From e6236defe6a8e1b86d2ed6626e65dbe3526997b8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Nov 08 2005 23:41:10 +0000 Subject: - Update to latest from NSA Added security_canonicalize_context() interface and set_matchpathcon_canoncon() interface for obtaining canonical contexts. Changed matchpathcon internals to obtain canonical contexts by default. Provided fallback for kernels that lack extended selinuxfs context interface. - Patch to not translate mls when calling setfiles --- diff --git a/.cvsignore b/.cvsignore index c193b48..577bb1f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -60,3 +60,4 @@ libselinux-1.27.14.tgz libselinux-1.27.17.tgz libselinux-1.27.18.tgz libselinux-1.27.19.tgz +libselinux-1.27.20.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 441f819..f002ef2 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -39,37 +39,4 @@ diff -u -p -r1.32 matchpathcon.c if (myinvalidcon) { /* Old-style validation of context. */ if (myinvalidcon(path, lineno, context)) -Index: policycoreutils/setfiles/setfiles.c -=================================================================== -RCS file: /nfshome/pal/CVS/selinux-usr/policycoreutils/setfiles/setfiles.c,v -retrieving revision 1.38 -diff -u -p -r1.38 setfiles.c ---- policycoreutils/setfiles/setfiles.c 7 Nov 2005 19:31:55 -0000 1.38 -+++ policycoreutils/setfiles/setfiles.c 8 Nov 2005 19:12:31 -0000 -@@ -388,13 +388,7 @@ int canoncon(const char *path, unsigned - int valid = 1; - - if (policyfile) { -- char *raw; -- if (selinux_trans_to_raw_context(context, &raw)) -- valid = 0; -- if (valid) { -- valid = (sepol_check_context (raw) >= 0); -- freecon(raw); -- } -+ valid = (sepol_check_context (context) >= 0); - } else if (security_canonicalize_context(context, &tmpcon) < 0) { - if (errno != ENOENT) { - valid = 0; -@@ -447,8 +441,9 @@ int main(int argc, char **argv) - fclose(policystream); - - /* Only process the specified file_contexts file, not -- any .homedirs or .local files. */ -- set_matchpathcon_flags(MATCHPATHCON_BASEONLY); -+ any .homedirs or .local files, and do not perform -+ context translations. */ -+ set_matchpathcon_flags(MATCHPATHCON_BASEONLY|MATCHPATHCON_NOTRANS); - - break; } diff --git a/libselinux.spec b/libselinux.spec index 1b46501..dfc85c8 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,8 +1,8 @@ -%define libsepolver 1.9.37-1 +%define libsepolver 1.9.38-1 Summary: SELinux library and simple utilities Name: libselinux -Version: 1.27.19 -Release: 2 +Version: 1.27.20 +Release: 1 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -92,7 +92,14 @@ exit 0 %{_mandir}/man8/* %changelog -* Tue Nov 8 2005 Dan Walsh 1.27.19-2 +* Tue Nov 8 2005 Dan Walsh 1.27.20-1 +- Update to latest from NSA + * Added security_canonicalize_context() interface and + set_matchpathcon_canoncon() interface for obtaining + canonical contexts. Changed matchpathcon internals + to obtain canonical contexts by default. Provided + fallback for kernels that lack extended selinuxfs context + interface. - Patch to not translate mls when calling setfiles * Mon Nov 7 2005 Dan Walsh 1.27.19-1 diff --git a/sources b/sources index 340456e..57488b8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -46a510fa47234ec5f503dd1294df2229 libselinux-1.27.19.tgz +471ee3d38e16f722c12289ec3b209dff libselinux-1.27.20.tgz