From 2492943f4102b6448d4ab6588cfdd7463bffaa8e Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Feb 14 2014 14:21:36 +0000 Subject: Add additional go bindings for get*con calls - Add go bindings test command - Modify man pages of set*con calls to mention that they are thread specific --- diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 933a820..9c2b6e7 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -10,10 +10,10 @@ index fd4f0b1..51469bc 100644 DISABLE_SETRANS ?= n diff --git a/libselinux/golang/Makefile b/libselinux/golang/Makefile new file mode 100644 -index 0000000..ad3e481 +index 0000000..b75677b --- /dev/null +++ b/libselinux/golang/Makefile -@@ -0,0 +1,17 @@ +@@ -0,0 +1,22 @@ +# Installation directories. +PREFIX ?= $(DESTDIR)/usr +LIBDIR ?= $(DESTDIR)/usr/lib @@ -25,18 +25,23 @@ index 0000000..ad3e481 + install -m 644 selinux.go $(GODIR) + +test: ++ @mkdir selinux ++ @cp selinux.go selinux ++ GOPATH=$(pwd) go run test.go ++ @rm -rf selinux + +clean: -+ ++ @rm -f *~ ++ @rm -rf selinux +indent: + +relabel: diff --git a/libselinux/golang/selinux.go b/libselinux/golang/selinux.go new file mode 100644 -index 0000000..9e7fdb3 +index 0000000..6cee26a --- /dev/null +++ b/libselinux/golang/selinux.go -@@ -0,0 +1,302 @@ +@@ -0,0 +1,378 @@ +package selinux + +/* @@ -86,6 +91,74 @@ index 0000000..9e7fdb3 + return int(rc), err +} + ++func Getfilecon(path string) (string, error) { ++ var scon C.security_context_t ++ var fcon string ++ rc, err := C.lgetfilecon(C.CString(path),&scon) ++ if (rc >= 0) { ++ fcon = C.GoString(scon) ++ err = nil ++ } ++ return fcon, err ++} ++ ++func Setfscreatecon(scon string) (int, error) { ++ var ( ++ rc C.int ++ err error ++ ) ++ if (scon != "") { ++ rc, err = C.setfscreatecon(C.CString(scon)) ++ } else { ++ rc, err = C.setfscreatecon(nil) ++ } ++ return int(rc), err ++} ++ ++func Getfscreatecon() (string, error) { ++ var scon C.security_context_t ++ var fcon string ++ rc, err := C.getfscreatecon(&scon) ++ if (rc >= 0) { ++ fcon = C.GoString(scon) ++ err = nil ++ C.freecon(scon) ++ } ++ return fcon, err ++} ++ ++func Getcon() (string) { ++ var pcon C.security_context_t ++ C.getcon(&pcon) ++ scon := C.GoString(pcon) ++ C.freecon(pcon) ++ return scon ++} ++ ++func Getpidcon(pid int) (string, error) { ++ var pcon C.security_context_t ++ var scon string ++ rc, err := C.getpidcon(C.pid_t(pid), &pcon) ++ if (rc >= 0) { ++ scon = C.GoString(pcon) ++ C.freecon(pcon) ++ err = nil ++ } ++ return scon, err ++} ++ ++func Getpeercon(socket int) (string, error) { ++ var pcon C.security_context_t ++ var scon string ++ rc, err := C.getpeercon(C.int(socket), &pcon) ++ if (rc >= 0) { ++ scon = C.GoString(pcon) ++ C.freecon(pcon) ++ err = nil ++ } ++ return scon, err ++} ++ +func Setexeccon(scon string) (int, error) { + var val *C.char + if ! Selinux_enabled() { @@ -338,7 +411,77 @@ index 0000000..9e7fdb3 + fmt.Println(flabel) + pid := os.Getpid() + fmt.Printf("PID:%d MCS:%s\n", pid, Int_to_mcs(pid, 1023)) ++ fmt.Println(Getcon()) ++ fmt.Println(Getfilecon("/etc/passwd")) ++ fmt.Println(Getpidcon(1)) ++ Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0") ++ fmt.Println(Getfscreatecon()) ++ Setfscreatecon("") ++ fmt.Println(Getfscreatecon()) ++ fmt.Println(Getpidcon(1)) ++} +diff --git a/libselinux/golang/test.go b/libselinux/golang/test.go +new file mode 100644 +index 0000000..fed6de8 +--- /dev/null ++++ b/libselinux/golang/test.go +@@ -0,0 +1,9 @@ ++package main ++ ++import ( ++ "./selinux" ++) ++ ++func main() { ++ selinux.Test() +} +diff --git a/libselinux/man/man3/getfscreatecon.3 b/libselinux/man/man3/getfscreatecon.3 +index c7675be..677ece4 100644 +--- a/libselinux/man/man3/getfscreatecon.3 ++++ b/libselinux/man/man3/getfscreatecon.3 +@@ -49,6 +49,11 @@ Signal handlers that perform a + must take care to + save, reset, and restore the fscreate context to avoid unexpected behavior. + . ++ ++.br ++.B Note: ++Contexts are thread specific. ++ + .SH "RETURN VALUE" + On error \-1 is returned. + On success 0 is returned. +diff --git a/libselinux/man/man3/getkeycreatecon.3 b/libselinux/man/man3/getkeycreatecon.3 +index d6a118c..b503535 100644 +--- a/libselinux/man/man3/getkeycreatecon.3 ++++ b/libselinux/man/man3/getkeycreatecon.3 +@@ -48,6 +48,10 @@ Signal handlers that perform a + .BR setkeycreatecon () + must take care to + save, reset, and restore the keycreate context to avoid unexpected behavior. ++ ++.br ++.B Note: ++Contexts are thread specific. + . + .SH "RETURN VALUE" + On error \-1 is returned. +diff --git a/libselinux/man/man3/getsockcreatecon.3 b/libselinux/man/man3/getsockcreatecon.3 +index 99e9436..673738c 100644 +--- a/libselinux/man/man3/getsockcreatecon.3 ++++ b/libselinux/man/man3/getsockcreatecon.3 +@@ -49,6 +49,11 @@ Signal handlers that perform a + must take care to + save, reset, and restore the sockcreate context to avoid unexpected behavior. + . ++ ++.br ++.B Note: ++Contexts are thread specific. ++ + .SH "RETURN VALUE" + On error \-1 is returned. + On success 0 is returned. diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 02dd829..6dfdb46 100644 --- a/libselinux/src/Makefile diff --git a/libselinux.spec b/libselinux.spec index a161bba..cb9460c 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -10,7 +10,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.2.2 -Release: 3%{?dist} +Release: 4%{?dist} License: Public Domain Group: System Environment/Libraries Source: %{name}-%{version}.tgz @@ -243,6 +243,11 @@ rm -rf %{buildroot} %{ruby_sitearch}/selinux.so %changelog +* Fri Feb 14 2014 Dan Walsh - 2.2.2-4 +- Add additional go bindings for get*con calls +- Add go bindings test command +- Modify man pages of set*con calls to mention that they are thread specific + * Fri Jan 24 2014 Dan Walsh - 2.2.2-3 - Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go - Add Int_to_mcs function to generate MCS labels from integers.