From 2cb151d87e59073e16eae5cdfd847ed5b910575c Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Jan 12 2011 21:49:06 +0000 Subject: - Add James Carters Patch *This patch is needed because some filesystem names (such as 9p) start with a digit. --- diff --git a/checkpolicy-filesystem.patch b/checkpolicy-filesystem.patch new file mode 100644 index 0000000..c1f2442 --- /dev/null +++ b/checkpolicy-filesystem.patch @@ -0,0 +1,65 @@ + policy_parse.y | 14 ++++++++++---- + policy_scan.l | 1 + + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y +index 8d1bc37..0777238 100644 +--- a/checkpolicy/policy_parse.y ++++ b/checkpolicy/policy_parse.y +@@ -138,6 +138,7 @@ typedef int (* require_func_t)(); + %token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL + %token POLICYCAP + %token PERMISSIVE ++%token FILESYSTEM + + %left OR + %left XOR +@@ -637,7 +638,7 @@ opt_fs_uses : fs_uses + fs_uses : fs_use_def + | fs_uses fs_use_def + ; +-fs_use_def : FSUSEXATTR identifier security_context_def ';' ++fs_use_def : FSUSEXATTR filesystem security_context_def ';' + {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;} + | FSUSETASK identifier security_context_def ';' + {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;} +@@ -650,11 +651,11 @@ opt_genfs_contexts : genfs_contexts + genfs_contexts : genfs_context_def + | genfs_contexts genfs_context_def + ; +-genfs_context_def : GENFSCON identifier path '-' identifier security_context_def ++genfs_context_def : GENFSCON filesystem path '-' identifier security_context_def + {if (define_genfs_context(1)) return -1;} +- | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def ++ | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def + {if (define_genfs_context(1)) return -1;} +- | GENFSCON identifier path security_context_def ++ | GENFSCON filesystem path security_context_def + {if (define_genfs_context(0)) return -1;} + ; + ipv4_addr_def : IPV4_ADDR +@@ -728,6 +729,11 @@ nested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; } + identifier : IDENTIFIER + { if (insert_id(yytext,0)) return -1; } + ; ++filesystem : FILESYSTEM ++ { if (insert_id(yytext,0)) return -1; } ++ | IDENTIFIER ++ { if (insert_id(yytext,0)) return -1; } ++ ; + path : PATH + { if (insert_id(yytext,0)) return -1; } + ; +diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l +index 48128a8..65aff8d 100644 +--- a/checkpolicy/policy_scan.l ++++ b/checkpolicy/policy_scan.l +@@ -217,6 +217,7 @@ permissive | + PERMISSIVE { return(PERMISSIVE); } + "/"({alnum}|[_\.\-/])* { return(PATH); } + {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } ++{alnum}*{letter}{alnum}* { return(FILESYSTEM); } + {digit}+|0x{hexval}+ { return(NUMBER); } + {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } + {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } + diff --git a/checkpolicy.spec b/checkpolicy.spec index ef70f9b..56d37c6 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -2,11 +2,12 @@ Summary: SELinux policy compiler Name: checkpolicy Version: 2.0.23 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: Development/System Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Patch: checkpolicy-rhat.patch +Patch2: checkpolicy-filesystem.patch BuildRoot: %{_tmppath}/%{name}-buildroot BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel @@ -28,6 +29,7 @@ Only required for building policies. %prep %setup -q %patch -p1 -b .rhat +%patch2 -p2 -b .filesystem %build make clean @@ -55,6 +57,11 @@ rm -rf ${RPM_BUILD_ROOT} %{_bindir}/sedispol %changelog +* Wed Jan 12 2011 Dan Walsh - 2.0.23-2 +- Add James Carters Patch + *This patch is needed because some filesystem names (such as 9p) start + with a digit. + * Tue Dec 21 2010 Dan Walsh - 2.0.23-1 - Latest update from NSA * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock