diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index dcdd89c..10dcee8 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,145 +1,7 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.13/src/selinux.py ---- nsalibselinux/src/selinux.py 2007-02-22 08:53:23.000000000 -0500 -+++ libselinux-2.0.13/src/selinux.py 2007-04-23 10:26:41.000000000 -0400 -@@ -48,8 +48,19 @@ - del types - - -+SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER -+get_ordered_context_list = _selinux.get_ordered_context_list -+get_ordered_context_list_with_level = _selinux.get_ordered_context_list_with_level -+get_default_context = _selinux.get_default_context -+get_default_context_with_level = _selinux.get_default_context_with_level -+get_default_context_with_role = _selinux.get_default_context_with_role -+get_default_context_with_rolelevel = _selinux.get_default_context_with_rolelevel -+query_user_context = _selinux.query_user_context -+manual_user_enter_context = _selinux.manual_user_enter_context - is_selinux_enabled = _selinux.is_selinux_enabled - is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled -+freecon = _selinux.freecon -+freeconary = _selinux.freeconary - getcon = _selinux.getcon - setcon = _selinux.setcon - getpidcon = _selinux.getpidcon -@@ -88,6 +99,8 @@ - set_matchpathcon_flags = _selinux.set_matchpathcon_flags - matchpathcon_init = _selinux.matchpathcon_init - matchpathcon = _selinux.matchpathcon -+matchpathcon_init_prefix = _selinux.matchpathcon_init_prefix -+matchpathcon_fini = _selinux.matchpathcon_fini - matchmediacon = _selinux.matchmediacon - selinux_getenforcemode = _selinux.selinux_getenforcemode - selinux_policy_root = _selinux.selinux_policy_root -@@ -102,6 +115,7 @@ - selinux_homedir_context_path = _selinux.selinux_homedir_context_path - selinux_media_context_path = _selinux.selinux_media_context_path - selinux_contexts_path = _selinux.selinux_contexts_path -+selinux_securetty_types_path = _selinux.selinux_securetty_types_path - selinux_booleans_path = _selinux.selinux_booleans_path - selinux_customizable_types_path = _selinux.selinux_customizable_types_path - selinux_users_path = _selinux.selinux_users_path -@@ -109,13 +123,16 @@ - selinux_translations_path = _selinux.selinux_translations_path - selinux_netfilter_context_path = _selinux.selinux_netfilter_context_path - selinux_path = _selinux.selinux_path --selinux_check_passwd_access = _selinux.selinux_check_passwd_access --checkPasswdAccess = _selinux.checkPasswdAccess -+selinux_check_securetty_context = _selinux.selinux_check_securetty_context -+set_selinuxmnt = _selinux.set_selinuxmnt - rpm_execcon = _selinux.rpm_execcon - is_context_customizable = _selinux.is_context_customizable - selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context - selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context - selinux_getpolicytype = _selinux.selinux_getpolicytype - getseuserbyname = _selinux.getseuserbyname -+selinux_file_context_cmp = _selinux.selinux_file_context_cmp -+selinux_file_context_verify = _selinux.selinux_file_context_verify -+selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default - - -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.13/src/selinuxswig.i ---- nsalibselinux/src/selinuxswig.i 2007-04-12 16:02:48.000000000 -0400 -+++ libselinux-2.0.13/src/selinuxswig.i 2007-04-23 10:26:21.000000000 -0400 -@@ -21,6 +21,7 @@ - %module selinux - %{ - #include "selinux/selinux.h" -+ #include "selinux/get_context_list.h" - %} - %apply int *OUTPUT { int * }; - %apply int *OUTPUT { size_t * }; -@@ -42,8 +43,12 @@ - - %typedef unsigned mode_t; - -+%include "../include/selinux/get_context_list.h" -+ - extern int is_selinux_enabled(void); - extern int is_selinux_mls_enabled(void); -+extern void freecon(security_context_t con); -+extern void freeconary(security_context_t * con); - extern int getcon(security_context_t *con); - extern int setcon(security_context_t con); - extern int getpidcon(int pid, security_context_t *con); -@@ -90,6 +95,11 @@ - mode_t mode, - security_context_t *con); - -+extern int matchpathcon_init_prefix(const char *path, -+ const char *prefix); -+extern void matchpathcon_fini(void); -+ -+ - extern int matchmediacon(const char *media, - security_context_t *con); - -@@ -106,6 +116,7 @@ - extern const char *selinux_homedir_context_path(void); - extern const char *selinux_media_context_path(void); - extern const char *selinux_contexts_path(void); -+extern const char *selinux_securetty_types_path(void); - extern const char *selinux_booleans_path(void); - extern const char *selinux_customizable_types_path(void); - extern const char *selinux_users_path(void); -@@ -113,11 +124,15 @@ - extern const char *selinux_translations_path(void); - extern const char *selinux_netfilter_context_path(void); - extern const char *selinux_path(void); --extern int selinux_check_passwd_access(access_vector_t requested); --extern int checkPasswdAccess(access_vector_t requested); -+#extern int selinux_check_passwd_access(access_vector_t requested); -+#extern int checkPasswdAccess(access_vector_t requested); - -+extern int selinux_check_securetty_context(security_context_t tty_context); -+void set_selinuxmnt(char *mnt); -+ -+#ifdef SWIGpython - // This tells SWIG to treat char ** as a special case --%typemap(python,in) char ** { -+%typemap(in) char ** { - /* Check if is a list */ - if (PyList_Check($input)) { - int size = PyList_Size($input); -@@ -143,6 +158,7 @@ - return NULL; - } - } -+#endif - - extern int rpm_execcon(unsigned int verified, - const char *filename, -@@ -164,3 +180,7 @@ - } - extern int selinux_getpolicytype(char **enforce); - extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); -+ -+int selinux_file_context_cmp(const security_context_t a, const security_context_t b); -+int selinux_file_context_verify(const char *path, mode_t mode); -+int selinux_lsetfilecon_default(const char *path); -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.13/src/selinuxswig_wrap.c ---- nsalibselinux/src/selinuxswig_wrap.c 2007-04-12 16:02:48.000000000 -0400 -+++ libselinux-2.0.13/src/selinuxswig_wrap.c 2007-04-23 10:26:41.000000000 -0400 -@@ -2449,11 +2449,11 @@ +diff -up libselinux-2.0.14/src/selinuxswig_wrap.c.rhat libselinux-2.0.14/src/selinuxswig_wrap.c +--- libselinux-2.0.14/src/selinuxswig_wrap.c.rhat 2007-04-24 10:36:20.000000000 -0400 ++++ libselinux-2.0.14/src/selinuxswig_wrap.c 2007-07-11 12:00:41.000000000 -0400 +@@ -2449,11 +2449,11 @@ SWIG_Python_MustGetPtr(PyObject *obj, sw /* -------- TYPES TABLE (BEGIN) -------- */ #define SWIGTYPE_p_SELboolean swig_types[0] @@ -156,7 +18,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel #define SWIGTYPE_p_security_context_t swig_types[6] #define SWIGTYPE_p_unsigned_int swig_types[7] static swig_type_info *swig_types[9]; -@@ -2485,6 +2485,99 @@ +@@ -2485,6 +2485,99 @@ static swig_module_info swig_module = {s #include "selinux/selinux.h" @@ -256,7 +118,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel #define SWIG_From_long PyInt_FromLong -@@ -2644,74 +2737,6 @@ +@@ -2644,74 +2737,6 @@ SWIG_AsVal_int (PyObject * obj, int *val } @@ -331,7 +193,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel SWIGINTERN int SWIG_AsVal_unsigned_SS_long (PyObject *obj, unsigned long *val) { -@@ -2781,33 +2806,396 @@ +@@ -2781,33 +2806,396 @@ SWIG_AsVal_unsigned_SS_int (PyObject * o return res; } @@ -750,7 +612,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel SWIGINTERN PyObject *_wrap_is_selinux_enabled(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; int result; -@@ -2834,6 +3222,48 @@ +@@ -2834,6 +3222,48 @@ fail: } @@ -799,7 +661,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel SWIGINTERN PyObject *_wrap_getcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; security_context_t *arg1 = (security_context_t *) 0 ; -@@ -3777,6 +4207,55 @@ +@@ -3777,6 +4207,55 @@ fail: } @@ -855,7 +717,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel SWIGINTERN PyObject *_wrap_matchmediacon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; char *arg1 = (char *) 0 ; -@@ -3994,6 +4473,19 @@ +@@ -3994,6 +4473,19 @@ fail: } @@ -875,7 +737,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel SWIGINTERN PyObject *_wrap_selinux_booleans_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; char *result = 0 ; -@@ -4085,27 +4577,17 @@ +@@ -4085,27 +4577,17 @@ fail: } @@ -908,7 +770,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel resultobj = SWIG_From_int((int)(result)); return resultobj; fail: -@@ -4113,30 +4595,26 @@ +@@ -4113,30 +4595,26 @@ fail: } @@ -953,7 +815,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel return NULL; } -@@ -4153,6 +4631,10 @@ +@@ -4153,6 +4631,10 @@ SWIGINTERN PyObject *_wrap_rpm_execcon(P int res2 ; char *buf2 = 0 ; int alloc2 = 0 ; @@ -964,7 +826,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel PyObject * obj0 = 0 ; PyObject * obj1 = 0 ; PyObject * obj2 = 0 ; -@@ -4169,58 +4651,16 @@ +@@ -4169,58 +4651,16 @@ SWIGINTERN PyObject *_wrap_rpm_execcon(P SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'"); } arg2 = (char *)(buf2); @@ -1032,7 +894,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel result = (int)rpm_execcon(arg1,(char const *)arg2,arg3,arg4); resultobj = SWIG_From_int((int)(result)); if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); -@@ -4387,9 +4827,101 @@ +@@ -4387,9 +4827,101 @@ fail: } @@ -1134,7 +996,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel { (char *)"getcon", _wrap_getcon, METH_VARARGS, NULL}, { (char *)"setcon", _wrap_setcon, METH_VARARGS, NULL}, { (char *)"getpidcon", _wrap_getpidcon, METH_VARARGS, NULL}, -@@ -4426,6 +4958,8 @@ +@@ -4426,6 +4958,8 @@ static PyMethodDef SwigMethods[] = { { (char *)"set_matchpathcon_flags", _wrap_set_matchpathcon_flags, METH_VARARGS, NULL}, { (char *)"matchpathcon_init", _wrap_matchpathcon_init, METH_VARARGS, NULL}, { (char *)"matchpathcon", _wrap_matchpathcon, METH_VARARGS, NULL}, @@ -1143,7 +1005,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel { (char *)"matchmediacon", _wrap_matchmediacon, METH_VARARGS, NULL}, { (char *)"selinux_getenforcemode", _wrap_selinux_getenforcemode, METH_VARARGS, NULL}, { (char *)"selinux_policy_root", _wrap_selinux_policy_root, METH_VARARGS, NULL}, -@@ -4440,6 +4974,7 @@ +@@ -4440,6 +4974,7 @@ static PyMethodDef SwigMethods[] = { { (char *)"selinux_homedir_context_path", _wrap_selinux_homedir_context_path, METH_VARARGS, NULL}, { (char *)"selinux_media_context_path", _wrap_selinux_media_context_path, METH_VARARGS, NULL}, { (char *)"selinux_contexts_path", _wrap_selinux_contexts_path, METH_VARARGS, NULL}, @@ -1151,7 +1013,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel { (char *)"selinux_booleans_path", _wrap_selinux_booleans_path, METH_VARARGS, NULL}, { (char *)"selinux_customizable_types_path", _wrap_selinux_customizable_types_path, METH_VARARGS, NULL}, { (char *)"selinux_users_path", _wrap_selinux_users_path, METH_VARARGS, NULL}, -@@ -4447,14 +4982,17 @@ +@@ -4447,14 +4982,17 @@ static PyMethodDef SwigMethods[] = { { (char *)"selinux_translations_path", _wrap_selinux_translations_path, METH_VARARGS, NULL}, { (char *)"selinux_netfilter_context_path", _wrap_selinux_netfilter_context_path, METH_VARARGS, NULL}, { (char *)"selinux_path", _wrap_selinux_path, METH_VARARGS, NULL}, @@ -1171,7 +1033,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel { NULL, NULL, 0, NULL } }; -@@ -4462,41 +5000,41 @@ +@@ -4462,41 +5000,41 @@ static PyMethodDef SwigMethods[] = { /* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */ static swig_type_info _swigt__p_SELboolean = {"_p_SELboolean", "SELboolean *", 0, 0, (void*)0, 0}; @@ -1217,7 +1079,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel _swigc__p_security_context_t, _swigc__p_unsigned_int, }; -@@ -5019,6 +5557,7 @@ +@@ -5019,6 +5557,7 @@ SWIGEXPORT void SWIG_init(void) { SWIG_InstallConstants(d,swig_const_table); @@ -1225,244 +1087,274 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel SWIG_Python_SetConstant(d, "MATCHPATHCON_BASEONLY",SWIG_From_int((int)(1))); SWIG_Python_SetConstant(d, "MATCHPATHCON_NOTRANS",SWIG_From_int((int)(2))); } -diff --exclude-from=exclude -N -u -r nsalibselinux/Makefile libselinux-2.0.13/Makefile ---- nsalibselinux/Makefile 2007-06-01 10:44:08.000000000 -0400 -+++ libselinux-2.0.13/Makefile 2007-06-26 05:11:37.000000000 -0400 -@@ -20,6 +20,9 @@ - $(MAKE) -C src - $(MAKE) -C utils +diff -up libselinux-2.0.14/src/selinuxswig.i.rhat libselinux-2.0.14/src/selinuxswig.i +--- libselinux-2.0.14/src/selinuxswig.i.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/src/selinuxswig.i 2007-07-11 12:00:41.000000000 -0400 +@@ -21,6 +21,7 @@ + %module selinux + %{ + #include "selinux/selinux.h" ++ #include "selinux/get_context_list.h" + %} + %apply int *OUTPUT { int * }; + %apply int *OUTPUT { size_t * }; +@@ -42,8 +43,12 @@ -+swigify: -+ $(MAKE) -C src swigify -+ - pywrap: - $(MAKE) -C src pywrap + %typedef unsigned mode_t; -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_add_callback.3 libselinux-2.0.13/man/man3/avc_add_callback.3 ---- nsalibselinux/man/man3/avc_add_callback.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/avc_add_callback.3 2007-07-10 12:17:08.000000000 -0400 -@@ -6,26 +6,26 @@ - avc_add_callback \- additional event notification for SELinux userspace object managers. - .SH "SYNOPSIS" - .B #include --.br -+ - .B #include - .sp - .BI "int avc_add_callback(int (*" callback ")(uint32_t " event , - .in +\w'int avc_add_callback(int (*callback)('u - .BI "security_id_t " ssid , --.br -+ - .BI "security_id_t " tsid , --.br -+ - .BI "security_class_t " tclass , --.br -+ - .BI "access_vector_t " perms , --.br -+ - .BI "access_vector_t *" out_retained ")," - .in - .in +\w'int avc_add_callback('u - .BI "uint32_t " events ", security_id_t " ssid , --.br -+ - .BI "security_id_t " tsid ", security_class_t " tclass , --.br ++%include "../include/selinux/get_context_list.h" + - .BI "access_vector_t " perms ");" - .in - .SH "DESCRIPTION" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_cache_stats.3 libselinux-2.0.13/man/man3/avc_cache_stats.3 ---- nsalibselinux/man/man3/avc_cache_stats.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/avc_cache_stats.3 2007-07-10 12:17:08.000000000 -0400 -@@ -6,7 +6,7 @@ - avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics. - .SH "SYNOPSIS" - .B #include --.br + extern int is_selinux_enabled(void); + extern int is_selinux_mls_enabled(void); ++extern void freecon(security_context_t con); ++extern void freeconary(security_context_t * con); + extern int getcon(security_context_t *con); + extern int setcon(security_context_t con); + extern int getpidcon(int pid, security_context_t *con); +@@ -90,6 +95,11 @@ extern int matchpathcon(const char *path + mode_t mode, + security_context_t *con); + ++extern int matchpathcon_init_prefix(const char *path, ++ const char *prefix); ++extern void matchpathcon_fini(void); + - .B #include - .sp - .BI "void avc_av_stats(void);" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_compute_create.3 libselinux-2.0.13/man/man3/avc_compute_create.3 ---- nsalibselinux/man/man3/avc_compute_create.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/avc_compute_create.3 2007-07-10 12:17:07.000000000 -0400 -@@ -6,7 +6,7 @@ - avc_compute_create \- obtain SELinux label for new object. - .SH "SYNOPSIS" - .B #include --.br + - .B #include - .sp - .BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid , -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_context_to_sid.3 libselinux-2.0.13/man/man3/avc_context_to_sid.3 ---- nsalibselinux/man/man3/avc_context_to_sid.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/avc_context_to_sid.3 2007-07-10 12:17:07.000000000 -0400 -@@ -6,7 +6,7 @@ - avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's. - .SH "SYNOPSIS" - .B #include --.br + extern int matchmediacon(const char *media, + security_context_t *con); + +@@ -106,6 +116,7 @@ extern const char *selinux_file_context_ + extern const char *selinux_homedir_context_path(void); + extern const char *selinux_media_context_path(void); + extern const char *selinux_contexts_path(void); ++extern const char *selinux_securetty_types_path(void); + extern const char *selinux_booleans_path(void); + extern const char *selinux_customizable_types_path(void); + extern const char *selinux_users_path(void); +@@ -113,11 +124,15 @@ extern const char *selinux_usersconf_pat + extern const char *selinux_translations_path(void); + extern const char *selinux_netfilter_context_path(void); + extern const char *selinux_path(void); +-extern int selinux_check_passwd_access(access_vector_t requested); +-extern int checkPasswdAccess(access_vector_t requested); ++#extern int selinux_check_passwd_access(access_vector_t requested); ++#extern int checkPasswdAccess(access_vector_t requested); + ++extern int selinux_check_securetty_context(security_context_t tty_context); ++void set_selinuxmnt(char *mnt); + - .B #include - .sp - .BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_has_perm.3 libselinux-2.0.13/man/man3/avc_has_perm.3 ---- nsalibselinux/man/man3/avc_has_perm.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/avc_has_perm.3 2007-07-10 12:13:47.000000000 -0400 -@@ -6,7 +6,7 @@ - avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions. - .SH "SYNOPSIS" - .B #include --.br ++#ifdef SWIGpython + // This tells SWIG to treat char ** as a special case +-%typemap(python,in) char ** { ++%typemap(in) char ** { + /* Check if is a list */ + if (PyList_Check($input)) { + int size = PyList_Size($input); +@@ -143,6 +158,7 @@ extern int checkPasswdAccess(access_vect + return NULL; + } + } ++#endif + + extern int rpm_execcon(unsigned int verified, + const char *filename, +@@ -164,3 +180,7 @@ extern int selinux_raw_to_trans_context( + } + extern int selinux_getpolicytype(char **enforce); + extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); + - .B #include - .sp - .BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");" -@@ -14,21 +14,21 @@ - .BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid , - .in +\w'int avc_has_perm('u - .BI "security_class_t " tclass ", access_vector_t " requested , --.br -+ - .BI "struct avc_entry_ref *" aeref ", void *" auditdata ");" - .in - .sp - .BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid , - .in +\w'int avc_has_perm('u - .BI "security_class_t " tclass ", access_vector_t " requested , --.br -+ - .BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");" - .in - .sp - .BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid , - .in +\w'void avc_audit('u - .BI "security_class_t " tclass ", access_vector_t " requested , ++int selinux_file_context_cmp(const security_context_t a, const security_context_t b); ++int selinux_file_context_verify(const char *path, mode_t mode); ++int selinux_lsetfilecon_default(const char *path); +diff -up libselinux-2.0.14/src/selinux.py.rhat libselinux-2.0.14/src/selinux.py +--- libselinux-2.0.14/src/selinux.py.rhat 2007-04-24 10:36:20.000000000 -0400 ++++ libselinux-2.0.14/src/selinux.py 2007-07-11 12:00:41.000000000 -0400 +@@ -48,8 +48,19 @@ except AttributeError: + del types + + ++SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER ++get_ordered_context_list = _selinux.get_ordered_context_list ++get_ordered_context_list_with_level = _selinux.get_ordered_context_list_with_level ++get_default_context = _selinux.get_default_context ++get_default_context_with_level = _selinux.get_default_context_with_level ++get_default_context_with_role = _selinux.get_default_context_with_role ++get_default_context_with_rolelevel = _selinux.get_default_context_with_rolelevel ++query_user_context = _selinux.query_user_context ++manual_user_enter_context = _selinux.manual_user_enter_context + is_selinux_enabled = _selinux.is_selinux_enabled + is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled ++freecon = _selinux.freecon ++freeconary = _selinux.freeconary + getcon = _selinux.getcon + setcon = _selinux.setcon + getpidcon = _selinux.getpidcon +@@ -88,6 +99,8 @@ MATCHPATHCON_NOTRANS = _selinux.MATCHPAT + set_matchpathcon_flags = _selinux.set_matchpathcon_flags + matchpathcon_init = _selinux.matchpathcon_init + matchpathcon = _selinux.matchpathcon ++matchpathcon_init_prefix = _selinux.matchpathcon_init_prefix ++matchpathcon_fini = _selinux.matchpathcon_fini + matchmediacon = _selinux.matchmediacon + selinux_getenforcemode = _selinux.selinux_getenforcemode + selinux_policy_root = _selinux.selinux_policy_root +@@ -102,6 +115,7 @@ selinux_file_context_local_path = _selin + selinux_homedir_context_path = _selinux.selinux_homedir_context_path + selinux_media_context_path = _selinux.selinux_media_context_path + selinux_contexts_path = _selinux.selinux_contexts_path ++selinux_securetty_types_path = _selinux.selinux_securetty_types_path + selinux_booleans_path = _selinux.selinux_booleans_path + selinux_customizable_types_path = _selinux.selinux_customizable_types_path + selinux_users_path = _selinux.selinux_users_path +@@ -109,13 +123,16 @@ selinux_usersconf_path = _selinux.selinu + selinux_translations_path = _selinux.selinux_translations_path + selinux_netfilter_context_path = _selinux.selinux_netfilter_context_path + selinux_path = _selinux.selinux_path +-selinux_check_passwd_access = _selinux.selinux_check_passwd_access +-checkPasswdAccess = _selinux.checkPasswdAccess ++selinux_check_securetty_context = _selinux.selinux_check_securetty_context ++set_selinuxmnt = _selinux.set_selinuxmnt + rpm_execcon = _selinux.rpm_execcon + is_context_customizable = _selinux.is_context_customizable + selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context + selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context + selinux_getpolicytype = _selinux.selinux_getpolicytype + getseuserbyname = _selinux.getseuserbyname ++selinux_file_context_cmp = _selinux.selinux_file_context_cmp ++selinux_file_context_verify = _selinux.selinux_file_context_verify ++selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default + + +diff -up libselinux-2.0.14/include/selinux/flask.h.rhat libselinux-2.0.14/include/selinux/flask.h +--- libselinux-2.0.14/include/selinux/flask.h.rhat 2007-07-11 12:02:16.000000000 -0400 ++++ libselinux-2.0.14/include/selinux/flask.h 2007-07-11 12:02:23.000000000 -0400 +@@ -64,6 +64,8 @@ + #define SECCLASS_PACKET 57 + #define SECCLASS_KEY 58 + #define SECCLASS_CONTEXT 59 ++#define SECCLASS_DCCP_SOCKET 60 ++#define SECCLASS_MEMPROTECT 61 + + /* + * Security identifier indices for initial entities +diff -up libselinux-2.0.14/include/selinux/av_permissions.h.rhat libselinux-2.0.14/include/selinux/av_permissions.h +--- libselinux-2.0.14/include/selinux/av_permissions.h.rhat 2007-07-11 12:02:07.000000000 -0400 ++++ libselinux-2.0.14/include/selinux/av_permissions.h 2007-07-11 12:02:09.000000000 -0400 +@@ -290,12 +290,16 @@ + #define NODE__RAWIP_RECV 0x00000010UL + #define NODE__RAWIP_SEND 0x00000020UL + #define NODE__ENFORCE_DEST 0x00000040UL ++#define NODE__DCCP_RECV 0x00000080UL ++#define NODE__DCCP_SEND 0x00000100UL + #define NETIF__TCP_RECV 0x00000001UL + #define NETIF__TCP_SEND 0x00000002UL + #define NETIF__UDP_RECV 0x00000004UL + #define NETIF__UDP_SEND 0x00000008UL + #define NETIF__RAWIP_RECV 0x00000010UL + #define NETIF__RAWIP_SEND 0x00000020UL ++#define NETIF__DCCP_RECV 0x00000040UL ++#define NETIF__DCCP_SEND 0x00000080UL + #define NETLINK_SOCKET__IOCTL 0x00000001UL + #define NETLINK_SOCKET__READ 0x00000002UL + #define NETLINK_SOCKET__WRITE 0x00000004UL +@@ -837,6 +841,8 @@ + #define NSCD__SHMEMPWD 0x00000020UL + #define NSCD__SHMEMGRP 0x00000040UL + #define NSCD__SHMEMHOST 0x00000080UL ++#define NSCD__GETSERV 0x00000100UL ++#define NSCD__SHMEMSERV 0x00000200UL + #define ASSOCIATION__SENDTO 0x00000001UL + #define ASSOCIATION__RECVFROM 0x00000002UL + #define ASSOCIATION__SETCONTEXT 0x00000004UL +@@ -897,3 +903,28 @@ + #define KEY__CREATE 0x00000040UL + #define CONTEXT__TRANSLATE 0x00000001UL + #define CONTEXT__CONTAINS 0x00000002UL ++#define DCCP_SOCKET__IOCTL 0x00000001UL ++#define DCCP_SOCKET__READ 0x00000002UL ++#define DCCP_SOCKET__WRITE 0x00000004UL ++#define DCCP_SOCKET__CREATE 0x00000008UL ++#define DCCP_SOCKET__GETATTR 0x00000010UL ++#define DCCP_SOCKET__SETATTR 0x00000020UL ++#define DCCP_SOCKET__LOCK 0x00000040UL ++#define DCCP_SOCKET__RELABELFROM 0x00000080UL ++#define DCCP_SOCKET__RELABELTO 0x00000100UL ++#define DCCP_SOCKET__APPEND 0x00000200UL ++#define DCCP_SOCKET__BIND 0x00000400UL ++#define DCCP_SOCKET__CONNECT 0x00000800UL ++#define DCCP_SOCKET__LISTEN 0x00001000UL ++#define DCCP_SOCKET__ACCEPT 0x00002000UL ++#define DCCP_SOCKET__GETOPT 0x00004000UL ++#define DCCP_SOCKET__SETOPT 0x00008000UL ++#define DCCP_SOCKET__SHUTDOWN 0x00010000UL ++#define DCCP_SOCKET__RECVFROM 0x00020000UL ++#define DCCP_SOCKET__SENDTO 0x00040000UL ++#define DCCP_SOCKET__RECV_MSG 0x00080000UL ++#define DCCP_SOCKET__SEND_MSG 0x00100000UL ++#define DCCP_SOCKET__NAME_BIND 0x00200000UL ++#define DCCP_SOCKET__NODE_BIND 0x00400000UL ++#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL ++#define MEMPROTECT__MMAP_ZERO 0x00000001UL +diff -up libselinux-2.0.14/man/man8/selinux.8.rhat libselinux-2.0.14/man/man8/selinux.8 +--- libselinux-2.0.14/man/man8/selinux.8.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man8/selinux.8 2007-07-11 12:00:41.000000000 -0400 +@@ -62,14 +62,13 @@ compile-time tunable options and a set o + .B system-config-securitylevel + allows customization of these booleans and tunables. + -.br + Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy. + + .SH FILE LABELING + + All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system. + Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling. +-.br + - .BI "struct av_decision *" avd ", int " result ", void *" auditdata ");" - .in - .SH "DESCRIPTION" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_init.3 libselinux-2.0.13/man/man3/avc_init.3 ---- nsalibselinux/man/man3/avc_init.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/avc_init.3 2007-07-10 12:13:43.000000000 -0400 -@@ -6,17 +6,17 @@ - avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown. - .SH "SYNOPSIS" - .B #include + The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files. + + .SH AUTHOR +diff -up libselinux-2.0.14/man/man8/matchpathcon.8.rhat libselinux-2.0.14/man/man8/matchpathcon.8 +--- libselinux-2.0.14/man/man8/matchpathcon.8.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man8/matchpathcon.8 2007-07-11 12:00:41.000000000 -0400 +@@ -10,16 +10,16 @@ Prints the file path and the default sec + .SH OPTIONS + .B \-n + Do not display path. -.br + - .B #include - .sp - .BI "int avc_init(const char *" msgprefix , - .in +\w'int avc_init('u - .BI "const struct avc_memory_callback *" mem_callbacks , + .B \-N + Do not use translations. -.br + - .BI "const struct avc_log_callback *" log_callbacks , + .B \-f file_context_file + Use alternate file_context file -.br + - .BI "const struct avc_thread_callback *" thread_callbacks , + .B \-p prefix + Use prefix to speed translations -.br + - .BI "const struct avc_lock_callback *" lock_callbacks ");" - .in - .sp -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_new.3 libselinux-2.0.13/man/man3/context_new.3 ---- nsalibselinux/man/man3/context_new.3 2007-01-17 11:11:35.000000000 -0500 -+++ libselinux-2.0.13/man/man3/context_new.3 2007-07-10 12:13:40.000000000 -0400 -@@ -4,27 +4,27 @@ + .B \-V + Verify file context on disk matches defaults +diff -up libselinux-2.0.14/man/man3/avc_compute_create.3.rhat libselinux-2.0.14/man/man3/avc_compute_create.3 +--- libselinux-2.0.14/man/man3/avc_compute_create.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/avc_compute_create.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,7 +6,7 @@ + avc_compute_create \- obtain SELinux label for new object. .SH "SYNOPSIS" - .B #include --.br -+ - .B "context_t context_new(const char *" context_str ); --.br -+ - .B "const char * context_str(context_t " con ); --.br -+ - .B "void context_free(context_t " con ); --.br -+ - .B "const char * context_type_get(context_t " con ); --.br -+ - .B "const char * context_range_get(context_t " con ); --.br -+ - .B "const char * context_role_get(context_t " con ); --.br -+ - .B "const char * context_user_get(context_t " con ); --.br -+ - .B "const char * context_type_set(context_t " con ", const char* " type); --.br -+ - .B "const char * context_range_set(context_t " con ", const char* " range); --.br -+ - .B "const char * context_role_set(context_t " con ", const char* " role ); --.br -+ - .B "const char * context_user_set(context_t " con ", const char* " user ); - - .SH "DESCRIPTION" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.13/man/man3/freecon.3 ---- nsalibselinux/man/man3/freecon.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/freecon.3 2007-07-10 12:13:55.000000000 -0400 -@@ -5,7 +5,7 @@ .B #include - .sp - .BI "void freecon(security_context_t "con ); --.br -+ - .BI "void freeconary(security_context_t *" con ); - - .SH "DESCRIPTION" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getcon.3 libselinux-2.0.13/man/man3/getcon.3 ---- nsalibselinux/man/man3/getcon.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/getcon.3 2007-07-10 12:14:08.000000000 -0400 -@@ -1,21 +1,21 @@ - .TH "getcon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation" - .SH "NAME" - getcon, getprevcon, getpidcon \- get SELinux security context of a process. -.br + - getpeercon - get security context of a peer socket. --.br -+ - setcon - set current security context of a process. - .SH "SYNOPSIS" - .B #include + .B #include .sp - .BI "int getcon(security_context_t *" context ); --.br -+ - .BI "int getprevcon(security_context_t *" context ); --.br -+ - .BI "int getpidcon(pid_t " pid ", security_context_t *" context ); --.br -+ - .BI "int getpeercon(int " fd ", security_context_t *" context); --.br -+ - .BI "int setcon(security_context_t " context); - - .SH "DESCRIPTION" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libselinux-2.0.13/man/man3/getexeccon.3 ---- nsalibselinux/man/man3/getexeccon.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/getexeccon.3 2007-07-10 12:14:24.000000000 -0400 + .BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid , +diff -up libselinux-2.0.14/man/man3/getexeccon.3.rhat libselinux-2.0.14/man/man3/getexeccon.3 +--- libselinux-2.0.14/man/man3/getexeccon.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/getexeccon.3 2007-07-11 12:00:41.000000000 -0400 @@ -1,16 +1,16 @@ - .TH "getexeccon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation" + .TH "getexeccon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process. -.br @@ -1481,7 +1373,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libseli .BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]); .SH "DESCRIPTION" -@@ -26,16 +26,16 @@ +@@ -26,16 +26,16 @@ NULL can be passed to setexeccon to reset to the default policy behavior. The exec context is automatically reset after the next execve, so a program doesn't need to explicitly sanitize it upon startup. @@ -1501,10 +1393,10 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libseli .B rpm_execcon runs a helper for rpm in an appropriate security context. The -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libselinux-2.0.13/man/man3/getfilecon.3 ---- nsalibselinux/man/man3/getfilecon.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/getfilecon.3 2007-07-10 12:17:06.000000000 -0400 -@@ -5,9 +5,9 @@ +diff -up libselinux-2.0.14/man/man3/getfilecon.3.rhat libselinux-2.0.14/man/man3/getfilecon.3 +--- libselinux-2.0.14/man/man3/getfilecon.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/getfilecon.3 2007-07-11 12:00:41.000000000 -0400 +@@ -5,9 +5,9 @@ getfilecon, fgetfilecon, lgetfilecon \- .B #include .sp .BI "int getfilecon(const char *" path ", security_context_t *" con ); @@ -1516,7 +1408,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libseli .BI "int fgetfilecon(int "fd ", security_context_t *" con ); .SH "DESCRIPTION" .B getfilecon -@@ -22,7 +22,6 @@ +@@ -22,7 +22,6 @@ link itself is interrogated, not the fil is identical to getfilecon, only the open file pointed to by filedes (as returned by open(2)) is interrogated in place of path. @@ -1524,10 +1416,64 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libseli The returned context should be freed with freecon if non-NULL. .SH "RETURN VALUE" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 libselinux-2.0.13/man/man3/getfscreatecon.3 ---- nsalibselinux/man/man3/getfscreatecon.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/getfscreatecon.3 2007-07-10 12:17:06.000000000 -0400 -@@ -6,7 +6,7 @@ +diff -up libselinux-2.0.14/man/man3/selinux_binary_policy_path.3.rhat libselinux-2.0.14/man/man3/selinux_binary_policy_path.3 +--- libselinux-2.0.14/man/man3/selinux_binary_policy_path.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/selinux_binary_policy_path.3 2007-07-11 12:00:41.000000000 -0400 +@@ -10,27 +10,27 @@ directories and files. + .SH "SYNOPSIS" + .B #include + .sp +-.br ++ + extern const char *selinux_policy_root(void); +-.br ++ + extern const char *selinux_binary_policy_path(void); +-.br ++ + extern const char *selinux_failsafe_context_path(void); +-.br ++ + extern const char *selinux_removable_context_path(void); +-.br ++ + extern const char *selinux_default_context_path(void); +-.br ++ + extern const char *selinux_user_contexts_path(void); +-.br ++ + extern const char *selinux_file_context_path(void); +-.br ++ + extern const char *selinux_media_context_path(void); +-.br ++ + extern const char *selinux_securetty_types_path(void); +-.br ++ + extern const char *selinux_contexts_path(void); +-.br ++ + extern const char *selinux_booleans_path(void); + + +diff -up libselinux-2.0.14/man/man3/security_class_to_string.3.rhat libselinux-2.0.14/man/man3/security_class_to_string.3 +--- libselinux-2.0.14/man/man3/security_class_to_string.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/security_class_to_string.3 2007-07-11 12:00:41.000000000 -0400 +@@ -8,7 +8,7 @@ between SELinux class and permission val + + .SH "SYNOPSIS" + .B #include +-.br ++ + .B #include + .sp + .BI "const char * security_class_to_string(security_class_t " tclass ");" +diff -up libselinux-2.0.14/man/man3/getfscreatecon.3.rhat libselinux-2.0.14/man/man3/getfscreatecon.3 +--- libselinux-2.0.14/man/man3/getfscreatecon.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/getfscreatecon.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,7 +6,7 @@ getfscreatecon, setfscreatecon \- get or .B #include .sp .BI "int getfscreatecon(security_context_t *" con ); @@ -1536,7 +1482,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 lib .BI "int setfscreatecon(security_context_t "context ); .SH "DESCRIPTION" -@@ -22,11 +22,11 @@ +@@ -22,11 +22,11 @@ NULL can be passed to setfscreatecon to reset to the default policy behavior. The fscreate context is automatically reset after the next execve, so a program doesn't need to explicitly sanitize it upon startup. @@ -1550,46 +1496,53 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 lib Note: Signal handlers that perform an setfscreate must take care to save, reset, and restore the fscreate context to avoid unexpected behaviors. -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-2.0.13/man/man3/get_ordered_context_list.3 ---- nsalibselinux/man/man3/get_ordered_context_list.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/get_ordered_context_list.3 2007-07-10 12:17:05.000000000 -0400 -@@ -4,7 +4,7 @@ +diff -up libselinux-2.0.14/man/man3/freecon.3.rhat libselinux-2.0.14/man/man3/freecon.3 +--- libselinux-2.0.14/man/man3/freecon.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/freecon.3 2007-07-11 12:00:41.000000000 -0400 +@@ -5,7 +5,7 @@ freecon, freeconary \- free memory assoc + .B #include + .sp + .BI "void freecon(security_context_t "con ); +-.br ++ + .BI "void freeconary(security_context_t *" con ); - .SH "SYNOPSIS" + .SH "DESCRIPTION" +diff -up libselinux-2.0.14/man/man3/security_getenforce.3.rhat libselinux-2.0.14/man/man3/security_getenforce.3 +--- libselinux-2.0.14/man/man3/security_getenforce.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/security_getenforce.3 2007-07-11 12:00:41.000000000 -0400 +@@ -5,7 +5,7 @@ security_getenforce, security_setenforce .B #include + .sp + .B int security_getenforce(); -.br + - .B #include - .sp - .BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list ); -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getseuserbyname.3 libselinux-2.0.13/man/man3/getseuserbyname.3 ---- nsalibselinux/man/man3/getseuserbyname.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/getseuserbyname.3 2007-07-10 12:17:04.000000000 -0400 -@@ -12,7 +12,7 @@ - then be passed to other libselinux functions such as - get_ordered_context_list_with_level and get_default_context_with_level. + .BI "int security_setenforce(int "value ); + .SH "DESCRIPTION" +diff -up libselinux-2.0.14/man/man3/selinux_getenforcemode.3.rhat libselinux-2.0.14/man/man3/selinux_getenforcemode.3 +--- libselinux-2.0.14/man/man3/selinux_getenforcemode.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/selinux_getenforcemode.3 2007-07-11 12:00:41.000000000 -0400 +@@ -5,13 +5,13 @@ selinux_getenforcemode \- get the enforc + .B #include + .sp + .B int selinux_getenforcemode(int *enforce); -.br + - The returned SELinux username and level should be freed by the caller - using free. -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_context_customizable.3 libselinux-2.0.13/man/man3/is_context_customizable.3 ---- nsalibselinux/man/man3/is_context_customizable.3 2007-01-17 11:11:35.000000000 -0500 -+++ libselinux-2.0.13/man/man3/is_context_customizable.3 2007-07-10 12:17:04.000000000 -0400 -@@ -8,7 +8,7 @@ - .SH "DESCRIPTION" - .B is_context_customizable + .B selinux_getenforcemode + Reads the contents of the /etc/selinux/config file to determine how the + system was setup to run SELinux. -.br + - This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that - administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place. - -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libselinux-2.0.13/man/man3/matchmediacon.3 ---- nsalibselinux/man/man3/matchmediacon.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/matchmediacon.3 2007-07-10 12:17:03.000000000 -0400 -@@ -6,14 +6,14 @@ + Sets the value of enforce to 1 if SELinux should be run in enforcing mode. + Sets the value of enforce to 0 if SELinux should be run in permissive mode. + Sets the value of enforce to -1 if SELinux should be disabled. +diff -up libselinux-2.0.14/man/man3/matchmediacon.3.rhat libselinux-2.0.14/man/man3/matchmediacon.3 +--- libselinux-2.0.14/man/man3/matchmediacon.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/matchmediacon.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,14 +6,14 @@ matchmediacon \- get the default SELinux .B #include .sp .BI "int matchmediacon(const char *" media ", security_context_t *" con);" @@ -1607,10 +1560,61 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libs .B Note: Caller must free returned security context "con" using freecon. .SH "RETURN VALUE" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.13/man/man3/matchpathcon.3 ---- nsalibselinux/man/man3/matchpathcon.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/matchpathcon.3 2007-07-10 12:15:33.000000000 -0400 -@@ -6,18 +6,18 @@ +diff -up libselinux-2.0.14/man/man3/getseuserbyname.3.rhat libselinux-2.0.14/man/man3/getseuserbyname.3 +--- libselinux-2.0.14/man/man3/getseuserbyname.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/getseuserbyname.3 2007-07-11 12:00:41.000000000 -0400 +@@ -12,7 +12,7 @@ a given Linux username. The SELinux use + then be passed to other libselinux functions such as + get_ordered_context_list_with_level and get_default_context_with_level. + +-.br ++ + + The returned SELinux username and level should be freed by the caller + using free. +diff -up libselinux-2.0.14/man/man3/is_context_customizable.3.rhat libselinux-2.0.14/man/man3/is_context_customizable.3 +--- libselinux-2.0.14/man/man3/is_context_customizable.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/is_context_customizable.3 2007-07-11 12:00:41.000000000 -0400 +@@ -8,7 +8,7 @@ is_context_customizable \- check whether + + .SH "DESCRIPTION" + .B is_context_customizable +-.br ++ + This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that + administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place. + +diff -up libselinux-2.0.14/man/man3/security_compute_av.3.rhat libselinux-2.0.14/man/man3/security_compute_av.3 +--- libselinux-2.0.14/man/man3/security_compute_av.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/security_compute_av.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,7 +6,7 @@ the SELinux policy database in the kerne + + .SH "SYNOPSIS" + .B #include +-.br ++ + .B #include + .sp + .BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd ); +diff -up libselinux-2.0.14/man/man3/setfilecon.3.rhat libselinux-2.0.14/man/man3/setfilecon.3 +--- libselinux-2.0.14/man/man3/setfilecon.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/setfilecon.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,9 +6,9 @@ setfilecon, fsetfilecon, lsetfilecon \- + .B #include + .sp + .BI "int setfilecon(const char *" path ", security_context_t "con ); +-.br ++ + .BI "int lsetfilecon(const char *" path ", security_context_t "con ); +-.br ++ + .BI "int fsetfilecon(int "fd ", security_context_t "con ); + + .SH "DESCRIPTION" +diff -up libselinux-2.0.14/man/man3/matchpathcon.3.rhat libselinux-2.0.14/man/man3/matchpathcon.3 +--- libselinux-2.0.14/man/man3/matchpathcon.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/matchpathcon.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,18 +6,18 @@ matchpathcon \- get the default SELinux .B #include .sp .BI "int matchpathcon_init(const char *" path ");" @@ -1635,7 +1639,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libse .SH "DESCRIPTION" .B matchpathcon_init loads the file contexts configuration specified by -@@ -40,7 +40,7 @@ +@@ -40,7 +40,7 @@ and suffix are also looked up and loaded if present. These files provide dynamically generated entries for user home directories and for local customizations. @@ -1644,7 +1648,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libse .sp .B matchpathcon_fini frees the memory allocated by a prior call to -@@ -49,7 +49,7 @@ +@@ -49,7 +49,7 @@ This function can be used to free and re .B matchpathcon_init calls, or to free memory when finished using .B matchpathcon. @@ -1653,7 +1657,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libse .sp .B matchpathcon matches the specified pathname and mode against the file contexts -@@ -72,14 +72,14 @@ +@@ -72,14 +72,14 @@ its first invocation with a NULL .I path, defaulting to the active file contexts configuration. .sp @@ -1670,7 +1674,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libse .sp .B set_matchpathcon_invalidcon sets the function used by -@@ -100,7 +100,7 @@ +@@ -100,7 +100,7 @@ may include the and .I lineno in such error messages. @@ -1679,7 +1683,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libse .sp .B set_matchpathcon_flags sets flags controlling the operation of -@@ -111,7 +111,7 @@ +@@ -111,7 +111,7 @@ If the .B MATCHPATHCON_BASEONLY flag is set, then only the base file contexts configuration file will be processed, not any dynamically generated entries or local customizations. @@ -1688,46 +1692,35 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libse .sp .SH "RETURN VALUE" Returns 0 on success or -1 otherwise. -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_class_to_string.3 libselinux-2.0.13/man/man3/security_class_to_string.3 ---- nsalibselinux/man/man3/security_class_to_string.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/security_class_to_string.3 2007-07-10 12:15:16.000000000 -0400 -@@ -8,7 +8,7 @@ - +diff -up libselinux-2.0.14/man/man3/avc_init.3.rhat libselinux-2.0.14/man/man3/avc_init.3 +--- libselinux-2.0.14/man/man3/avc_init.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/avc_init.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,17 +6,17 @@ + avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown. .SH "SYNOPSIS" .B #include -.br + - .B #include + .B #include .sp - .BI "const char * security_class_to_string(security_class_t " tclass ");" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_compute_av.3 libselinux-2.0.13/man/man3/security_compute_av.3 ---- nsalibselinux/man/man3/security_compute_av.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/security_compute_av.3 2007-07-10 12:15:12.000000000 -0400 -@@ -6,7 +6,7 @@ - - .SH "SYNOPSIS" - .B #include + .BI "int avc_init(const char *" msgprefix , + .in +\w'int avc_init('u + .BI "const struct avc_memory_callback *" mem_callbacks , -.br + - .B #include - .sp - .BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd ); -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_getenforce.3 libselinux-2.0.13/man/man3/security_getenforce.3 ---- nsalibselinux/man/man3/security_getenforce.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/security_getenforce.3 2007-07-10 12:15:08.000000000 -0400 -@@ -5,7 +5,7 @@ - .B #include - .sp - .B int security_getenforce(); + .BI "const struct avc_log_callback *" log_callbacks , -.br + - .BI "int security_setenforce(int "value ); - - .SH "DESCRIPTION" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_booleans.3 libselinux-2.0.13/man/man3/security_load_booleans.3 ---- nsalibselinux/man/man3/security_load_booleans.3 2007-01-17 11:11:35.000000000 -0500 -+++ libselinux-2.0.13/man/man3/security_load_booleans.3 2007-07-10 12:17:02.000000000 -0400 -@@ -7,15 +7,15 @@ + .BI "const struct avc_thread_callback *" thread_callbacks , +-.br ++ + .BI "const struct avc_lock_callback *" lock_callbacks ");" + .in + .sp +diff -up libselinux-2.0.14/man/man3/security_load_booleans.3.rhat libselinux-2.0.14/man/man3/security_load_booleans.3 +--- libselinux-2.0.14/man/man3/security_load_booleans.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/security_load_booleans.3 2007-07-11 12:00:41.000000000 -0400 +@@ -7,15 +7,15 @@ security_get_boolean_pending \- routines .B #include .sp extern int security_load_booleans(char *path); @@ -1748,7 +1741,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_boolea extern int security_commit_booleans(void); -@@ -29,27 +29,27 @@ +@@ -29,27 +29,27 @@ policy without having to load a new poli The SELinux API allows for a transaction based update. So you can set several boolean values and the commit them all at once. security_load_booleans @@ -1782,71 +1775,151 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_boolea Commit all pending values for the booleans. .SH AUTHOR -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-2.0.13/man/man3/selinux_binary_policy_path.3 ---- nsalibselinux/man/man3/selinux_binary_policy_path.3 2007-01-17 11:11:35.000000000 -0500 -+++ libselinux-2.0.13/man/man3/selinux_binary_policy_path.3 2007-07-10 12:16:08.000000000 -0400 -@@ -10,27 +10,27 @@ +diff -up libselinux-2.0.14/man/man3/avc_add_callback.3.rhat libselinux-2.0.14/man/man3/avc_add_callback.3 +--- libselinux-2.0.14/man/man3/avc_add_callback.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/avc_add_callback.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,26 +6,26 @@ + avc_add_callback \- additional event notification for SELinux userspace object managers. .SH "SYNOPSIS" .B #include - .sp -.br + - extern const char *selinux_policy_root(void); + .B #include + .sp + .BI "int avc_add_callback(int (*" callback ")(uint32_t " event , + .in +\w'int avc_add_callback(int (*callback)('u + .BI "security_id_t " ssid , -.br + - extern const char *selinux_binary_policy_path(void); + .BI "security_id_t " tsid , -.br + - extern const char *selinux_failsafe_context_path(void); + .BI "security_class_t " tclass , -.br + - extern const char *selinux_removable_context_path(void); + .BI "access_vector_t " perms , -.br + - extern const char *selinux_default_context_path(void); + .BI "access_vector_t *" out_retained ")," + .in + .in +\w'int avc_add_callback('u + .BI "uint32_t " events ", security_id_t " ssid , -.br + - extern const char *selinux_user_contexts_path(void); + .BI "security_id_t " tsid ", security_class_t " tclass , -.br + - extern const char *selinux_file_context_path(void); + .BI "access_vector_t " perms ");" + .in + .SH "DESCRIPTION" +diff -up libselinux-2.0.14/man/man3/avc_has_perm.3.rhat libselinux-2.0.14/man/man3/avc_has_perm.3 +--- libselinux-2.0.14/man/man3/avc_has_perm.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/avc_has_perm.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,7 +6,7 @@ + avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions. + .SH "SYNOPSIS" + .B #include -.br + - extern const char *selinux_media_context_path(void); + .B #include + .sp + .BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");" +@@ -14,21 +14,21 @@ avc_has_perm, avc_has_perm_noaudit, avc_ + .BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid , + .in +\w'int avc_has_perm('u + .BI "security_class_t " tclass ", access_vector_t " requested , -.br + - extern const char *selinux_securetty_types_path(void); + .BI "struct avc_entry_ref *" aeref ", void *" auditdata ");" + .in + .sp + .BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid , + .in +\w'int avc_has_perm('u + .BI "security_class_t " tclass ", access_vector_t " requested , -.br + - extern const char *selinux_contexts_path(void); + .BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");" + .in + .sp + .BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid , + .in +\w'void avc_audit('u + .BI "security_class_t " tclass ", access_vector_t " requested , -.br + - extern const char *selinux_booleans_path(void); - + .BI "struct av_decision *" avd ", int " result ", void *" auditdata ");" + .in + .SH "DESCRIPTION" +diff -up libselinux-2.0.14/man/man3/get_ordered_context_list.3.rhat libselinux-2.0.14/man/man3/get_ordered_context_list.3 +--- libselinux-2.0.14/man/man3/get_ordered_context_list.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/get_ordered_context_list.3 2007-07-11 12:00:41.000000000 -0400 +@@ -4,7 +4,7 @@ get_ordered_context_list, get_ordered_co -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getenforcemode.3 libselinux-2.0.13/man/man3/selinux_getenforcemode.3 ---- nsalibselinux/man/man3/selinux_getenforcemode.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/selinux_getenforcemode.3 2007-07-10 12:16:51.000000000 -0400 -@@ -5,13 +5,13 @@ + .SH "SYNOPSIS" .B #include +-.br ++ + .B #include .sp - .B int selinux_getenforcemode(int *enforce); + .BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list ); +diff -up libselinux-2.0.14/man/man3/getcon.3.rhat libselinux-2.0.14/man/man3/getcon.3 +--- libselinux-2.0.14/man/man3/getcon.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/getcon.3 2007-07-11 12:00:41.000000000 -0400 +@@ -1,21 +1,21 @@ + .TH "getcon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" + .SH "NAME" + getcon, getprevcon, getpidcon \- get SELinux security context of a process. +-.br ++ + getpeercon - get security context of a peer socket. +-.br ++ + setcon - set current security context of a process. + .SH "SYNOPSIS" + .B #include + .sp + .BI "int getcon(security_context_t *" context ); +-.br ++ + .BI "int getprevcon(security_context_t *" context ); +-.br ++ + .BI "int getpidcon(pid_t " pid ", security_context_t *" context ); +-.br ++ + .BI "int getpeercon(int " fd ", security_context_t *" context); -.br + + .BI "int setcon(security_context_t " context); .SH "DESCRIPTION" - .B selinux_getenforcemode - Reads the contents of the /etc/selinux/config file to determine how the - system was setup to run SELinux. +diff -up libselinux-2.0.14/man/man3/avc_cache_stats.3.rhat libselinux-2.0.14/man/man3/avc_cache_stats.3 +--- libselinux-2.0.14/man/man3/avc_cache_stats.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/avc_cache_stats.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,7 +6,7 @@ + avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics. + .SH "SYNOPSIS" + .B #include -.br + - Sets the value of enforce to 1 if SELinux should be run in enforcing mode. - Sets the value of enforce to 0 if SELinux should be run in permissive mode. - Sets the value of enforce to -1 if SELinux should be disabled. -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_policy_root.3 libselinux-2.0.13/man/man3/selinux_policy_root.3 ---- nsalibselinux/man/man3/selinux_policy_root.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/selinux_policy_root.3 2007-07-10 12:16:49.000000000 -0400 -@@ -5,7 +5,7 @@ + .B #include + .sp + .BI "void avc_av_stats(void);" +diff -up libselinux-2.0.14/man/man3/avc_context_to_sid.3.rhat libselinux-2.0.14/man/man3/avc_context_to_sid.3 +--- libselinux-2.0.14/man/man3/avc_context_to_sid.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/avc_context_to_sid.3 2007-07-11 12:00:41.000000000 -0400 +@@ -6,7 +6,7 @@ + avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's. + .SH "SYNOPSIS" + .B #include +-.br ++ + .B #include + .sp + .BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");" +diff -up libselinux-2.0.14/man/man3/selinux_policy_root.3.rhat libselinux-2.0.14/man/man3/selinux_policy_root.3 +--- libselinux-2.0.14/man/man3/selinux_policy_root.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/selinux_policy_root.3 2007-07-11 12:00:41.000000000 -0400 +@@ -5,7 +5,7 @@ selinux_policy_root \- return the path o .B #include .sp .B char *selinux_policy_root(); @@ -1855,61 +1928,58 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_policy_root. .SH "DESCRIPTION" .B selinux_policy_root -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setfilecon.3 libselinux-2.0.13/man/man3/setfilecon.3 ---- nsalibselinux/man/man3/setfilecon.3 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man3/setfilecon.3 2007-07-10 12:12:18.000000000 -0400 -@@ -6,9 +6,9 @@ - .B #include - .sp - .BI "int setfilecon(const char *" path ", security_context_t "con ); +diff -up libselinux-2.0.14/man/man3/context_new.3.rhat libselinux-2.0.14/man/man3/context_new.3 +--- libselinux-2.0.14/man/man3/context_new.3.rhat 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14/man/man3/context_new.3 2007-07-11 12:00:41.000000000 -0400 +@@ -4,27 +4,27 @@ context_new, context_str, context_free, + + .SH "SYNOPSIS" + .B #include -.br + - .BI "int lsetfilecon(const char *" path ", security_context_t "con ); + .B "context_t context_new(const char *" context_str ); -.br + - .BI "int fsetfilecon(int "fd ", security_context_t "con ); - - .SH "DESCRIPTION" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-2.0.13/man/man8/matchpathcon.8 ---- nsalibselinux/man/man8/matchpathcon.8 2007-06-21 05:16:39.000000000 -0400 -+++ libselinux-2.0.13/man/man8/matchpathcon.8 2007-07-10 11:38:39.000000000 -0400 -@@ -10,16 +10,16 @@ - .SH OPTIONS - .B \-n - Do not display path. --.br + .B "const char * context_str(context_t " con ); +-.br + - .B \-N - Do not use translations. --.br + .B "void context_free(context_t " con ); +-.br + - .B \-f file_context_file - Use alternate file_context file --.br + .B "const char * context_type_get(context_t " con ); +-.br + - .B \-p prefix - Use prefix to speed translations --.br + .B "const char * context_range_get(context_t " con ); +-.br + - .B \-V - Verify file context on disk matches defaults - -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-2.0.13/man/man8/selinux.8 ---- nsalibselinux/man/man8/selinux.8 2006-11-16 17:15:26.000000000 -0500 -+++ libselinux-2.0.13/man/man8/selinux.8 2007-07-10 11:38:21.000000000 -0400 -@@ -62,14 +62,13 @@ - .B system-config-securitylevel - allows customization of these booleans and tunables. - --.br - Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy. + .B "const char * context_role_get(context_t " con ); +-.br ++ + .B "const char * context_user_get(context_t " con ); +-.br ++ + .B "const char * context_type_set(context_t " con ", const char* " type); +-.br ++ + .B "const char * context_range_set(context_t " con ", const char* " range); +-.br ++ + .B "const char * context_role_set(context_t " con ", const char* " role ); +-.br ++ + .B "const char * context_user_set(context_t " con ", const char* " user ); - .SH FILE LABELING + .SH "DESCRIPTION" +diff -up libselinux-2.0.14/Makefile.rhat libselinux-2.0.14/Makefile +--- libselinux-2.0.14/Makefile.rhat 2007-04-24 10:36:19.000000000 -0400 ++++ libselinux-2.0.14/Makefile 2007-07-11 12:00:41.000000000 -0400 +@@ -2,6 +2,9 @@ all: + $(MAKE) -C src + $(MAKE) -C utils - All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system. - Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling. --.br ++swigify: ++ $(MAKE) -C src swigify + - The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files. - - .SH AUTHOR + pywrap: + $(MAKE) -C src pywrap + diff --git a/libselinux.spec b/libselinux.spec index 011b1d4..f8b7a9a 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -2,7 +2,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.0.14 -Release: 3%{?dist} +Release: 4%{?dist} License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -122,6 +122,9 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Wed Jul 11 2007 Dan Walsh - 2.0.14-4 +- Second try to add nscd permissions + * Wed Jul 11 2007 Dan Walsh - 2.0.14-3 - Fix man pages - Add new nscd permissions