commit libselinux

Hello community, here is the log from the commit of package libselinux checked in at Fri Sep 5 21:50:58 CEST 2008. -------- --- libselinux/libselinux-bindings.changes 2008-08-22 16:13:45.000000000 +0200 +++ libselinux/libselinux-bindings.changes 2008-09-02 12:10:11.000000000 +0200 @@ -1,0 +2,11 @@ +Tue Sep 2 12:10:05 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.71 + * Merge ruby bindings from Dan Walsh. + +------------------------------------------------------------------- +Mon Sep 1 07:35:00 CEST 2008 - aj@suse.de + +- Fix build of debuginfo. + +------------------------------------------------------------------- --- libselinux/libselinux.changes 2008-08-22 16:13:52.000000000 +0200 +++ libselinux/libselinux.changes 2008-09-02 12:10:03.000000000 +0200 @@ -1,0 +2,8 @@ +Tue Sep 2 12:09:22 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.71 + * Add group support to seusers using %groupname syntax from Dan Walsh. + * Mark setrans socket close-on-exec from Stephen Smalley. + * Only apply nodups checking to base file contexts from Stephen Smalley. + +------------------------------------------------------------------- Old: ---- libselinux-2.0.67-rhat.patch libselinux-2.0.67.tar.bz2 New: ---- libselinux-2.0.71-rhat.patch libselinux-2.0.71.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libselinux-bindings.spec ++++++ --- /var/tmp/diff_new_pack.x27314/_old 2008-09-05 21:48:33.000000000 +0200 +++ /var/tmp/diff_new_pack.x27314/_new 2008-09-05 21:48:33.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package libselinux-bindings (Version 2.0.67) +# spec file for package libselinux-bindings (Version 2.0.71) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -22,7 +22,7 @@ BuildRequires: libsepol-devel >= %{libsepol_ver} Name: libselinux-bindings -Version: 2.0.67 +Version: 2.0.71 Release: 1 Url: http://www.nsa.gov/selinux/ License: GPL v2 only; Public Domain, Freeware @@ -31,6 +31,7 @@ Source: libselinux-%{version}.tar.bz2 Patch0: libselinux-%{version}-rhat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +%define debug_package_requires python-selinux = %{version}-%{version} %description Security-enhanced Linux is a feature of the Linux(R) kernel and a @@ -105,10 +106,12 @@ make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src swigify make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src pywrap +make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src rubywrap %install make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" SHLIBDIR="$RPM_BUILD_ROOT/%{_lib}" -C src install make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" SHLIBDIR="$RPM_BUILD_ROOT/%{_lib}" -C src install-pywrap +make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" SHLIBDIR="$RPM_BUILD_ROOT/%{_lib}" -C src install-rubywrap rm -rf $RPM_BUILD_ROOT/%{_lib} $RPM_BUILD_ROOT%{_libdir}/libselinux.* %clean @@ -124,6 +127,11 @@ %{_libdir}/ruby/site_ruby/%{rb_ver}/%{rb_arch}/selinux.so %changelog +* Tue Sep 02 2008 prusnak@suse.cz +- updated to 2.0.71 + * Merge ruby bindings from Dan Walsh. +* Mon Sep 01 2008 aj@suse.de +- Fix build of debuginfo. * Fri Aug 22 2008 prusnak@suse.cz - added baselibs.conf file - split bindings into separate subpackage (libselinux-bindings) ++++++ libselinux.spec ++++++ --- /var/tmp/diff_new_pack.x27314/_old 2008-09-05 21:48:33.000000000 +0200 +++ /var/tmp/diff_new_pack.x27314/_new 2008-09-05 21:48:33.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package libselinux (Version 2.0.67) +# spec file for package libselinux (Version 2.0.71) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -21,8 +21,8 @@ BuildRequires: libsepol-devel >= %{libsepol_ver} Name: libselinux -Version: 2.0.67 -Release: 3 +Version: 2.0.71 +Release: 1 Url: http://www.nsa.gov/selinux/ License: GPL v2 only; Public Domain, Freeware Group: System/Libraries @@ -30,7 +30,7 @@ Source: %{name}-%{version}.tar.bz2 Patch0: %{name}-%{version}-rhat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -%define debug_package_requires libselinux1 = %{version} +%define debug_package_requires libselinux1 = %{version}-%{release} %description Security-enhanced Linux is a feature of the Linux(R) kernel and a @@ -181,6 +181,11 @@ %{_mandir}/man3/* %changelog +* Tue Sep 02 2008 prusnak@suse.cz +- updated to 2.0.71 + * Add group support to seusers using %%groupname syntax from Dan Walsh. + * Mark setrans socket close-on-exec from Stephen Smalley. + * Only apply nodups checking to base file contexts from Stephen Smalley. * Fri Aug 22 2008 prusnak@suse.cz - added baselibs.conf file - split bindings into separate subpackage (libselinux-bindings) ++++++ libselinux-2.0.67-rhat.patch -> libselinux-2.0.71-rhat.patch ++++++ --- libselinux/libselinux-2.0.67-rhat.patch 2008-07-09 22:57:21.000000000 +0200 +++ libselinux/libselinux-2.0.71-rhat.patch 2008-08-05 16:05:15.000000000 +0200 @@ -1,21 +1,27 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.67/man/man3/freecon.3 ---- nsalibselinux/man/man3/freecon.3 2008-06-12 23:25:12.000000000 -0400 -+++ libselinux-2.0.67/man/man3/freecon.3 2008-07-09 16:52:33.000000000 -0400 -@@ -15,6 +15,11 @@ - .B freeconary - frees the memory allocated for a context array. - -+If -+.I con -+is NULL, no operation is performed. -+ -+ - .SH "SEE ALSO" - .BR selinux "(8)" - -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.67/man/man8/selinuxconlist.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/ChangeLog libselinux-2.0.70/ChangeLog +--- nsalibselinux/ChangeLog 2008-08-05 09:58:25.000000000 -0400 ++++ libselinux-2.0.70/ChangeLog 2008-08-01 06:51:25.000000000 -0400 +@@ -1,11 +1,3 @@ +-2.0.71 2008-08-05 +- * Add group support to seusers using %groupname syntax from Dan Walsh. +- * Mark setrans socket close-on-exec from Stephen Smalley. +- * Only apply nodups checking to base file contexts from Stephen Smalley. +- +-2.0.70 2008-07-30 +- * Merge ruby bindings from Dan Walsh. +- + 2.0.69 2008-07-29 + * Handle duplicate file context regexes as a fatal error from Stephen Smalley. + This prevents adding them via semanage. +diff --exclude-from=exclude -N -u -r nsalibselinux/VERSION libselinux-2.0.70/VERSION +--- nsalibselinux/VERSION 2008-08-05 09:58:25.000000000 -0400 ++++ libselinux-2.0.70/VERSION 2008-08-01 06:51:25.000000000 -0400 +@@ -1 +1 @@ +-2.0.71 ++2.0.69 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.70/man/man8/selinuxconlist.8 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.67/man/man8/selinuxconlist.8 2008-07-09 16:52:33.000000000 -0400 ++++ libselinux-2.0.70/man/man8/selinuxconlist.8 2008-08-01 06:51:25.000000000 -0400 @@ -0,0 +1,18 @@ +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -35,9 +41,9 @@ + +.SH "SEE ALSO" +secon(8), selinuxdefcon(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.67/man/man8/selinuxdefcon.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.70/man/man8/selinuxdefcon.8 --- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.67/man/man8/selinuxdefcon.8 2008-07-09 16:52:33.000000000 -0400 ++++ libselinux-2.0.70/man/man8/selinuxdefcon.8 2008-08-01 06:51:25.000000000 -0400 @@ -0,0 +1,19 @@ +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -58,147 +64,20 @@ + +.SH "SEE ALSO" +secon(8), selinuxconlist(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.67/src/Makefile ---- nsalibselinux/src/Makefile 2008-06-22 09:40:25.000000000 -0400 -+++ libselinux-2.0.67/src/Makefile 2008-07-09 16:56:37.000000000 -0400 -@@ -7,16 +7,24 @@ - PYINC ?= /usr/include/$(PYLIBVER) - PYLIB ?= /usr/lib/$(PYLIBVER) - PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) -+RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")') -+RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM') -+RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) -+RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) - - LIBVERSION = 1 - - LIBA=libselinux.a - TARGET=libselinux.so - SWIGIF= selinuxswig_python.i -+SWIGRUBYIF= selinuxswig_ruby.i - SWIGCOUT= selinuxswig_wrap.c -+SWIGRUBYCOUT= selinuxswig_ruby_wrap.c - SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) -+SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) - SWIGSO=_selinux.so - SWIGFILES=$(SWIGSO) selinux.py -+SWIGRUBYSO=_rubyselinux.so - LIBSO=$(TARGET).$(LIBVERSION) - AUDIT2WHYSO=audit2why.so - -@@ -29,7 +37,9 @@ - ifeq ($(DISABLE_RPM),y) - UNUSED_SRCS+=rpm.c - endif --SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(SWIGCOUT),$(wildcard *.c))) -+ -+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) -+SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(GENERATED),$(wildcard *.c))) - - OBJS= $(patsubst %.c,%.o,$(SRCS)) - LOBJS= $(patsubst %.c,%.lo,$(SRCS)) -@@ -44,11 +54,11 @@ - - SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ - --GENERATED=$(SWIGCOUT) -+SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ - - all: $(LIBA) $(LIBSO) - --pywrap: all $(SWIGSO) $(AUDIT2WHYSO) -+pywrap: all $(SWIGSO) $(AUDIT2WHYSO) $(SWIGRUBYSO) - - $(LIBA): $(OBJS) - $(AR) rcs $@ $^ -@@ -57,8 +67,14 @@ - $(SWIGLOBJ): $(SWIGCOUT) - $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< - -+$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) -+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $< -+ - $(SWIGSO): $(SWIGLOBJ) -- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ -+ -+$(SWIGRUBYSO): $(SWIGRUBYLOBJ) -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ - - $(LIBSO): $(LOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro -@@ -79,6 +95,9 @@ - $(SWIGCOUT): $(SWIGIF) - $(SWIG) $^ - -+$(SWIGRUBYCOUT): $(SWIGRUBYIF) -+ $(SWIGRUBY) $^ -+ - swigify: $(SWIGIF) - $(SWIG) $^ - -@@ -95,6 +114,9 @@ - install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux - install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py - -+ test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) -+ install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so -+ - relabel: - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) - -@@ -102,7 +124,7 @@ - -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~ - - distclean: clean -- rm -f $(SWIGCOUT) $(SWIGFILES) -+ rm -f $(GENERATED) $(SWIGFILES) - - indent: - ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.67/src/audit2why.c ---- nsalibselinux/src/audit2why.c 2008-06-12 23:25:14.000000000 -0400 -+++ libselinux-2.0.67/src/audit2why.c 2008-07-09 16:52:33.000000000 -0400 -@@ -55,7 +55,7 @@ - return 0; - } - --static int check_booleans(struct avc_t *avc, struct boolean_t **bools) -+static int check_booleans(struct boolean_t **bools) +diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.70/src/callbacks.c +--- nsalibselinux/src/callbacks.c 2008-06-12 23:25:14.000000000 -0400 ++++ libselinux-2.0.70/src/callbacks.c 2008-08-01 06:51:25.000000000 -0400 +@@ -16,6 +16,7 @@ { - char errormsg[PATH_MAX]; - struct sepol_av_decision avd; -@@ -376,7 +376,7 @@ - avc->tsid = tsid; - avc->tclass = tclass; - avc->av = av; -- if (check_booleans(avc, &bools) == 0) { -+ if (check_booleans(&bools) == 0) { - if (av & ~avd.auditdeny) { - RETURN(DONTAUDIT) - } else { -@@ -390,15 +390,15 @@ - len++; b++; - } - b = bools; -- PyObject *boollist = PyTuple_New(len); -+ PyObject *outboollist = PyTuple_New(len); - len=0; - while(b->name) { - PyObject *bool = Py_BuildValue("(si)", b->name, b->active); -- PyTuple_SetItem(boollist, len++, bool); -+ PyTuple_SetItem(outboollist, len++, bool); - b++; - } - free(bools); -- PyTuple_SetItem(result, 1, boollist); -+ PyTuple_SetItem(result, 1, outboollist); - return result; - } - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.67/src/matchpathcon.c + int rc; + va_list ap; ++ if (is_selinux_enabled() == 0) return 0; + va_start(ap, fmt); + rc = vfprintf(stderr, fmt, ap); + va_end(ap); +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.70/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2008-06-12 23:25:14.000000000 -0400 -+++ libselinux-2.0.67/src/matchpathcon.c 2008-07-09 16:52:33.000000000 -0400 ++++ libselinux-2.0.70/src/matchpathcon.c 2008-08-01 06:51:25.000000000 -0400 @@ -2,6 +2,7 @@ #include #include @@ -216,154 +95,3 @@ va_end(ap); } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_ruby.i libselinux-2.0.67/src/selinuxswig_ruby.i ---- nsalibselinux/src/selinuxswig_ruby.i 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.67/src/selinuxswig_ruby.i 2008-07-09 16:52:33.000000000 -0400 -@@ -0,0 +1,147 @@ -+/* Author: James Athey -+ */ -+ -+%module selinux -+%{ -+ #include "selinux/selinux.h" -+%} -+ -+/* security_get_boolean_names() typemap */ -+/* -+%typemap(argout) (char ***names, int *len) { -+ PyObject* list = PyList_New(*$2); -+ int i; -+ for (i = 0; i < *$2; i++) { -+ PyList_SetItem(list, i, PyString_FromString((*$1)[i])); -+ } -+ $result = SWIG_Python_AppendOutput($result, list); -+} -+*/ -+/* return a sid along with the result */ -+%typemap(argout) (security_id_t * sid) { -+ if (*$1) { -+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); -+ } -+/* else { -+ Py_INCREF(Py_None); -+ %append_output(Py_None); -+ } -+*/ -+} -+ -+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) { -+ $1 = &temp; -+} -+ -+/* Makes security_compute_user() return a Python list of contexts */ -+/* -+%typemap(argout) (security_context_t **con) { -+ PyObject* plist; -+ int i, len = 0; -+ -+ if (*$1) { -+ while((*$1)[len]) -+ len++; -+ plist = PyList_New(len); -+ for (i = 0; i < len; i++) { -+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); -+ } -+ } else { -+ plist = PyList_New(0); -+ } -+ -+ $result = SWIG_Python_AppendOutput($result, plist); -+} -+*/ -+/* Makes functions in get_context_list.h return a Python list of contexts */ -+ -+#ifdef fixme -+%typemap(argout) (security_context_t **list) { -+ PyObject* plist; -+ int i; -+ -+ if (*$1) { -+ plist = PyList_New(result); -+ for (i = 0; i < result; i++) { -+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); -+ } -+ } else { -+ plist = PyList_New(0); -+ } -+ /* Only return the Python list, don't need to return the length anymore */ -+ $result = plist; -+} -+#endif -+ -+%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { -+ $1 = &temp; -+} -+%typemap(freearg,match="in") security_context_t * ""; -+%typemap(argout,noblock=1) security_context_t * { -+ if (*$1) { -+ %append_output(SWIG_FromCharPtr(*$1)); -+ freecon(*$1); -+ } -+/* -+ else { -+ Py_INCREF(Py_None); -+ %append_output(Py_None); -+ } -+*/ -+} -+ -+%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { -+ $1 = &temp; -+} -+%typemap(freearg,match="in") char ** ""; -+%typemap(argout,noblock=1) char ** { -+ if (*$1) { -+ %append_output(SWIG_FromCharPtr(*$1)); -+ free(*$1); -+ } -+/* -+ else { -+ Py_INCREF(Py_None); -+ %append_output(Py_None); -+ } -+*/ -+} -+/* -+%typemap(in) char * const [] { -+ int i, size; -+ PyObject * s; -+ -+ if (!PySequence_Check($input)) { -+ PyErr_SetString(PyExc_ValueError, "Expected a sequence"); -+ return NULL; -+ } -+ -+ size = PySequence_Size($input); -+ -+ $1 = (char**) malloc(size + 1); -+ for(i = 0; i < size; i++) { -+ if (!PyString_Check(PySequence_GetItem($input, i))) { -+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings"); -+ return NULL; -+ } -+ } -+ -+ for(i = 0; i < size; i++) { -+ s = PySequence_GetItem($input, i); -+ $1[i] = (char*) malloc(PyString_Size(s) + 1); -+ strcpy($1[i], PyString_AsString(s)); -+ } -+ $1[size] = NULL; -+} -+*/ -+ -+%typemap(freearg,match="in") char * const [] { -+ int i = 0; -+ while($1[i]) { -+ free($1[i]); -+ i++; -+ } -+ free($1); -+} -+ -+%include "selinuxswig.i" ++++++ libselinux-2.0.67.tar.bz2 -> libselinux-2.0.71.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/ChangeLog new/libselinux-2.0.71/ChangeLog --- old/libselinux-2.0.67/ChangeLog 2008-06-22 15:44:36.000000000 +0200 +++ new/libselinux-2.0.71/ChangeLog 2008-08-05 15:58:47.000000000 +0200 @@ -1,3 +1,19 @@ +2.0.71 2008-08-05 + * Add group support to seusers using %groupname syntax from Dan Walsh. + * Mark setrans socket close-on-exec from Stephen Smalley. + * Only apply nodups checking to base file contexts from Stephen Smalley. + +2.0.70 2008-07-30 + * Merge ruby bindings from Dan Walsh. + +2.0.69 2008-07-29 + * Handle duplicate file context regexes as a fatal error from Stephen Smalley. + This prevents adding them via semanage. + +2.0.68 2008-07-18 + * Fix audit2why shadowed variables from Stephen Smalley. + * Note that freecon NULL is legal in man page from Karel Zak. + 2.0.67 2008-06-13 * New and revised AVC, label, and mapping man pages from Eamon Walsh. diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/Makefile new/libselinux-2.0.71/Makefile --- old/libselinux-2.0.67/Makefile 2008-06-22 15:44:37.000000000 +0200 +++ new/libselinux-2.0.71/Makefile 2008-08-05 15:58:48.000000000 +0200 @@ -29,6 +29,9 @@ pywrap: $(MAKE) -C src pywrap +rubywrap: + $(MAKE) -C src rubywrap + install: $(MAKE) -C include install $(MAKE) -C src install @@ -38,6 +41,9 @@ install-pywrap: $(MAKE) -C src install-pywrap +install-rubywrap: + $(MAKE) -C src install-rubywrap + relabel: $(MAKE) -C src relabel diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/man/man3/freecon.3 new/libselinux-2.0.71/man/man3/freecon.3 --- old/libselinux-2.0.67/man/man3/freecon.3 2008-06-22 15:44:36.000000000 +0200 +++ new/libselinux-2.0.71/man/man3/freecon.3 2008-08-05 15:58:47.000000000 +0200 @@ -15,6 +15,11 @@ .B freeconary frees the memory allocated for a context array. +If +.I con +is NULL, no operation is performed. + + .SH "SEE ALSO" .BR selinux "(8)" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/audit2why.c new/libselinux-2.0.71/src/audit2why.c --- old/libselinux-2.0.67/src/audit2why.c 2008-06-22 15:44:37.000000000 +0200 +++ new/libselinux-2.0.71/src/audit2why.c 2008-08-05 15:58:48.000000000 +0200 @@ -55,7 +55,7 @@ return 0; } -static int check_booleans(struct avc_t *avc, struct boolean_t **bools) +static int check_booleans(struct boolean_t **bools) { char errormsg[PATH_MAX]; struct sepol_av_decision avd; @@ -376,7 +376,7 @@ avc->tsid = tsid; avc->tclass = tclass; avc->av = av; - if (check_booleans(avc, &bools) == 0) { + if (check_booleans(&bools) == 0) { if (av & ~avd.auditdeny) { RETURN(DONTAUDIT) } else { @@ -390,15 +390,15 @@ len++; b++; } b = bools; - PyObject *boollist = PyTuple_New(len); + PyObject *outboollist = PyTuple_New(len); len=0; while(b->name) { PyObject *bool = Py_BuildValue("(si)", b->name, b->active); - PyTuple_SetItem(boollist, len++, bool); + PyTuple_SetItem(outboollist, len++, bool); b++; } free(bools); - PyTuple_SetItem(result, 1, boollist); + PyTuple_SetItem(result, 1, outboollist); return result; } } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/label_file.c new/libselinux-2.0.71/src/label_file.c --- old/libselinux-2.0.67/src/label_file.c 2008-06-22 15:44:37.000000000 +0200 +++ new/libselinux-2.0.71/src/label_file.c 2008-08-05 15:58:48.000000000 +0200 @@ -146,8 +146,9 @@ /* * Warn about duplicate specifications. */ -static void nodups_specs(struct saved_data *data, const char *path) +static int nodups_specs(struct saved_data *data, const char *path) { + int rc = 0; unsigned int ii, jj; struct spec *curr_spec, *spec_arr = data->spec_arr; @@ -158,24 +159,27 @@ (spec_arr[jj].regex_str, curr_spec->regex_str)) && (!spec_arr[jj].mode || !curr_spec->mode || spec_arr[jj].mode == curr_spec->mode)) { + rc = -1; + errno = EINVAL; if (strcmp (spec_arr[jj].lr.ctx_raw, curr_spec->lr.ctx_raw)) { COMPAT_LOG - (SELINUX_WARNING, + (SELINUX_ERROR, "%s: Multiple different specifications for %s (%s and %s).\n", path, curr_spec->regex_str, spec_arr[jj].lr.ctx_raw, curr_spec->lr.ctx_raw); } else { COMPAT_LOG - (SELINUX_WARNING, + (SELINUX_ERROR, "%s: Multiple same specifications for %s.\n", path, curr_spec->regex_str); } } } } + return rc; } /* Determine if the regular expression specification has any meta characters. */ @@ -464,6 +468,11 @@ pass, ++lineno) != 0) goto finish; } + if (pass == 1) { + status = nodups_specs(data, path); + if (status) + goto finish; + } lineno = 0; if (homedirfp) while (getline(&line_buf, &line_len, homedirfp) > 0 @@ -519,8 +528,6 @@ free(data->spec_arr); data->spec_arr = spec_copy; - nodups_specs(data, path); - status = 0; finish: fclose(fp); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/Makefile new/libselinux-2.0.71/src/Makefile --- old/libselinux-2.0.67/src/Makefile 2008-06-22 15:44:37.000000000 +0200 +++ new/libselinux-2.0.71/src/Makefile 2008-08-05 15:58:48.000000000 +0200 @@ -7,16 +7,24 @@ PYINC ?= /usr/include/$(PYLIBVER) PYLIB ?= /usr/lib/$(PYLIBVER) PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) +RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")') +RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM') +RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) +RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) LIBVERSION = 1 LIBA=libselinux.a TARGET=libselinux.so SWIGIF= selinuxswig_python.i +SWIGRUBYIF= selinuxswig_ruby.i SWIGCOUT= selinuxswig_wrap.c +SWIGRUBYCOUT= selinuxswig_ruby_wrap.c SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) +SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) SWIGSO=_selinux.so SWIGFILES=$(SWIGSO) selinux.py +SWIGRUBYSO=_rubyselinux.so LIBSO=$(TARGET).$(LIBVERSION) AUDIT2WHYSO=audit2why.so @@ -29,7 +37,9 @@ ifeq ($(DISABLE_RPM),y) UNUSED_SRCS+=rpm.c endif -SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(SWIGCOUT),$(wildcard *.c))) + +GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) +SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(GENERATED),$(wildcard *.c))) OBJS= $(patsubst %.c,%.o,$(SRCS)) LOBJS= $(patsubst %.c,%.lo,$(SRCS)) @@ -44,12 +54,14 @@ SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ -GENERATED=$(SWIGCOUT) +SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ all: $(LIBA) $(LIBSO) pywrap: all $(SWIGSO) $(AUDIT2WHYSO) +rubywrap: all $(SWIGRUBYSO) + $(LIBA): $(OBJS) $(AR) rcs $@ $^ $(RANLIB) $@ @@ -57,9 +69,15 @@ $(SWIGLOBJ): $(SWIGCOUT) $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< +$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) + $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $< + $(SWIGSO): $(SWIGLOBJ) $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ +$(SWIGRUBYSO): $(SWIGRUBYLOBJ) + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ + $(LIBSO): $(LOBJS) $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro ln -sf $@ $(TARGET) @@ -79,6 +97,9 @@ $(SWIGCOUT): $(SWIGIF) $(SWIG) $^ +$(SWIGRUBYCOUT): $(SWIGRUBYIF) + $(SWIGRUBY) $^ + swigify: $(SWIGIF) $(SWIG) $^ @@ -95,6 +116,10 @@ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py +install-rubywrap: rubywrap + test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) + install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so + relabel: /sbin/restorecon $(SHLIBDIR)/$(LIBSO) @@ -102,7 +127,7 @@ -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~ distclean: clean - rm -f $(SWIGCOUT) $(SWIGFILES) + rm -f $(GENERATED) $(SWIGFILES) indent: ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/selinuxswig_ruby.i new/libselinux-2.0.71/src/selinuxswig_ruby.i --- old/libselinux-2.0.67/src/selinuxswig_ruby.i 1970-01-01 01:00:00.000000000 +0100 +++ new/libselinux-2.0.71/src/selinuxswig_ruby.i 2008-08-05 15:58:48.000000000 +0200 @@ -0,0 +1,52 @@ +/* Author: Dan Walsh + Based on selinuxswig_python.i by James Athey + */ + +%module selinux +%{ + #include "selinux/selinux.h" +%} + +/* return a sid along with the result */ +%typemap(argout) (security_id_t * sid) { + if (*$1) { + %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); + } +} + +%typemap(in,numinputs=0) security_id_t *(security_id_t temp) { + $1 = &temp; +} + +%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { + $1 = &temp; +} +%typemap(freearg,match="in") security_context_t * ""; +%typemap(argout,noblock=1) security_context_t * { + if (*$1) { + %append_output(SWIG_FromCharPtr(*$1)); + freecon(*$1); + } +} + +%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { + $1 = &temp; +} +%typemap(freearg,match="in") char ** ""; +%typemap(argout,noblock=1) char ** { + if (*$1) { + %append_output(SWIG_FromCharPtr(*$1)); + free(*$1); + } +} + +%typemap(freearg,match="in") char * const [] { + int i = 0; + while($1[i]) { + free($1[i]); + i++; + } + free($1); +} + +%include "selinuxswig.i" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/setrans_client.c new/libselinux-2.0.71/src/setrans_client.c --- old/libselinux-2.0.67/src/setrans_client.c 2008-06-22 15:44:37.000000000 +0200 +++ new/libselinux-2.0.71/src/setrans_client.c 2008-08-05 15:58:48.000000000 +0200 @@ -13,7 +13,7 @@ #include #include #include - +#include #include #include #include @@ -42,11 +42,17 @@ { struct sockaddr_un addr; int fd; - - fd = socket(PF_UNIX, SOCK_STREAM, 0); - if (fd < 0) { - return -1; +#ifdef SOCK_CLOEXEC + fd = socket(PF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); + if (fd < 0 && errno == EINVAL) +#endif + { + fd = socket(PF_UNIX, SOCK_STREAM, 0); + if (fd >= 0) + fcntl(fd, F_SETFD, FD_CLOEXEC); } + if (fd < 0) + return -1; memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/src/seusers.c new/libselinux-2.0.71/src/seusers.c --- old/libselinux-2.0.67/src/seusers.c 2008-06-22 15:44:37.000000000 +0200 +++ new/libselinux-2.0.71/src/seusers.c 2008-08-05 15:58:48.000000000 +0200 @@ -89,6 +89,62 @@ int require_seusers hidden = 0; +#include +#include + +static gid_t get_default_gid(const char *name) { + struct passwd pwstorage, *pwent = NULL; + gid_t gid = -1; + /* Allocate space for the getpwnam_r buffer */ + long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); + if (rbuflen <= 0) return -1; + char *rbuf = malloc(rbuflen); + if (rbuf == NULL) return -1; + + int retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent); + if (retval == 0 && pwent) { + gid = pwent->pw_gid; + } + free(rbuf); + return gid; +} + +static int check_group(const char *group, const char *name, const gid_t gid) { + int match = 0; + int i, ng = 0; + gid_t *groups = NULL; + struct group gbuf, *grent = NULL; + + long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); + if (rbuflen <= 0) + return 0; + char *rbuf = malloc(rbuflen); + if (rbuf == NULL) + return 0; + + if (getgrnam_r(group, &gbuf, rbuf, rbuflen, + &grent) != 0) + goto done; + + if (getgrouplist(name, gid, NULL, &ng) < 0) { + groups = (gid_t *) malloc(sizeof (gid_t) * ng); + if (!groups) goto done; + if (getgrouplist(name, gid, groups, &ng) < 0) goto done; + } + + for (i = 0; i < ng; i++) { + if (grent->gr_gid == groups[i]) { + match = 1; + goto done; + } + } + + done: + free(groups); + free(rbuf); + return match; +} + int getseuserbyname(const char *name, char **r_seuser, char **r_level) { FILE *cfg = NULL; @@ -101,9 +157,13 @@ char *username = NULL; char *seuser = NULL; char *level = NULL; + char *groupseuser = NULL; + char *grouplevel = NULL; char *defaultseuser = NULL; char *defaultlevel = NULL; + gid_t gid = get_default_gid(name); + cfg = fopen(selinux_usersconf_path(), "r"); if (!cfg) goto nomatch; @@ -124,31 +184,48 @@ if (!strcmp(username, name)) break; - if (!defaultseuser && !strcmp(username, "__default__")) { - free(username); - defaultseuser = seuser; - defaultlevel = level; + if (username[0] == '%' && + !groupseuser && + check_group(&username[1], name, gid)) { + groupseuser = seuser; + grouplevel = level; } else { - free(username); - free(seuser); - free(level); + if (!defaultseuser && + !strcmp(username, "__default__")) { + defaultseuser = seuser; + defaultlevel = level; + } else { + free(seuser); + free(level); + } } + free(username); + username = NULL; seuser = NULL; } - if (buffer) - free(buffer); + free(buffer); fclose(cfg); if (seuser) { free(username); free(defaultseuser); free(defaultlevel); + free(groupseuser); + free(grouplevel); *r_seuser = seuser; *r_level = level; return 0; } + if (groupseuser) { + free(defaultseuser); + free(defaultlevel); + *r_seuser = groupseuser; + *r_level = grouplevel; + return 0; + } + if (defaultseuser) { *r_seuser = defaultseuser; *r_level = defaultlevel; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.67/VERSION new/libselinux-2.0.71/VERSION --- old/libselinux-2.0.67/VERSION 2008-06-22 15:44:37.000000000 +0200 +++ new/libselinux-2.0.71/VERSION 2008-08-05 15:58:48.000000000 +0200 @@ -1 +1 @@ -2.0.67 +2.0.71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org