|
|
70810f1 |
Index: libselinux/include/selinux/selinux.h
|
|
|
70810f1 |
===================================================================
|
|
|
70810f1 |
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/include/selinux/selinux.h,v
|
|
|
70810f1 |
retrieving revision 1.50
|
|
|
70810f1 |
diff -u -p -r1.50 selinux.h
|
|
|
70810f1 |
--- libselinux/include/selinux/selinux.h 7 Nov 2005 19:30:36 -0000 1.50
|
|
|
70810f1 |
+++ libselinux/include/selinux/selinux.h 8 Nov 2005 19:04:31 -0000
|
|
|
70810f1 |
@@ -292,6 +292,7 @@ extern void set_matchpathcon_canoncon(in
|
|
|
70810f1 |
|
|
|
70810f1 |
/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
|
|
|
70810f1 |
#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
|
|
|
70810f1 |
+#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
|
|
|
70810f1 |
extern void set_matchpathcon_flags(unsigned int flags);
|
|
|
70810f1 |
|
|
|
70810f1 |
/* Load the file contexts configuration specified by 'path'
|
|
|
70810f1 |
Index: libselinux/src/matchpathcon.c
|
|
|
70810f1 |
===================================================================
|
|
|
70810f1 |
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/matchpathcon.c,v
|
|
|
70810f1 |
retrieving revision 1.32
|
|
|
70810f1 |
diff -u -p -r1.32 matchpathcon.c
|
|
|
70810f1 |
--- libselinux/src/matchpathcon.c 7 Nov 2005 19:30:37 -0000 1.32
|
|
|
70810f1 |
+++ libselinux/src/matchpathcon.c 8 Nov 2005 19:08:05 -0000
|
|
|
70810f1 |
@@ -570,6 +570,10 @@ static int process_line( const char *pat
|
|
|
70810f1 |
skip_type:
|
|
|
70810f1 |
if (strcmp(context, "<<none>>")) {
|
|
|
70810f1 |
char *tmpcon = NULL;
|
|
|
70810f1 |
+
|
|
|
70810f1 |
+ if (myflags & MATCHPATHCON_NOTRANS)
|
|
|
70810f1 |
+ goto skip_trans;
|
|
|
70810f1 |
+
|
|
|
70810f1 |
if (context_translations) {
|
|
|
70810f1 |
if (raw_to_trans_context(context, &tmpcon)) {
|
|
|
70810f1 |
myprintf("%s: line %u has invalid "
|
|
|
70810f1 |
@@ -584,6 +588,7 @@ static int process_line( const char *pat
|
|
|
70810f1 |
return -1;
|
|
|
70810f1 |
}
|
|
|
70810f1 |
|
|
|
70810f1 |
+skip_trans:
|
|
|
70810f1 |
if (myinvalidcon) {
|
|
|
70810f1 |
/* Old-style validation of context. */
|
|
|
70810f1 |
if (myinvalidcon(path, lineno, context))
|
|
|
70810f1 |
Index: policycoreutils/setfiles/setfiles.c
|
|
|
70810f1 |
===================================================================
|
|
|
70810f1 |
RCS file: /nfshome/pal/CVS/selinux-usr/policycoreutils/setfiles/setfiles.c,v
|
|
|
70810f1 |
retrieving revision 1.38
|
|
|
70810f1 |
diff -u -p -r1.38 setfiles.c
|
|
|
70810f1 |
--- policycoreutils/setfiles/setfiles.c 7 Nov 2005 19:31:55 -0000 1.38
|
|
|
70810f1 |
+++ policycoreutils/setfiles/setfiles.c 8 Nov 2005 19:12:31 -0000
|
|
|
70810f1 |
@@ -388,13 +388,7 @@ int canoncon(const char *path, unsigned
|
|
|
70810f1 |
int valid = 1;
|
|
|
70810f1 |
|
|
|
70810f1 |
if (policyfile) {
|
|
|
70810f1 |
- char *raw;
|
|
|
70810f1 |
- if (selinux_trans_to_raw_context(context, &raw))
|
|
|
70810f1 |
- valid = 0;
|
|
|
70810f1 |
- if (valid) {
|
|
|
70810f1 |
- valid = (sepol_check_context (raw) >= 0);
|
|
|
70810f1 |
- freecon(raw);
|
|
|
70810f1 |
- }
|
|
|
70810f1 |
+ valid = (sepol_check_context (context) >= 0);
|
|
|
70810f1 |
} else if (security_canonicalize_context(context, &tmpcon) < 0) {
|
|
|
70810f1 |
if (errno != ENOENT) {
|
|
|
70810f1 |
valid = 0;
|
|
|
70810f1 |
@@ -447,8 +441,9 @@ int main(int argc, char **argv)
|
|
|
70810f1 |
fclose(policystream);
|
|
|
70810f1 |
|
|
|
70810f1 |
/* Only process the specified file_contexts file, not
|
|
|
70810f1 |
- any .homedirs or .local files. */
|
|
|
70810f1 |
- set_matchpathcon_flags(MATCHPATHCON_BASEONLY);
|
|
|
70810f1 |
+ any .homedirs or .local files, and do not perform
|
|
|
70810f1 |
+ context translations. */
|
|
|
70810f1 |
+ set_matchpathcon_flags(MATCHPATHCON_BASEONLY|MATCHPATHCON_NOTRANS);
|
|
|
70810f1 |
|
|
|
70810f1 |
break;
|
|
|
70810f1 |
}
|