From aceabdab224143116dbd3add7fbdd4079a8f45d7 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jan 13 2009 13:14:25 +0000 Subject: - Update to upstream Policy module compression (bzip) support from Dan Walsh. Hard link files between tmp/active/previous from Dan Walsh. --- diff --git a/.cvsignore b/.cvsignore index be6345e..31a2e72 100644 --- a/.cvsignore +++ b/.cvsignore @@ -104,3 +104,4 @@ libsemanage-2.0.27.tgz libsemanage-2.0.28.tgz libsemanage-2.0.29.tgz libsemanage-2.0.30.tgz +libsemanage-2.0.31.tgz diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch index 7d79907..8349206 100644 --- a/libsemanage-rhat.patch +++ b/libsemanage-rhat.patch @@ -1,526 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/modules.h libsemanage-2.0.30/include/semanage/modules.h ---- nsalibsemanage/include/semanage/modules.h 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.30/include/semanage/modules.h 2009-01-12 13:20:46.000000000 -0500 -@@ -30,10 +30,16 @@ - - int semanage_module_install(semanage_handle_t *, - char *module_data, size_t data_len); -+int semanage_module_install_file(semanage_handle_t *, -+ const char *module_name); - int semanage_module_upgrade(semanage_handle_t *, - char *module_data, size_t data_len); -+int semanage_module_upgrade_file(semanage_handle_t *, -+ const char *module_name); - int semanage_module_install_base(semanage_handle_t *, - char *module_data, size_t data_len); -+int semanage_module_install_base_file(semanage_handle_t *, -+ const char *module_name); - int semanage_module_remove(semanage_handle_t *, char *module_name); - - /* semanage_module_info is for getting information on installed -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.30/src/direct_api.c ---- nsalibsemanage/src/direct_api.c 2008-11-14 17:10:15.000000000 -0500 -+++ libsemanage-2.0.30/src/direct_api.c 2009-01-12 14:34:36.000000000 -0500 -@@ -50,6 +50,7 @@ - #include "semanage_store.h" - #include "database_policydb.h" - #include "policy.h" -+#include - - static void semanage_direct_destroy(semanage_handle_t * sh); - static int semanage_direct_disconnect(semanage_handle_t * sh); -@@ -57,10 +58,13 @@ - static int semanage_direct_commit(semanage_handle_t * sh); - static int semanage_direct_install(semanage_handle_t * sh, char *data, - size_t data_len); -+static int semanage_direct_install_file(semanage_handle_t * sh, const char *module_name); - static int semanage_direct_upgrade(semanage_handle_t * sh, char *data, - size_t data_len); -+static int semanage_direct_upgrade_file(semanage_handle_t * sh, const char *module_name); - static int semanage_direct_install_base(semanage_handle_t * sh, char *base_data, - size_t data_len); -+static int semanage_direct_install_base_file(semanage_handle_t * sh, const char *module_name); - static int semanage_direct_remove(semanage_handle_t * sh, char *module_name); - static int semanage_direct_list(semanage_handle_t * sh, - semanage_module_info_t ** modinfo, -@@ -73,8 +77,11 @@ - .begin_trans = semanage_direct_begintrans, - .commit = semanage_direct_commit, - .install = semanage_direct_install, -+ .install_file = semanage_direct_install_file, - .upgrade = semanage_direct_upgrade, -+ .upgrade_file = semanage_direct_upgrade_file, - .install_base = semanage_direct_install_base, -+ .install_base_file = semanage_direct_install_base_file, - .remove = semanage_direct_remove, - .list = semanage_direct_list - }; -@@ -378,12 +385,157 @@ - return 0; - } - -+#include -+#include -+#include -+#include -+ -+/* bzip() a data to a file, returning the total number of compressed bytes -+ * in the file. Returns -1 if file could not be compressed. */ -+static ssize_t bzip(const char *filename, char *data, size_t num_bytes) { -+ BZFILE* b; -+ size_t size = 1<<16; -+ int bzerror; -+ size_t total = 0; -+ size_t len = 0; -+ FILE *f; -+ -+ if ((f = fopen(filename, "wb")) == NULL) { -+ return -1; -+ } -+ -+ b = BZ2_bzWriteOpen( &bzerror, f, 9, 0, 0); -+ if (bzerror != BZ_OK) { -+ BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); -+ return -1; -+ } -+ -+ while ( num_bytes > total ) { -+ if (num_bytes - total > size) { -+ len = size; -+ } else { -+ len = num_bytes - total; -+ } -+ BZ2_bzWrite ( &bzerror, b, &data[total], len ); -+ if (bzerror == BZ_IO_ERROR) { -+ BZ2_bzWriteClose ( &bzerror, b, 1, 0, 0 ); -+ return -1; -+ } -+ total += len; -+ } -+ -+ BZ2_bzWriteClose ( &bzerror, b, 0, 0, 0 ); -+ fclose(f); -+ if (bzerror == BZ_IO_ERROR) { -+ return -1; -+ } -+ return total; -+} -+ -+/* bunzip() a file to '*data', returning the total number of uncompressed bytes -+ * in the file. Returns -1 if file could not be decompressed. */ -+ssize_t bunzip(FILE *f, char **data) { -+ BZFILE* b; -+ size_t nBuf; -+ char buf[1<<18]; -+ size_t size = sizeof(buf); -+ int bzerror; -+ size_t total=0; -+ -+ b = BZ2_bzReadOpen ( &bzerror, f, 0, 0, NULL, 0 ); -+ if ( bzerror != BZ_OK ) { -+ BZ2_bzReadClose ( &bzerror, b ); -+ return -1; -+ } -+ -+ char *uncompress = realloc(NULL, size); -+ -+ while ( bzerror == BZ_OK) { -+ nBuf = BZ2_bzRead ( &bzerror, b, buf, sizeof(buf)); -+ if (( bzerror == BZ_OK ) || ( bzerror == BZ_STREAM_END )) { -+ if (total + nBuf > size) { -+ size *= 2; -+ uncompress = realloc(uncompress, size); -+ } -+ memcpy(&uncompress[total], buf, nBuf); -+ total += nBuf; -+ } -+ } -+ if ( bzerror != BZ_STREAM_END ) { -+ BZ2_bzReadClose ( &bzerror, b ); -+ free(uncompress); -+ return -1; -+ } -+ BZ2_bzReadClose ( &bzerror, b ); -+ -+ *data = uncompress; -+ return total; -+} -+ -+/* mmap() a file to '*data', -+ * If the file is bzip compressed map_file will uncompress -+ * the file into '*data'. -+ * Returns the total number of bytes in memory . -+ * Returns -1 if file could not be opened or mapped. */ -+static ssize_t map_file(int fd, char **data, int *compressed) -+{ -+ ssize_t size = -1; -+ char *uncompress; -+ if ((size = bunzip(fdopen(fd, "r"), &uncompress)) > 0) { -+ *data = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); -+ if (*data == MAP_FAILED) { -+ free(uncompress); -+ return -1; -+ } else { -+ memcpy(*data, uncompress, size); -+ } -+ free(uncompress); -+ *compressed = 1; -+ } else { -+ struct stat sb; -+ if (fstat(fd, &sb) == -1 || -+ (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) == -+ MAP_FAILED) { -+ size = -1; -+ } else { -+ size = sb.st_size; -+ } -+ *compressed = 0; -+ } -+ -+ return size; -+} -+ -+static int dupfile( const char *dest, int src_fd) { -+ int dest_fd = -1; -+ int retval = 0; -+ int cnt; -+ char buf[1<<18]; -+ -+ if (lseek(src_fd, 0, SEEK_SET) == -1 ) return -1; -+ -+ if ((dest_fd = open(dest, O_WRONLY | O_CREAT | O_TRUNC, -+ S_IRUSR | S_IWUSR)) == -1) { -+ return -1; -+ } -+ -+ while (( retval == 0 ) && -+ ( cnt = read(src_fd, buf, sizeof(buf)))> 0 ) { -+ if (write(dest_fd, buf, cnt) < cnt) retval = -1; -+ } -+ close(dest_fd); -+ return retval; -+} -+ - /* Writes a block of data to a file. Returns 0 on success, -1 on - * error. */ - static int write_file(semanage_handle_t * sh, - const char *filename, char *data, size_t num_bytes) - { - int out; -+ -+ /* Unlink no matter what, incase this file is a hard link, ignore error */ -+ unlink(filename); - if ((out = - open(filename, O_WRONLY | O_CREAT | O_TRUNC, - S_IRUSR | S_IWUSR)) == -1) { -@@ -499,7 +651,7 @@ - sepol_policydb_t *out = NULL; - - /* Declare some variables */ -- int modified, fcontexts_modified, ports_modified, -+ int modified = 0, fcontexts_modified, ports_modified, - seusers_modified, users_extra_modified; - dbase_config_t *users = semanage_user_dbase_local(sh); - dbase_config_t *users_base = semanage_user_base_dbase_local(sh); -@@ -815,8 +967,10 @@ - &filename)) != 0) { - goto cleanup; - } -- if (write_file(sh, filename, data, data_len) == -1) { -+ if (bzip(filename, data, data_len) <= 0) { -+ ERR(sh, "Error while writing to %s.", filename); - retval = -3; -+ goto cleanup; - } - retval = 0; - cleanup: -@@ -826,17 +980,58 @@ - return retval; - } - --/* Similar to semanage_direct_install(), except that it checks that -- * there already exists a module with the same name and that the -- * module is an older version then the one in 'data'. Returns 0 on -- * success, -1 if out of memory, -2 if the data does not represent a -- * valid module file, -3 if error while writing file or reading -- * modules directory, -4 if there does not exist an older module or if -- * the previous module is same or newer than 'data'. -- */ --static int semanage_direct_upgrade(semanage_handle_t * sh, -- char *data, size_t data_len) -+/* Attempts to link a module to the sandbox's module directory, unlinking any -+ * previous module stored within. Returns 0 on success, -1 if out of memory, -2 if the -+ * data does not represent a valid module file, -3 if error while -+ * writing file. */ -+ -+static int semanage_direct_install_file(semanage_handle_t * sh, -+ const char *install_filename) - { -+ -+ int retval = -1; -+ char *data = NULL; -+ size_t data_len = 0; -+ int compressed = 0; -+ int in_fd = -1; -+ -+ if ((in_fd = open(install_filename, O_RDONLY)) == -1) { -+ return -1; -+ } -+ -+ if ((data_len = map_file(in_fd, &data, &compressed)) == 0) { -+ goto cleanup; -+ } -+ -+ if (compressed) { -+ char *module_name = NULL, *version = NULL, *filename = NULL; -+ if ((retval = parse_module_headers(sh, data, data_len, -+ &module_name, &version, -+ &filename)) != 0) { -+ goto cleanup; -+ } -+ -+ if (data_len > 0) munmap(data, data_len); -+ data_len = 0; -+ retval = dupfile(filename, in_fd); -+ free(version); -+ free(filename); -+ free(module_name); -+ -+ } else { -+ retval = semanage_direct_install(sh, data, data_len); -+ } -+ -+ cleanup: -+ close(in_fd); -+ if (data_len > 0) munmap(data, data_len); -+ -+ return retval; -+} -+ -+ -+static int get_direct_upgrade_filename(semanage_handle_t * sh, -+ char *data, size_t data_len, char **outfilename) { - int i, retval, num_modules = 0; - char *module_name = NULL, *version = NULL, *filename = NULL; - semanage_module_info_t *modinfo = NULL; -@@ -868,14 +1063,9 @@ - if (retval == -4) { - ERR(sh, "There does not already exist a module named %s.", - module_name); -- goto cleanup; -- } -- if (write_file(sh, filename, data, data_len) == -1) { -- retval = -3; - } - cleanup: - free(version); -- free(filename); - free(module_name); - for (i = 0; modinfo != NULL && i < num_modules; i++) { - semanage_module_info_t *m = -@@ -883,6 +1073,80 @@ - semanage_module_info_datum_destroy(m); - } - free(modinfo); -+ if (retval == 0) { -+ *outfilename = filename; -+ } else { -+ free(filename); -+ } -+ return retval; -+} -+ -+/* Similar to semanage_direct_install(), except that it checks that -+ * there already exists a module with the same name and that the -+ * module is an older version then the one in 'data'. Returns 0 on -+ * success, -1 if out of memory, -2 if the data does not represent a -+ * valid module file, -3 if error while writing file or reading -+ * modules directory, -4 if there does not exist an older module or if -+ * the previous module is same or newer than 'data'. -+ */ -+static int semanage_direct_upgrade(semanage_handle_t * sh, -+ char *data, size_t data_len) -+{ -+ char *filename = NULL; -+ int retval = get_direct_upgrade_filename(sh, -+ data, data_len, -+ &filename); -+ if (retval == 0) { -+ if (bzip(filename, data, data_len) <= 0) { -+ ERR(sh, "Error while writing to %s.", filename); -+ retval = -3; -+ } -+ free(filename); -+ } -+ return retval; -+} -+ -+/* Attempts to link a module to the sandbox's module directory, unlinking any -+ * previous module stored within. -+ * Returns 0 on success, -1 if out of memory, -2 if the -+ * data does not represent a valid module file, -3 if error while -+ * writing file. */ -+ -+static int semanage_direct_upgrade_file(semanage_handle_t * sh, -+ const char *module_filename) -+{ -+ int retval = -1; -+ char *data = NULL; -+ size_t data_len = 0; -+ int compressed = 0; -+ int in_fd = -1; -+ -+ if ((in_fd = open(module_filename, O_RDONLY)) == -1) { -+ return -1; -+ } -+ -+ if ((data_len = map_file(in_fd, &data, &compressed)) == 0) { -+ goto cleanup; -+ } -+ -+ if (compressed) { -+ char *filename = NULL; -+ retval = get_direct_upgrade_filename(sh, -+ data, data_len, -+ &filename); -+ -+ if (retval != 0) goto cleanup; -+ -+ retval = dupfile(filename, in_fd); -+ free(filename); -+ } else { -+ retval = semanage_direct_upgrade(sh, data, data_len); -+ } -+ -+ cleanup: -+ close(in_fd); -+ if (data_len > 0) munmap(data, data_len); -+ - return retval; - } - -@@ -903,14 +1167,59 @@ - if ((filename = semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) { - goto cleanup; - } -- if (write_file(sh, filename, base_data, data_len) == -1) { -+ if (bzip(filename, base_data, data_len) <= 0) { -+ ERR(sh, "Error while writing to %s.", filename); - retval = -3; -+ goto cleanup; - } - retval = 0; - cleanup: - return retval; - } - -+/* Writes a base module into a sandbox, overwriting any previous base -+ * module. -+ * Returns 0 on success, -1 if out of memory, -2 if the data does not represent -+ * a valid base module file, -3 if error while writing file. -+ */ -+static int semanage_direct_install_base_file(semanage_handle_t * sh, -+ const char *install_filename) -+{ -+ int retval = -1; -+ char *data = NULL; -+ size_t data_len = 0; -+ int compressed = 0; -+ int in_fd; -+ -+ if ((in_fd = open(install_filename, O_RDONLY)) == -1) { -+ return -1; -+ } -+ -+ if ((data_len = map_file(in_fd, &data, &compressed)) == 0) { -+ goto cleanup; -+ } -+ -+ if (compressed) { -+ const char *filename = NULL; -+ if ((retval = parse_base_headers(sh, data, data_len)) != 0) { -+ goto cleanup; -+ } -+ if ((filename = semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) { -+ goto cleanup; -+ } -+ -+ retval = dupfile(filename, in_fd); -+ } else { -+ retval = semanage_direct_install_base(sh, data, data_len); -+ } -+ -+ cleanup: -+ close(in_fd); -+ if (data_len > 0) munmap(data, data_len); -+ -+ return retval; -+} -+ - /* Removes a module from the sandbox. Returns 0 on success, -1 if out - * of memory, -2 if module not found or could not be removed. */ - static int semanage_direct_remove(semanage_handle_t * sh, char *module_name) -@@ -1005,15 +1314,29 @@ - * report it */ - continue; - } -+ ssize_t size; -+ char *data = NULL; -+ -+ if ((size = bunzip(fp, &data)) > 0) { -+ fclose(fp); -+ fp = fmemopen(data, size, "rb"); -+ if (!fp) { -+ ERR(sh, "Out of memory!"); -+ goto cleanup; -+ } -+ } -+ rewind(fp); - __fsetlocking(fp, FSETLOCKING_BYCALLER); - sepol_policy_file_set_fp(pf, fp); - if (sepol_module_package_info(pf, &type, &name, &version)) { - fclose(fp); -+ free(data); - free(name); - free(version); - continue; - } - fclose(fp); -+ free(data); - if (type == SEPOL_POLICY_MOD) { - (*modinfo)[*num_modules].name = name; - (*modinfo)[*num_modules].version = version; -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.h libsemanage-2.0.30/src/direct_api.h ---- nsalibsemanage/src/direct_api.h 2008-11-14 17:10:15.000000000 -0500 -+++ libsemanage-2.0.30/src/direct_api.h 2009-01-12 13:43:27.000000000 -0500 -@@ -39,4 +39,8 @@ - - int semanage_direct_mls_enabled(struct semanage_handle *sh); - -+#include -+#include -+ssize_t bunzip(FILE *f, char **data); -+ - #endif diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.30/src/genhomedircon.c --- nsalibsemanage/src/genhomedircon.c 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.30/src/genhomedircon.c 2009-01-12 13:20:46.000000000 -0500 -@@ -487,7 +487,6 @@ - const char *role_prefix) - { - replacement_pair_t repl[] = { -- {.search_for = TEMPLATE_SEUSER,.replace_with = seuser}, - {.search_for = TEMPLATE_HOME_DIR,.replace_with = home}, - {.search_for = TEMPLATE_ROLE,.replace_with = role_prefix}, - {NULL, NULL} -@@ -547,7 +546,6 @@ - replacement_pair_t repl[] = { - {.search_for = TEMPLATE_USER,.replace_with = user}, - {.search_for = TEMPLATE_ROLE,.replace_with = role_prefix}, -- {.search_for = TEMPLATE_SEUSER,.replace_with = seuser}, - {NULL, NULL} - }; - Ustr *line = USTR_NULL; ++++ libsemanage-2.0.30/src/genhomedircon.c 2009-01-12 10:29:24.000000000 -0500 @@ -794,6 +792,12 @@ * /root */ continue; @@ -534,192 +14,12 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman if (push_user_entry(&head, name, seuname, prefix, pwent->pw_dir) != STATUS_SUCCESS) { *errors = STATUS_ERR; -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.30/src/libsemanage.map ---- nsalibsemanage/src/libsemanage.map 2008-11-14 17:10:15.000000000 -0500 -+++ libsemanage-2.0.30/src/libsemanage.map 2009-01-12 13:20:46.000000000 -0500 -@@ -3,8 +3,10 @@ - semanage_is_managed; semanage_connect; semanage_disconnect; - semanage_msg_*; - semanage_begin_transaction; semanage_commit; -- semanage_module_install; semanage_module_upgrade; -- semanage_module_install_base; semanage_module_remove; -+ semanage_module_install; semanage_module_install_file; -+ semanage_module_upgrade; semanage_module_upgrade_file; -+ semanage_module_install_base; semanage_module_install_base_file; -+ semanage_module_remove; - semanage_module_list; semanage_module_info_datum_destroy; - semanage_module_list_nth; semanage_module_get_name; - semanage_module_get_version; semanage_select_store; -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile libsemanage-2.0.30/src/Makefile ---- nsalibsemanage/src/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.30/src/Makefile 2009-01-12 13:20:46.000000000 -0500 -@@ -54,7 +54,7 @@ - ranlib $@ - - $(LIBSO): $(LOBJS) -- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs - ln -sf $@ $(TARGET) - - conf-scan.c: conf-scan.l conf-parse.h -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.c libsemanage-2.0.30/src/modules.c ---- nsalibsemanage/src/modules.c 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.30/src/modules.c 2009-01-12 13:20:46.000000000 -0500 -@@ -52,6 +52,25 @@ - return sh->funcs->install(sh, module_data, data_len); - } - -+int semanage_module_install_file(semanage_handle_t * sh, -+ const char *module_name) { -+ -+ if (sh->funcs->install_file == NULL) { -+ ERR(sh, -+ "No install function defined for this connection type."); -+ return -1; -+ } else if (!sh->is_connected) { -+ ERR(sh, "Not connected."); -+ return -1; -+ } else if (!sh->is_in_transaction) { -+ if (semanage_begin_transaction(sh) < 0) { -+ return -1; -+ } -+ } -+ sh->modules_modified = 1; -+ return sh->funcs->install_file(sh, module_name); -+} -+ - int semanage_module_upgrade(semanage_handle_t * sh, - char *module_data, size_t data_len) - { -@@ -71,6 +90,25 @@ - return sh->funcs->upgrade(sh, module_data, data_len); - } - -+int semanage_module_upgrade_file(semanage_handle_t * sh, -+ const char *module_name) { -+ -+ if (sh->funcs->upgrade_file == NULL) { -+ ERR(sh, -+ "No upgrade function defined for this connection type."); -+ return -1; -+ } else if (!sh->is_connected) { -+ ERR(sh, "Not connected."); -+ return -1; -+ } else if (!sh->is_in_transaction) { -+ if (semanage_begin_transaction(sh) < 0) { -+ return -1; -+ } -+ } -+ sh->modules_modified = 1; -+ return sh->funcs->upgrade_file(sh, module_name); -+} -+ - int semanage_module_install_base(semanage_handle_t * sh, - char *module_data, size_t data_len) - { -@@ -90,6 +128,25 @@ - return sh->funcs->install_base(sh, module_data, data_len); - } - -+int semanage_module_install_base_file(semanage_handle_t * sh, -+ const char *module_name) { -+ -+ if (sh->funcs->install_base_file == NULL) { -+ ERR(sh, -+ "No install base function defined for this connection type."); -+ return -1; -+ } else if (!sh->is_connected) { -+ ERR(sh, "Not connected."); -+ return -1; -+ } else if (!sh->is_in_transaction) { -+ if (semanage_begin_transaction(sh) < 0) { -+ return -1; -+ } -+ } -+ sh->modules_modified = 1; -+ return sh->funcs->install_base_file(sh, module_name); -+} -+ - int semanage_module_remove(semanage_handle_t * sh, char *module_name) - { - if (sh->funcs->remove == NULL) { -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/policy.h libsemanage-2.0.30/src/policy.h ---- nsalibsemanage/src/policy.h 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.30/src/policy.h 2009-01-12 13:20:46.000000000 -0500 -@@ -49,8 +49,14 @@ - /* Install a policy module */ - int (*install) (struct semanage_handle *, char *, size_t); - -+ /* Install a policy module */ -+ int (*install_file) (struct semanage_handle *, const char *); -+ - /* Upgrade a policy module */ - int (*upgrade) (struct semanage_handle *, char *, size_t); -+ -+ /* Upgrade a policy module */ -+ int (*upgrade_file) (struct semanage_handle *, const char *); - - /* Remove a policy module */ - int (*remove) (struct semanage_handle *, char *); -@@ -61,6 +67,9 @@ - - /* Install base policy */ - int (*install_base) (struct semanage_handle *, char *, size_t); -+ -+ /* Install a base module */ -+ int (*install_base_file) (struct semanage_handle *, const char *); - }; - - /* Should be backend independent */ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage.conf libsemanage-2.0.30/src/semanage.conf --- nsalibsemanage/src/semanage.conf 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.30/src/semanage.conf 2009-01-12 13:20:46.000000000 -0500 ++++ libsemanage-2.0.30/src/semanage.conf 2009-01-12 10:29:24.000000000 -0500 @@ -35,4 +35,4 @@ # given in . Change this setting if a different # version is necessary. #policy-version = 19 - +expand-check=0 -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.30/src/semanage_store.c ---- nsalibsemanage/src/semanage_store.c 2008-11-11 16:13:18.000000000 -0500 -+++ libsemanage-2.0.30/src/semanage_store.c 2009-01-12 13:20:46.000000000 -0500 -@@ -440,6 +440,8 @@ - char tmp[PATH_MAX]; - char buf[4192]; - -+ if (link(src,dst) == 0) return 0; -+ - n = snprintf(tmp, PATH_MAX, "%s.tmp", dst); - if (n < 0 || n >= PATH_MAX) - return -1; -@@ -1523,16 +1525,30 @@ - ERR(sh, "Could not open module file %s for reading.", filename); - goto cleanup; - } -+ size_t size; -+ char *data = NULL; -+ -+ if ((size = bunzip(fp, &data)) > 0) { -+ fclose(fp); -+ fp = fmemopen(data, size, "rb"); -+ if (!fp) { -+ ERR(sh, "Out of memory!"); -+ goto cleanup; -+ } -+ } -+ rewind(fp); - __fsetlocking(fp, FSETLOCKING_BYCALLER); - sepol_policy_file_set_fp(pf, fp); - sepol_policy_file_set_handle(pf, sh->sepolh); - if (sepol_module_package_read(*package, pf, 0) == -1) { - ERR(sh, "Error while reading from module file %s.", filename); - fclose(fp); -+ free(data); - goto cleanup; - } - sepol_policy_file_free(pf); - fclose(fp); -+ free(data); - return retval; - - cleanup: diff --git a/libsemanage.spec b/libsemanage.spec index d2b23bd..9894301 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -2,8 +2,8 @@ %define libselinuxver 2.0.0-1 Summary: SELinux binary policy manipulation library Name: libsemanage -Version: 2.0.30 -Release: 3%{?dist} +Version: 2.0.31 +Release: 1%{?dist} License: LGPLv2+ Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz @@ -90,6 +90,11 @@ rm -rf ${RPM_BUILD_ROOT} %{_libdir}/python*/site-packages/* %changelog +* Mon Jan 12 2009 Dan Walsh - 2.0.31-1 +- Update to upstream + * Policy module compression (bzip) support from Dan Walsh. + * Hard link files between tmp/active/previous from Dan Walsh. + * Mon Jan 12 2009 Dan Walsh - 2.0.30-3 - Fix up patch to get it upstreamed diff --git a/sources b/sources index 7856882..ca06d81 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e160a593f1313a3e1aec5148b4941f99 libsemanage-2.0.30.tgz +7231fa877020bc5fbb2008adfd5dec89 libsemanage-2.0.31.tgz