diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-2.0.12/man/man8/matchpathcon.8 --- nsalibselinux/man/man8/matchpathcon.8 2007-01-17 11:11:35.000000000 -0500 +++ libselinux-2.0.12/man/man8/matchpathcon.8 2007-04-12 12:29:25.000000000 -0400 @@ -28,4 +28,4 @@ .SH "SEE ALSO" .BR selinux "(8), " -.BR mathpathcon "(3), " +.BR matchpathcon "(3), " Binary files nsalibselinux/src/selinux.pyc and libselinux-2.0.12/src/selinux.pyc differ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.12/src/selinuxswig.i --- nsalibselinux/src/selinuxswig.i 2007-02-22 08:53:23.000000000 -0500 +++ libselinux-2.0.12/src/selinuxswig.i 2007-04-12 12:39:51.000000000 -0400 @@ -44,6 +44,8 @@ extern int is_selinux_enabled(void); extern int is_selinux_mls_enabled(void); +extern void freecon(security_context_t con); +extern void freeconary(security_context_t * con); extern int getcon(security_context_t *con); extern int setcon(security_context_t con); extern int getpidcon(int pid, security_context_t *con); @@ -90,6 +92,11 @@ mode_t mode, security_context_t *con); +extern int matchpathcon_init_prefix(const char *path, + const char *prefix); +extern void matchpathcon_fini(void); + + extern int matchmediacon(const char *media, security_context_t *con); @@ -106,6 +113,7 @@ extern const char *selinux_homedir_context_path(void); extern const char *selinux_media_context_path(void); extern const char *selinux_contexts_path(void); +extern const char *selinux_securetty_types_path(void); extern const char *selinux_booleans_path(void); extern const char *selinux_customizable_types_path(void); extern const char *selinux_users_path(void); @@ -113,11 +121,43 @@ extern const char *selinux_translations_path(void); extern const char *selinux_netfilter_context_path(void); extern const char *selinux_path(void); -extern int selinux_check_passwd_access(access_vector_t requested); -extern int checkPasswdAccess(access_vector_t requested); +#extern int selinux_check_passwd_access(access_vector_t requested); +#extern int checkPasswdAccess(access_vector_t requested); + +extern int selinux_check_securetty_context(security_context_t tty_context); +void set_selinuxmnt(char *mnt); + +// This tells SWIG to treat char ** as a special case +%typemap(python,in) char ** { + /* Check if is a list */ + if (PyList_Check($input)) { + int size = PyList_Size($input); + int i = 0; + $1 = (char **) malloc((size+1)*sizeof(char *)); + if ($1 == NULL) { + PyErr_SetString(PyExc_MemoryError,"Out of memory"); + return NULL; + } + for (i = 0; i < size; i++) { + PyObject *o = PyList_GetItem($input,i); + if (PyString_Check(o)) + $1[i] = PyString_AsString(PyList_GetItem($input,i)); + else { + PyErr_SetString(PyExc_TypeError,"list must contain strings"); + free($1); + return NULL; + } + } + $1[i] = 0; + } else { + PyErr_SetString(PyExc_TypeError,"not a list"); + return NULL; + } +} + extern int rpm_execcon(unsigned int verified, const char *filename, - char *const argv[], char *const envp[]); + char **, char **); extern int is_context_customizable (security_context_t scontext); @@ -135,3 +175,7 @@ } extern int selinux_getpolicytype(char **enforce); extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); + +int selinux_file_context_cmp(const security_context_t a, const security_context_t b); +int selinux_file_context_verify(const char *path, mode_t mode); +int selinux_lsetfilecon_default(const char *path); diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getsebool.c libselinux-2.0.12/utils/getsebool.c --- nsalibselinux/utils/getsebool.c 2006-11-16 17:15:17.000000000 -0500 +++ libselinux-2.0.12/utils/getsebool.c 2007-04-12 12:29:25.000000000 -0400 @@ -14,7 +14,7 @@ int main(int argc, char **argv) { - int i, rc = 0, active, pending, len = 0, opt; + int i, get_all = 0, rc = 0, active, pending, len = 0, opt; char **names; while ((opt = getopt(argc, argv, "a")) > 0) { @@ -39,6 +39,7 @@ printf("No booleans\n"); return 0; } + get_all = 1; break; default: usage(argv[0]); @@ -72,6 +73,8 @@ for (i = 0; i < len; i++) { active = security_get_boolean_active(names[i]); if (active < 0) { + if (get_all && errno == EACCES) + continue; fprintf(stderr, "Error getting active value for %s\n", names[i]); rc = -1;