Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2159] tags
|
From: <mad...@us...> - 2007-01-08 20:44:36
|
Revision: 2159
http://svn.sourceforge.net/selinux/?rev=2159&view=rev
Author: madmethod
Date: 2007-01-08 12:44:34 -0800 (Mon, 08 Jan 2007)
Log Message:
-----------
tag for libsemanage 1.9.2
Added Paths:
-----------
tags/libsemanage_1_9_2/
tags/libsemanage_1_9_2/libsemanage/
tags/libsemanage_1_9_2/libsemanage/ChangeLog
tags/libsemanage_1_9_2/libsemanage/VERSION
tags/libsemanage_1_9_2/libsemanage/src/conf-parse.y
tags/libsemanage_1_9_2/libsemanage/src/conf-scan.l
tags/libsemanage_1_9_2/libsemanage/src/direct_api.c
tags/libsemanage_1_9_2/libsemanage/src/semanage_conf.h
tags/libsemanage_1_9_2/libsemanage/src/semanage_store.c
Removed Paths:
-------------
tags/libsemanage_1_9_2/libsemanage/ChangeLog
tags/libsemanage_1_9_2/libsemanage/VERSION
tags/libsemanage_1_9_2/libsemanage/src/conf-parse.y
tags/libsemanage_1_9_2/libsemanage/src/conf-scan.l
tags/libsemanage_1_9_2/libsemanage/src/direct_api.c
tags/libsemanage_1_9_2/libsemanage/src/semanage_conf.h
tags/libsemanage_1_9_2/libsemanage/src/semanage_store.c
Copied: tags/libsemanage_1_9_2/libsemanage (from rev 2153, trunk/libsemanage)
Deleted: tags/libsemanage_1_9_2/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2007-01-05 19:15:46 UTC (rev 2153)
+++ tags/libsemanage_1_9_2/libsemanage/ChangeLog 2007-01-08 20:44:34 UTC (rev 2159)
@@ -1,535 +0,0 @@
-1.9.1 2006-11-27
- * Merged patch to compile wit -fPIC instead of -fpic from
- Manoj Srivastava to prevent hitting the global offest table
- limit. Patch changed to include libselinux and libsemanage in
- addition to libsepol.
-1.8 2006-10-17
- * Updated version for release.
-
-1.6.17 2006-09-29
- * Merged patch to skip reload if no active store exists and
- the store path doesn't match the active store path from Dan Walsh.
- * Merged patch to not destroy sepol handle on error path of
- connect from James Athey.
- * Merged patch to add genhomedircon path to semanage.conf from
- James Athey.
-
-1.6.16 2006-08-14
- * Make most copy errors fatal, but allow exceptions for
- file_contexts.local, seusers, and netfilter_contexts if
- the source file does not exist in the store.
-
-1.6.15 2006-08-11
- * Merged separate local file contexts patch from Chris PeBenito.
-
-1.6.14 2006-08-11
- * Merged patch to make most copy errors non-fatal from Dan Walsh.
-
-1.6.13 2006-08-03
- * Merged netfilter contexts support from Chris PeBenito.
-
-1.6.12 2006-07-11
- * Merged support for read operations on read-only fs from
- Caleb Case (Tresys Technology).
-
-1.6.11 2006-06-29
- * Lindent.
-
-1.6.10 2006-06-26
- * Merged setfiles location check patch from Dan Walsh.
-
-1.6.9 2006-06-16
- * Merged several fixes from Serge Hallyn:
- dbase_file_cache: deref of uninit data on error path.
- dbase_policydb_cache: clear fp to avoid double fclose
- semanage_fc_sort: destroy temp on error paths
-
-1.6.8 2006-06-02
- * Updated default location for setfiles to /sbin to
- match policycoreutils. This can also be adjusted via
- semanage.conf using the syntax:
- [setfiles]
- path = /path/to/setfiles
- args = -q -c $@ $<
- [end]
-
-1.6.7 2006-05-05
- * Merged fix warnings patch from Karl MacMillan.
-
-1.6.6 2006-04-14
- * Merged updated file context sorting patch from Christopher
- Ashworth, with bug fix for escaped character flag.
-
-1.6.5 2006-04-13
- * Merged file context sorting code from Christopher Ashworth
- (Tresys Technology), based on fc_sort.c code in refpolicy.
-
-1.6.4 2006-04-12
- * Merged python binding t_output_helper removal patch from Dan Walsh.
- * Regenerated swig files.
-
-1.6.3 2006-03-30
- * Merged corrected fix for descriptor leak from Dan Walsh.
-
-1.6.2 2006-03-20
- * Merged Makefile PYLIBVER definition patch from Dan Walsh.
-
-1.6.1 2006-03-20
- * Merged man page reorganization from Ivan Gyurdiev.
-
-1.6 2006-03-14
- * Updated version for release.
-
-1.5.31 2006-03-09
- * Merged abort early on merge errors patch from Ivan Gyurdiev.
-
-1.5.30 2006-03-08
- * Cleaned up error handling in semanage_split_fc based on a patch
- by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev.
-
-1.5.29 2006-02-21
- * Merged MLS handling fixes from Ivan Gyurdiev.
-
-1.5.28 2006-02-16
- * Merged bug fix for fcontext validate handler from Ivan Gyurdiev.
-
-1.5.27 2006-02-16
- * Merged base_merge_components changes from Ivan Gyurdiev.
-
-1.5.26 2006-02-15
- * Merged paths array patch from Ivan Gyurdiev.
- * Merged bug fix patch from Ivan Gyurdiev.
-
-1.5.25 2006-02-14
- * Merged improve bindings patch from Ivan Gyurdiev.
-
-1.5.24 2006-02-14
- * Merged use PyList patch from Ivan Gyurdiev.
- * Merged memory leak fix patch from Ivan Gyurdiev.
- * Merged nodecon support patch from Ivan Gyurdiev.
- * Merged cleanups patch from Ivan Gyurdiev.
- * Merged split swig patch from Ivan Gyurdiev.
-
-1.5.23 2006-02-13
- * Merged optionals in base patch from Joshua Brindle.
-
-1.5.22 2006-02-13
- * Merged treat seusers/users_extra as optional sections patch from
- Ivan Gyurdiev.
- * Merged parse_optional fixes from Ivan Gyurdiev.
-
-1.5.21 2006-02-07
- * Merged seuser/user_extra support patch from Joshua Brindle.
- * Merged remote system dbase patch from Ivan Gyurdiev.
-
-1.5.20 2006-02-02
- * Merged clone record on set_con patch from Ivan Gyurdiev.
-
-1.5.19 2006-01-30
- * Merged fname parameter patch from Ivan Gyurdiev.
- * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev.
- * Merged seusers.system patch from Ivan Gyurdiev.
- * Merged improve port/fcontext API patch from Ivan Gyurdiev.
-
-1.5.18 2006-01-27
- * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev.
-
-1.5.17 2006-01-27
- * Merged set_create_store, access_check, and is_connected interfaces
- from Joshua Brindle.
-
-1.5.16 2006-01-19
- * Regenerate python wrappers.
-
-1.5.15 2006-01-18
- * Merged pywrap Makefile diff from Dan Walsh.
- * Merged cache management patch from Ivan Gyurdiev.
- * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev.
- * Merged remove apply_local function patch from Ivan Gyurdiev.
- * Merged only do read locking in direct case patch from Ivan Gyurdiev.
- * Merged cache error path memory leak fix from Ivan Gyurdiev.
- * Merged auto-generated file header patch from Ivan Gyurdiev.
- * Merged pywrap test update from Ivan Gyurdiev.
- * Merged hidden defs update from Ivan Gyurdiev.
-
-1.5.14 2006-01-13
- * Merged disallow port overlap patch from Ivan Gyurdiev.
-
-1.5.13 2006-01-12
- * Merged join prereq and implementation patches from Ivan Gyurdiev.
- * Merged join user extra data part 2 patch from Ivan Gyurdiev.
- * Merged bugfix patch from Ivan Gyurdiev.
-
-1.5.12 2006-01-12
- * Merged remove add_local/set_local patch from Ivan Gyurdiev.
- * Merged user extra data part 1 patch from Ivan Gyurdiev.
- * Merged size_t -> unsigned int patch from Ivan Gyurdiev.
- * Merged calloc check in semanage_store patch from Ivan Gyurdiev,
- bug noticed by Steve Grubb.
- * Merged cleanups after add/set removal patch from Ivan Gyurdiev.
-
-1.5.11 2006-01-09
- * Merged fcontext compare fix from Ivan Gyurdiev.
-
-1.5.10 2006-01-06
- * Fixed commit to return the commit number aka policy sequence number.
-
-1.5.9 2006-01-06
- * Merged const in APIs patch from Ivan Gyurdiev.
- * Merged validation of local file contexts patch from Ivan Gyurdiev.
- * Merged compare2 function patch from Ivan Gyurdiev.
- * Merged hidden def/proto update patch from Ivan Gyurdiev.
-
-1.5.8 2006-01-05
- * Re-applied string and file optimization patch from Russell Coker,
- with bug fix.
-
-1.5.7 2006-01-05
- * Reverted string and file optimization patch from Russell Coker.
-
-1.5.6 2006-01-05
- * Clarified error messages from parse_module_headers and
- parse_base_headers for base/module mismatches.
-
-1.5.5 2006-01-05
- * Merged string and file optimization patch from Russell Coker.
- * Merged swig header reordering patch from Ivan Gyurdiev.
- * Merged toggle modify on add patch from Ivan Gyurdiev.
- * Merged ports parser bugfix patch from Ivan Gyurdiev.
- * Merged fcontext swig patch from Ivan Gyurdiev.
- * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev.
- * Merged man pages for dbase functions patch from Ivan Gyurdiev.
- * Merged pywrap tests patch from Ivan Gyurdiev.
-
-1.5.4 2006-01-04
- * Merged patch series from Ivan Gyurdiev.
- This includes patches to:
- - separate file rw code from linked list
- - annotate objects
- - fold together internal headers
- - support ordering of records in compare function
- - add active dbase backend, active booleans
- - return commit numbers for ro database calls
- - use modified flags to skip rebuild whenever possible
- - enable port interfaces
- - update swig interfaces and typemaps
- - add an API for file_contexts.local and file_contexts
- - flip the traversal order in iterate/list
- - reorganize sandbox_expand
- - add seusers MLS validation
- - improve dbase spec/documentation
- - clone record on set/add/modify
-
-1.5.3 2005-12-14
- * Merged further header cleanups from Ivan Gyurdiev.
-
-1.5.2 2005-12-13
- * Merged toggle modified flag in policydb_modify, fix memory leak
- in clear_obsolete, polymorphism vs headers fix, and include guards
- for internal headers patches from Ivan Gyurdiev.
-
-1.5.1 2005-12-12
- * Added file-mode= setting to semanage.conf, default to 0644.
- Changed semanage_copy_file and callers to use this mode when
- installing policy files to runtime locations.
-
-1.4 2005-12-07
- * Updated version for release.
-
-1.3.64 2005-12-06
- * Changed semanage_handle_create() to set do_reload based on
- is_selinux_enabled(). This prevents improper attempts to
- load policy on a non-SELinux system.
-
-1.3.63 2005-12-05
- * Dropped handle from user_del_role interface.
-
-1.3.62 2005-12-05
- * Removed defrole interfaces.
-
-1.3.61 2005-11-29
- * Merged Makefile python definitions patch from Dan Walsh.
-
-1.3.60 2005-11-29
- * Removed is_selinux_mls_enabled() conditionals in seusers and users
- file parsers.
-
-1.3.59 2005-11-28
- * Merged wrap char*** for user_get_roles patch from Joshua Brindle.
-
-1.3.58 2005-11-28
- * Merged remove defrole from sepol patch from Ivan Gyurdiev.
-
-1.3.57 2005-11-28
- * Merged swig wrappers for modifying users and seusers from Joshua Brindle.
-
-1.3.56 2005-11-16
- * Fixed free->key_free bug.
-
-1.3.55 2005-11-16
- * Merged clear obsolete patch from Ivan Gyurdiev.
-
-1.3.54 2005-11-15
- * Merged modified swigify patch from Dan Walsh
- (original patch from Joshua Brindle).
- * Merged move genhomedircon call patch from Chad Sellers.
-
-1.3.53 2005-11-10
- * Merged move seuser validation patch from Ivan Gyurdiev.
- * Merged hidden declaration fixes from Ivan Gyurdiev,
- with minor corrections.
-
-1.3.52 2005-11-09
- * Merged cleanup patch from Ivan Gyurdiev.
- This renames semanage_module_conn to semanage_direct_handle,
- and moves sepol handle create/destroy into semanage handle
- create/destroy to allow use even when disconnected (for the
- record interfaces).
-
-1.3.51 2005-11-08
- * Clear modules modified flag upon disconnect and commit.
-
-1.3.50 2005-11-08
- * Added tracking of module modifications and use it to
- determine whether expand-time checks should be applied
- on commit.
-
-1.3.49 2005-11-08
- * Reverted semanage_set_reload_bools() interface.
-
-1.3.48 2005-11-08
- * Disabled calls to port dbase for merge and commit and stubbed
- out calls to sepol_port interfaces since they are not exported.
-
-1.3.47 2005-11-08
- * Merged rename instead of copy patch from Joshua Brindle (Tresys).
-
-1.3.46 2005-11-07
- * Added hidden_def/hidden_proto for exported symbols used within
- libsemanage to eliminate relocations. Wrapped type definitions
- in exported headers as needed to avoid conflicts. Added
- src/context_internal.h and src/iface_internal.h.
-
-1.3.45 2005-11-07
- * Added semanage_is_managed() interface to allow detection of whether
- the policy is managed via libsemanage. This enables proper handling
- in setsebool for non-managed systems.
-
-1.3.44 2005-11-07
- * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev,
- to enable runtime control over preserving active boolean values
- versus reloading their saved settings upon commit.
-
-1.3.43 2005-11-04
- * Merged seuser parser resync, dbase tracking and cleanup, strtol
- bug, copyright, and assert space patches from Ivan Gyurdiev.
-
-1.3.42 2005-11-04
- * Added src/*_internal.h in preparation for other changes.
- * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
- src/seusers.[hc].
-
-1.3.41 2005-11-03
- * Merged interface parse/print, context_to_string interface change,
- move assert_noeof, and order preserving patches from Ivan Gyurdiev.
- * Added src/dso.h in preparation for other changes.
-
-1.3.40 2005-11-01
- * Merged install seusers, handle/error messages, MLS parsing,
- and seusers validation patches from Ivan Gyurdiev.
-
-1.3.39 2005-10-31
- * Merged record interface, dbase flush, common database code,
- and record bugfix patches from Ivan Gyurdiev.
-
-1.3.38 2005-10-27
- * Merged dbase policydb list and count change from Ivan Gyurdiev.
-
-1.3.37 2005-10-27
- * Merged enable dbase and set relay patches from Ivan Gyurdiev.
-
-1.3.36 2005-10-27
- * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev.
-
-1.3.35 2005-10-26
- * Merged sepol handle passing, seusers support, and policydb cache
- patches from Ivan Gyurdiev.
-
-1.3.34 2005-10-25
- * Merged resync to sepol changes and booleans fixes/improvements
- patches from Ivan Gyurdiev.
-
-1.3.33 2005-10-25
- * Merged support for genhomedircon/homedir template, store selection,
- explicit policy reload, and semanage.conf relocation from Joshua
- Brindle.
-
-1.3.32 2005-10-24
- * Merged resync to sepol changes and transaction fix patches from
- Ivan Gyurdiev.
-
-1.3.31 2005-10-21
- * Merged reorganize users patch from Ivan Gyurdiev.
- * Merged remove unused relay functions patch from Ivan Gyurdiev.
-
-1.3.30 2005-10-20
- * Fixed policy file leaks in semanage_load_module and
- semanage_write_module.
- * Merged further database work from Ivan Gyurdiev.
-
-1.3.29 2005-10-20
- * Fixed bug in semanage_direct_disconnect.
-
-1.3.28 2005-10-20
- * Merged interface renaming patch from Ivan Gyurdiev.
- * Merged policy component patch from Ivan Gyurdiev.
-
-1.3.27 2005-10-20
- * Renamed 'check=' configuration value to 'expand-check=' for
- clarity.
- * Changed semanage_commit_sandbox to check for and report errors
- on rename(2) calls performed during rollback.
-
-1.3.26 2005-10-19
- * Added optional check= configuration value to semanage.conf
- and updated call to sepol_expand_module to pass its value
- to control assertion and hierarchy checking on module expansion.
-
-1.3.25 2005-10-19
- * Merged fixes for make DESTDIR= builds from Joshua Brindle.
-
-1.3.24 2005-10-19
- * Merged default database from Ivan Gyurdiev.
- * Merged removal of connect requirement in policydb backend from
- Ivan Gyurdiev.
- * Merged commit locking fix and lock rename from Joshua Brindle.
- * Merged transaction rollback in lock patch from Joshua Brindle.
-
-1.3.23 2005-10-18
- * Changed default args for load_policy to be null, as it no longer
- takes a pathname argument and we want to preserve booleans.
-
-1.3.22 2005-10-18
- * Merged move local dbase initialization patch from Ivan Gyurdiev.
- * Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
- * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
-
-1.3.21 2005-10-18
- * Added calls to sepol_policy_file_set_handle interface prior
- to invoking sepol operations on policy files.
- * Updated call to sepol_policydb_from_image to pass the handle.
-
-1.3.20 2005-10-17
- * Merged user and port APIs - policy database patch from Ivan
- Gyurdiev.
-
-1.3.19 2005-10-17
- * Converted calls to sepol link_packages and expand_module interfaces
- from using buffers to using sepol handles for error reporting, and
- changed direct_connect/disconnect to create/destroy sepol handles.
-
-1.3.18 2005-10-14
- * Merged bugfix patch from Ivan Gyurdiev.
-
-1.3.17 2005-10-14
- * Merged seuser database patch from Ivan Gyurdiev.
- Merged direct user/port databases to the handle from Ivan Gyurdiev.
-
-1.3.16 2005-10-14
- * Removed obsolete include/semanage/commit_api.h (leftover).
- Merged seuser record patch from Ivan Gyurdiev.
-
-1.3.15 2005-10-14
- * Merged boolean and interface databases from Ivan Gyurdiev.
-
-1.3.14 2005-10-13
- * Updated to use get interfaces for hidden sepol_module_package type.
-
-1.3.13 2005-10-13
- * Changed semanage_expand_sandbox and semanage_install_active
- to generate/install the latest policy version supported by libsepol
- by default (unless overridden by semanage.conf), since libselinux
- will now downgrade automatically for load_policy.
-
-1.3.12 2005-10-13
- * Merged new callback-based error reporting system and ongoing
- database work from Ivan Gyurdiev.
-
-1.3.11 2005-10-11
- * Fixed semanage_install_active() to use the same logic for
- selecting a policy version as semanage_expand_sandbox(). Dropped
- dead code from semanage_install_sandbox().
-
-1.3.10 2005-10-07
- * Updated for changes to libsepol, and to only use types and interfaces
- provided by the shared libsepol.
-
-1.3.9 2005-10-06
- * Merged further database work from Ivan Gyurdiev.
-
-1.3.8 2005-10-04
- * Merged iterate, redistribute, and dbase split patches from
- Ivan Gyurdiev.
-
-1.3.7 2005-09-30
- * Merged patch series from Ivan Gyurdiev.
- (pointer typedef elimination, file renames, dbase work, backend
- separation)
-
-1.3.6 2005-09-28
- * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
- * Separated handle create from connect interface.
- * Added a constructor for initialization.
- * Moved up src/include/*.h to src.
- * Created a symbol map file; dropped dso.h and hidden markings.
-
-1.3.5 2005-09-28
- * Merged major update to libsemanage organization and functionality
- from Karl MacMillan (Tresys).
-
-1.3.4 2005-09-23
- * Merged dbase redesign patch from Ivan Gyurdiev.
-
-1.3.3 2005-09-21
- * Merged boolean record, stub record handler, and status codes
- patches from Ivan Gyurdiev.
-
-1.3.2 2005-09-16
- * Merged stub iterator functionality from Ivan Gyurdiev.
- * Merged interface record patch from Ivan Gyurdiev.
-
-1.3.1 2005-09-14
- * Merged stub functionality for managing user and port records,
- and record table code from Ivan Gyurdiev.
-
-1.2 2005-09-06
- * Updated version for release.
-
-1.1.6 2005-08-31
- * Merged semod.conf template patch from Dan Walsh (Red Hat),
- but restored location to /usr/share/semod/semod.conf.
-
-1.1.5 2005-08-30
- * Fixed several bugs found by valgrind.
- * Fixed bug in prior patch for the semod_build_module_list leak.
-
-1.1.4 2005-08-25
- * Merged errno fix from Joshua Brindle (Tresys).
- * Merged fix for semod_build_modules_list leak on error path
- from Serge Hallyn (IBM). Bug found by Coverity.
-
-1.1.3 2005-08-22
- * Merged several fixes from Serge Hallyn (IBM). Bugs found by
- Coverity.
- * Fixed several other bugs and warnings.
-
-1.1.2 2005-08-02
- * Merged patch to move module read/write code from libsemanage
- to libsepol from Jason Tang (Tresys).
-
-1.1.1 2005-08-02
- * Merged relay records patch from Ivan Gyurdiev.
- * Merged key extract patch from Ivan Gyurdiev.
-
-1.0 2005-07-27
- * Initial version.
Copied: tags/libsemanage_1_9_2/libsemanage/ChangeLog (from rev 2157, trunk/libsemanage/ChangeLog)
===================================================================
--- tags/libsemanage_1_9_2/libsemanage/ChangeLog (rev 0)
+++ tags/libsemanage_1_9_2/libsemanage/ChangeLog 2007-01-08 20:44:34 UTC (rev 2159)
@@ -0,0 +1,541 @@
+1.9.2 2007-01-08
+ * Merged patch to optionally reduce disk usage by removing
+ the backup module store and linked policy from Karl MacMillan
+ * Merged patch to correctly propagate return values in libsemanage
+
+1.9.1 2006-11-27
+ * Merged patch to compile wit -fPIC instead of -fpic from
+ Manoj Srivastava to prevent hitting the global offest table
+ limit. Patch changed to include libselinux and libsemanage in
+ addition to libsepol.
+
+1.8 2006-10-17
+ * Updated version for release.
+
+1.6.17 2006-09-29
+ * Merged patch to skip reload if no active store exists and
+ the store path doesn't match the active store path from Dan Walsh.
+ * Merged patch to not destroy sepol handle on error path of
+ connect from James Athey.
+ * Merged patch to add genhomedircon path to semanage.conf from
+ James Athey.
+
+1.6.16 2006-08-14
+ * Make most copy errors fatal, but allow exceptions for
+ file_contexts.local, seusers, and netfilter_contexts if
+ the source file does not exist in the store.
+
+1.6.15 2006-08-11
+ * Merged separate local file contexts patch from Chris PeBenito.
+
+1.6.14 2006-08-11
+ * Merged patch to make most copy errors non-fatal from Dan Walsh.
+
+1.6.13 2006-08-03
+ * Merged netfilter contexts support from Chris PeBenito.
+
+1.6.12 2006-07-11
+ * Merged support for read operations on read-only fs from
+ Caleb Case (Tresys Technology).
+
+1.6.11 2006-06-29
+ * Lindent.
+
+1.6.10 2006-06-26
+ * Merged setfiles location check patch from Dan Walsh.
+
+1.6.9 2006-06-16
+ * Merged several fixes from Serge Hallyn:
+ dbase_file_cache: deref of uninit data on error path.
+ dbase_policydb_cache: clear fp to avoid double fclose
+ semanage_fc_sort: destroy temp on error paths
+
+1.6.8 2006-06-02
+ * Updated default location for setfiles to /sbin to
+ match policycoreutils. This can also be adjusted via
+ semanage.conf using the syntax:
+ [setfiles]
+ path = /path/to/setfiles
+ args = -q -c $@ $<
+ [end]
+
+1.6.7 2006-05-05
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.6.6 2006-04-14
+ * Merged updated file context sorting patch from Christopher
+ Ashworth, with bug fix for escaped character flag.
+
+1.6.5 2006-04-13
+ * Merged file context sorting code from Christopher Ashworth
+ (Tresys Technology), based on fc_sort.c code in refpolicy.
+
+1.6.4 2006-04-12
+ * Merged python binding t_output_helper removal patch from Dan Walsh.
+ * Regenerated swig files.
+
+1.6.3 2006-03-30
+ * Merged corrected fix for descriptor leak from Dan Walsh.
+
+1.6.2 2006-03-20
+ * Merged Makefile PYLIBVER definition patch from Dan Walsh.
+
+1.6.1 2006-03-20
+ * Merged man page reorganization from Ivan Gyurdiev.
+
+1.6 2006-03-14
+ * Updated version for release.
+
+1.5.31 2006-03-09
+ * Merged abort early on merge errors patch from Ivan Gyurdiev.
+
+1.5.30 2006-03-08
+ * Cleaned up error handling in semanage_split_fc based on a patch
+ by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev.
+
+1.5.29 2006-02-21
+ * Merged MLS handling fixes from Ivan Gyurdiev.
+
+1.5.28 2006-02-16
+ * Merged bug fix for fcontext validate handler from Ivan Gyurdiev.
+
+1.5.27 2006-02-16
+ * Merged base_merge_components changes from Ivan Gyurdiev.
+
+1.5.26 2006-02-15
+ * Merged paths array patch from Ivan Gyurdiev.
+ * Merged bug fix patch from Ivan Gyurdiev.
+
+1.5.25 2006-02-14
+ * Merged improve bindings patch from Ivan Gyurdiev.
+
+1.5.24 2006-02-14
+ * Merged use PyList patch from Ivan Gyurdiev.
+ * Merged memory leak fix patch from Ivan Gyurdiev.
+ * Merged nodecon support patch from Ivan Gyurdiev.
+ * Merged cleanups patch from Ivan Gyurdiev.
+ * Merged split swig patch from Ivan Gyurdiev.
+
+1.5.23 2006-02-13
+ * Merged optionals in base patch from Joshua Brindle.
+
+1.5.22 2006-02-13
+ * Merged treat seusers/users_extra as optional sections patch from
+ Ivan Gyurdiev.
+ * Merged parse_optional fixes from Ivan Gyurdiev.
+
+1.5.21 2006-02-07
+ * Merged seuser/user_extra support patch from Joshua Brindle.
+ * Merged remote system dbase patch from Ivan Gyurdiev.
+
+1.5.20 2006-02-02
+ * Merged clone record on set_con patch from Ivan Gyurdiev.
+
+1.5.19 2006-01-30
+ * Merged fname parameter patch from Ivan Gyurdiev.
+ * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev.
+ * Merged seusers.system patch from Ivan Gyurdiev.
+ * Merged improve port/fcontext API patch from Ivan Gyurdiev.
+
+1.5.18 2006-01-27
+ * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev.
+
+1.5.17 2006-01-27
+ * Merged set_create_store, access_check, and is_connected interfaces
+ from Joshua Brindle.
+
+1.5.16 2006-01-19
+ * Regenerate python wrappers.
+
+1.5.15 2006-01-18
+ * Merged pywrap Makefile diff from Dan Walsh.
+ * Merged cache management patch from Ivan Gyurdiev.
+ * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev.
+ * Merged remove apply_local function patch from Ivan Gyurdiev.
+ * Merged only do read locking in direct case patch from Ivan Gyurdiev.
+ * Merged cache error path memory leak fix from Ivan Gyurdiev.
+ * Merged auto-generated file header patch from Ivan Gyurdiev.
+ * Merged pywrap test update from Ivan Gyurdiev.
+ * Merged hidden defs update from Ivan Gyurdiev.
+
+1.5.14 2006-01-13
+ * Merged disallow port overlap patch from Ivan Gyurdiev.
+
+1.5.13 2006-01-12
+ * Merged join prereq and implementation patches from Ivan Gyurdiev.
+ * Merged join user extra data part 2 patch from Ivan Gyurdiev.
+ * Merged bugfix patch from Ivan Gyurdiev.
+
+1.5.12 2006-01-12
+ * Merged remove add_local/set_local patch from Ivan Gyurdiev.
+ * Merged user extra data part 1 patch from Ivan Gyurdiev.
+ * Merged size_t -> unsigned int patch from Ivan Gyurdiev.
+ * Merged calloc check in semanage_store patch from Ivan Gyurdiev,
+ bug noticed by Steve Grubb.
+ * Merged cleanups after add/set removal patch from Ivan Gyurdiev.
+
+1.5.11 2006-01-09
+ * Merged fcontext compare fix from Ivan Gyurdiev.
+
+1.5.10 2006-01-06
+ * Fixed commit to return the commit number aka policy sequence number.
+
+1.5.9 2006-01-06
+ * Merged const in APIs patch from Ivan Gyurdiev.
+ * Merged validation of local file contexts patch from Ivan Gyurdiev.
+ * Merged compare2 function patch from Ivan Gyurdiev.
+ * Merged hidden def/proto update patch from Ivan Gyurdiev.
+
+1.5.8 2006-01-05
+ * Re-applied string and file optimization patch from Russell Coker,
+ with bug fix.
+
+1.5.7 2006-01-05
+ * Reverted string and file optimization patch from Russell Coker.
+
+1.5.6 2006-01-05
+ * Clarified error messages from parse_module_headers and
+ parse_base_headers for base/module mismatches.
+
+1.5.5 2006-01-05
+ * Merged string and file optimization patch from Russell Coker.
+ * Merged swig header reordering patch from Ivan Gyurdiev.
+ * Merged toggle modify on add patch from Ivan Gyurdiev.
+ * Merged ports parser bugfix patch from Ivan Gyurdiev.
+ * Merged fcontext swig patch from Ivan Gyurdiev.
+ * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev.
+ * Merged man pages for dbase functions patch from Ivan Gyurdiev.
+ * Merged pywrap tests patch from Ivan Gyurdiev.
+
+1.5.4 2006-01-04
+ * Merged patch series from Ivan Gyurdiev.
+ This includes patches to:
+ - separate file rw code from linked list
+ - annotate objects
+ - fold together internal headers
+ - support ordering of records in compare function
+ - add active dbase backend, active booleans
+ - return commit numbers for ro database calls
+ - use modified flags to skip rebuild whenever possible
+ - enable port interfaces
+ - update swig interfaces and typemaps
+ - add an API for file_contexts.local and file_contexts
+ - flip the traversal order in iterate/list
+ - reorganize sandbox_expand
+ - add seusers MLS validation
+ - improve dbase spec/documentation
+ - clone record on set/add/modify
+
+1.5.3 2005-12-14
+ * Merged further header cleanups from Ivan Gyurdiev.
+
+1.5.2 2005-12-13
+ * Merged toggle modified flag in policydb_modify, fix memory leak
+ in clear_obsolete, polymorphism vs headers fix, and include guards
+ for internal headers patches from Ivan Gyurdiev.
+
+1.5.1 2005-12-12
+ * Added file-mode= setting to semanage.conf, default to 0644.
+ Changed semanage_copy_file and callers to use this mode when
+ installing policy files to runtime locations.
+
+1.4 2005-12-07
+ * Updated version for release.
+
+1.3.64 2005-12-06
+ * Changed semanage_handle_create() to set do_reload based on
+ is_selinux_enabled(). This prevents improper attempts to
+ load policy on a non-SELinux system.
+
+1.3.63 2005-12-05
+ * Dropped handle from user_del_role interface.
+
+1.3.62 2005-12-05
+ * Removed defrole interfaces.
+
+1.3.61 2005-11-29
+ * Merged Makefile python definitions patch from Dan Walsh.
+
+1.3.60 2005-11-29
+ * Removed is_selinux_mls_enabled() conditionals in seusers and users
+ file parsers.
+
+1.3.59 2005-11-28
+ * Merged wrap char*** for user_get_roles patch from Joshua Brindle.
+
+1.3.58 2005-11-28
+ * Merged remove defrole from sepol patch from Ivan Gyurdiev.
+
+1.3.57 2005-11-28
+ * Merged swig wrappers for modifying users and seusers from Joshua Brindle.
+
+1.3.56 2005-11-16
+ * Fixed free->key_free bug.
+
+1.3.55 2005-11-16
+ * Merged clear obsolete patch from Ivan Gyurdiev.
+
+1.3.54 2005-11-15
+ * Merged modified swigify patch from Dan Walsh
+ (original patch from Joshua Brindle).
+ * Merged move genhomedircon call patch from Chad Sellers.
+
+1.3.53 2005-11-10
+ * Merged move seuser validation patch from Ivan Gyurdiev.
+ * Merged hidden declaration fixes from Ivan Gyurdiev,
+ with minor corrections.
+
+1.3.52 2005-11-09
+ * Merged cleanup patch from Ivan Gyurdiev.
+ This renames semanage_module_conn to semanage_direct_handle,
+ and moves sepol handle create/destroy into semanage handle
+ create/destroy to allow use even when disconnected (for the
+ record interfaces).
+
+1.3.51 2005-11-08
+ * Clear modules modified flag upon disconnect and commit.
+
+1.3.50 2005-11-08
+ * Added tracking of module modifications and use it to
+ determine whether expand-time checks should be applied
+ on commit.
+
+1.3.49 2005-11-08
+ * Reverted semanage_set_reload_bools() interface.
+
+1.3.48 2005-11-08
+ * Disabled calls to port dbase for merge and commit and stubbed
+ out calls to sepol_port interfaces since they are not exported.
+
+1.3.47 2005-11-08
+ * Merged rename instead of copy patch from Joshua Brindle (Tresys).
+
+1.3.46 2005-11-07
+ * Added hidden_def/hidden_proto for exported symbols used within
+ libsemanage to eliminate relocations. Wrapped type definitions
+ in exported headers as needed to avoid conflicts. Added
+ src/context_internal.h and src/iface_internal.h.
+
+1.3.45 2005-11-07
+ * Added semanage_is_managed() interface to allow detection of whether
+ the policy is managed via libsemanage. This enables proper handling
+ in setsebool for non-managed systems.
+
+1.3.44 2005-11-07
+ * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev,
+ to enable runtime control over preserving active boolean values
+ versus reloading their saved settings upon commit.
+
+1.3.43 2005-11-04
+ * Merged seuser parser resync, dbase tracking and cleanup, strtol
+ bug, copyright, and assert space patches from Ivan Gyurdiev.
+
+1.3.42 2005-11-04
+ * Added src/*_internal.h in preparation for other changes.
+ * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
+ src/seusers.[hc].
+
+1.3.41 2005-11-03
+ * Merged interface parse/print, context_to_string interface change,
+ move assert_noeof, and order preserving patches from Ivan Gyurdiev.
+ * Added src/dso.h in preparation for other changes.
+
+1.3.40 2005-11-01
+ * Merged install seusers, handle/error messages, MLS parsing,
+ and seusers validation patches from Ivan Gyurdiev.
+
+1.3.39 2005-10-31
+ * Merged record interface, dbase flush, common database code,
+ and record bugfix patches from Ivan Gyurdiev.
+
+1.3.38 2005-10-27
+ * Merged dbase policydb list and count change from Ivan Gyurdiev.
+
+1.3.37 2005-10-27
+ * Merged enable dbase and set relay patches from Ivan Gyurdiev.
+
+1.3.36 2005-10-27
+ * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev.
+
+1.3.35 2005-10-26
+ * Merged sepol handle passing, seusers support, and policydb cache
+ patches from Ivan Gyurdiev.
+
+1.3.34 2005-10-25
+ * Merged resync to sepol changes and booleans fixes/improvements
+ patches from Ivan Gyurdiev.
+
+1.3.33 2005-10-25
+ * Merged support for genhomedircon/homedir template, store selection,
+ explicit policy reload, and semanage.conf relocation from Joshua
+ Brindle.
+
+1.3.32 2005-10-24
+ * Merged resync to sepol changes and transaction fix patches from
+ Ivan Gyurdiev.
+
+1.3.31 2005-10-21
+ * Merged reorganize users patch from Ivan Gyurdiev.
+ * Merged remove unused relay functions patch from Ivan Gyurdiev.
+
+1.3.30 2005-10-20
+ * Fixed policy file leaks in semanage_load_module and
+ semanage_write_module.
+ * Merged further database work from Ivan Gyurdiev.
+
+1.3.29 2005-10-20
+ * Fixed bug in semanage_direct_disconnect.
+
+1.3.28 2005-10-20
+ * Merged interface renaming patch from Ivan Gyurdiev.
+ * Merged policy component patch from Ivan Gyurdiev.
+
+1.3.27 2005-10-20
+ * Renamed 'check=' configuration value to 'expand-check=' for
+ clarity.
+ * Changed semanage_commit_sandbox to check for and report errors
+ on rename(2) calls performed during rollback.
+
+1.3.26 2005-10-19
+ * Added optional check= configuration value to semanage.conf
+ and updated call to sepol_expand_module to pass its value
+ to control assertion and hierarchy checking on module expansion.
+
+1.3.25 2005-10-19
+ * Merged fixes for make DESTDIR= builds from Joshua Brindle.
+
+1.3.24 2005-10-19
+ * Merged default database from Ivan Gyurdiev.
+ * Merged removal of connect requirement in policydb backend from
+ Ivan Gyurdiev.
+ * Merged commit locking fix and lock rename from Joshua Brindle.
+ * Merged transaction rollback in lock patch from Joshua Brindle.
+
+1.3.23 2005-10-18
+ * Changed default args for load_policy to be null, as it no longer
+ takes a pathname argument and we want to preserve booleans.
+
+1.3.22 2005-10-18
+ * Merged move local dbase initialization patch from Ivan Gyurdiev.
+ * Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
+ * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
+
+1.3.21 2005-10-18
+ * Added calls to sepol_policy_file_set_handle interface prior
+ to invoking sepol operations on policy files.
+ * Updated call to sepol_policydb_from_image to pass the handle.
+
+1.3.20 2005-10-17
+ * Merged user and port APIs - policy database patch from Ivan
+ Gyurdiev.
+
+1.3.19 2005-10-17
+ * Converted calls to sepol link_packages and expand_module interfaces
+ from using buffers to using sepol handles for error reporting, and
+ changed direct_connect/disconnect to create/destroy sepol handles.
+
+1.3.18 2005-10-14
+ * Merged bugfix patch from Ivan Gyurdiev.
+
+1.3.17 2005-10-14
+ * Merged seuser database patch from Ivan Gyurdiev.
+ Merged direct user/port databases to the handle from Ivan Gyurdiev.
+
+1.3.16 2005-10-14
+ * Removed obsolete include/semanage/commit_api.h (leftover).
+ Merged seuser record patch from Ivan Gyurdiev.
+
+1.3.15 2005-10-14
+ * Merged boolean and interface databases from Ivan Gyurdiev.
+
+1.3.14 2005-10-13
+ * Updated to use get interfaces for hidden sepol_module_package type.
+
+1.3.13 2005-10-13
+ * Changed semanage_expand_sandbox and semanage_install_active
+ to generate/install the latest policy version supported by libsepol
+ by default (unless overridden by semanage.conf), since libselinux
+ will now downgrade automatically for load_policy.
+
+1.3.12 2005-10-13
+ * Merged new callback-based error reporting system and ongoing
+ database work from Ivan Gyurdiev.
+
+1.3.11 2005-10-11
+ * Fixed semanage_install_active() to use the same logic for
+ selecting a policy version as semanage_expand_sandbox(). Dropped
+ dead code from semanage_install_sandbox().
+
+1.3.10 2005-10-07
+ * Updated for changes to libsepol, and to only use types and interfaces
+ provided by the shared libsepol.
+
+1.3.9 2005-10-06
+ * Merged further database work from Ivan Gyurdiev.
+
+1.3.8 2005-10-04
+ * Merged iterate, redistribute, and dbase split patches from
+ Ivan Gyurdiev.
+
+1.3.7 2005-09-30
+ * Merged patch series from Ivan Gyurdiev.
+ (pointer typedef elimination, file renames, dbase work, backend
+ separation)
+
+1.3.6 2005-09-28
+ * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
+ * Separated handle create from connect interface.
+ * Added a constructor for initialization.
+ * Moved up src/include/*.h to src.
+ * Created a symbol map file; dropped dso.h and hidden markings.
+
+1.3.5 2005-09-28
+ * Merged major update to libsemanage organization and functionality
+ from Karl MacMillan (Tresys).
+
+1.3.4 2005-09-23
+ * Merged dbase redesign patch from Ivan Gyurdiev.
+
+1.3.3 2005-09-21
+ * Merged boolean record, stub record handler, and status codes
+ patches from Ivan Gyurdiev.
+
+1.3.2 2005-09-16
+ * Merged stub iterator functionality from Ivan Gyurdiev.
+ * Merged interface record patch from Ivan Gyurdiev.
+
+1.3.1 2005-09-14
+ * Merged stub functionality for managing user and port records,
+ and record table code from Ivan Gyurdiev.
+
+1.2 2005-09-06
+ * Updated version for release.
+
+1.1.6 2005-08-31
+ * Merged semod.conf template patch from Dan Walsh (Red Hat),
+ but restored location to /usr/share/semod/semod.conf.
+
+1.1.5 2005-08-30
+ * Fixed several bugs found by valgrind.
+ * Fixed bug in prior patch for the semod_build_module_list leak.
+
+1.1.4 2005-08-25
+ * Merged errno fix from Joshua Brindle (Tresys).
+ * Merged fix for semod_build_modules_list leak on error path
+ from Serge Hallyn (IBM). Bug found by Coverity.
+
+1.1.3 2005-08-22
+ * Merged several fixes from Serge Hallyn (IBM). Bugs found by
+ Coverity.
+ * Fixed several other bugs and warnings.
+
+1.1.2 2005-08-02
+ * Merged patch to move module read/write code from libsemanage
+ to libsepol from Jason Tang (Tresys).
+
+1.1.1 2005-08-02
+ * Merged relay records patch from Ivan Gyurdiev.
+ * Merged key extract patch from Ivan Gyurdiev.
+
+1.0 2005-07-27
+ * Initial version.
Deleted: tags/libsemanage_1_9_2/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2007-01-05 19:15:46 UTC (rev 2153)
+++ tags/libsemanage_1_9_2/libsemanage/VERSION 2007-01-08 20:44:34 UTC (rev 2159)
@@ -1 +0,0 @@
-1.9.1
Copied: tags/libsemanage_1_9_2/libsemanage/VERSION (from rev 2157, trunk/libsemanage/VERSION)
===================================================================
--- tags/libsemanage_1_9_2/libsemanage/VERSION (rev 0)
+++ tags/libsemanage_1_9_2/libsemanage/VERSION 2007-01-08 20:44:34 UTC (rev 2159)
@@ -0,0 +1 @@
+1.9.2
Deleted: tags/libsemanage_1_9_2/libsemanage/src/conf-parse.y
===================================================================
--- trunk/libsemanage/src/conf-parse.y 2007-01-05 19:15:46 UTC (rev 2153)
+++ tags/libsemanage_1_9_2/libsemanage/src/conf-parse.y 2007-01-08 20:44:34 UTC (rev 2159)
@@ -1,358 +0,0 @@
-/* Authors: Jason Tang <jt...@tr...>
- * James Athey <ja...@tr...>
- *
- * Copyright (C) 2004-2006 Tresys Technology, LLC
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-%{
-
-#include "semanage_conf.h"
-
-#include <sepol/policydb.h>
-#include <selinux/selinux.h>
-#include <semanage/handle.h>
-
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-extern int semanage_lex(); /* defined in conf-scan.c */
-int semanage_error(char *msg);
-
-extern FILE *semanage_in;
-extern char *semanage_text;
-
-static int parse_module_store(char *arg);
-static void semanage_conf_external_prog_destroy(external_prog_t *ep);
-static int new_external_prog(external_prog_t **chain);
-
-static semanage_conf_t *current_conf;
-static external_prog_t *new_external;
-static int parse_errors;
-
-#define PASSIGN(p1,p2) { free(p1); p1 = p2; }
-
-%}
-
-%name-prefix="semanage_"
-
-%union {
- int d;
- char *s;
-}
-
-%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE
-%token LOAD_POLICY_START SETFILES_START GENHOMEDIRCON_START
-%token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
-%token PROG_PATH PROG_ARGS
-%token <s> ARG
-%type <d> verify_start_tok
-
-%%
-
-config_file: config_line config_file
- | /* empty */
- ;
-
-config_line: single_opt
- | command_block
- | verify_block
- ;
-
-single_opt: module_store
- | version
- | expand_check
- | file_mode
- ;
-
-module_store: MODULE_STORE '=' ARG {
- if (parse_module_store($3) != 0) {
- parse_errors++;
- YYABORT;
- }
- }
-
- ;
-
-version: VERSION '=' ARG {
- current_conf->policyvers = atoi($3);
- free($3);
- if (current_conf->policyvers < sepol_policy_kern_vers_min() ||
- current_conf->policyvers > sepol_policy_kern_vers_max()) {
- parse_errors++;
- YYABORT;
- }
- }
- ;
-
-expand_check: EXPAND_CHECK '=' ARG {
- current_conf->expand_check = atoi($3);
- free($3);
- }
- ;
-
-file_mode: FILE_MODE '=' ARG {
- current_conf->file_mode = strtoul($3, NULL, 8);
- free($3);
- }
- ;
-
-command_block:
- command_start external_opts BLOCK_END {
- if (new_external->path == NULL) {
- parse_errors++;
- YYABORT;
- }
- }
- ;
-
-command_start:
- LOAD_POLICY_START {
- semanage_conf_external_prog_destroy(current_conf->load_policy);
- current_conf->load_policy = NULL;
- if (new_external_prog(¤t_conf->load_policy) == -1) {
- parse_errors++;
- YYABORT;
- }
- }
- | SETFILES_START {
- semanage_conf_external_prog_destroy(current_conf->setfiles);
- current_conf->setfiles = NULL;
- if (new_external_prog(¤t_conf->setfiles) == -1) {
- parse_errors++;
- YYABORT;
- }
- }
- | GENHOMEDIRCON_START {
- semanage_conf_external_prog_destroy(current_conf->genhomedircon);
- current_conf->genhomedircon = NULL;
- if (new_external_prog(¤t_conf->genhomedircon) == -1) {
- parse_errors++;
- YYABORT;
- }
- }
- ;
-
-verify_block: verify_start external_opts BLOCK_END {
- if (new_external->path == NULL) {
- parse_errors++;
- YYABORT;
- }
- }
- ;
-
-verify_start: verify_start_tok {
- if ($1 == -1) {
- parse_errors++;
- YYABORT;
- }
- }
- ;
-
-verify_start_tok: VERIFY_MOD_START {$$ = new_external_prog(¤t_conf->mod_prog);}
- | VERIFY_LINKED_START {$$ = new_external_prog(¤t_conf->linked_prog);}
- | VERIFY_KERNEL_START {$$ = new_external_prog(¤t_conf->kernel_prog);}
- ;
-
-external_opts: external_opt external_opts
- | /* empty */
- ;
-
-external_opt: PROG_PATH '=' ARG { PASSIGN(new_external->path, $3); }
- | PROG_ARGS '=' ARG { PASSIGN(new_external->args, $3); }
- ;
-
-%%
-
-static int semanage_conf_init(semanage_conf_t * conf)
-{
- conf->store_type = SEMANAGE_CON_DIRECT;
- conf->store_path = strdup(basename(selinux_policy_root()));
- conf->policyvers = sepol_policy_kern_vers_max();
- conf->expand_check = 1;
- conf->file_mode = 0644;
-
- if ((conf->load_policy =
- calloc(1, sizeof(*(current_conf->load_policy)))) == NULL) {
- return -1;
- }
- if ((conf->load_policy->path = strdup("/usr/sbin/load_policy")) == NULL) {
- return -1;
- }
- conf->load_policy->args = NULL;
-
- if ((conf->setfiles =
- calloc(1, sizeof(*(current_conf->setfiles)))) == NULL) {
- return -1;
- }
- if (access("/sbin/setfiles", X_OK) == 0) {
- conf->setfiles->path = strdup("/sbin/setfiles");
- } else {
- conf->setfiles->path = strdup("/usr/sbin/setfiles");
- }
- if ((conf->setfiles->path == NULL) ||
- (conf->setfiles->args = strdup("-q -c $@ $<")) == NULL) {
- return -1;
- }
-
- if ((conf->genhomedircon =
- calloc(1, sizeof(*(current_conf->genhomedircon)))) == NULL) {
- return -1;
- }
- if ((conf->genhomedircon->path =
- strdup("/usr/sbin/genhomedircon")) == NULL
- || (conf->genhomedircon->args = strdup("-t $@")) == NULL) {
- return -1;
- }
-
- return 0;
-}
-
-/* Parse a libsemanage configuration file. THIS FUNCTION IS NOT
- * THREAD-SAFE! Return a newly allocated semanage_conf_t *. If the
- * configuration file could be read, parse it; otherwise rely upon
- * default values. If the file could not be parsed correctly or if
- * out of memory return NULL.
- */
-semanage_conf_t *semanage_conf_parse(const char *config_filename)
-{
- if ((current_conf = calloc(1, sizeof(*current_conf))) == NULL) {
- return NULL;
- }
- if (semanage_conf_init(current_conf) == -1) {
- goto cleanup;
- }
- if ((semanage_in = fopen(config_filename, "r")) == NULL) {
- /* configuration file does not exist or could not be
- * read. THIS IS NOT AN ERROR. just rely on the
- * defaults. */
- return current_conf;
- }
- parse_errors = 0;
- semanage_parse();
- fclose(semanage_in);
- if (parse_errors != 0) {
- goto cleanup;
- }
- return current_conf;
- cleanup:
- semanage_conf_destroy(current_conf);
- return NULL;
-}
-
-static void semanage_conf_external_prog_destroy(external_prog_t * ep)
-{
- while (ep != NULL) {
- external_prog_t *next = ep->next;
- free(ep->path);
- free(ep->args);
- free(ep);
- ep = next;
- }
-}
-
-/* Deallocates all space associated with a configuration struct,
- * including the pointer itself. */
-void semanage_conf_destroy(semanage_conf_t * conf)
-{
- if (conf != NULL) {
- free(conf->store_path);
- semanage_conf_external_prog_destroy(conf->load_policy);
- semanage_conf_external_prog_destroy(conf->setfiles);
- semanage_conf_external_prog_destroy(conf->genhomedircon);
- semanage_conf_external_prog_destroy(conf->mod_prog);
- semanage_conf_external_prog_destroy(conf->linked_prog);
- semanage_conf_external_prog_destroy(conf->kernel_prog);
- free(conf);
- }
-}
-
-int semanage_error(char *msg)
-{
- parse_errors++;
- return 0;
-}
-
-/* Take the string argument for a module store. If it is exactly the
- * word "direct" then have libsemanage directly manipulate the module
- * store. The policy path will default to the active policy directory.
- * Otherwise if it begins with a forward slash interpret it as
- * an absolute path to a named socket, to which a policy server is
- * listening on the other end. Otherwise treat it as the host name to
- * an external server; if there is a colon in the name then everything
- * after gives a port number. The default port number is 4242.
- * Returns 0 on success, -1 if out of memory, -2 if a port number is
- * illegal.
- */
-static int parse_module_store(char *arg)
-{
- /* arg is already a strdup()ed copy of yytext */
- if (arg == NULL) {
- return -1;
- }
- free(current_conf->store_path);
- if (strcmp(arg, "direct") == 0) {
- current_conf->store_type = SEMANAGE_CON_DIRECT;
- current_conf->store_path =
- strdup(basename(selinux_policy_root()));
- current_conf->server_port = -1;
- free(arg);
- } else if (*arg == '/') {
- current_conf->store_type = SEMANAGE_CON_POLSERV_LOCAL;
- current_conf->store_path = arg;
- current_conf->server_port = -1;
- } else {
- char *s;
- current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
- if ((s = strchr(arg, ':')) == NULL) {
- current_conf->store_path = arg;
- current_conf->server_port = 4242;
- } else {
- char *endptr;
- *s = '\0';
- current_conf->store_path = arg;
- current_conf->server_port = strtol(s + 1, &endptr, 10);
- if (*(s + 1) == '\0' || *endptr != '\0') {
- return -2;
- }
- }
- }
- return 0;
-}
-
-/* Helper function; called whenever configuration file specifies
- * another external program. Returns 0 on success, -1 if out of
- * memory.
- */
-static int new_external_prog(external_prog_t ** chain)
-{
- if ((new_external = calloc(1, sizeof(*new_external))) == NULL) {
- return -1;
- }
- /* hook this new external program to the end of the chain */
- if (*chain == NULL) {
- *chain = new_external;
- } else {
- external_prog_t *prog = *chain;
- while (prog->next != NULL) {
- prog = prog->next;
- }
- prog->next = new_external;
- }
- return 0;
-}
Copied: tags/libsemanage_1_9_2/libsemanage/src/conf-parse.y (from rev 2155, trunk/libsemanage/src/conf-parse.y)
===================================================================
--- tags/libsemanage_1_9_2/libsemanage/src/conf-parse.y (rev 0)
+++ tags/libsemanage_1_9_2/libsemanage/src/conf-parse.y 2007-01-08 20:44:34 UTC (rev 2159)
@@ -0,0 +1,388 @@
+/* Authors: Jason Tang <jt...@tr...>
+ * James Athey <ja...@tr...>
+ *
+ * Copyright (C) 2004-2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+%{
+
+#include "semanage_conf.h"
+
+#include <sepol/policydb.h>
+#include <selinux/selinux.h>
+#include <semanage/handle.h>
+
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+extern int semanage_lex(); /* defined in conf-scan.c */
+int semanage_error(char *msg);
+
+extern FILE *semanage_in;
+extern char *semanage_text;
+
+static int parse_module_store(char *arg);
+static void semanage_conf_external_prog_destroy(external_prog_t *ep);
+static int new_external_prog(external_prog_t **chain);
+
+static semanage_conf_t *current_conf;
+static external_prog_t *new_external;
+static int parse_errors;
+
+#define PASSIGN(p1,p2) { free(p1); p1 = p2; }
+
+%}
+
+%name-prefix="semanage_"
+
+%union {
+ int d;
+ char *s;
+}
+
+%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
+%token LOAD_POLICY_START SETFILES_START GENHOMEDIRCON_START
+%token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
+%token PROG_PATH PROG_ARGS
+%token <s> ARG
+%type <d> verify_start_tok
+
+%%
+
+config_file: config_line config_file
+ | /* empty */
+ ;
+
+config_line: single_opt
+ | command_block
+ | verify_block
+ ;
+
+single_opt: module_store
+ | version
+ | expand_check
+ | file_mode
+ | save_previous
+ | save_linked
+ ;
+
+module_store: MODULE_STORE '=' ARG {
+ if (parse_module_store($3) != 0) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+
+ ;
+
+version: VERSION '=' ARG {
+ current_conf->policyvers = atoi($3);
+ free($3);
+ if (current_conf->policyvers < sepol_policy_kern_vers_min() ||
+ current_conf->policyvers > sepol_policy_kern_vers_max()) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ ;
+
+expand_check: EXPAND_CHECK '=' ARG {
+ current_conf->expand_check = atoi($3);
+ free($3);
+ }
+ ;
+
+file_mode: FILE_MODE '=' ARG {
+ current_conf->file_mode = strtoul($3, NULL, 8);
+ free($3);
+ }
+ ;
+
+save_previous: SAVE_PREVIOUS '=' ARG {
+ if (strcasecmp($3, "true") == 0)
+ current_conf->save_previous = 1;
+ else if (strcasecmp($3, "false") == 0)
+ current_conf->save_previous = 0;
+ else {
+ yyerror("save-previous can only be 'true' or 'false'");
+ }
+ }
+ ;
+
+
+save_linked: SAVE_LINKED '=' ARG {
+ if (strcasecmp($3, "true") == 0)
+ current_conf->save_linked = 1;
+ else if (strcasecmp($3, "false") == 0)
+ current_conf->save_linked = 0;
+ else {
+ yyerror("save-linked can only be 'true' or 'false'");
+ }
+ }
+ ;
+
+
+command_block:
+ command_start external_opts BLOCK_END {
+ if (new_external->path == NULL) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ ;
+
+command_start:
+ LOAD_POLICY_START {
+ semanage_conf_external_prog_destroy(current_conf->load_policy);
+ current_conf->load_policy = NULL;
+ if (new_external_prog(¤t_conf->load_policy) == -1) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ | SETFILES_START {
+ semanage_conf_external_prog_destroy(current_conf->setfiles);
+ current_conf->setfiles = NULL;
+ if (new_external_prog(¤t_conf->setfiles) == -1) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ | GENHOMEDIRCON_START {
+ semanage_conf_external_prog_destroy(current_conf->genhomedircon);
+ current_conf->genhomedircon = NULL;
+ if (new_external_prog(¤t_conf->genhomedircon) == -1) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ ;
+
+verify_block: verify_start external_opts BLOCK_END {
+ if (new_external->path == NULL) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ ;
+
+verify_start: verify_start_tok {
+ if ($1 == -1) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ ;
+
+verify_start_tok: VERIFY_MOD_START {$$ = new_external_prog(¤t_conf->mod_prog);}
+ | VERIFY_LINKED_START {$$ = new_external_prog(¤t_conf->linked_prog);}
+ | VERIFY_KERNEL_START {$$ = new_external_prog(¤t_conf->kernel_prog);}
+ ;
+
+external_opts: external_opt external_opts
+ | /* empty */
+ ;
+
+external_opt: PROG_PATH '=' ARG { PASSIGN(new_external->path, $3); }
+ | PROG_ARGS '=' ARG { PASSIGN(new_external->args, $3); }
+ ;
+
+%%
+
+static int semanage_conf_init(semanage_conf_t * conf)
+{
+ conf->store_type = SEMANAGE_CON_DIRECT;
+ conf->store_path = strdup(basename(selinux_policy_root()));
+ conf->policyvers = sepol_policy_kern_vers_max();
+ conf->expand_check = 1;
+ conf->file_mode = 0644;
+
+ conf->save_previous = 0;
+ conf->save_linked = 0;
+
+ if ((conf->load_policy =
+ calloc(1, sizeof(*(current_conf->load_policy)))) == NULL) {
+ return -1;
+ }
+ if ((conf->load_policy->path = strdup("/usr/sbin/load_policy")) == NULL) {
+ return -1;
+ }
+ conf->load_policy->args = NULL;
+
+ if ((conf->setfiles =
+ calloc(1, sizeof(*(current_conf->setfiles)))) == NULL) {
+ return -1;
+ }
+ if (access("/sbin/setfiles", X_OK) == 0) {
+ conf->setfiles->path = strdup("/sbin/setfiles");
+ } else {
+ conf->setfiles->path = strdup("/usr/sbin/setfiles");
+ }
+ if ((conf->setfiles->path == NULL) ||
+ (conf->setfiles->args = strdup("-q -c $@ $<")) == NULL) {
+ return -1;
+ }
+
+ if ((conf->genhomedircon =
+ calloc(1, sizeof(*(current_conf->genhomedircon)))) == NULL) {
+ return -1;
+ }
+ if ((conf->genhomedircon->path =
+ strdup("/usr/sbin/genhomedircon")) == NULL
+ || (conf->genhomedircon->args = strdup("-t $@")) == NULL) {
+ return -1;
+ }
+
+ return 0;
+}
+
+/* Parse a libsemanage configuration file. THIS FUNCTION IS NOT
+ * THREAD-SAFE! Return a newly allocated semanage_conf_t *. If the
+ * configuration file could be read, parse it; otherwise rely upon
+ * default values. If the file could not be parsed correctly or if
+ * out of memory return NULL.
+ */
+semanage_conf_t *semanage_conf_parse(const char *config_filename)
+{
+ if ((current_conf = calloc(1, sizeof(*current_conf))) == NULL) {
+ return NULL;
+ }
+ if (semanage_conf_init(current_conf) == -1) {
+ goto cleanup;
+ }
+ if ((semanage_in = fopen(config_filename, "r")) == NULL) {
+ /* configuration file does not exist or could not be
+ * read. THIS IS NOT AN ERROR. just rely on the
+ * defaults. */
+ return current_conf;
+ }
+ parse_errors = 0;
+ semanage_parse();
+ fclose(semanage_in);
+ if (parse_errors != 0) {
+ goto cleanup;
+ }
+ return current_conf;
+ cleanup:
+ semanage_conf_destroy(current_conf);
+ return NULL;
+}
+
+static void semanage_conf_external_prog_destroy(external_prog_t * ep)
+{
+ while (ep != NULL) {
+ external_prog_t *next = ep->next;
+ free(ep->path);
+ free(ep->args);
+ free(ep);
+ ep = next;
+ }
+}
+
+/* Deallocates all space associated with a configuration struct,
+ * including the pointer itself. */
+void semanage_conf_destroy(semanage_conf_t * conf)
+{
+ if (conf != NULL) {
+ free(conf->store_path);
+ semanage_conf_external_prog_destroy(conf->load_policy);
+ semanage_conf_external_prog_destroy(conf->setfiles);
+ semanage_conf_external_prog_destroy(conf->genhomedircon);
+ semanage_conf_external_prog_destroy(conf->mod_prog);
+ semanage_conf_external_prog_destroy(conf->linked_prog);
+ semanage_conf_external_prog_destroy(conf->kernel_prog);
+ free(conf);
+ }
+}
+
+int semanage_error(char *msg)
+{
+ fprintf(stderr, "error parsing semanage configuration file: %s\n", msg);
+ parse_errors++;
+ return 0;
+}
+
+/* Take the string argument for a module store. If it is exactly the
+ * word "direct" ...
[truncated message content] |
