Hello community,
here is the log from the commit of package libselinux for openSUSE:Factory
checked in at Mon Jun 29 14:18:48 CEST 2009.
--------
--- libselinux/libselinux-bindings.changes 2009-04-17 17:13:15.000000000 +0200
+++ libselinux/libselinux-bindings.changes 2009-05-27 14:11:26.000000000 +0200
@@ -1,0 +2,11 @@
+Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz
+
+- updated to 2.0.80
+ * deny_unknown wrapper function from KaiGai Kohei
+ * security_compute_av_flags API from KaiGai Kohei
+ * Netlink socket management and callbacks from KaiGai Kohei
+ * Netlink socket handoff patch from Adam Jackson
+ * AVC caching of compute_create results by Eric Paris
+ * fix incorrect conversion in discover_class code
+
+-------------------------------------------------------------------
--- libselinux/libselinux.changes 2009-04-17 17:13:15.000000000 +0200
+++ libselinux/libselinux.changes 2009-06-09 20:19:42.000000000 +0200
@@ -1,0 +2,17 @@
+Tue Jun 9 20:17:54 CEST 2009 - crrodriguez@suse.de
+
+- remove static libraries
+- libselinux-devel does not require libsepol-devel
+
+-------------------------------------------------------------------
+Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz
+
+- updated to 2.0.80
+ * deny_unknown wrapper function from KaiGai Kohei
+ * security_compute_av_flags API from KaiGai Kohei
+ * Netlink socket management and callbacks from KaiGai Kohei
+ * Netlink socket handoff patch from Adam Jackson
+ * AVC caching of compute_create results by Eric Paris
+ * fix incorrect conversion in discover_class code
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
libselinux-2.0.77-memleak.patch
libselinux-2.0.77-rhat.patch.bz2
libselinux-2.0.77.tar.bz2
New:
----
libselinux-2.0.80-rhat.patch.bz2
libselinux-2.0.80.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libselinux-bindings.spec ++++++
--- /var/tmp/diff_new_pack.QC7003/_old 2009-06-29 14:15:25.000000000 +0200
+++ /var/tmp/diff_new_pack.QC7003/_new 2009-06-29 14:15:25.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package libselinux-bindings (Version 2.0.77)
+# spec file for package libselinux-bindings (Version 2.0.80)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -22,15 +22,14 @@
BuildRequires: libsepol-devel >= %{libsepol_ver}
Name: libselinux-bindings
-Version: 2.0.77
-Release: 2
+Version: 2.0.80
+Release: 1
Url: http://www.nsa.gov/selinux/
-License: GPL v2 only; Public Domain, Freeware
+License: GPL v2 only ; Public Domain, Freeware
Group: System/Libraries
Summary: SELinux library and simple utilities
Source: libselinux-%{version}.tar.bz2
Patch0: libselinux-%{version}-rhat.patch.bz2
-Patch1: libselinux-%{version}-memleak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires python-selinux = %{version}-%{release}
@@ -102,7 +101,6 @@
%prep
%setup -q -n libselinux-%{version}
%patch0 -p1
-%patch1
%build
make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS" -C src
@@ -129,42 +127,3 @@
%{_libdir}/ruby/site_ruby/%{rb_ver}/%{rb_arch}/selinux.so
%changelog
-* Fri Apr 17 2009 prusnak@suse.cz
-- fixed memory leak (memleak.patch)
-* Wed Jan 14 2009 prusnak@suse.cz
-- updated to 2.0.77
- * add new function getseuser which will take username and service
- and return seuser and level; ipa will populate file in future
- * change selinuxdefcon to return just the context by default
- * fix segfault if seusers file does not work
- * strip trailing / for matchpathcon
- * fix restorecon python code
-* Mon Dec 01 2008 prusnak@suse.cz
-- updated to 2.0.76
- * allow shell-style wildcarding in X names
- * add Restorecon/Install python functions
- * correct message types in AVC log messages
- * make matchpathcon -V pass mode
- * add man page for selinux_file_context_cmp
- * update flask headers from refpolicy trunk
-* Wed Oct 22 2008 mrueckert@suse.de
-- fix debug_packages_requires define
-* Tue Sep 23 2008 prusnak@suse.cz
-- require only version, not release [bnc#429053]
-* Tue Sep 02 2008 prusnak@suse.cz
-- updated to 2.0.71
- * Add group support to seusers using %%groupname syntax from Dan Walsh.
- * Mark setrans socket close-on-exec from Stephen Smalley.
- * Only apply nodups checking to base file contexts from Stephen Smalley.
- * Merge ruby bindings from Dan Walsh.
-* Mon Sep 01 2008 aj@suse.de
-- Fix build of debuginfo.
-* Fri Aug 22 2008 prusnak@suse.cz
-- added baselibs.conf file
-- split bindings into separate subpackage (libselinux-bindings)
-- split tools into separate subpackage (selinux-tools)
-* Fri Aug 01 2008 ro@suse.de
-- fix requires for debuginfo package
-* Tue Jul 15 2008 prusnak@suse.cz
-- initial version 2.0.67
- * based on Fedora package by Dan Walsh
++++++ libselinux.spec ++++++
--- /var/tmp/diff_new_pack.QC7003/_old 2009-06-29 14:15:25.000000000 +0200
+++ /var/tmp/diff_new_pack.QC7003/_new 2009-06-29 14:15:25.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package libselinux (Version 2.0.77)
+# spec file for package libselinux (Version 2.0.80)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -21,15 +21,14 @@
BuildRequires: libsepol-devel >= %{libsepol_ver}
Name: libselinux
-Version: 2.0.77
-Release: 2
+Version: 2.0.80
+Release: 1
Url: http://www.nsa.gov/selinux/
-License: GPL v2 only; Public Domain, Freeware
+License: GPL v2 only ; Public Domain, Freeware
Group: System/Libraries
Summary: SELinux library and simple utilities
Source: %{name}-%{version}.tar.bz2
Patch0: %{name}-%{version}-rhat.patch.bz2
-Patch1: %{name}-%{version}-memleak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires libselinux1 = %{version}-%{release}
@@ -51,7 +50,7 @@
%package -n libselinux1
-License: GPL v2 only; Public Domain, Freeware
+License: GPL v2 only ; Public Domain, Freeware
Group: System/Libraries
Summary: SELinux library and simple utilities
@@ -73,7 +72,7 @@
%package -n selinux-tools
-License: GPL v2 only; Public Domain, Freeware
+License: GPL v2 only ; Public Domain, Freeware
Group: System/Base
Summary: SELinux library and simple utilities
@@ -95,11 +94,10 @@
%package devel
-License: GPL v2 only; Public Domain, Freeware
+License: GPL v2 only ; Public Domain, Freeware
Summary: Development Include Files and Libraries for SELinux
Group: Development/Libraries/C and C++
-Requires: libselinux1 = %{version}
-Requires: libsepol-devel >= %{libsepol_ver}
+Requires: libselinux1 = %{version} glibc-devel
%description devel
Security-enhanced Linux is a patch of the Linux(R) kernel and a number
@@ -120,7 +118,6 @@
%prep
%setup -q
%patch0 -p1
-%patch1
%build
make %{?jobs:-j%jobs} LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS"
@@ -147,6 +144,7 @@
rm -f $RPM_BUILD_ROOT%{_sbindir}/selinux_check_securetty_context
mv $RPM_BUILD_ROOT%{_sbindir}/getdefaultcon $RPM_BUILD_ROOT%{_sbindir}/selinuxdefcon
mv $RPM_BUILD_ROOT%{_sbindir}/getconlist $RPM_BUILD_ROOT%{_sbindir}/selinuxconlist
+rm -f %{buildroot}%{_libdir}/*.a
%clean
rm -rf $RPM_BUILD_ROOT
@@ -178,48 +176,8 @@
%files devel
%defattr(-,root,root,-)
%{_libdir}/libselinux.so
-%{_libdir}/libselinux.a
%dir %{_includedir}/selinux
%{_includedir}/selinux/*
%{_mandir}/man3/*
%changelog
-* Fri Apr 17 2009 prusnak@suse.cz
-- fixed memory leak (memleak.patch)
-* Wed Jan 14 2009 prusnak@suse.cz
-- updated to 2.0.77
- * add new function getseuser which will take username and service
- and return seuser and level; ipa will populate file in future
- * change selinuxdefcon to return just the context by default
- * fix segfault if seusers file does not work
- * strip trailing / for matchpathcon
- * fix restorecon python code
-* Mon Dec 01 2008 prusnak@suse.cz
-- updated to 2.0.76
- * allow shell-style wildcarding in X names
- * add Restorecon/Install python functions
- * correct message types in AVC log messages
- * make matchpathcon -V pass mode
- * add man page for selinux_file_context_cmp
- * update flask headers from refpolicy trunk
-* Wed Oct 22 2008 mrueckert@suse.de
-- fix debug_packages_requires define
-* Tue Sep 23 2008 prusnak@suse.cz
-- require only version, not release [bnc#429053]
-* Tue Sep 02 2008 prusnak@suse.cz
-- updated to 2.0.71
- * Add group support to seusers using %%groupname syntax from Dan Walsh.
- * Mark setrans socket close-on-exec from Stephen Smalley.
- * Only apply nodups checking to base file contexts from Stephen Smalley.
- * Merge ruby bindings from Dan Walsh.
-* Mon Sep 01 2008 aj@suse.de
-- Fix build of debuginfo.
-* Fri Aug 22 2008 prusnak@suse.cz
-- added baselibs.conf file
-- split bindings into separate subpackage (libselinux-bindings)
-- split tools into separate subpackage (selinux-tools)
-* Fri Aug 01 2008 ro@suse.de
-- fix requires for debuginfo package
-* Tue Jul 15 2008 prusnak@suse.cz
-- initial version 2.0.67
- * based on Fedora package by Dan Walsh
++++++ libselinux-2.0.77-rhat.patch.bz2 -> libselinux-2.0.80-rhat.patch.bz2 ++++++
Files libselinux/libselinux-2.0.77-rhat.patch.bz2 and libselinux/libselinux-2.0.80-rhat.patch.bz2 differ
++++++ libselinux-2.0.77.tar.bz2 -> libselinux-2.0.80.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/ChangeLog new/libselinux-2.0.80/ChangeLog
--- old/libselinux-2.0.77/ChangeLog 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/ChangeLog 2009-04-08 15:06:24.000000000 +0200
@@ -1,3 +1,18 @@
+2.0.80 2009-04-07
+ * deny_unknown wrapper function from KaiGai Kohei.
+ * security_compute_av_flags API from KaiGai Kohei.
+ * Netlink socket management and callbacks from KaiGai Kohei.
+
+2.0.79 2009-03-11
+ * Netlink socket handoff patch from Adam Jackson.
+ * AVC caching of compute_create results by Eric Paris.
+
+2.0.78 2009-02-27
+ * Fix incorrect conversion in discover_class code.
+
+2.0.77 2009-01-12
+ * add restorecon to python bindings from Dan Walsh.
+
2.0.76 2009-01-08
* Client support for translating raw contexts to colors via setrans.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/include/selinux/avc.h new/libselinux-2.0.80/include/selinux/avc.h
--- old/libselinux-2.0.77/include/selinux/avc.h 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/include/selinux/avc.h 2009-04-08 15:06:24.000000000 +0200
@@ -427,6 +427,44 @@
*/
void avc_sid_stats(void);
+/**
+ * avc_netlink_open - Create a netlink socket and connect to the kernel.
+ */
+int avc_netlink_open(int blocking);
+
+/**
+ * avc_netlink_loop - Wait for netlink messages from the kernel
+ */
+void avc_netlink_loop(void);
+
+/**
+ * avc_netlink_close - Close the netlink socket
+ */
+void avc_netlink_close(void);
+
+/**
+ * avc_netlink_acquire_fd - Acquire netlink socket fd.
+ *
+ * Allows the application to manage messages from the netlink socket in
+ * its own main loop.
+ */
+int avc_netlink_acquire_fd(void);
+
+/**
+ * avc_netlink_release_fd - Release netlink socket fd.
+ *
+ * Returns ownership of the netlink socket to the library.
+ */
+void avc_netlink_release_fd(void);
+
+/**
+ * avc_netlink_check_nb - Check netlink socket for new messages.
+ *
+ * Called by the application when using avc_netlink_acquire_fd() to
+ * process kernel netlink events.
+ */
+int avc_netlink_check_nb(void);
+
#ifdef __cplusplus
}
#endif
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/include/selinux/selinux.h new/libselinux-2.0.80/include/selinux/selinux.h
--- old/libselinux-2.0.77/include/selinux/selinux.h 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/include/selinux/selinux.h 2009-04-08 15:06:24.000000000 +0200
@@ -130,8 +130,12 @@
access_vector_t auditallow;
access_vector_t auditdeny;
unsigned int seqno;
+ unsigned int flags;
};
+/* Definitions of av_decision.flags */
+#define SELINUX_AVD_FLAGS_PERMISSIVE 0x0001
+
/* Structure for passing options, used by AVC and label subsystems */
struct selinux_opt {
int type;
@@ -153,11 +157,17 @@
char *msgbuf, size_t msgbufsize);
/* validate the supplied context, modifying if necessary */
int (*func_validate) (security_context_t *ctx);
+ /* netlink callback for setenforce message */
+ int (*func_setenforce) (int enforcing);
+ /* netlink callback for policyload message */
+ int (*func_policyload) (int seqno);
};
#define SELINUX_CB_LOG 0
#define SELINUX_CB_AUDIT 1
#define SELINUX_CB_VALIDATE 2
+#define SELINUX_CB_SETENFORCE 3
+#define SELINUX_CB_POLICYLOAD 4
extern union selinux_callback selinux_get_callback(int type);
extern void selinux_set_callback(int type, union selinux_callback cb);
@@ -180,6 +190,17 @@
access_vector_t requested,
struct av_decision *avd);
+extern int security_compute_av_flags(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
+extern int security_compute_av_flags_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
+
/* Compute a labeling decision and set *newcon to refer to it.
Caller must free via freecon. */
extern int security_compute_create(security_context_t scon,
@@ -295,6 +316,9 @@
/* Set the enforce flag value. */
extern int security_setenforce(int value);
+/* Get the behavior for undefined classes/permissions */
+extern int security_deny_unknown(void);
+
/* Disable SELinux at runtime (must be done prior to initial policy load). */
extern int security_disable(void);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_acquire_fd.3 new/libselinux-2.0.80/man/man3/avc_netlink_acquire_fd.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_acquire_fd.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_acquire_fd.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/avc_netlink_loop.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_check_nb.3 new/libselinux-2.0.80/man/man3/avc_netlink_check_nb.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_check_nb.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_check_nb.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/avc_netlink_loop.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_close.3 new/libselinux-2.0.80/man/man3/avc_netlink_close.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_close.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_close.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/avc_netlink_loop.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_loop.3 new/libselinux-2.0.80/man/man3/avc_netlink_loop.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_loop.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_loop.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1,88 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: KaiGai Kohei (kaigai@ak.jp.nec.com) 2009
+.TH "avc_netlink_loop" "3" "30 Mar 2009" "" "SELinux API documentation"
+.SH "NAME"
+avc_netlink_open, avc_netlink_close, avc_netlink_acquire_fd,
+avc_netlink_release_fd, avc_netlink_check_nb, avc_netlink_loop \- SELinux
+netlink processing.
+.SH "SYNOPSIS"
+.B #include
+
+.B #include
+.sp
+.BI "int avc_netlink_open(int " blocking ");"
+.sp
+.BI "void avc_netlink_close(void);"
+.sp
+.BI "int avc_netlink_acquire_fd(void);"
+.sp
+.BI "void avc_netlink_release_fd(void);"
+.sp
+.BI "void avc_netlink_loop(void);"
+.sp
+.BI "int avc_netlink_check_nb(void);"
+.sp
+.SH "DESCRIPTION"
+These functions enable applications to handle notification of SELinux events
+via netlink. The userspace AVC normally checks for netlink messages on each
+call to
+.BR avc_has_perm (3).
+Applications may wish to override this behavior and check for notification
+separately, for example in a
+.BR select (2)
+loop. These functions also permit netlink monitoring without requiring a
+call to
+.BR avc_open (3).
+
+.B avc_netlink_open
+opens a netlink socket to receive SELinux notifications. The socket
+descriptor is stored internally; use
+.BR avc_netlink_acquire_fd (3)
+to take ownership of it in application code. The
+.I blocking
+argument specifies whether read operations on the socket will block.
+.BR avc_open (3)
+calls this function internally, specifying non-blocking behavior (unless
+threading callbacks were explicitly set using the deprecated
+.BR avc_init (3)
+interface, in which case blocking behavior is set).
+
+.B avc_netlink_close
+closes the netlink socket. This function is called automatically by
+.BR avc_destroy (3).
+
+.B avc_netlink_acquire_fd
+returns the netlink socket descriptor number and informs the userspace AVC
+not to check the socket descriptor automatically on calls to
+.BR avc_has_perm (3).
+
+.B avc_netlink_release_fd
+returns control of the netlink socket to the userspace AVC, re-enabling
+automatic processing of notifications.
+
+.B avc_netlink_check_nb
+checks the netlink socket for pending messages and processes them.
+Callbacks for policyload and enforcing changes will be called;
+see
+.BR selinux_set_callback (3).
+This function does not block unless
+.BR avc_netlink_open (3)
+specified blocking behavior.
+
+.B avc_netlink_loop
+enters a loop blocking on the netlink socket and processing messages as they
+are received. This function will not return unless an error occurs on
+the socket, in which case the socket is closed.
+
+.SH "RETURN VALUE"
+.B avc_netlink_acquire_fd
+returns a non-negative file descriptor number on success. Other functions
+with a return value return zero on success. On error, -1 is returned and
+.I errno
+is set appropriately.
+
+.SH "SEE ALSO"
+.BR avc_open (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_open.3 new/libselinux-2.0.80/man/man3/avc_netlink_open.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_open.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_open.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/avc_netlink_loop.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/avc_netlink_release_fd.3 new/libselinux-2.0.80/man/man3/avc_netlink_release_fd.3
--- old/libselinux-2.0.77/man/man3/avc_netlink_release_fd.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/avc_netlink_release_fd.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/avc_netlink_loop.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/security_compute_av.3 new/libselinux-2.0.80/man/man3/security_compute_av.3
--- old/libselinux-2.0.77/man/man3/security_compute_av.3 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/security_compute_av.3 2009-04-08 15:06:24.000000000 +0200
@@ -1,6 +1,6 @@
.TH "security_compute_av" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
.SH "NAME"
-security_compute_av, security_compute_create, security_compute_relabel,
+security_compute_av, security_compute_av_flags, security_compute_create, security_compute_relabel,
security_compute_member, security_compute_user, security_get_initial_context \- query
the SELinux policy database in the kernel.
@@ -11,6 +11,8 @@
.sp
.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
.sp
+.BI "int security_compute_av_flags(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
+.sp
.BI "int security_compute_create(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
.sp
.BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
@@ -34,7 +36,19 @@
.B tclass
with the
.B requested
-access vector. See the cron source for a usage example.
+access vector. The decision is returned in
+.BR avd .
+
+.B security_compute_av_flags
+is identical to
+.B security_compute_av
+but additionally sets the
+.B flags
+field of
+.BR avd .
+Currently one flag is supported:
+.BR SELINUX_AVD_FLAGS_PERMISSIVE ,
+which indicates the decision is computed on a permissive domain.
.B security_compute_create
is used to compute a context to use for labeling a new object in a particular
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/security_compute_av_flags.3 new/libselinux-2.0.80/man/man3/security_compute_av_flags.3
--- old/libselinux-2.0.77/man/man3/security_compute_av_flags.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/security_compute_av_flags.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/security_deny_unknown.3 new/libselinux-2.0.80/man/man3/security_deny_unknown.3
--- old/libselinux-2.0.77/man/man3/security_deny_unknown.3 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/security_deny_unknown.3 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1 @@
+.so man3/security_getenforce.3
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/security_getenforce.3 new/libselinux-2.0.80/man/man3/security_getenforce.3
--- old/libselinux-2.0.77/man/man3/security_getenforce.3 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/security_getenforce.3 2009-04-08 15:06:24.000000000 +0200
@@ -1,13 +1,15 @@
.TH "security_getenforce" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
.SH "NAME"
-security_getenforce, security_setenforce \- get or set the enforcing state of SELinux
+security_getenforce, security_setenforce, security_deny_unknown \- get or set the enforcing state of SELinux
.SH "SYNOPSIS"
.B #include
.sp
-.B int security_getenforce();
+.B int security_getenforce(void);
.BI "int security_setenforce(int "value );
+.B int security_deny_unknown(void);
+
.SH "DESCRIPTION"
.B security_getenforce
returns 0 if SELinux is running in permissive mode, 1 if it is running in
@@ -18,6 +20,10 @@
permissive mode if 0 is passed in. On success 0 is returned, on error -1 is
returned.
+.B security_deny_unknown
+returns 0 if SELinux treats policy queries on undefined object classes or
+permissions as being allowed, 1 if such queries are denied, and -1 on error.
+
.SH "SEE ALSO"
.BR selinux "(8)"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/man/man3/selinux_set_callback.3 new/libselinux-2.0.80/man/man3/selinux_set_callback.3
--- old/libselinux-2.0.77/man/man3/selinux_set_callback.3 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/man/man3/selinux_set_callback.3 2009-04-08 15:06:24.000000000 +0200
@@ -79,6 +79,28 @@
.B EINVAL
to indicate an invalid context.
+.TP
+.B SELINUX_CB_SETENFORCE
+.BI "int (*" func_setenforce ") (int " enforcing ");"
+
+This callback is invoked when the system enforcing state changes.
+The
+.I enforcing
+argument indicates the new value and is set to
+.I 1
+for enforcing mode, and
+.I 0
+for permissive mode.
+
+.TP
+.B SELINUX_CB_POLICYLOAD
+.BI "int (*" func_policyload ") (int " seqno ");"
+
+This callback is invoked when the system security policy is reloaded.
+The
+.I seqno
+argument is the current sequential number of the policy generation in the system.
+
.SH "RETURN VALUE"
None.
@@ -91,5 +113,6 @@
.SH "SEE ALSO"
.BR selabel_open (3),
.BR avc_init (3),
+.BR avc_netlink_open(3),
.BR selinux (8)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/avc.c new/libselinux-2.0.80/src/avc.c
--- old/libselinux-2.0.77/src/avc.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/avc.c 2009-04-08 15:06:24.000000000 +0200
@@ -20,6 +20,7 @@
security_id_t tsid;
security_class_t tclass;
struct av_decision avd;
+ security_id_t create_sid;
int used; /* used recently */
};
@@ -340,6 +341,15 @@
return cur;
}
+static inline void avc_clear_avc_entry(struct avc_entry *ae)
+{
+ ae->ssid = ae->tsid = ae->create_sid = NULL;
+ ae->tclass = 0;
+ ae->avd.allowed = ae->avd.decided = 0;
+ ae->avd.auditallow = ae->avd.auditdeny = 0;
+ ae->used = 0;
+}
+
static inline struct avc_node *avc_claim_node(security_id_t ssid,
security_id_t tsid,
security_class_t tclass)
@@ -361,6 +371,7 @@
}
hvalue = avc_hash(ssid, tsid, tclass);
+ avc_clear_avc_entry(&new->ae);
new->ae.used = 1;
new->ae.ssid = ssid;
new->ae.tsid = tsid;
@@ -498,8 +509,8 @@
* avc_remove - Remove AVC and sidtab entries for SID.
* @sid: security identifier to be removed
*
- * Remove all AVC entries containing @sid as source
- * or target, and remove @sid from the SID table.
+ * Remove all AVC entries containing @sid as source, target, or
+ * create_sid, and remove @sid from the SID table.
* Free the memory allocated for the structure corresponding
* to @sid. After this function has been called, @sid must
* not be used until another call to avc_context_to_sid() has
@@ -514,19 +525,15 @@
cur = avc_cache.slots[i];
prev = NULL;
while (cur) {
- if (sid == cur->ae.ssid || sid == cur->ae.tsid) {
+ if (sid == cur->ae.ssid || sid == cur->ae.tsid ||
+ sid == cur->ae.create_sid) {
if (prev)
prev->next = cur->next;
else
avc_cache.slots[i] = cur->next;
tmp = cur;
cur = cur->next;
- tmp->ae.ssid = tmp->ae.tsid = NULL;
- tmp->ae.tclass = 0;
- tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
- tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny =
- 0;
- tmp->ae.used = 0;
+ avc_clear_avc_entry(&tmp->ae);
tmp->next = avc_node_freelist;
avc_node_freelist = tmp;
avc_cache.active_nodes--;
@@ -570,11 +577,7 @@
while (node) {
tmp = node;
node = node->next;
- tmp->ae.ssid = tmp->ae.tsid = NULL;
- tmp->ae.tclass = 0;
- tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
- tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = 0;
- tmp->ae.used = 0;
+ avc_clear_avc_entry(&tmp->ae);
tmp->next = avc_node_freelist;
avc_node_freelist = tmp;
avc_cache.active_nodes--;
@@ -812,7 +815,7 @@
access_vector_t denied;
struct avc_entry_ref ref;
- if (!avc_using_threads) {
+ if (!avc_using_threads && !avc_app_main_loop) {
(void)avc_netlink_check_nb();
}
@@ -846,9 +849,9 @@
rc = -1;
goto out;
}
- rc = security_compute_av_raw(ssid->ctx, tsid->ctx,
- tclass, requested,
- &entry.avd);
+ rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx,
+ tclass, requested,
+ &entry.avd);
if (rc)
goto out;
rc = avc_insert(ssid, tsid, tclass, &entry, aeref);
@@ -864,11 +867,13 @@
denied = requested & ~(ae->avd.allowed);
if (!requested || denied) {
- if (avc_enforcing) {
+ if (!avc_enforcing ||
+ (ae->avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE))
+ ae->avd.allowed |= requested;
+ else {
errno = EACCES;
rc = -1;
- } else
- ae->avd.allowed |= requested;
+ }
}
out:
@@ -882,9 +887,11 @@
security_class_t tclass, access_vector_t requested,
struct avc_entry_ref *aeref, void *auditdata)
{
- struct av_decision avd = { 0, 0, 0, 0, 0 };
+ struct av_decision avd;
int errsave, rc;
+ memset(&avd, 0, sizeof(avd));
+
rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd);
errsave = errno;
avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
@@ -896,23 +903,55 @@
security_class_t tclass, security_id_t *newsid)
{
int rc;
+ struct avc_entry_ref aeref;
+ struct avc_entry entry;
+ security_context_t ctx;
+
*newsid = NULL;
+ avc_entry_ref_init(&aeref);
+
avc_get_lock(avc_lock);
- if (ssid->refcnt > 0 && tsid->refcnt > 0) {
- security_context_t ctx = NULL;
+ if (ssid->refcnt <= 0 || tsid->refcnt <= 0) {
+ errno = EINVAL; /* bad reference count */
+ rc = -1;
+ goto out;
+ }
+
+ /* check for a cached entry */
+ rc = avc_lookup(ssid, tsid, tclass, 0, &aeref);
+ if (rc) {
+ /* need to make a cache entry for this tuple */
+ rc = security_compute_av_flags_raw(ssid->ctx, tsid->ctx,
+ tclass, 0, &entry.avd);
+ if (rc)
+ goto out;
+ rc = avc_insert(ssid, tsid, tclass, &entry, &aeref);
+ if (rc)
+ goto out;
+ }
+
+ /* check for a saved compute_create value */
+ if (!aeref.ae->create_sid) {
+ /* need to query the kernel policy */
rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
&ctx);
if (rc)
goto out;
rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
- if (!rc)
- (*newsid)->refcnt++;
freecon(ctx);
+ if (rc)
+ goto out;
+
+ aeref.ae->create_sid = *newsid;
} else {
- errno = EINVAL; /* bad reference count */
- rc = -1;
+ /* found saved value */
+ *newsid = aeref.ae->create_sid;
}
+
+ rc = 0;
out:
+ if (*newsid)
+ (*newsid)->refcnt++;
avc_release_lock(avc_lock);
return rc;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/avc_internal.c new/libselinux-2.0.80/src/avc_internal.c
--- old/libselinux-2.0.77/src/avc_internal.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/avc_internal.c 2009-04-08 15:06:24.000000000 +0200
@@ -19,6 +19,7 @@
#include
#include
#include
+#include "callbacks.h"
#include "selinux_netlink.h"
#include "avc_internal.h"
@@ -34,6 +35,7 @@
void (*avc_func_audit) (void *, security_class_t, char *, size_t) = NULL;
int avc_using_threads = 0;
+int avc_app_main_loop = 0;
void *(*avc_func_create_thread) (void (*)(void)) = NULL;
void (*avc_func_stop_thread) (void *) = NULL;
@@ -167,6 +169,9 @@
avc_prefix, rc, errno);
return rc;
}
+ rc = selinux_netlink_setenforce(msg->val);
+ if (rc < 0)
+ return rc;
break;
}
@@ -182,6 +187,9 @@
avc_prefix, rc, errno);
return rc;
}
+ rc = selinux_netlink_policyload(msg->seqno);
+ if (rc < 0)
+ return rc;
break;
}
@@ -250,3 +258,15 @@
"%s: netlink thread: errors encountered, terminating\n",
avc_prefix);
}
+
+int avc_netlink_acquire_fd(void)
+{
+ avc_app_main_loop = 1;
+
+ return fd;
+}
+
+void avc_netlink_release_fd(void)
+{
+ avc_app_main_loop = 0;
+}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/avc_internal.h new/libselinux-2.0.80/src/avc_internal.h
--- old/libselinux-2.0.77/src/avc_internal.h 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/avc_internal.h 2009-04-08 15:06:24.000000000 +0200
@@ -35,6 +35,7 @@
extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden;
extern int avc_using_threads hidden;
+extern int avc_app_main_loop hidden;
extern void *(*avc_func_create_thread) (void (*)(void))hidden;
extern void (*avc_func_stop_thread) (void *)hidden;
@@ -183,10 +184,6 @@
/* netlink kernel message code */
extern int avc_netlink_trouble hidden;
-int avc_netlink_open(int blocking) hidden;
-int avc_netlink_check_nb(void) hidden;
-void avc_netlink_loop(void) hidden;
-void avc_netlink_close(void) hidden;
hidden_proto(avc_av_stats)
hidden_proto(avc_cleanup)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/callbacks.c new/libselinux-2.0.80/src/callbacks.c
--- old/libselinux-2.0.77/src/callbacks.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/callbacks.c 2009-04-08 15:06:24.000000000 +0200
@@ -37,6 +37,18 @@
return security_check_context(*ctx);
}
+static int
+default_selinux_setenforce(int enforcing __attribute__((unused)))
+{
+ return 0;
+}
+
+static int
+default_selinux_policyload(int seqno __attribute__((unused)))
+{
+ return 0;
+}
+
/* callback pointers */
int __attribute__ ((format(printf, 2, 3)))
(*selinux_log)(int, const char *, ...) =
@@ -50,6 +62,14 @@
(*selinux_validate)(security_context_t *ctx) =
default_selinux_validate;
+int
+(*selinux_netlink_setenforce) (int enforcing) =
+ default_selinux_setenforce;
+
+int
+(*selinux_netlink_policyload) (int seqno) =
+ default_selinux_policyload;
+
/* callback setting function */
void
selinux_set_callback(int type, union selinux_callback cb)
@@ -64,6 +84,12 @@
case SELINUX_CB_VALIDATE:
selinux_validate = cb.func_validate;
break;
+ case SELINUX_CB_SETENFORCE:
+ selinux_netlink_setenforce = cb.func_setenforce;
+ break;
+ case SELINUX_CB_POLICYLOAD:
+ selinux_netlink_policyload = cb.func_policyload;
+ break;
}
}
@@ -83,6 +109,12 @@
case SELINUX_CB_VALIDATE:
cb.func_validate = selinux_validate;
break;
+ case SELINUX_CB_SETENFORCE:
+ cb.func_setenforce = selinux_netlink_setenforce;
+ break;
+ case SELINUX_CB_POLICYLOAD:
+ cb.func_policyload = selinux_netlink_policyload;
+ break;
default:
memset(&cb, 0, sizeof(cb));
errno = EINVAL;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/callbacks.h new/libselinux-2.0.80/src/callbacks.h
--- old/libselinux-2.0.77/src/callbacks.h 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/callbacks.h 2009-04-08 15:06:24.000000000 +0200
@@ -21,4 +21,10 @@
extern int
(*selinux_validate)(security_context_t *ctx) hidden;
+extern int
+(*selinux_netlink_setenforce) (int enforcing) hidden;
+
+extern int
+(*selinux_netlink_policyload) (int seqno) hidden;
+
#endif /* _SELINUX_CALLBACKS_H_ */
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/compute_av.c new/libselinux-2.0.80/src/compute_av.c
--- old/libselinux-2.0.77/src/compute_av.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/compute_av.c 2009-04-08 15:06:24.000000000 +0200
@@ -10,10 +10,11 @@
#include "policy.h"
#include "mapping.h"
-int security_compute_av_raw(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- access_vector_t requested, struct av_decision *avd)
+int security_compute_av_flags_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd)
{
char path[PATH_MAX];
char *buf;
@@ -49,12 +50,15 @@
if (ret < 0)
goto out2;
- if (sscanf(buf, "%x %x %x %x %u", &avd->allowed,
- &avd->decided, &avd->auditallow, &avd->auditdeny,
- &avd->seqno) != 5) {
+ ret = sscanf(buf, "%x %x %x %x %u %x",
+ &avd->allowed, &avd->decided,
+ &avd->auditallow, &avd->auditdeny,
+ &avd->seqno, &avd->flags);
+ if (ret < 5) {
ret = -1;
goto out2;
- }
+ } else if (ret < 6)
+ avd->flags = 0;
map_decision(tclass, avd);
@@ -66,16 +70,44 @@
return ret;
}
-hidden_def(security_compute_av_raw)
+hidden_def(security_compute_av_flags_raw)
-int security_compute_av(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- access_vector_t requested, struct av_decision *avd)
+int security_compute_av_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd)
{
+ struct av_decision lavd;
int ret;
+
+ ret = security_compute_av_flags_raw(scon, tcon, tclass,
+ requested, &lavd);
+ if (ret == 0) {
+ avd->allowed = lavd.allowed;
+ avd->decided = lavd.decided;
+ avd->auditallow = lavd.auditallow;
+ avd->auditdeny = lavd.auditdeny;
+ avd->seqno = lavd.seqno;
+ /* NOTE:
+ * We should not return avd->flags via the interface
+ * due to the binary compatibility.
+ */
+ }
+ return ret;
+}
+
+hidden_def(security_compute_av_raw)
+
+int security_compute_av_flags(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd)
+{
security_context_t rscon = scon;
security_context_t rtcon = tcon;
+ int ret;
if (selinux_trans_to_raw_context(scon, &rscon))
return -1;
@@ -83,8 +115,8 @@
freecon(rscon);
return -1;
}
-
- ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd);
+ ret = security_compute_av_flags_raw(rscon, rtcon, tclass,
+ requested, avd);
freecon(rscon);
freecon(rtcon);
@@ -92,4 +124,32 @@
return ret;
}
+hidden_def(security_compute_av_flags)
+
+int security_compute_av(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested, struct av_decision *avd)
+{
+ struct av_decision lavd;
+ int ret;
+
+ ret = security_compute_av_flags(scon, tcon, tclass,
+ requested, &lavd);
+ if (ret == 0)
+ {
+ avd->allowed = lavd.allowed;
+ avd->decided = lavd.decided;
+ avd->auditallow = lavd.auditallow;
+ avd->auditdeny = lavd.auditdeny;
+ avd->seqno = lavd.seqno;
+ /* NOTE:
+ * We should not return avd->flags via the interface
+ * due to the binary compatibility.
+ */
+ }
+
+ return ret;
+}
+
hidden_def(security_compute_av)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/deny_unknown.c new/libselinux-2.0.80/src/deny_unknown.c
--- old/libselinux-2.0.77/src/deny_unknown.c 1970-01-01 01:00:00.000000000 +0100
+++ new/libselinux-2.0.80/src/deny_unknown.c 2009-04-08 15:06:24.000000000 +0200
@@ -0,0 +1,40 @@
+#include
+#include
+#include
+#include
+#include
+#include
+#include "selinux_internal.h"
+#include "policy.h"
+#include
+#include
+
+int security_deny_unknown(void)
+{
+ int fd, ret, deny_unknown = 0;
+ char path[PATH_MAX];
+ char buf[20];
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof(path), "%s/deny_unknown", selinux_mnt);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ return -1;
+
+ memset(buf, 0, sizeof(buf));
+ ret = read(fd, buf, sizeof(buf) - 1);
+ close(fd);
+ if (ret < 0)
+ return -1;
+
+ if (sscanf(buf, "%d", &deny_unknown) != 1)
+ return -1;
+
+ return deny_unknown;
+}
+
+hidden_def(security_deny_unknown);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/selinux_internal.h new/libselinux-2.0.80/src/selinux_internal.h
--- old/libselinux-2.0.77/src/selinux_internal.h 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/selinux_internal.h 2009-04-08 15:06:24.000000000 +0200
@@ -16,6 +16,8 @@
hidden_proto(security_canonicalize_context_raw)
hidden_proto(security_compute_av)
hidden_proto(security_compute_av_raw)
+ hidden_proto(security_compute_av_flags)
+ hidden_proto(security_compute_av_flags_raw)
hidden_proto(security_compute_user)
hidden_proto(security_compute_user_raw)
hidden_proto(security_compute_create)
@@ -51,6 +53,7 @@
hidden_proto(setsockcreatecon_raw)
hidden_proto(security_getenforce)
hidden_proto(security_setenforce)
+ hidden_proto(security_deny_unknown)
hidden_proto(selinux_binary_policy_path)
hidden_proto(selinux_default_context_path)
hidden_proto(selinux_securetty_types_path)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/selinux.py new/libselinux-2.0.80/src/selinux.py
--- old/libselinux-2.0.77/src/selinux.py 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/selinux.py 2009-04-08 15:06:24.000000000 +0200
@@ -1,5 +1,5 @@
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.33
+# Version 1.3.35
#
# Don't modify this file, modify the SWIG interface instead.
# This file is compatible with both classic and new-style classes.
@@ -48,6 +48,20 @@
del types
+import shutil, os, stat
+
+def restorecon(path, recursive=False):
+ """ Restore SELinux context on a given path """
+ mode = os.lstat(path)[stat.ST_MODE]
+ status, context = matchpathcon(path, mode)
+ if status == 0:
+ lsetfilecon(path, context)
+ if recursive:
+ os.path.walk(path, lambda arg, dirname, fnames:
+ map(restorecon, [os.path.join(dirname, fname)
+ for fname in fnames]), None)
+
+
is_selinux_enabled = _selinux.is_selinux_enabled
is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled
getcon = _selinux.getcon
@@ -286,6 +300,7 @@
selinux_users_path = _selinux.selinux_users_path
selinux_usersconf_path = _selinux.selinux_usersconf_path
selinux_translations_path = _selinux.selinux_translations_path
+selinux_colors_path = _selinux.selinux_colors_path
selinux_netfilter_context_path = _selinux.selinux_netfilter_context_path
selinux_path = _selinux.selinux_path
selinux_check_passwd_access = _selinux.selinux_check_passwd_access
@@ -296,6 +311,7 @@
is_context_customizable = _selinux.is_context_customizable
selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context
selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context
+selinux_raw_context_to_color = _selinux.selinux_raw_context_to_color
getseuserbyname = _selinux.getseuserbyname
selinux_file_context_cmp = _selinux.selinux_file_context_cmp
selinux_file_context_verify = _selinux.selinux_file_context_verify
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/selinuxswig.i new/libselinux-2.0.80/src/selinuxswig.i
--- old/libselinux-2.0.77/src/selinuxswig.i 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/selinuxswig.i 2009-04-08 15:06:24.000000000 +0200
@@ -50,6 +50,11 @@
%ignore avc_add_callback;
+/* Ignore netlink stuff for now */
+%ignore avc_netlink_acquire_fd;
+%ignore avc_netlink_release_fd;
+%ignore avc_netlink_check_nb;
+
%include "../include/selinux/selinux.h"
%include "../include/selinux/avc.h"
%include "../include/selinux/get_default_type.h"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/selinuxswig_python.i new/libselinux-2.0.80/src/selinuxswig_python.i
--- old/libselinux-2.0.77/src/selinuxswig_python.i 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/selinuxswig_python.i 2009-04-08 15:06:24.000000000 +0200
@@ -6,6 +6,23 @@
#include "selinux/selinux.h"
%}
+%pythoncode %{
+
+import shutil, os, stat
+
+def restorecon(path, recursive=False):
+ """ Restore SELinux context on a given path """
+ mode = os.lstat(path)[stat.ST_MODE]
+ status, context = matchpathcon(path, mode)
+ if status == 0:
+ lsetfilecon(path, context)
+ if recursive:
+ os.path.walk(path, lambda arg, dirname, fnames:
+ map(restorecon, [os.path.join(dirname, fname)
+ for fname in fnames]), None)
+
+%}
+
/* security_get_boolean_names() typemap */
%typemap(argout) (char ***names, int *len) {
PyObject* list = PyList_New(*$2);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/selinuxswig_wrap.c new/libselinux-2.0.80/src/selinuxswig_wrap.c
--- old/libselinux-2.0.77/src/selinuxswig_wrap.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/selinuxswig_wrap.c 2009-04-08 15:06:24.000000000 +0200
@@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
- * Version 1.3.33
+ * Version 1.3.35
*
* This file is not intended to be easily readable and contains a number of
* coding conventions designed to improve portability and efficiency. Do not make
@@ -126,7 +126,7 @@
/* This should only be incremented when either the layout of swig_type_info changes,
or for whatever reason, the runtime changes incompatibly */
-#define SWIG_RUNTIME_VERSION "3"
+#define SWIG_RUNTIME_VERSION "4"
/* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */
#ifdef SWIG_TYPE_TABLE
@@ -161,6 +161,7 @@
/* Flags for pointer conversions */
#define SWIG_POINTER_DISOWN 0x1
+#define SWIG_CAST_NEW_MEMORY 0x2
/* Flags for new pointer objects */
#define SWIG_POINTER_OWN 0x1
@@ -301,10 +302,10 @@
extern "C" {
#endif
-typedef void *(*swig_converter_func)(void *);
+typedef void *(*swig_converter_func)(void *, int *);
typedef struct swig_type_info *(*swig_dycast_func)(void **);
-/* Structure to store inforomation on one type */
+/* Structure to store information on one type */
typedef struct swig_type_info {
const char *name; /* mangled name of this type */
const char *str; /* human readable name of this type */
@@ -431,8 +432,8 @@
Cast a pointer up an inheritance hierarchy
*/
SWIGRUNTIMEINLINE void *
-SWIG_TypeCast(swig_cast_info *ty, void *ptr) {
- return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr);
+SWIG_TypeCast(swig_cast_info *ty, void *ptr, int *newmemory) {
+ return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr, newmemory);
}
/*
@@ -856,7 +857,7 @@
Py_DECREF(old_str);
Py_DECREF(value);
} else {
- PyErr_Format(PyExc_RuntimeError, mesg);
+ PyErr_SetString(PyExc_RuntimeError, mesg);
}
}
@@ -1416,7 +1417,7 @@
{
PySwigObject *sobj = (PySwigObject *) v;
PyObject *next = sobj->next;
- if (sobj->own) {
+ if (sobj->own == SWIG_POINTER_OWN) {
swig_type_info *ty = sobj->ty;
PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
PyObject *destroy = data ? data->destroy : 0;
@@ -1434,12 +1435,13 @@
res = ((*meth)(mself, v));
}
Py_XDECREF(res);
- } else {
- const char *name = SWIG_TypePrettyName(ty);
+ }
#if !defined(SWIG_PYTHON_SILENT_MEMLEAK)
- printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name);
-#endif
+ else {
+ const char *name = SWIG_TypePrettyName(ty);
+ printf("swig/python detected a memory leak of type '%s', no destructor found.\n", (name ? name : "unknown"));
}
+#endif
}
Py_XDECREF(next);
PyObject_DEL(v);
@@ -1944,7 +1946,7 @@
SWIGRUNTIME int
SWIG_Python_AcquirePtr(PyObject *obj, int own) {
- if (own) {
+ if (own == SWIG_POINTER_OWN) {
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
if (sobj) {
int oldown = sobj->own;
@@ -1965,6 +1967,8 @@
return SWIG_OK;
} else {
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
+ if (own)
+ *own = 0;
while (sobj) {
void *vptr = sobj->ptr;
if (ty) {
@@ -1978,7 +1982,15 @@
if (!tc) {
sobj = (PySwigObject *)sobj->next;
} else {
- if (ptr) *ptr = SWIG_TypeCast(tc,vptr);
+ if (ptr) {
+ int newmemory = 0;
+ *ptr = SWIG_TypeCast(tc,vptr,&newmemory);
+ if (newmemory == SWIG_CAST_NEW_MEMORY) {
+ assert(own);
+ if (own)
+ *own = *own | SWIG_CAST_NEW_MEMORY;
+ }
+ }
break;
}
}
@@ -1988,7 +2000,8 @@
}
}
if (sobj) {
- if (own) *own = sobj->own;
+ if (own)
+ *own = *own | sobj->own;
if (flags & SWIG_POINTER_DISOWN) {
sobj->own = 0;
}
@@ -2053,8 +2066,13 @@
}
if (ty) {
swig_cast_info *tc = SWIG_TypeCheck(desc,ty);
- if (!tc) return SWIG_ERROR;
- *ptr = SWIG_TypeCast(tc,vptr);
+ if (tc) {
+ int newmemory = 0;
+ *ptr = SWIG_TypeCast(tc,vptr,&newmemory);
+ assert(!newmemory); /* newmemory handling not yet implemented */
+ } else {
+ return SWIG_ERROR;
+ }
} else {
*ptr = vptr;
}
@@ -2506,7 +2524,7 @@
#define SWIG_name "_selinux"
-#define SWIGVERSION 0x010333
+#define SWIGVERSION 0x010335
#define SWIG_VERSION SWIGVERSION
@@ -4273,7 +4291,7 @@
struct av_decision *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_av_decision")) SWIG_fail;
- result = (struct av_decision *)(struct av_decision *) calloc(1, sizeof(struct av_decision));
+ result = (struct av_decision *)calloc(1, sizeof(struct av_decision));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_av_decision, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -4305,7 +4323,7 @@
SWIGINTERN PyObject *av_decision_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_av_decision, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -4428,7 +4446,7 @@
struct selinux_opt *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_selinux_opt")) SWIG_fail;
- result = (struct selinux_opt *)(struct selinux_opt *) calloc(1, sizeof(struct selinux_opt));
+ result = (struct selinux_opt *)calloc(1, sizeof(struct selinux_opt));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_opt, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -4460,7 +4478,7 @@
SWIGINTERN PyObject *selinux_opt_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_selinux_opt, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -4626,7 +4644,7 @@
union selinux_callback *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_selinux_callback")) SWIG_fail;
- result = (union selinux_callback *)(union selinux_callback *) calloc(1, sizeof(union selinux_callback));
+ result = (union selinux_callback *)calloc(1, sizeof(union selinux_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -4658,7 +4676,7 @@
SWIGINTERN PyObject *selinux_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_selinux_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -5586,7 +5604,7 @@
SELboolean *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_SELboolean")) SWIG_fail;
- result = (SELboolean *)(SELboolean *) calloc(1, sizeof(SELboolean));
+ result = (SELboolean *)calloc(1, sizeof(SELboolean));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_SELboolean, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -5618,7 +5636,7 @@
SWIGINTERN PyObject *SELboolean_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_SELboolean, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -6139,7 +6157,7 @@
struct security_class_mapping *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_security_class_mapping")) SWIG_fail;
- result = (struct security_class_mapping *)(struct security_class_mapping *) calloc(1, sizeof(struct security_class_mapping));
+ result = (struct security_class_mapping *)calloc(1, sizeof(struct security_class_mapping));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_class_mapping, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -6171,7 +6189,7 @@
SWIGINTERN PyObject *security_class_mapping_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_security_class_mapping, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -6994,6 +7012,19 @@
}
+SWIGINTERN PyObject *_wrap_selinux_colors_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_colors_path")) SWIG_fail;
+ result = (char *)selinux_colors_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_selinux_netfilter_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *result = 0 ;
@@ -7334,6 +7365,42 @@
}
+SWIGINTERN PyObject *_wrap_selinux_raw_context_to_color(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ char **arg2 = (char **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ char *temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_raw_context_to_color",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_raw_context_to_color" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)selinux_raw_context_to_color(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ free(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_getseuserbyname(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *arg1 = (char *) 0 ;
@@ -7596,7 +7663,7 @@
struct security_id *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_security_id")) SWIG_fail;
- result = (struct security_id *)(struct security_id *) calloc(1, sizeof(struct security_id));
+ result = (struct security_id *)calloc(1, sizeof(struct security_id));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_id, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -7628,7 +7695,7 @@
SWIGINTERN PyObject *security_id_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_security_id, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -7915,7 +7982,7 @@
struct avc_entry_ref *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_entry_ref")) SWIG_fail;
- result = (struct avc_entry_ref *)(struct avc_entry_ref *) calloc(1, sizeof(struct avc_entry_ref));
+ result = (struct avc_entry_ref *)calloc(1, sizeof(struct avc_entry_ref));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -7947,7 +8014,7 @@
SWIGINTERN PyObject *avc_entry_ref_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_entry_ref, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -8061,7 +8128,7 @@
struct avc_memory_callback *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_memory_callback")) SWIG_fail;
- result = (struct avc_memory_callback *)(struct avc_memory_callback *) calloc(1, sizeof(struct avc_memory_callback));
+ result = (struct avc_memory_callback *)calloc(1, sizeof(struct avc_memory_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -8093,7 +8160,7 @@
SWIGINTERN PyObject *avc_memory_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_memory_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -8207,7 +8274,7 @@
struct avc_log_callback *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_log_callback")) SWIG_fail;
- result = (struct avc_log_callback *)(struct avc_log_callback *) calloc(1, sizeof(struct avc_log_callback));
+ result = (struct avc_log_callback *)calloc(1, sizeof(struct avc_log_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_log_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -8239,7 +8306,7 @@
SWIGINTERN PyObject *avc_log_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_log_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -8353,7 +8420,7 @@
struct avc_thread_callback *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_thread_callback")) SWIG_fail;
- result = (struct avc_thread_callback *)(struct avc_thread_callback *) calloc(1, sizeof(struct avc_thread_callback));
+ result = (struct avc_thread_callback *)calloc(1, sizeof(struct avc_thread_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -8385,7 +8452,7 @@
SWIGINTERN PyObject *avc_thread_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_thread_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -8603,7 +8670,7 @@
struct avc_lock_callback *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_lock_callback")) SWIG_fail;
- result = (struct avc_lock_callback *)(struct avc_lock_callback *) calloc(1, sizeof(struct avc_lock_callback));
+ result = (struct avc_lock_callback *)calloc(1, sizeof(struct avc_lock_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -8635,7 +8702,7 @@
SWIGINTERN PyObject *avc_lock_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_lock_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -9493,7 +9560,7 @@
struct avc_cache_stats *result = 0 ;
if (!PyArg_ParseTuple(args,(char *)":new_avc_cache_stats")) SWIG_fail;
- result = (struct avc_cache_stats *)(struct avc_cache_stats *) calloc(1, sizeof(struct avc_cache_stats));
+ result = (struct avc_cache_stats *)calloc(1, sizeof(struct avc_cache_stats));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_cache_stats, SWIG_POINTER_NEW | 0 );
return resultobj;
fail:
@@ -9525,7 +9592,7 @@
SWIGINTERN PyObject *avc_cache_stats_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
- if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_cache_stats, SWIG_NewClientData(obj));
return SWIG_Py_Void();
}
@@ -10207,6 +10274,7 @@
{ (char *)"selinux_users_path", _wrap_selinux_users_path, METH_VARARGS, NULL},
{ (char *)"selinux_usersconf_path", _wrap_selinux_usersconf_path, METH_VARARGS, NULL},
{ (char *)"selinux_translations_path", _wrap_selinux_translations_path, METH_VARARGS, NULL},
+ { (char *)"selinux_colors_path", _wrap_selinux_colors_path, METH_VARARGS, NULL},
{ (char *)"selinux_netfilter_context_path", _wrap_selinux_netfilter_context_path, METH_VARARGS, NULL},
{ (char *)"selinux_path", _wrap_selinux_path, METH_VARARGS, NULL},
{ (char *)"selinux_check_passwd_access", _wrap_selinux_check_passwd_access, METH_VARARGS, NULL},
@@ -10217,6 +10285,7 @@
{ (char *)"is_context_customizable", _wrap_is_context_customizable, METH_VARARGS, NULL},
{ (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL},
{ (char *)"selinux_raw_to_trans_context", _wrap_selinux_raw_to_trans_context, METH_VARARGS, NULL},
+ { (char *)"selinux_raw_context_to_color", _wrap_selinux_raw_context_to_color, METH_VARARGS, NULL},
{ (char *)"getseuserbyname", _wrap_getseuserbyname, METH_VARARGS, NULL},
{ (char *)"selinux_file_context_cmp", _wrap_selinux_file_context_cmp, METH_VARARGS, NULL},
{ (char *)"selinux_file_context_verify", _wrap_selinux_file_context_verify, METH_VARARGS, NULL},
@@ -10513,7 +10582,7 @@
SWIG_InitializeModule(void *clientdata) {
size_t i;
swig_module_info *module_head, *iter;
- int found;
+ int found, init;
clientdata = clientdata;
@@ -10523,6 +10592,9 @@
swig_module.type_initial = swig_type_initial;
swig_module.cast_initial = swig_cast_initial;
swig_module.next = &swig_module;
+ init = 1;
+ } else {
+ init = 0;
}
/* Try and load any already created modules */
@@ -10551,6 +10623,12 @@
module_head->next = &swig_module;
}
+ /* When multiple interpeters are used, a module could have already been initialized in
+ a different interpreter, but not yet have a pointer in this interpreter.
+ In this case, we do not want to continue adding types... everything should be
+ set up already */
+ if (init == 0) return;
+
/* Now work on filling in swig_module.types */
#ifdef SWIGRUNTIME_DEBUG
printf("SWIG_InitializeModule: size %d\n", swig_module.size);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/src/stringrep.c new/libselinux-2.0.80/src/stringrep.c
--- old/libselinux-2.0.77/src/stringrep.c 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/src/stringrep.c 2009-04-08 15:06:24.000000000 +0200
@@ -225,7 +225,7 @@
if (ret < 0)
goto err3;
- if (sscanf(buf, "%u", (unsigned int*)&node->value) != 1)
+ if (sscanf(buf, "%hu", &node->value) != 1)
goto err3;
/* load up permission indicies */
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libselinux-2.0.77/VERSION new/libselinux-2.0.80/VERSION
--- old/libselinux-2.0.77/VERSION 2009-01-06 15:12:21.000000000 +0100
+++ new/libselinux-2.0.80/VERSION 2009-04-08 15:06:24.000000000 +0200
@@ -1 +1 @@
-2.0.77
+2.0.80
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org