From 27e80a61d240d2b121b48669cc4118438cafa726 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Jun 27 2016 11:36:37 +0000 Subject: libselinux-2.5-9 - Clarify is_selinux_mls_enabled() description - Explain how to free policy type from selinux_getpolicytype() - Compare absolute pathname in matchpathcon -V - Add selinux_snapperd_contexts_path() --- diff --git a/libselinux-fedora.patch b/libselinux-fedora.patch index d75d936..291c094 100644 --- a/libselinux-fedora.patch +++ b/libselinux-fedora.patch @@ -1,8 +1,12 @@ diff --git libselinux-2.5/ChangeLog libselinux-2.5/ChangeLog -index 24673dd..34d0ac7 100644 +index 24673dd..2b81053 100644 --- libselinux-2.5/ChangeLog +++ libselinux-2.5/ChangeLog -@@ -1,3 +1,14 @@ +@@ -1,3 +1,18 @@ ++ * Clarify is_selinux_mls_enabled() description, from David King. ++ * Explain how to free policy type from selinux_getpolicytype(), from David King. ++ * Compare absolute pathname in matchpathcon -V, from Petr Lautrbach. ++ * Add selinux_snapperd_contexts_path(), from Petr Lautrbach. + * Modify audit2why analyze function to use loaded policy, from Joshua Brindle. + * Sort object files for deterministic linking order, from Laurent Bigonville. + * Respect CC and PKG_CONFIG environment variable, from Julien Pivotto. @@ -488,6 +492,18 @@ index 0000000..fed6de8 +func main() { + selinux.Test() +} +diff --git libselinux-2.5/include/selinux/selinux.h libselinux-2.5/include/selinux/selinux.h +index 2262086..3d8673f 100644 +--- libselinux-2.5/include/selinux/selinux.h ++++ libselinux-2.5/include/selinux/selinux.h +@@ -544,6 +544,7 @@ extern const char *selinux_lxc_contexts_path(void); + extern const char *selinux_x_context_path(void); + extern const char *selinux_sepgsql_context_path(void); + extern const char *selinux_openssh_contexts_path(void); ++extern const char *selinux_snapperd_contexts_path(void); + extern const char *selinux_systemd_contexts_path(void); + extern const char *selinux_contexts_path(void); + extern const char *selinux_securetty_types_path(void); diff --git libselinux-2.5/man/man3/avc_add_callback.3 libselinux-2.5/man/man3/avc_add_callback.3 index dbfe72d..bdbbadf 100644 --- libselinux-2.5/man/man3/avc_add_callback.3 @@ -524,7 +540,7 @@ index 7353952..3e9fca8 100644 is set appropriately. diff --git libselinux-2.5/man/man3/is_selinux_enabled.3 libselinux-2.5/man/man3/is_selinux_enabled.3 -index f02052c..b2df562 100644 +index f02052c..df62c22 100644 --- libselinux-2.5/man/man3/is_selinux_enabled.3 +++ libselinux-2.5/man/man3/is_selinux_enabled.3 @@ -3,7 +3,7 @@ @@ -536,6 +552,17 @@ index f02052c..b2df562 100644 . .SH "SYNOPSIS" .B #include +@@ -18,7 +18,9 @@ returns 1 if SELinux is running or 0 if it is not. + On error, \-1 is returned. + + .BR is_selinux_mls_enabled () +-returns 1 if SELinux is running in MLS mode or 0 if it is not. ++returns 1 if SELinux is capable of running in MLS mode or 0 if it is not. To ++determine the policy in use on the system, use ++.BR selinux_getpolicytype (3). + . + .SH "SEE ALSO" + .BR selinux "(8)" diff --git libselinux-2.5/man/man3/security_disable.3 libselinux-2.5/man/man3/security_disable.3 index c75ce0d..072923c 100644 --- libselinux-2.5/man/man3/security_disable.3 @@ -549,6 +576,22 @@ index c75ce0d..072923c 100644 .sp This function can only be called at runtime and prior to the initial policy load. After the initial policy load, the SELinux kernel code cannot be disabled, +diff --git libselinux-2.5/man/man3/selinux_getpolicytype.3 libselinux-2.5/man/man3/selinux_getpolicytype.3 +index c947e2c..b219d42 100644 +--- libselinux-2.5/man/man3/selinux_getpolicytype.3 ++++ libselinux-2.5/man/man3/selinux_getpolicytype.3 +@@ -13,7 +13,10 @@ Reads the contents of the + .I /etc/selinux/config + file to determine the SELinux policy used on the system, and sets + .I \%policytype +-accordinly. ++accordingly. Free ++.I \%policytype ++with ++.BR free (3). + . + .SH "RETURN VALUE" + On success, zero is returned. diff --git libselinux-2.5/man/man3/selinux_status_open.3 libselinux-2.5/man/man3/selinux_status_open.3 index f779dd9..2d44be5 100644 --- libselinux-2.5/man/man3/selinux_status_open.3 @@ -826,6 +869,18 @@ index b7cff7e..a58bf3f 100755 +${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < ../include/selinux/selinux.h for i in `awk '/.*extern int/ { print $6 }' temp.aux`; do except $i ; done rm -f -- temp.aux -.o +diff --git libselinux-2.5/src/file_path_suffixes.h libselinux-2.5/src/file_path_suffixes.h +index d1f9b48..95b228b 100644 +--- libselinux-2.5/src/file_path_suffixes.h ++++ libselinux-2.5/src/file_path_suffixes.h +@@ -24,6 +24,7 @@ S_(BINPOLICY, "/policy/policy") + S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context") + S_(LXC_CONTEXTS, "/contexts/lxc_contexts") + S_(OPENSSH_CONTEXTS, "/contexts/openssh_contexts") ++ S_(SNAPPERD_CONTEXTS, "/contexts/snapperd_contexts") + S_(SYSTEMD_CONTEXTS, "/contexts/systemd_contexts") + S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs") + S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist") diff --git libselinux-2.5/src/fsetfilecon.c libselinux-2.5/src/fsetfilecon.c index 52707d0..0cbe12d 100644 --- libselinux-2.5/src/fsetfilecon.c @@ -962,7 +1017,7 @@ index 1d3b28a..ea6d70b 100644 char * ccontext = NULL; int err = errno; diff --git libselinux-2.5/src/matchpathcon.c libselinux-2.5/src/matchpathcon.c -index 5b495a0..3868711 100644 +index 5b495a0..a2f2c3e 100644 --- libselinux-2.5/src/matchpathcon.c +++ libselinux-2.5/src/matchpathcon.c @@ -2,6 +2,7 @@ @@ -982,6 +1037,24 @@ index 5b495a0..3868711 100644 va_end(ap); } +@@ -470,6 +471,17 @@ int selinux_file_context_verify(const char *path, mode_t mode) + char * con = NULL; + char * fcontext = NULL; + int rc = 0; ++ char stackpath[PATH_MAX + 1]; ++ char *p = NULL; ++ ++ if (S_ISLNK(mode)) { ++ if (!realpath_not_final(path, stackpath)) ++ path = stackpath; ++ } else { ++ p = realpath(path, stackpath); ++ if (p) ++ path = p; ++ } + + rc = lgetfilecon_raw(path, &con); + if (rc == -1) { diff --git libselinux-2.5/src/procattr.c libselinux-2.5/src/procattr.c index 527a0a5..eee4612 100644 --- libselinux-2.5/src/procattr.c @@ -1032,6 +1105,46 @@ index 527a0a5..eee4612 100644 } all_selfattr_def(con, current) +diff --git libselinux-2.5/src/selinux_config.c libselinux-2.5/src/selinux_config.c +index bec5f3b..c519a77 100644 +--- libselinux-2.5/src/selinux_config.c ++++ libselinux-2.5/src/selinux_config.c +@@ -50,7 +50,8 @@ + #define BOOLEAN_SUBS 27 + #define OPENSSH_CONTEXTS 28 + #define SYSTEMD_CONTEXTS 29 +-#define NEL 30 ++#define SNAPPERD_CONTEXTS 30 ++#define NEL 31 + + /* Part of one-time lazy init */ + static pthread_once_t once = PTHREAD_ONCE_INIT; +@@ -499,6 +500,13 @@ const char *selinux_openssh_contexts_path(void) + + hidden_def(selinux_openssh_contexts_path) + ++const char *selinux_snapperd_contexts_path(void) ++{ ++ return get_path(SNAPPERD_CONTEXTS); ++} ++ ++hidden_def(selinux_snapperd_contexts_path) ++ + const char *selinux_systemd_contexts_path(void) + { + return get_path(SYSTEMD_CONTEXTS); +diff --git libselinux-2.5/src/selinux_internal.h libselinux-2.5/src/selinux_internal.h +index 46566f6..9b9145c 100644 +--- libselinux-2.5/src/selinux_internal.h ++++ libselinux-2.5/src/selinux_internal.h +@@ -84,6 +84,7 @@ hidden_proto(selinux_mkload_policy) + hidden_proto(selinux_x_context_path) + hidden_proto(selinux_sepgsql_context_path) + hidden_proto(selinux_openssh_contexts_path) ++ hidden_proto(selinux_snapperd_contexts_path) + hidden_proto(selinux_systemd_contexts_path) + hidden_proto(selinux_path) + hidden_proto(selinux_check_passwd_access) diff --git libselinux-2.5/src/setfilecon.c libselinux-2.5/src/setfilecon.c index d05969c..3f0200e 100644 --- libselinux-2.5/src/setfilecon.c diff --git a/libselinux.spec b/libselinux.spec index 4436011..c1ef29e 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -9,7 +9,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.5 -Release: 8%{?dist} +Release: 9%{?dist} License: Public Domain Group: System Environment/Libraries # https://github.com/SELinuxProject/selinux/wiki/Releases @@ -20,7 +20,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: # $ VERSION=2.5 ./make-fedora-selinux-patch.sh libselinux -# HEAD https://github.com/fedora-selinux/selinux/commit/9abe77e2a670f2f2dfb91f9cec46ee37f9c23995 +# HEAD https://github.com/fedora-selinux/selinux/commit/bd50d00badba7a148d12879b6c736ea9f2d7ee2d Patch1: libselinux-fedora.patch Patch2: 0001-libselinux-Change-the-location-of-_selinux.so.patch BuildRequires: pkgconfig python python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel @@ -257,6 +257,12 @@ rm -rf %{buildroot} %{ruby_vendorarchdir}/selinux.so %changelog +* Mon Jun 27 2016 Petr Lautrbach - 2.5-9 +- Clarify is_selinux_mls_enabled() description +- Explain how to free policy type from selinux_getpolicytype() +- Compare absolute pathname in matchpathcon -V +- Add selinux_snapperd_contexts_path() + * Fri Jun 24 2016 Petr Lautrbach - 2.5-8 - Move _selinux.so to /usr/lib64/python*/site-packages