diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 96f6577..f19db9d 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,8 +1,16 @@ diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h -index 0725b57..b2a38fb 100644 +index 0725b57..f110dcf 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h -@@ -514,6 +514,9 @@ extern int selinux_check_securetty_context(const security_context_t tty_context) +@@ -482,6 +482,7 @@ extern const char *selinux_file_context_path(void); + extern const char *selinux_file_context_homedir_path(void); + extern const char *selinux_file_context_local_path(void); + extern const char *selinux_file_context_subs_path(void); ++extern const char *selinux_file_context_subs_dist_path(void); + extern const char *selinux_homedir_context_path(void); + extern const char *selinux_media_context_path(void); + extern const char *selinux_virtual_domain_context_path(void); +@@ -514,6 +515,9 @@ extern int selinux_check_securetty_context(const security_context_t tty_context) which performs the initial mount of selinuxfs. */ void set_selinuxmnt(char *mnt); @@ -188,6 +196,16 @@ index b245364..7c47222 100644 va_start(ap, fmt); rc = vfprintf(stderr, fmt, ap); va_end(ap); +diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h +index ccf43e1..0b00156 100644 +--- a/libselinux/src/file_path_suffixes.h ++++ b/libselinux/src/file_path_suffixes.h +@@ -23,4 +23,5 @@ S_(BINPOLICY, "/policy/policy") + S_(VIRTUAL_DOMAIN, "/contexts/virtual_domain_context") + S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context") + S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs") ++ S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist") + S_(SEPGSQL_CONTEXTS, "/contexts/sepgsql_contexts") diff --git a/libselinux/src/init.c b/libselinux/src/init.c index 1dd9838..a948920 100644 --- a/libselinux/src/init.c @@ -208,6 +226,37 @@ index 1dd9838..a948920 100644 void set_selinuxmnt(char *mnt) { selinux_mnt = strdup(mnt); +diff --git a/libselinux/src/label.c b/libselinux/src/label.c +index 2fd19c5..ba316df 100644 +--- a/libselinux/src/label.c ++++ b/libselinux/src/label.c +@@ -56,12 +56,11 @@ static char *selabel_sub(struct selabel_sub *ptr, const char *src) + return NULL; + } + +-static struct selabel_sub *selabel_subs_init(void) ++static struct selabel_sub *selabel_subs_init(const char *path,struct selabel_sub *list) + { + char buf[1024]; +- FILE *cfg = fopen(selinux_file_context_subs_path(), "r"); ++ FILE *cfg = fopen(path, "r"); + struct selabel_sub *sub; +- struct selabel_sub *list = NULL; + + if (cfg) { + while (fgets_unlocked(buf, sizeof(buf) - 1, cfg)) { +@@ -160,7 +159,10 @@ struct selabel_handle *selabel_open(unsigned int backend, + memset(rec, 0, sizeof(*rec)); + rec->backend = backend; + rec->validating = selabel_is_validate_set(opts, nopts); +- rec->subs = selabel_subs_init(); ++ ++ rec->subs = NULL; ++ rec->subs = selabel_subs_init(selinux_file_context_subs_dist_path(), rec->subs); ++ rec->subs = selabel_subs_init(selinux_file_context_subs_path(), rec->subs); + + if ((*initfuncs[backend])(rec, opts, nopts)) { + free(rec); diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c index 36ce029..83d2143 100644 --- a/libselinux/src/load_policy.c @@ -239,7 +288,7 @@ index 36ce029..83d2143 100644 /* * If we failed to disable, SELinux will still be diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c -index f3e45af..1333aa0 100644 +index f3e45af..da5cab9 100644 --- a/libselinux/src/matchpathcon.c +++ b/libselinux/src/matchpathcon.c @@ -2,6 +2,7 @@ @@ -250,16 +299,15 @@ index f3e45af..1333aa0 100644 #include "selinux_internal.h" #include "label_internal.h" #include "callbacks.h" -@@ -16,7 +17,7 @@ static __thread int con_array_size; - static __thread int con_array_used; +@@ -17,6 +18,7 @@ static __thread int con_array_used; static pthread_once_t once = PTHREAD_ONCE_INIT; --static pthread_key_t destructor_key; -+static pthread_key_t destructor_key = -1; + static pthread_key_t destructor_key; ++static int destructor_key_initialized = 0; static int add_array_elt(char *con) { -@@ -60,7 +61,7 @@ static void +@@ -60,7 +62,7 @@ static void { va_list ap; va_start(ap, fmt); @@ -268,6 +316,23 @@ index f3e45af..1333aa0 100644 va_end(ap); } +@@ -292,12 +294,14 @@ static void matchpathcon_thread_destructor(void __attribute__((unused)) *ptr) + + void __attribute__((destructor)) matchpathcon_lib_destructor(void) + { +- __selinux_key_delete(destructor_key); ++ if (destructor_key_initialized) ++ __selinux_key_delete(destructor_key); + } + + static void matchpathcon_init_once(void) + { +- __selinux_key_create(&destructor_key, matchpathcon_thread_destructor); ++ if (__selinux_key_create(&destructor_key, matchpathcon_thread_destructor) == 0) ++ destructor_key_initialized = 1; + } + + int matchpathcon_init_prefix(const char *path, const char *subset) diff --git a/libselinux/src/selinux.py b/libselinux/src/selinux.py index fd63a4f..705012c 100644 --- a/libselinux/src/selinux.py @@ -329,8 +394,35 @@ index fd63a4f..705012c 100644 def selinux_contexts_path(): return _selinux.selinux_contexts_path() selinux_contexts_path = _selinux.selinux_contexts_path +diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c +index e040959..f4c33df 100644 +--- a/libselinux/src/selinux_config.c ++++ b/libselinux/src/selinux_config.c +@@ -45,7 +45,8 @@ + #define VIRTUAL_IMAGE 22 + #define FILE_CONTEXT_SUBS 23 + #define SEPGSQL_CONTEXTS 24 +-#define NEL 25 ++#define FILE_CONTEXT_SUBS_DIST 25 ++#define NEL 26 + + /* Part of one-time lazy init */ + static pthread_once_t once = PTHREAD_ONCE_INIT; +@@ -423,6 +424,12 @@ const char * selinux_file_context_subs_path(void) { + + hidden_def(selinux_file_context_subs_path) + ++const char * selinux_file_context_subs_dist_path(void) { ++ return get_path(FILE_CONTEXT_SUBS_DIST); ++} ++ ++hidden_def(selinux_file_context_subs_dist_path) ++ + const char *selinux_sepgsql_context_path() + { + return get_path(SEPGSQL_CONTEXTS); diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h -index fdddfaf..14cc412 100644 +index fdddfaf..806e87c 100644 --- a/libselinux/src/selinux_internal.h +++ b/libselinux/src/selinux_internal.h @@ -3,6 +3,7 @@ @@ -341,6 +433,26 @@ index fdddfaf..14cc412 100644 hidden_proto(set_selinuxmnt) hidden_proto(security_disable) hidden_proto(security_policyvers) +@@ -65,6 +66,7 @@ hidden_proto(selinux_mkload_policy) + hidden_proto(selinux_file_context_path) + hidden_proto(selinux_file_context_homedir_path) + hidden_proto(selinux_file_context_local_path) ++ hidden_proto(selinux_file_context_subs_dist_path) + hidden_proto(selinux_file_context_subs_path) + hidden_proto(selinux_netfilter_context_path) + hidden_proto(selinux_homedir_context_path) +@@ -114,10 +116,7 @@ extern int selinux_page_size hidden; + + /* Pthread key macros */ + #define __selinux_key_create(KEY, DESTRUCTOR) \ +- do { \ +- if (pthread_key_create != NULL) \ +- pthread_key_create(KEY, DESTRUCTOR); \ +- } while (0) ++ (pthread_key_create != NULL ? pthread_key_create(KEY, DESTRUCTOR) : -1) + + #define __selinux_key_delete(KEY) \ + do { \ diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i index dea0e80..bb227e9 100644 --- a/libselinux/src/selinuxswig_python.i @@ -402,7 +514,7 @@ index dea0e80..bb227e9 100644 $1[size] = NULL; } diff --git a/libselinux/src/selinuxswig_wrap.c b/libselinux/src/selinuxswig_wrap.c -index e0884f6..e60a3d3 100644 +index e0884f6..b131d2e 100644 --- a/libselinux/src/selinuxswig_wrap.c +++ b/libselinux/src/selinuxswig_wrap.c @@ -1,6 +1,6 @@ @@ -1367,6 +1479,15 @@ index e0884f6..e60a3d3 100644 { (char *)"selinux_contexts_path", _wrap_selinux_contexts_path, METH_VARARGS, NULL}, { (char *)"selinux_securetty_types_path", _wrap_selinux_securetty_types_path, METH_VARARGS, NULL}, { (char *)"selinux_booleans_path", _wrap_selinux_booleans_path, METH_VARARGS, NULL}, +@@ -12185,7 +12252,7 @@ static PyMethodDef SwigMethods[] = { + { (char *)"selinux_check_passwd_access", _wrap_selinux_check_passwd_access, METH_VARARGS, NULL}, + { (char *)"checkPasswdAccess", _wrap_checkPasswdAccess, METH_VARARGS, NULL}, + { (char *)"selinux_check_securetty_context", _wrap_selinux_check_securetty_context, METH_VARARGS, NULL}, +- { (char *)"set_selinuxmnt", _wrap_set_selinuxmnt, METH_VARARGS, NULL}, ++ { (char *)"set_selinuxmnto", _wrap_set_selinuxmnt, METH_VARARGS, NULL}, + { (char *)"rpm_execcon", _wrap_rpm_execcon, METH_VARARGS, NULL}, + { (char *)"is_context_customizable", _wrap_is_context_customizable, METH_VARARGS, NULL}, + { (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL}, @@ -12868,15 +12935,15 @@ extern "C" { } } @@ -1417,15 +1538,35 @@ index e0884f6..e60a3d3 100644 SWIG_Python_SetConstant(d, "SELINUX_CB_LOG",SWIG_From_int((int)(0))); SWIG_Python_SetConstant(d, "SELINUX_CB_AUDIT",SWIG_From_int((int)(1))); diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c -index 4bdbe08..eb18ca0 100644 +index 4bdbe08..e074142 100644 --- a/libselinux/src/setrans_client.c +++ b/libselinux/src/setrans_client.c -@@ -34,7 +34,7 @@ static __thread char *prev_r2c_trans = NULL; - static __thread security_context_t prev_r2c_raw = NULL; +@@ -35,6 +35,7 @@ static __thread security_context_t prev_r2c_raw = NULL; static pthread_once_t once = PTHREAD_ONCE_INIT; --static pthread_key_t destructor_key; -+static pthread_key_t destructor_key = -1; + static pthread_key_t destructor_key; ++static int destructor_key_initialized = 0; static __thread char destructor_initialized; /* +@@ -254,7 +255,8 @@ static void setrans_thread_destructor(void __attribute__((unused)) *unused) + + void __attribute__((destructor)) setrans_lib_destructor(void) + { +- __selinux_key_delete(destructor_key); ++ if (destructor_key_initialized) ++ __selinux_key_delete(destructor_key); + } + + static inline void init_thread_destructor(void) +@@ -267,7 +269,9 @@ static inline void init_thread_destructor(void) + + static void init_context_translations(void) + { +- __selinux_key_create(&destructor_key, setrans_thread_destructor); ++ if (__selinux_key_create(&destructor_key, setrans_thread_destructor) == 0) ++ destructor_key_initialized = 1; ++ + mls_enabled = is_selinux_mls_enabled(); + } + diff --git a/libselinux.spec b/libselinux.spec index e417fc2..60d811d 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -7,7 +7,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.0.99 -Release: 4%{?dist} +Release: 6%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz @@ -236,6 +236,12 @@ exit 0 %{ruby_sitearch}/selinux.so %changelog +* Wed Apr 5 2011 Dan Walsh - 2.0.99-6 +- Clean up patch to make handling of constructor cleanup more portable + +* Tue Apr 5 2011 Dan Walsh - 2.0.99-5 +- Add distribution subs path + * Tue Apr 5 2011 Dan Walsh - 2.0.99-4 Add patch from dbhole@redhat.com to initialize thread keys to -1 Errors were being seen in libpthread/libdl that were related