Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux:[2943] trunk/libselinux/src/label_file.c
|
From: <ssm...@us...> - 2008-08-05 13:09:21
|
Revision: 2943
http://selinux.svn.sourceforge.net/selinux/?rev=2943&view=rev
Author: ssmalley
Date: 2008-08-05 13:09:18 +0000 (Tue, 05 Aug 2008)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: Patch to make libselinux shut up when SELinux is disabled.
Date: Mon, 04 Aug 2008 13:51:03 -0400
On Mon, 2008-08-04 at 16:06 +0100, Paul Howarth wrote:
> This may present a problem for policy developers. For instance, I am
> writing new policy for spamass-milter, which currently shares spamd_t
> with spamassassin. I need spamass-milter to transition into a different
> domain, so I need to specify a new context for /usr/bin/spamass-milter
> in my policy module. This conflicts with the existing context for the
> same file (spamd_exec_t) in the main selinux-policy-targeted package and
> I get warnings like this on most rpm/selinux operations:
>
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
> specifications for /usr/sbin/spamass-milter
> (system_u:object_r:milter_spamass_exec_t:s0 and
> system_u:object_r:spamd_exec_t:s0).
>
> For whatever reason, the context from my local module "wins" and I get
> the desired result. However, if semanage didn't allow this, I believe
> I'd need to fork the selinux-policy package for the duration of my
> development to prevent the unwanted context specification from being
> used. Or is there some other way around this?
If that is the desired behavior, then I suppose we want to move up the
nodups_specs checking. Like this:
Modified Paths:
--------------
trunk/libselinux/src/label_file.c
Modified: trunk/libselinux/src/label_file.c
===================================================================
--- trunk/libselinux/src/label_file.c 2008-08-05 13:08:39 UTC (rev 2942)
+++ trunk/libselinux/src/label_file.c 2008-08-05 13:09:18 UTC (rev 2943)
@@ -468,6 +468,11 @@
pass, ++lineno) != 0)
goto finish;
}
+ if (pass == 1) {
+ status = nodups_specs(data, path);
+ if (status)
+ goto finish;
+ }
lineno = 0;
if (homedirfp)
while (getline(&line_buf, &line_len, homedirfp) > 0
@@ -507,10 +512,6 @@
}
free(line_buf);
- status = nodups_specs(data, path);
- if (status)
- goto finish;
-
/* Move exact pathname specifications to the end. */
spec_copy = malloc(sizeof(spec_t) * data->nspec);
if (!spec_copy)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
