From 37a2ba57f97c55b0c3cd23d0307e8d4584ff9b3c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: May 07 2008 17:42:02 +0000 Subject: - Add sedefaultcon and setconlist commands to dump login context --- diff --git a/.cvsignore b/.cvsignore index 37041f9..0daec5d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -150,3 +150,4 @@ libselinux-2.0.58.tgz libselinux-2.0.59.tgz libselinux-2.0.60.tgz libselinux-2.0.61.tgz +libselinux-2.0.64.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index e3a919a..844d236 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,65 +1,51 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.61/src/label.c ---- nsalibselinux/src/label.c 2007-07-16 14:20:46.000000000 -0400 -+++ libselinux-2.0.61/src/label.c 2008-04-09 08:54:15.000000000 -0400 -@@ -95,7 +95,7 @@ - if (compat_validate(rec, lr, "file_contexts", 0)) - return NULL; - -- if (translating && -+ if (translating && (! lr->ctx_trans) && - selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans)) - return NULL; - -@@ -131,6 +131,7 @@ - void selabel_close(struct selabel_handle *rec) - { - rec->func_close(rec); -+ free(rec->data); - free(rec); - } - -diff --exclude-from=exclude -N -u -r nsalibselinux/src/load_policy.c libselinux-2.0.61/src/load_policy.c ---- nsalibselinux/src/load_policy.c 2008-04-08 09:37:21.000000000 -0400 -+++ libselinux-2.0.61/src/load_policy.c 2008-04-09 09:02:16.000000000 -0400 -@@ -43,6 +43,9 @@ - - int load_setlocaldefs hidden = 1; - -+#undef max -+#define max(a, b) (((a) > (b)) ? (a) : (b)) -+ - int selinux_mkload_policy(int preservebools) - { - int kernvers = security_policyvers(); -@@ -127,11 +130,6 @@ - - #endif - -- if (usesepol) { -- maxvers = vers_max(); -- minvers = vers_min(); -- } -- - /* - * Check whether we need to support local boolean and user definitions. - */ -@@ -157,6 +155,13 @@ - if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0) - preservebools = 0; - -+ if (usesepol) { -+ maxvers = vers_max(); -+ minvers = vers_min(); -+ if (!setlocaldefs && !preservebools) -+ maxvers = max(kernvers, maxvers); -+ } -+ - vers = maxvers; - search: - snprintf(path, sizeof(path), "%s.%d", -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.61/src/matchpathcon.c +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.64/man/man8/selinuxconlist.8 +--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-2.0.64/man/man8/selinuxconlist.8 2008-05-07 13:32:06.000000000 -0400 +@@ -0,0 +1,18 @@ ++.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" ++.SH "NAME" ++selinuxconlist \- list all SELinux context reachable for user ++.SH "SYNOPSIS" ++.B selinuxconlist [-l level] user [context] ++ ++.SH "DESCRIPTION" ++.B selinuxconlist ++reports the list of context reachable for user from the current context or specified context ++ ++.B \-l level ++mcs/mls level ++ ++.SH AUTHOR ++This manual page was written by Dan Walsh . ++ ++.SH "SEE ALSO" ++secon(8), selinuxdefcon(8) +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.64/man/man8/selinuxdefcon.8 +--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-2.0.64/man/man8/selinuxdefcon.8 2008-05-07 13:32:25.000000000 -0400 +@@ -0,0 +1,19 @@ ++.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" ++.SH "NAME" ++selinuxdefcon \- list default SELinux context for user ++ ++.SH "SYNOPSIS" ++.B selinuxdefcon [-l level] user [fromcon] ++ ++.SH "DESCRIPTION" ++.B seconlist ++reports the default context for the specified user from current context or specified context ++ ++.B \-l level ++mcs/mls level ++ ++.SH AUTHOR ++This manual page was written by Dan Walsh . ++ ++.SH "SEE ALSO" ++secon(8), selinuxconlist(8) +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.64/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2007-09-28 09:48:58.000000000 -0400 -+++ libselinux-2.0.61/src/matchpathcon.c 2008-04-09 08:54:15.000000000 -0400 ++++ libselinux-2.0.64/src/matchpathcon.c 2008-05-07 13:08:06.000000000 -0400 @@ -2,6 +2,7 @@ #include #include @@ -77,9 +63,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux va_end(ap); } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.61/src/selinux.py ---- nsalibselinux/src/selinux.py 2008-01-23 14:36:29.000000000 -0500 -+++ libselinux-2.0.61/src/selinux.py 2008-04-10 16:21:08.000000000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.64/src/selinux.py +--- nsalibselinux/src/selinux.py 2008-05-06 14:33:15.000000000 -0400 ++++ libselinux-2.0.64/src/selinux.py 2008-05-07 13:08:06.000000000 -0400 @@ -300,6 +300,204 @@ selinux_file_context_cmp = _selinux.selinux_file_context_cmp selinux_file_context_verify = _selinux.selinux_file_context_verify @@ -285,9 +271,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0 selinux_default_type_path = _selinux.selinux_default_type_path get_default_type = _selinux.get_default_type SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.61/src/selinuxswig.i ---- nsalibselinux/src/selinuxswig.i 2008-01-23 14:36:29.000000000 -0500 -+++ libselinux-2.0.61/src/selinuxswig.i 2008-04-10 16:20:59.000000000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.64/src/selinuxswig.i +--- nsalibselinux/src/selinuxswig.i 2008-05-06 14:33:15.000000000 -0400 ++++ libselinux-2.0.64/src/selinuxswig.i 2008-05-07 13:08:06.000000000 -0400 @@ -5,6 +5,7 @@ %module selinux %{ @@ -307,9 +293,33 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux- %include "../include/selinux/get_default_type.h" %include "../include/selinux/get_context_list.h" + -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.61/src/selinuxswig_wrap.c ---- nsalibselinux/src/selinuxswig_wrap.c 2008-01-23 14:36:29.000000000 -0500 -+++ libselinux-2.0.61/src/selinuxswig_wrap.c 2008-04-10 16:21:08.000000000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.64/src/selinuxswig_python.i +--- nsalibselinux/src/selinuxswig_python.i 2007-10-01 09:54:35.000000000 -0400 ++++ libselinux-2.0.64/src/selinuxswig_python.i 2008-05-07 13:08:06.000000000 -0400 +@@ -16,6 +16,20 @@ + $result = SWIG_Python_AppendOutput($result, list); + } + ++/* return a sid along with the result */ ++%typemap(argout) (security_id_t * sid) { ++ if (*$1) { ++ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); ++ } else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++} ++ ++%typemap(in,numinputs=0) security_id_t *(security_id_t temp) { ++ $1 = &temp; ++} ++ + /* Makes security_compute_user() return a Python list of contexts */ + %typemap(argout) (security_context_t **con) { + PyObject* plist; +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.64/src/selinuxswig_wrap.c +--- nsalibselinux/src/selinuxswig_wrap.c 2008-05-06 14:33:15.000000000 -0400 ++++ libselinux-2.0.64/src/selinuxswig_wrap.c 2008-05-07 13:08:06.000000000 -0400 @@ -2458,21 +2458,36 @@ #define SWIGTYPE_p_SELboolean swig_types[0] diff --git a/libselinux.spec b/libselinux.spec index 1973be8..2994064 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -3,8 +3,8 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.61 -Release: 3%{?dist} +Version: 2.0.64 +Release: 2%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -81,9 +81,6 @@ make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroo rm -f %{buildroot}%{_sbindir}/compute_* rm -f %{buildroot}%{_sbindir}/deftype rm -f %{buildroot}%{_sbindir}/execcon -rm -f %{buildroot}%{_sbindir}/getcon -rm -f %{buildroot}%{_sbindir}/getconlist -rm -f %{buildroot}%{_sbindir}/getdefaultcon rm -f %{buildroot}%{_sbindir}/getenforcemode rm -f %{buildroot}%{_sbindir}/getfilecon rm -f %{buildroot}%{_sbindir}/getpidcon @@ -94,6 +91,8 @@ rm -f %{buildroot}%{_sbindir}/selinuxconfig rm -f %{buildroot}%{_sbindir}/selinuxdisable rm -f %{buildroot}%{_sbindir}/getseuser rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context +mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon +mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist %clean rm -rf %{buildroot} @@ -113,6 +112,8 @@ exit 0 %{_sbindir}/getenforce %{_sbindir}/getsebool %{_sbindir}/matchpathcon +%{_sbindir}/selinuxconlist +%{_sbindir}/selinuxdefcon %{_sbindir}/selinuxenabled %{_sbindir}/setenforce %{_sbindir}/togglesebool @@ -137,6 +138,18 @@ exit 0 %{python_sitearch}/selinux/* %changelog +* Wed May 7 2008 Dan Walsh - 2.0.64-2 +- Add sedefaultcon and setconlist commands to dump login context + +* Tue Apr 22 2008 Dan Walsh - 2.0.64-1 +- Update to Upstream + * Fixed selinux_set_callback man page. + * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. + * Fix memory leaks in matchpathcon from Eamon Walsh. + +* Wed Apr 16 2008 Dan Walsh - 2.0.61-4 +- Add Xavior Toth patch for security_id_t in swig + * Thu Apr 10 2008 Dan Walsh - 2.0.61-3 - Add avc.h to swig code diff --git a/sources b/sources index 8900f68..9ff5d5e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -52f5ba3c4948f8739dde19d283f35ae0 libselinux-2.0.61.tgz +6d2df9a800e1960c96ddef129c83dc34 libselinux-2.0.64.tgz