01-05 11:57:44.000000000 -0500
+@@ -38,7 +38,8 @@
+ #define NETFILTER_CONTEXTS 15
+ #define FILE_CONTEXTS_HOMEDIR 16
+ #define FILE_CONTEXTS_LOCAL 17
+-#define NEL 18
++#define SECURETTY_CONTEXTS 18
++#define NEL 19
+
+ /* New layout is relative to SELINUXDIR/policytype. */
+ static char *file_paths[NEL];
+@@ -299,6 +300,12 @@
+
+ hidden_def(selinux_default_context_path)
+
++const char *selinux_securetty_context_path()
++{
++ return get_path(SECURETTY_CONTEXTS);
++}
++hidden_def(selinux_securetty_context_path)
++
+ const char *selinux_failsafe_context_path()
{
- char *buf;
-- int rc = matchpathcon(path, 0, &buf);
-+ int rc = matchpathcon(path, mode, &buf);
- if (rc < 0) {
- fprintf(stderr, "matchpathcon(%s) failed: %s\n", path,
- strerror(errno));
-@@ -92,6 +95,11 @@
- }
- }
- for (i = optind; i < argc; i++) {
-+ int mode=0;
-+ struct stat buf;
-+ if (lstat(argv[i], &buf) == 0)
-+ mode = buf.st_mode;
-+
- if (verify) {
- if (selinux_file_context_verify(argv[i], 0)) {
- printf("%s verified.\n", argv[i]);
-@@ -106,17 +114,17 @@
- if (rc >= 0) {
- printf("%s has context %s, should be ",
- argv[i], con);
-- error += printmatchpathcon(argv[i], 0);
-+ error += printmatchpathcon(argv[i], 0, mode);
- freecon(con);
- } else {
- printf
- ("actual context unknown: %s, should be ",
- strerror(errno));
-- error += printmatchpathcon(argv[i], 0);
-+ error += printmatchpathcon(argv[i], 0,mode);
- }
- }
- } else {
-- error += printmatchpathcon(argv[i], header);
-+ error += printmatchpathcon(argv[i], header, mode);
- }
- }
- matchpathcon_fini();
+ return get_path(FAILSAFE_CONTEXT);
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.33.3/src/selinux_internal.h
+--- nsalibselinux/src/selinux_internal.h 2006-11-16 17:15:25.000000000 -0500
++++ libselinux-1.33.3/src/selinux_internal.h 2007-01-05 11:57:44.000000000 -0500
+@@ -53,6 +53,7 @@
+ hidden_proto(security_setenforce)
+ hidden_proto(selinux_binary_policy_path)
+ hidden_proto(selinux_default_context_path)
++ hidden_proto(selinux_securetty_context_path)
+ hidden_proto(selinux_failsafe_context_path)
+ hidden_proto(selinux_removable_context_path)
+ hidden_proto(selinux_file_context_path)
+@@ -66,6 +67,7 @@
+ hidden_proto(selinux_media_context_path)
+ hidden_proto(selinux_path)
+ hidden_proto(selinux_check_passwd_access)
++ hidden_proto(selinux_check_securetty_context)
+ hidden_proto(matchpathcon_init_prefix)
+ hidden_proto(selinux_users_path)
+ hidden_proto(selinux_usersconf_path);
+diff --exclude-from=exclude -N -u -r nsalibselinux/utils/selinux_check_securetty_context.c libselinux-1.33.3/utils/selinux_check_securetty_context.c
+--- nsalibselinux/utils/selinux_check_securetty_context.c 1969-12-31 19:00:00.000000000 -0500
++++ libselinux-1.33.3/utils/selinux_check_securetty_context.c 2007-01-05 11:57:44.000000000 -0500
+@@ -0,0 +1,40 @@
++#include <unistd.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <getopt.h>
++#include <errno.h>
++#include <string.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <sys/errno.h>
++#include <selinux/selinux.h>
++
++void usage(const char *progname)
++{
++ fprintf(stderr,
++ "usage: %s tty_context...\n",
++ progname);
++ exit(1);
++}
++
++int main(int argc, char **argv)
++{
++ int i;
++ if (argc < 2)
++ usage(argv[0]);
++
++ for (i = 1; i < argc; i++) {
++ switch (selinux_check_securetty_context(argv[i])) {
++ case 1:
++ printf("%s securetty.\n", argv[i]);
++ break;
++ case 0:
++ printf("%s not securetty.\n", argv[i]);
++ break;
++ case -1:
++ perror("Failed on check if securetty");
++ return -1;
++ }
++ }
++ return 0;
++}
Index: libselinux.spec
===================================================================
RCS file: /cvs/dist/rpms/libselinux/FC-6/libselinux.spec,v
retrieving revision 1.231
retrieving revision 1.232
diff -u -r1.231 -r1.232
--- libselinux.spec 6 Dec 2006 19:38:55 -0000 1.231
+++ libselinux.spec 9 Jan 2007 17:20:47 -0000 1.232
@@ -1,8 +1,8 @@
%define libsepolver 1.15.2-1
Summary: SELinux library and simple utilities
Name: libselinux
-Version: 1.33.2
-Release: 3%{?dist}
+Version: 1.33.3
+Release: 2%{?dist}
License: Public domain (uncopyrighted)
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -80,6 +80,7 @@
rm -f %{buildroot}%{_sbindir}/selinuxconfig
rm -f %{buildroot}%{_sbindir}/selinuxdisable
rm -f %{buildroot}%{_sbindir}/getseuser
+rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
%clean
rm -rf %{buildroot}
@@ -119,6 +120,18 @@
%{_libdir}/python*/site-packages/selinux.py*
%changelog
+* Fri Jan 5 2007 Dan Walsh <dwalsh at redhat.com> - 1.33.3-2
+- Add securetty handling
+Resolves: #200110
+
+* Thu Jan 4 2007 Dan Walsh <dwalsh at redhat.com> - 1.33.3-1
+- Upgrade to upstream
+ * Merged patch for matchpathcon utility to use file mode information
+ when available from Dan Walsh.
+
+* Thu Dec 7 2006 Jeremy Katz <katzj at redhat.com> - 1.33.2-4
+- rebuild against python 2.5
+
* Wed Dec 6 2006 Dan Walsh <dwalsh at redhat.com> - 1.33.2-3
- Fix matchpathcon to lstat files
@@ -164,7 +177,7 @@
- have -devel require libsepol-devel
* Thu Aug 24 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.27-1
-- Upgrade to latest from NSA
+- Upgrade to latest from NSA[
* Merged patch to not log avc stats upon a reset from Steve Grubb.
* Applied patch to revert compat_net setting upon policy load.
* Merged file context homedir and local path functions from
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/libselinux/FC-6/sources,v
retrieving revision 1.123
retrieving revision 1.124
diff -u -r1.123 -r1.124
--- sources 29 Nov 2006 21:01:29 -0000 1.123
+++ sources 9 Jan 2007 17:20:47 -0000 1.124
@@ -1 +1 @@
-443ffbc50604d5481010ce698ed1b742 libselinux-1.33.2.tgz
+11ea5b86dcea249dfa5c48940c98b1b6 libselinux-1.33.3.tgz
- Previous message (by thread): rpms/policycoreutils/FC-6 policycoreutils-po.patch, 1.11, 1.12 policycoreutils-rhat.patch, 1.248, 1.249 policycoreutils.spec, 1.327, 1.328 sources, 1.131, 1.132
- Next message (by thread): rpms/libofx/devel libofx-0.8.3-xml++.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 libofx.spec, 1.23, 1.24 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list