Menu
▾
▴
selinux-commits — Commits to the subversion repo
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(24) |
Sep
(38) |
Oct
(29) |
Nov
(40) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(88) |
Feb
(66) |
Mar
(44) |
Apr
(104) |
May
(35) |
Jun
(34) |
Jul
(12) |
Aug
(42) |
Sep
(84) |
Oct
(34) |
Nov
(30) |
Dec
(22) |
| 2008 |
Jan
(60) |
Feb
(54) |
Mar
(32) |
Apr
(14) |
May
(16) |
Jun
(26) |
Jul
(22) |
Aug
(12) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <ssm...@us...> - 2007-10-11 20:26:58
|
Revision: 2650
http://selinux.svn.sourceforge.net/selinux/?rev=2650&view=rev
Author: ssmalley
Date: 2007-10-11 13:26:57 -0700 (Thu, 11 Oct 2007)
Log Message:
-----------
updated libsepol to version 2.0.12
Modified Paths:
--------------
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2007-10-11 20:24:03 UTC (rev 2649)
+++ trunk/libsepol/ChangeLog 2007-10-11 20:26:57 UTC (rev 2650)
@@ -1,3 +1,7 @@
+2.0.12 2007-10-11
+ * Fixed bug in require checking from Stephen Smalley.
+ * Added user hierarchy checking from Todd Miller.
+
2.0.11 2007-09-24
* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2007-10-11 20:24:03 UTC (rev 2649)
+++ trunk/libsepol/VERSION 2007-10-11 20:26:57 UTC (rev 2650)
@@ -1 +1 @@
-2.0.11
+2.0.12
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-11 20:24:05
|
Revision: 2649
http://selinux.svn.sourceforge.net/selinux/?rev=2649&view=rev
Author: ssmalley
Date: 2007-10-11 13:24:03 -0700 (Thu, 11 Oct 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: deleteall added for ports and fcontext in semanage
Date: Sun, 07 Oct 2007 21:51:32 -0400
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-10-11 20:21:08 UTC (rev 2648)
+++ trunk/policycoreutils/semanage/seobject.py 2007-10-11 20:24:03 UTC (rev 2649)
@@ -139,7 +139,7 @@
translations = fd.readlines()
fd.close()
except IOError, e:
- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) )
+ raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
self.ddict = {}
self.comments = []
@@ -236,6 +236,9 @@
if rc < 0:
semanage_handle_destroy(self.sh)
raise ValueError(_("Could not establish semanage connection"))
+ def deleteall(self):
+ raise ValueError(_("Not yet implemented"))
+
class loginRecords(semanageRecords):
def __init__(self, store = ""):
@@ -776,6 +779,34 @@
semanage_port_key_free(k)
semanage_port_free(p)
+ def deleteall(self):
+ (rc, plist) = semanage_port_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list the ports"))
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ for port in plist:
+ proto = semanage_port_get_proto(port)
+ proto_str = semanage_port_get_proto_str(proto)
+ low = semanage_port_get_low(port)
+ high = semanage_port_get_high(port)
+ port_str = "%s-%s" % (low, high)
+ ( k, proto_d, low, high ) = self.__genkey(port_str , proto_str)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % port_str)
+
+ rc = semanage_port_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete the port %s") % port_str)
+ semanage_port_key_free(k)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete the %s") % port_str)
+
def delete(self, port, proto):
( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc,exists) = semanage_port_exists(self.sh, k)
@@ -1175,6 +1206,32 @@
semanage_fcontext_key_free(k)
semanage_fcontext_free(fcontext)
+ def deleteall(self):
+ (rc, flist) = semanage_fcontext_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list the file contexts"))
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ for fcontext in flist:
+ target = semanage_fcontext_get_expr(fcontext)
+ ftype = semanage_fcontext_get_type(fcontext)
+ ftype_str = semanage_fcontext_get_type_str(ftype)
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str])
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % target)
+
+ rc = semanage_fcontext_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete the file context %s") % target)
+ semanage_fcontext_key_free(k)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete the file context %s") % target)
+
def delete(self, target, ftype):
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-11 20:21:37
|
Revision: 2648
http://selinux.svn.sourceforge.net/selinux/?rev=2648&view=rev
Author: ssmalley
Date: 2007-10-11 13:21:08 -0700 (Thu, 11 Oct 2007)
Log Message:
-----------
applied r2646:2647 from trunk
Modified Paths:
--------------
branches/stable/1_0/libsepol/src/hierarchy.c
Modified: branches/stable/1_0/libsepol/src/hierarchy.c
===================================================================
--- branches/stable/1_0/libsepol/src/hierarchy.c 2007-10-11 20:19:45 UTC (rev 2647)
+++ branches/stable/1_0/libsepol/src/hierarchy.c 2007-10-11 20:21:08 UTC (rev 2648)
@@ -323,7 +323,6 @@
char *parent;
hierarchy_args_t *a;
role_datum_t *r, *rp;
- ebitmap_t eb;
a = (hierarchy_args_t *) args;
r = (role_datum_t *) d;
@@ -346,25 +345,63 @@
return 0;
}
- if (ebitmap_or(&eb, &r->types.types, &rp->types.types)) {
- /* Memory error */
- free(parent);
- return -1;
- }
-
- if (!ebitmap_cmp(&eb, &rp->types.types)) {
+ if (!ebitmap_contains(&rp->types.types, &r->types.types)) {
/* This is a violation of the hiearchal constraint, return error condition */
ERR(a->handle, "Role hierarchy violation, %s exceeds %s",
a->p->p_role_val_to_name[r->s.value - 1], parent);
a->numerr++;
}
- ebitmap_destroy(&eb);
free(parent);
return 0;
}
+/* The user hierarchy is defined as: a child user cannot have a role that
+ * its parent doesn't have. This function should be called with hashtab_map,
+ * it will return 0 on success, 1 on constraint violation and -1 on error.
+ */
+static int check_user_hierarchy_callback(hashtab_key_t k
+ __attribute__ ((unused)),
+ hashtab_datum_t d, void *args)
+{
+ char *parent;
+ hierarchy_args_t *a;
+ user_datum_t *u, *up;
+
+ a = (hierarchy_args_t *) args;
+ u = (user_datum_t *) d;
+
+ if (find_parent(a->p->p_user_val_to_name[u->s.value - 1], &parent))
+ return -1;
+
+ if (!parent) {
+ /* This user has no parent */
+ return 0;
+ }
+
+ up = hashtab_search(a->p->p_users.table, parent);
+ if (!up) {
+ /* Orphan user */
+ ERR(a->handle, "user %s doesn't exist, %s is an orphan",
+ parent, a->p->p_user_val_to_name[u->s.value - 1]);
+ free(parent);
+ a->numerr++;
+ return 0;
+ }
+
+ if (!ebitmap_contains(&up->roles.roles, &u->roles.roles)) {
+ /* hierarchical constraint violation, return error */
+ ERR(a->handle, "User hierarchy violation, %s exceeds %s",
+ a->p->p_user_val_to_name[u->s.value - 1], parent);
+ a->numerr++;
+ }
+
+ free(parent);
+
+ return 0;
+}
+
int hierarchy_check_constraints(sepol_handle_t * handle, policydb_t * p)
{
hierarchy_args_t args;
@@ -395,6 +432,9 @@
if (hashtab_map(p->p_roles.table, check_role_hierarchy_callback, &args))
goto bad;
+ if (hashtab_map(p->p_users.table, check_user_hierarchy_callback, &args))
+ goto bad;
+
if (args.numerr) {
ERR(handle, "%d total errors found during hierarchy check",
args.numerr);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-11 20:19:49
|
Revision: 2647
http://selinux.svn.sourceforge.net/selinux/?rev=2647&view=rev
Author: ssmalley
Date: 2007-10-11 13:19:45 -0700 (Thu, 11 Oct 2007)
Log Message:
-----------
Author: "Todd C. Miller"
Email: tm...@tr...
Subject: libsepol: add user to hierarchy checker
Date: Fri, 5 Oct 2007 13:52:08 -0400
Stephen Smalley wrote:
> Why not use ebitmap_contains()?
I was basically just cloning check_role_hierarchy_callback() so I just
followed what it did. Using ebitmap_contains() is more intuitive and
is probably faster to boot.
Below is an updated patch that uses ebitmap_contains() for both
check_role_hierarchy_callback() and check_user_hierarchy_callback().
Modified Paths:
--------------
trunk/libsepol/src/hierarchy.c
Modified: trunk/libsepol/src/hierarchy.c
===================================================================
--- trunk/libsepol/src/hierarchy.c 2007-10-11 20:14:36 UTC (rev 2646)
+++ trunk/libsepol/src/hierarchy.c 2007-10-11 20:19:45 UTC (rev 2647)
@@ -323,7 +323,6 @@
char *parent;
hierarchy_args_t *a;
role_datum_t *r, *rp;
- ebitmap_t eb;
a = (hierarchy_args_t *) args;
r = (role_datum_t *) d;
@@ -346,25 +345,63 @@
return 0;
}
- if (ebitmap_or(&eb, &r->types.types, &rp->types.types)) {
- /* Memory error */
- free(parent);
- return -1;
- }
-
- if (!ebitmap_cmp(&eb, &rp->types.types)) {
+ if (!ebitmap_contains(&rp->types.types, &r->types.types)) {
/* This is a violation of the hiearchal constraint, return error condition */
ERR(a->handle, "Role hierarchy violation, %s exceeds %s",
a->p->p_role_val_to_name[r->s.value - 1], parent);
a->numerr++;
}
- ebitmap_destroy(&eb);
free(parent);
return 0;
}
+/* The user hierarchy is defined as: a child user cannot have a role that
+ * its parent doesn't have. This function should be called with hashtab_map,
+ * it will return 0 on success, 1 on constraint violation and -1 on error.
+ */
+static int check_user_hierarchy_callback(hashtab_key_t k
+ __attribute__ ((unused)),
+ hashtab_datum_t d, void *args)
+{
+ char *parent;
+ hierarchy_args_t *a;
+ user_datum_t *u, *up;
+
+ a = (hierarchy_args_t *) args;
+ u = (user_datum_t *) d;
+
+ if (find_parent(a->p->p_user_val_to_name[u->s.value - 1], &parent))
+ return -1;
+
+ if (!parent) {
+ /* This user has no parent */
+ return 0;
+ }
+
+ up = hashtab_search(a->p->p_users.table, parent);
+ if (!up) {
+ /* Orphan user */
+ ERR(a->handle, "user %s doesn't exist, %s is an orphan",
+ parent, a->p->p_user_val_to_name[u->s.value - 1]);
+ free(parent);
+ a->numerr++;
+ return 0;
+ }
+
+ if (!ebitmap_contains(&up->roles.roles, &u->roles.roles)) {
+ /* hierarchical constraint violation, return error */
+ ERR(a->handle, "User hierarchy violation, %s exceeds %s",
+ a->p->p_user_val_to_name[u->s.value - 1], parent);
+ a->numerr++;
+ }
+
+ free(parent);
+
+ return 0;
+}
+
int hierarchy_check_constraints(sepol_handle_t * handle, policydb_t * p)
{
hierarchy_args_t args;
@@ -395,6 +432,9 @@
if (hashtab_map(p->p_roles.table, check_role_hierarchy_callback, &args))
goto bad;
+ if (hashtab_map(p->p_users.table, check_user_hierarchy_callback, &args))
+ goto bad;
+
if (args.numerr) {
ERR(handle, "%d total errors found during hierarchy check",
args.numerr);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-11 20:15:35
|
Revision: 2645
http://selinux.svn.sourceforge.net/selinux/?rev=2645&view=rev
Author: ssmalley
Date: 2007-10-11 13:14:02 -0700 (Thu, 11 Oct 2007)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: refpolicy xserver branch
Date: Wed, 10 Oct 2007 08:43:37 -0400
On Wed, 2007-10-10 at 08:25 -0400, Stephen Smalley wrote:
> On Wed, 2007-10-10 at 08:13 -0400, Stephen Smalley wrote:
> > On Wed, 2007-10-10 at 08:01 -0400, Stephen Smalley wrote:
> > > On Wed, 2007-10-10 at 07:52 -0400, Stephen Smalley wrote:
> > > > On Tue, 2007-10-09 at 17:40 +0000, Christopher J. PeBenito wrote:
> > > > > On Tue, 2007-10-09 at 12:33 -0400, Eamon Walsh wrote:
> > > > > > Christopher J. PeBenito wrote:
> > > > > > > It was explicitly listed in both the xwindows.if and .te, but not used.
> > > > > > > I cleaned it up.
> > > > > > >
> > > > > >
> > > > > > Thanks! Now, we have:
> > > > > >
> > > > > >
> > > > > > Installing refpolicy zebra.pp policy package.
> > > > > > Loading configured modules.
> > > > > > libsepol.print_missing_requirements: xwindows's global requirements were not met: common httpd_ssi_exec
> > > > > > libsemanage.semanage_link_sandbox: Link packages failed
> > > > > > /usr/sbin/semodule: Failed!
> > > > > > make: *** [load] Error 1
> > > > >
> > > > > I can't reproduce this but instead I'm getting a segfault when my test
> > > > > script tries to test link it by calling semodule_link directly. I'm
> > > > > using the current stable release toolchain. Going by your error
> > > > > message, it looks like it might be a toolchain bug since httpd_ssi_exec
> > > > > isn't a common, its a boolean.
> > > >
> > > > (cc Joshua and Karl)
> > > >
> > > > svn co http://oss.tresys.com/repos/refpolicy/branchs/xselinux
> > > > cd xselinux
> > > > make MONOLITHIC=n
> > > > make load
> > > > ...
> > > > Loading configured modules.
> > > > /usr/sbin/semodule -s refpolicy -b /usr/share/selinux/refpolicy/base.pp -i /usr/share/selinux/refpolicy/acct.pp -i /usr/share/selinux/refpolicy/ada.pp -i /usr/share/selinux/refpolicy/afs.pp -i /usr/share/selinux/refpolicy/aide.pp -i /usr/share/selinux/refpolicy/alsa.pp -i /usr/share/selinux/refpolicy/amanda.pp -i /usr/share/selinux/refpolicy/amavis.pp -i /usr/share/selinux/refpolicy/amtu.pp -i /usr/share/selinux/refpolicy/anaconda.pp -i /usr/share/selinux/refpolicy/apache.pp -i /usr/share/selinux/refpolicy/apcupsd.pp -i /usr/share/selinux/refpolicy/apm.pp -i /usr/share/selinux/refpolicy/application.pp -i /usr/share/selinux/refpolicy/apt.pp -i /usr/share/selinux/refpolicy/arpwatch.pp -i /usr/share/selinux/refpolicy/asterisk.pp -i /usr/share/selinux/refpolicy/audioentropy.pp -i /usr/share/selinux/refpolicy/authbind.pp -i /usr/share/selinux/refpolicy/authlogin.pp -i /usr/share/selinux/refpolicy/automount.pp -i /usr/share/selinux/refpolicy/avahi.pp -i /usr/share/selinux/refpolicy/awstats.pp -i /usr/share/selinux/refpolicy/backup.pp -i /usr/share/selinux/refpolicy/bind.pp -i /usr/share/selinux/refpolicy/bitlbee.pp -i /usr/share/selinux/refpolicy/bluetooth.pp -i /usr/share/selinux/refpolicy/bootloader.pp -i /usr/share/selinux/refpolicy/brctl.pp -i /usr/share/selinux/refpolicy/calamaris.pp -i /usr/share/selinux/refpolicy/canna.pp -i /usr/share/selinux/refpolicy/ccs.pp -i /usr/share/selinux/refpolicy/cdrecord.pp -i /usr/share/selinux/refpolicy/certwatch.pp -i /usr/share/selinux/refpolicy/cipe.pp -i /usr/share/selinux/refpolicy/clamav.pp -i /usr/share/selinux/refpolicy/clock.pp -i /usr/share/selinux/refpolicy/clockspeed.pp -i /usr/share/selinux/refpolicy/comsat.pp -i /usr/share/selinux/refpolicy/consolekit.pp -i /usr/share/selinux/refpolicy/consoletype.pp -i /usr/share/selinux/refpolicy/courier.pp -i /usr/share/selinux/refpolicy/cpucontrol.pp -i /usr/share/selinux/refpolicy/cron.pp -i /usr/share/selinux/refpolicy/cups.pp -i /usr/share/selinux/refpolicy/cvs.pp -i /usr/share/selinux/refpolicy/cyrus.pp -i /usr/share/selinux/refpolicy/daemontools.pp -i /usr/share/selinux/refpolicy/dante.pp -i /usr/share/selinux/refpolicy/dbskk.pp -i /usr/share/selinux/refpolicy/dbus.pp -i /usr/share/selinux/refpolicy/dcc.pp -i /usr/share/selinux/refpolicy/ddclient.pp -i /usr/share/selinux/refpolicy/ddcprobe.pp -i /usr/share/selinux/refpolicy/dhcp.pp -i /usr/share/selinux/refpolicy/dictd.pp -i /usr/share/selinux/refpolicy/distcc.pp -i /usr/share/selinux/refpolicy/djbdns.pp -i /usr/share/selinux/refpolicy/dmesg.pp -i /usr/share/selinux/refpolicy/dmidecode.pp -i /usr/share/selinux/refpolicy/dnsmasq.pp -i /usr/share/selinux/refpolicy/dovecot.pp -i /usr/share/selinux/refpolicy/dpkg.pp -i /usr/share/selinux/refpolicy/ethereal.pp -i /usr/share/selinux/refpolicy/evolution.pp -i /usr/share/selinux/refpolicy/fail2ban.pp -i /usr/share/selinux/refpolicy/fetchmail.pp -i /usr/share/selinux/refpolicy/finger.pp -i /usr/share/selinux/refpolicy/firstboot.pp -i /usr/share/selinux/refpolicy/fstools.pp -i /usr/share/selinux/refpolicy/ftp.pp -i /usr/share/selinux/refpolicy/games.pp -i /usr/share/selinux/refpolicy/gatekeeper.pp -i /usr/share/selinux/refpolicy/getty.pp -i /usr/share/selinux/refpolicy/gift.pp -i /usr/share/selinux/refpolicy/gnome.pp -i /usr/share/selinux/refpolicy/gpg.pp -i /usr/share/selinux/refpolicy/gpm.pp -i /usr/share/selinux/refpolicy/hal.pp -i /usr/share/selinux/refpolicy/hostname.pp -i /usr/share/selinux/refpolicy/hotplug.pp -i /usr/share/selinux/refpolicy/howl.pp -i /usr/share/selinux/refpolicy/i18n_input.pp -i /usr/share/selinux/refpolicy/imaze.pp -i /usr/share/selinux/refpolicy/inetd.pp -i /usr/share/selinux/refpolicy/init.pp -i /usr/share/selinux/refpolicy/inn.pp -i /usr/share/selinux/refpolicy/ipsec.pp -i /usr/share/selinux/refpolicy/iptables.pp -i /usr/share/selinux/refpolicy/irc.pp -i /usr/share/selinux/refpolicy/ircd.pp -i /usr/share/selinux/refpolicy/irqbalance.pp -i /usr/share/selinux/refpolicy/iscsi.pp -i /usr/share/selinux/refpolicy/jabber.pp -i /usr/share/selinux/refpolicy/java.pp -i /usr/share/selinux/refpolicy/kerberos.pp -i /usr/share/selinux/refpolicy/ktalk.pp -i /usr/share/selinux/refpolicy/kudzu.pp -i /usr/share/selinux/refpolicy/ldap.pp -i /usr/share/selinux/refpolicy/libraries.pp -i /usr/share/selinux/refpolicy/loadkeys.pp -i /usr/share/selinux/refpolicy/locallogin.pp -i /usr/share/selinux/refpolicy/lockdev.pp -i /usr/share/selinux/refpolicy/logging.pp -i /usr/share/selinux/refpolicy/logrotate.pp -i /usr/share/selinux/refpolicy/logwatch.pp -i /usr/share/selinux/refpolicy/lpd.pp -i /usr/share/selinux/refpolicy/lvm.pp -i /usr/share/selinux/refpolicy/mailman.pp -i /usr/share/selinux/refpolicy/miscfiles.pp -i /usr/share/selinux/refpolicy/modutils.pp -i /usr/share/selinux/refpolicy/mono.pp -i /usr/share/selinux/refpolicy/monop.pp -i /usr/share/selinux/refpolicy/mount.pp -i /usr/share/selinux/refpolicy/mozilla.pp -i /usr/share/selinux/refpolicy/mplayer.pp -i /usr/share/selinux/refpolicy/mrtg.pp -i /usr/share/selinux/refpolicy/mta.pp -i /usr/share/selinux/refpolicy/munin.pp -i /usr/share/selinux/refpolicy/mysql.pp -i /usr/share/selinux/refpolicy/nagios.pp -i /usr/share/selinux/refpolicy/nessus.pp -i /usr/share/selinux/refpolicy/netlabel.pp -i /usr/share/selinux/refpolicy/netutils.pp -i /usr/share/selinux/refpolicy/networkmanager.pp -i /usr/share/selinux/refpolicy/nis.pp -i /usr/share/selinux/refpolicy/nscd.pp -i /usr/share/selinux/refpolicy/nsd.pp -i /usr/share/selinux/refpolicy/ntop.pp -i /usr/share/selinux/refpolicy/ntp.pp -i /usr/share/selinux/refpolicy/nx.pp -i /usr/share/selinux/refpolicy/oav.pp -i /usr/share/selinux/refpolicy/oddjob.pp -i /usr/share/selinux/refpolicy/openca.pp -i /usr/share/selinux/refpolicy/openct.pp -i /usr/share/selinux/refpolicy/openvpn.pp -i /usr/share/selinux/refpolicy/pcmcia.pp -i /usr/share/selinux/refpolicy/pcscd.pp -i /usr/share/selinux/refpolicy/pegasus.pp -i /usr/share/selinux/refpolicy/perdition.pp -i /usr/share/selinux/refpolicy/portage.pp -i /usr/share/selinux/refpolicy/portmap.pp -i /usr/share/selinux/refpolicy/portslave.pp -i /usr/share/selinux/refpolicy/postfix.pp -i /usr/share/selinux/refpolicy/postgresql.pp -i /usr/share/selinux/refpolicy/postgrey.pp -i /usr/share/selinux/refpolicy/ppp.pp -i /usr/share/selinux/refpolicy/prelink.pp -i /usr/share/selinux/refpolicy/privoxy.pp -i /usr/share/selinux/refpolicy/procmail.pp -i /usr/share/selinux/refpolicy/publicfile.pp -i /usr/share/selinux/refpolicy/pxe.pp -i /usr/share/selinux/refpolicy/pyzor.pp -i /usr/share/selinux/refpolicy/qmail.pp -i /usr/share/selinux/refpolicy/quota.pp -i /usr/share/selinux/refpolicy/radius.pp -i /usr/share/selinux/refpolicy/radvd.pp -i /usr/share/selinux/refpolicy/raid.pp -i /usr/share/selinux/refpolicy/razor.pp -i /usr/share/selinux/refpolicy/rdisc.pp -i /usr/share/selinux/refpolicy/readahead.pp -i /usr/share/selinux/refpolicy/remotelogin.pp -i /usr/share/selinux/refpolicy/resmgr.pp -i /usr/share/selinux/refpolicy/rhgb.pp -i /usr/share/selinux/refpolicy/ricci.pp -i /usr/share/selinux/refpolicy/rlogin.pp -i /usr/share/selinux/refpolicy/roundup.pp -i /usr/share/selinux/refpolicy/rpc.pp -i /usr/share/selinux/refpolicy/rpcbind.pp -i /usr/share/selinux/refpolicy/rpm.pp -i /usr/share/selinux/refpolicy/rshd.pp -i /usr/share/selinux/refpolicy/rssh.pp -i /usr/share/selinux/refpolicy/rsync.pp -i /usr/share/selinux/refpolicy/rwho.pp -i /usr/share/selinux/refpolicy/samba.pp -i /usr/share/selinux/refpolicy/sasl.pp -i /usr/share/selinux/refpolicy/screen.pp -i /usr/share/selinux/refpolicy/selinuxutil.pp -i /usr/share/selinux/refpolicy/sendmail.pp -i /usr/share/selinux/refpolicy/setrans.pp -i /usr/share/selinux/refpolicy/setroubleshoot.pp -i /usr/share/selinux/refpolicy/slocate.pp -i /usr/share/selinux/refpolicy/slrnpull.pp -i /usr/share/selinux/refpolicy/smartmon.pp -i /usr/share/selinux/refpolicy/snmp.pp -i /usr/share/selinux/refpolicy/snort.pp -i /usr/share/selinux/refpolicy/soundserver.pp -i /usr/share/selinux/refpolicy/spamassassin.pp -i /usr/share/selinux/refpolicy/speedtouch.pp -i /usr/share/selinux/refpolicy/squid.pp -i /usr/share/selinux/refpolicy/ssh.pp -i /usr/share/selinux/refpolicy/storage.pp -i /usr/share/selinux/refpolicy/stunnel.pp -i /usr/share/selinux/refpolicy/su.pp -i /usr/share/selinux/refpolicy/sudo.pp -i /usr/share/selinux/refpolicy/sxid.pp -i /usr/share/selinux/refpolicy/sysnetwork.pp -i /usr/share/selinux/refpolicy/sysstat.pp -i /usr/share/selinux/refpolicy/tcpd.pp -i /usr/share/selinux/refpolicy/telnet.pp -i /usr/share/selinux/refpolicy/tftp.pp -i /usr/share/selinux/refpolicy/thunderbird.pp -i /usr/share/selinux/refpolicy/timidity.pp -i /usr/share/selinux/refpolicy/tmpreaper.pp -i /usr/share/selinux/refpolicy/tor.pp -i /usr/share/selinux/refpolicy/transproxy.pp -i /usr/share/selinux/refpolicy/tripwire.pp -i /usr/share/selinux/refpolicy/tvtime.pp -i /usr/share/selinux/refpolicy/tzdata.pp -i /usr/share/selinux/refpolicy/ucspitcp.pp -i /usr/share/selinux/refpolicy/udev.pp -i /usr/share/selinux/refpolicy/uml.pp -i /usr/share/selinux/refpolicy/unconfined.pp -i /usr/share/selinux/refpolicy/updfstab.pp -i /usr/share/selinux/refpolicy/uptime.pp -i /usr/share/selinux/refpolicy/usbmodules.pp -i /usr/share/selinux/refpolicy/userdomain.pp -i /usr/share/selinux/refpolicy/userhelper.pp -i /usr/share/selinux/refpolicy/usermanage.pp -i /usr/share/selinux/refpolicy/usernetctl.pp -i /usr/share/selinux/refpolicy/uucp.pp -i /usr/share/selinux/refpolicy/uwimap.pp -i /usr/share/selinux/refpolicy/vbetool.pp -i /usr/share/selinux/refpolicy/vmware.pp -i /usr/share/selinux/refpolicy/vpn.pp -i /usr/share/selinux/refpolicy/watchdog.pp -i /usr/share/selinux/refpolicy/webalizer.pp -i /usr/share/selinux/refpolicy/wine.pp -i /usr/share/selinux/refpolicy/xen.pp -i /usr/share/selinux/refpolicy/xfs.pp -i /usr/share/selinux/refpolicy/xprint.pp -i /usr/share/selinux/refpolicy/xserver.pp -i /usr/share/selinux/refpolicy/xwindows.pp -i /usr/share/selinux/refpolicy/yam.pp -i /usr/share/selinux/refpolicy/zabbix.pp -i /usr/share/selinux/refpolicy/zebra.pp
> > > > make: *** [load] Segmentation fault
> > >
> > > If I rebuild with CFLAGS+=-g and try again, now I get:
> > > libsepol.print_missing_requirements: xwindows's global requirements were not met: common httpd_can_network_relay
> > > libsemanage.semanage_link_sandbox: Link packages failed
> > > /usr/sbin/semodule: Failed!
> >
> > And if I run that under valgrind, I get:
> > ==5617== Conditional jump or move depends on uninitialised value(s)
> > ==5617== at 0x4036DC8: print_missing_requirements (link.c:1857)
> > ==5617== by 0x40371CE: enable_avrules (link.c:1941)
> > ==5617== by 0x4038246: link_modules (link.c:2226)
> > ==5617== by 0x403A687: sepol_link_packages (module.c:302)
> > ==5617== by 0x408FEDA: semanage_link_sandbox (semanage_store.c:1605)
> > ==5617== by 0x4082AC6: semanage_direct_commit (direct_api.c:509)
> > ==5617== by 0x4087234: semanage_commit (handle.c:254)
> > ==5617== by 0x8049C02: main (semodule.c:452)
> > ==5617==
> > ==5617== Use of uninitialised value of size 4
> > ==5617== at 0x4036F1B: print_missing_requirements (link.c:1873)
> > ==5617== by 0x40371CE: enable_avrules (link.c:1941)
> > ==5617== by 0x4038246: link_modules (link.c:2226)
> > ==5617== by 0x403A687: sepol_link_packages (module.c:302)
> > ==5617== by 0x408FEDA: semanage_link_sandbox (semanage_store.c:1605)
> > ==5617== by 0x4082AC6: semanage_direct_commit (direct_api.c:509)
> > ==5617== by 0x4087234: semanage_commit (handle.c:254)
> > ==5617== by 0x8049C02: main (semodule.c:452)
> > ==5617==
> > ==5617== Use of uninitialised value of size 4
> > ==5617== at 0x4036F2E: print_missing_requirements (link.c:1873)
> > ==5617== by 0x40371CE: enable_avrules (link.c:1941)
> > ==5617== by 0x4038246: link_modules (link.c:2226)
> > ==5617== by 0x403A687: sepol_link_packages (module.c:302)
> > ==5617== by 0x408FEDA: semanage_link_sandbox (semanage_store.c:1605)
> > ==5617== by 0x4082AC6: semanage_direct_commit (direct_api.c:509)
> > ==5617== by 0x4087234: semanage_commit (handle.c:254)
> > ==5617== by 0x8049C02: main (semodule.c:452)
> > ==5617==
> > ==5617== Invalid read of size 4
> > ==5617== at 0x4036F2E: print_missing_requirements (link.c:1873)
> > ==5617== by 0x40371CE: enable_avrules (link.c:1941)
> > ==5617== by 0x4038246: link_modules (link.c:2226)
> > ==5617== by 0x403A687: sepol_link_packages (module.c:302)
> > ==5617== by 0x408FEDA: semanage_link_sandbox (semanage_store.c:1605)
> > ==5617== by 0x4082AC6: semanage_direct_commit (direct_api.c:509)
> > ==5617== by 0x4087234: semanage_commit (handle.c:254)
> > ==5617== by 0x8049C02: main (semodule.c:452)
> > ==5617== Address 0xFCE0AD4 is 4 bytes before a block of size 16 alloc'd
> > ==5617== at 0x4005525: malloc (vg_replace_malloc.c:149)
> > ==5617== by 0x404116C: policydb_index_classes (policydb.c:686)
> > ==5617== by 0x40380F8: link_modules (link.c:2217)
> > ==5617== by 0x403A687: sepol_link_packages (module.c:302)
> > ==5617== by 0x408FEDA: semanage_link_sandbox (semanage_store.c:1605)
> > ==5617== by 0x4082AC6: semanage_direct_commit (direct_api.c:509)
> > ==5617== by 0x4087234: semanage_commit (handle.c:254)
> > ==5617== by 0x8049C02: main (semodule.c:452)
> > ==5617==
> > ==5617== Use of uninitialised value of size 4
> > ==5617== at 0x4036F35: print_missing_requirements (link.c:1873)
> > ==5617== by 0x40371CE: enable_avrules (link.c:1941)
> > ==5617== by 0x4038246: link_modules (link.c:2226)
> > ==5617== by 0x403A687: sepol_link_packages (module.c:302)
> > ==5617== by 0x408FEDA: semanage_link_sandbox (semanage_store.c:1605)
> > ==5617== by 0x4082AC6: semanage_direct_commit (direct_api.c:509)
> > ==5617== by 0x4087234: semanage_commit (handle.c:254)
> > ==5617== by 0x8049C02: main (semodule.c:452)
> > libsepol.print_missing_requirements: xwindows's global requirements were not met: common (null) Is a directory.
> > libsemanage.semanage_link_sandbox: Link packages failed Is a directory.
> > /usr/sbin/semodule: Failed!
>
> Line 1746 of link.c returns 0 without setting req->symbol_type and
> req->symbol_value?
>
> id was x_window.
If I simply remove those two lines from libsepol such that it falls
through to looking up the permission and setting up the req structure
properly before returning 0, I get:
libsepol.print_missing_requirements: xwindows's global requirements were not met: class x_window, permission all_x_window_perms
libsemanage.semanage_link_sandbox: Link packages failed
And indeed those symbols appear in the module but are not defined by
security_classes or access_vectors.
Modified Paths:
--------------
trunk/libsepol/src/link.c
Modified: trunk/libsepol/src/link.c
===================================================================
--- trunk/libsepol/src/link.c 2007-10-05 17:49:15 UTC (rev 2644)
+++ trunk/libsepol/src/link.c 2007-10-11 20:14:02 UTC (rev 2645)
@@ -1742,8 +1742,6 @@
id);
return -1;
}
- if (scope->scope == SCOPE_REQ)
- return 0;
fparg.valuep = perm_value;
fparg.key = NULL;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-11 20:14:45
|
Revision: 2646
http://selinux.svn.sourceforge.net/selinux/?rev=2646&view=rev
Author: ssmalley
Date: 2007-10-11 13:14:36 -0700 (Thu, 11 Oct 2007)
Log Message:
-----------
applied r2644:2645 from trunk
Modified Paths:
--------------
branches/stable/1_0/libsepol/src/link.c
Modified: branches/stable/1_0/libsepol/src/link.c
===================================================================
--- branches/stable/1_0/libsepol/src/link.c 2007-10-11 20:14:02 UTC (rev 2645)
+++ branches/stable/1_0/libsepol/src/link.c 2007-10-11 20:14:36 UTC (rev 2646)
@@ -1741,8 +1741,6 @@
id);
return -1;
}
- if (scope->scope == SCOPE_REQ)
- return 0;
fparg.valuep = perm_value;
fparg.key = NULL;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 17:49:16
|
Revision: 2644
http://selinux.svn.sourceforge.net/selinux/?rev=2644&view=rev
Author: ssmalley
Date: 2007-10-05 10:49:15 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.29
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-10-05 17:48:23 UTC (rev 2643)
+++ trunk/policycoreutils/ChangeLog 2007-10-05 17:49:15 UTC (rev 2644)
@@ -1,3 +1,6 @@
+2.0.29 2007-10-05
+ * Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
+
2.0.28 2007-10-05
* Update semodule man page for -D from Dan Walsh.
* Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-10-05 17:48:23 UTC (rev 2643)
+++ trunk/policycoreutils/VERSION 2007-10-05 17:49:15 UTC (rev 2644)
@@ -1 +1 @@
-2.0.28
+2.0.29
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 17:48:26
|
Revision: 2643
http://selinux.svn.sourceforge.net/selinux/?rev=2643&view=rev
Author: ssmalley
Date: 2007-10-05 10:48:23 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: genhomedircon script
Date: Fri, 05 Oct 2007 13:16:24 -0400
Certain tools were calling genhomedircon and in certain cases
genhomedircon is handy for rebuilding the home directory mapping.
Since semodule -Bn will rebuild, added genhomedircon script that just
executes that command.
Modified Paths:
--------------
trunk/policycoreutils/scripts/Makefile
Added Paths:
-----------
trunk/policycoreutils/scripts/genhomedircon
Modified: trunk/policycoreutils/scripts/Makefile
===================================================================
--- trunk/policycoreutils/scripts/Makefile 2007-10-05 14:10:56 UTC (rev 2642)
+++ trunk/policycoreutils/scripts/Makefile 2007-10-05 17:48:23 UTC (rev 2643)
@@ -5,12 +5,13 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
-all: fixfiles
+all: fixfiles genhomedircon
install: all
-mkdir -p $(BINDIR)
install -m 755 chcat $(BINDIR)
install -m 755 fixfiles $(DESTDIR)/sbin
+ install -m 755 genhomedircon $(SBINDIR)
-mkdir -p $(MANDIR)/man8
install -m 644 fixfiles.8 $(MANDIR)/man8/
install -m 644 chcat.8 $(MANDIR)/man8/
Added: trunk/policycoreutils/scripts/genhomedircon
===================================================================
--- trunk/policycoreutils/scripts/genhomedircon (rev 0)
+++ trunk/policycoreutils/scripts/genhomedircon 2007-10-05 17:48:23 UTC (rev 2643)
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/sbin/semodule -Bn
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 14:10:58
|
Revision: 2642
http://selinux.svn.sourceforge.net/selinux/?rev=2642&view=rev
Author: ssmalley
Date: 2007-10-05 07:10:56 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
updated libselinux to version 2.0.37
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-10-05 14:09:43 UTC (rev 2641)
+++ trunk/libselinux/ChangeLog 2007-10-05 14:10:56 UTC (rev 2642)
@@ -1,3 +1,6 @@
+2.0.37 2007-10-05
+ * Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.
+
2.0.36 2007-09-27
* Fix segfault resulting from missing file_contexts file.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-10-05 14:09:43 UTC (rev 2641)
+++ trunk/libselinux/VERSION 2007-10-05 14:10:56 UTC (rev 2642)
@@ -1 +1 @@
-2.0.36
+2.0.37
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 14:09:46
|
Revision: 2641
http://selinux.svn.sourceforge.net/selinux/?rev=2641&view=rev
Author: ssmalley
Date: 2007-10-05 07:09:43 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.28
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-10-05 14:07:01 UTC (rev 2640)
+++ trunk/policycoreutils/ChangeLog 2007-10-05 14:09:43 UTC (rev 2641)
@@ -1,3 +1,7 @@
+2.0.28 2007-10-05
+ * Update semodule man page for -D from Dan Walsh.
+ * Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
+
2.0.27 2007-09-19
* Improve semodule reporting of system errors from Stephen Smalley.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-10-05 14:07:01 UTC (rev 2640)
+++ trunk/policycoreutils/VERSION 2007-10-05 14:09:43 UTC (rev 2641)
@@ -1 +1 @@
-2.0.27
+2.0.28
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 14:07:03
|
Revision: 2640
http://selinux.svn.sourceforge.net/selinux/?rev=2640&view=rev
Author: ssmalley
Date: 2007-10-05 07:07:01 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
updated libsemanage to version 2.0.12
Modified Paths:
--------------
trunk/libsemanage/ChangeLog
trunk/libsemanage/VERSION
Modified: trunk/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2007-10-05 14:05:52 UTC (rev 2639)
+++ trunk/libsemanage/ChangeLog 2007-10-05 14:07:01 UTC (rev 2640)
@@ -1,3 +1,7 @@
+2.0.12 2007-10-05
+ * ustr cleanups from James Antill.
+ * Ensure that /root gets labeled even if using the default context from Dan Walsh.
+
2.0.11 2007-09-28
* Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.
Modified: trunk/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2007-10-05 14:05:52 UTC (rev 2639)
+++ trunk/libsemanage/VERSION 2007-10-05 14:07:01 UTC (rev 2640)
@@ -1 +1 @@
-2.0.11
+2.0.12
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2007-10-05 14:05:53
|
Revision: 2639
http://selinux.svn.sourceforge.net/selinux/?rev=2639&view=rev
Author: madmethod
Date: 2007-10-05 07:05:52 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
merge r2545:HEAD from trunk
Modified Paths:
--------------
branches/policyrep/Makefile
branches/policyrep/checkpolicy/ChangeLog
branches/policyrep/checkpolicy/VERSION
branches/policyrep/checkpolicy/checkmodule.c
branches/policyrep/checkpolicy/checkpolicy.c
branches/policyrep/checkpolicy/policy_parse.y
branches/policyrep/checkpolicy/test/dismod.c
branches/policyrep/checkpolicy/test/dispol.c
branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp
branches/policyrep/libpolicyrep/src/Makefile
branches/policyrep/libpolicyrep/tests/Makefile
branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp
branches/policyrep/libselinux/ChangeLog
branches/policyrep/libselinux/VERSION
branches/policyrep/libselinux/include/selinux/avc.h
branches/policyrep/libselinux/include/selinux/selinux.h
branches/policyrep/libselinux/src/Makefile
branches/policyrep/libselinux/src/avc.c
branches/policyrep/libselinux/src/avc_internal.c
branches/policyrep/libselinux/src/avc_internal.h
branches/policyrep/libselinux/src/callbacks.c
branches/policyrep/libselinux/src/fgetfilecon.c
branches/policyrep/libselinux/src/getfilecon.c
branches/policyrep/libselinux/src/lgetfilecon.c
branches/policyrep/libselinux/src/mapping.c
branches/policyrep/libselinux/src/matchpathcon.c
branches/policyrep/libselinux/src/selinux.py
branches/policyrep/libselinux/src/selinuxswig.i
branches/policyrep/libselinux/src/selinuxswig_python.i
branches/policyrep/libselinux/src/selinuxswig_wrap.c
branches/policyrep/libselinux/src/setrans_client.c
branches/policyrep/libselinux/src/setrans_internal.h
branches/policyrep/libselinux/src/stringrep.c
branches/policyrep/libselinux/utils/togglesebool.c
branches/policyrep/libsemanage/ChangeLog
branches/policyrep/libsemanage/Makefile
branches/policyrep/libsemanage/VERSION
branches/policyrep/libsemanage/src/Makefile
branches/policyrep/libsemanage/src/debug.c
branches/policyrep/libsemanage/src/direct_api.c
branches/policyrep/libsemanage/src/genhomedircon.c
branches/policyrep/libsemanage/src/genhomedircon.h
branches/policyrep/libsemanage/src/semanage.py
branches/policyrep/libsemanage/src/semanage_store.c
branches/policyrep/libsemanage/src/semanage_store.h
branches/policyrep/libsemanage/src/semanageswig_wrap.c
branches/policyrep/libsemanage/src/utilities.c
branches/policyrep/libsepol/ChangeLog
branches/policyrep/libsepol/VERSION
branches/policyrep/libsepol/include/sepol/policydb/policydb.h
branches/policyrep/libsepol/src/Makefile
branches/policyrep/libsepol/src/policydb.c
branches/policyrep/libsepol/src/private.h
branches/policyrep/libsepol/src/write.c
branches/policyrep/policycoreutils/ChangeLog
branches/policyrep/policycoreutils/VERSION
branches/policyrep/policycoreutils/semanage/semanage
branches/policyrep/policycoreutils/semanage/seobject.py
branches/policyrep/policycoreutils/semodule/semodule.8
branches/policyrep/policycoreutils/semodule/semodule.c
branches/policyrep/policycoreutils/setfiles/setfiles.c
branches/policyrep/sepolgen/ChangeLog
branches/policyrep/sepolgen/VERSION
branches/policyrep/sepolgen/src/sepolgen/audit.py
branches/policyrep/sepolgen/src/sepolgen/refparser.py
branches/policyrep/sepolgen/src/sepolgen/refpolicy.py
branches/policyrep/sepolgen/tests/test_audit.py
Modified: branches/policyrep/Makefile
===================================================================
--- branches/policyrep/Makefile 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/Makefile 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,5 +1,5 @@
-SUBDIRS=libsepol libselinux libsemanage libpolicyrep sepolgen checkpolicy policycoreutils # policy
-PYSUBDIRS=libselinux libsemanage
+SUBDIRS=libsepol libselinux libpolicyrep sepolgen policycoreutils # policy checkpolicy
+PYSUBDIRS=libselinux
ifeq ($(DEBUG),1)
export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow
Modified: branches/policyrep/checkpolicy/ChangeLog
===================================================================
--- branches/policyrep/checkpolicy/ChangeLog 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/ChangeLog 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,3 +1,8 @@
+2.0.4 2007-09-18
+ * Merged handle unknown policydb flag support from Eric Paris.
+ Adds new command line options -U {allow, reject, deny} for selecting
+ the flag when a base module or kernel policy is built.
+
2.0.3 2007-05-31
* Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
* Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
Modified: branches/policyrep/checkpolicy/VERSION
===================================================================
--- branches/policyrep/checkpolicy/VERSION 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/VERSION 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1 +1 @@
-2.0.3
+2.0.4
Modified: branches/policyrep/checkpolicy/checkmodule.c
===================================================================
--- branches/policyrep/checkpolicy/checkmodule.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/checkmodule.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -39,6 +39,7 @@
static sidtab_t sidtab;
extern int mlspol;
+extern int handle_unknown;
static char *txtfile = "policy.conf";
static char *binfile = "policy";
@@ -121,6 +122,7 @@
p->policy_type = policy_type;
p->policyvers = policyvers;
+ p->handle_unknown = handle_unknown;
pf.type = PF_USE_STDIO;
pf.fp = outfp;
@@ -135,13 +137,17 @@
static void usage(char *progname)
{
- printf("usage: %s [-V] [-b] [-m] [-M] [-o FILE] [INPUT]\n", progname);
+ printf("usage: %s [-V] [-b] [-U handle_unknown] [-m] [-M] [-o FILE] [INPUT]\n", progname);
printf("Build base and policy modules.\n");
printf("Options:\n");
printf(" INPUT build module from INPUT (else read from \"%s\")\n",
txtfile);
printf(" -V show policy versions created by this program\n");
printf(" -b treat input as a binary policy file\n");
+ printf(" -U OPTION How to handle unknown classes and permissions\n");
+ printf(" deny: Deny unknown kernel checks\n");
+ printf(" reject: Reject loading of policy with unknowns\n");
+ printf(" allow: Allow unknown kernel checks\n");
printf(" -m build a policy module instead of a base module\n");
printf(" -M enable MLS policy\n");
printf(" -o FILE write module to FILE (else just check syntax)\n");
@@ -156,7 +162,7 @@
int show_version = 0;
policydb_t modpolicydb;
- while ((ch = getopt(argc, argv, "ho:dbVmM")) != EOF) {
+ while ((ch = getopt(argc, argv, "ho:dbVU:mM")) != EOF) {
switch (ch) {
case 'h':
usage(argv[0]);
@@ -171,6 +177,20 @@
case 'V':
show_version = 1;
break;
+ case 'U':
+ if (!strcasecmp(optarg, "deny")) {
+ handle_unknown = DENY_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "reject")) {
+ handle_unknown = REJECT_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "allow")) {
+ handle_unknown = ALLOW_UNKNOWN;
+ break;
+ }
+ usage(argv[0]);
case 'm':
policy_type = POLICY_MOD;
policyvers = MOD_POLICYDB_VERSION_MAX;
@@ -189,6 +209,12 @@
exit(0);
}
+ if (handle_unknown && (policy_type != POLICY_BASE)) {
+ printf("Handling of unknown classes and permissions is only ");
+ printf("valid in the base module\n");
+ exit(1);
+ }
+
if (optind != argc) {
file = argv[optind++];
if (optind != argc)
@@ -214,6 +240,7 @@
modpolicydb.policy_type = policy_type;
modpolicydb.mls = mlspol;
+ modpolicydb.handle_unknown = handle_unknown;
if (read_source_policy(&modpolicydb, file, argv[0]) == -1) {
exit(1);
Modified: branches/policyrep/checkpolicy/checkpolicy.c
===================================================================
--- branches/policyrep/checkpolicy/checkpolicy.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/checkpolicy.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -90,6 +90,7 @@
extern policydb_t *policydbp;
extern int mlspol;
+extern int handle_unknown;
static char *txtfile = "policy.conf";
static char *binfile = "policy";
@@ -99,7 +100,7 @@
void usage(char *progname)
{
printf
- ("usage: %s [-b] [-d] [-M] [-c policyvers (%d-%d)] [-o output_file] [input_file]\n",
+ ("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject) [-M] [-c policyvers (%d-%d)] [-o output_file] [input_file]\n",
progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
exit(1);
}
@@ -390,7 +391,7 @@
int show_version = 0;
struct policy_file pf;
- while ((ch = getopt(argc, argv, "o:dbMVc:")) != EOF) {
+ while ((ch = getopt(argc, argv, "o:dbU:MVc:")) != EOF) {
switch (ch) {
case 'o':
outfile = optarg;
@@ -405,6 +406,20 @@
case 'V':
show_version = 1;
break;
+ case 'U':
+ if (!strcasecmp(optarg, "deny")) {
+ handle_unknown = DENY_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "allow")) {
+ handle_unknown = ALLOW_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "reject")) {
+ handle_unknown = REJECT_UNKNOWN;
+ break;
+ }
+ usage(argv[0]);
case 'M':
mlspol = 1;
break;
@@ -515,6 +530,7 @@
/* Let sepol know if we are dealing with MLS support */
parse_policy.mls = mlspol;
+ parse_policy.handle_unknown = handle_unknown;
policydbp = &parse_policy;
Modified: branches/policyrep/checkpolicy/policy_parse.y
===================================================================
--- branches/policyrep/checkpolicy/policy_parse.y 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/policy_parse.y 2007-10-05 14:05:52 UTC (rev 2639)
@@ -67,6 +67,7 @@
static unsigned int pass;
char *curfile = 0;
int mlspol = 0;
+int handle_unknown = 0;
extern unsigned long policydb_lineno;
extern unsigned long source_lineno;
Modified: branches/policyrep/checkpolicy/test/dismod.c
===================================================================
--- branches/policyrep/checkpolicy/test/dismod.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/test/dismod.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -665,6 +665,17 @@
return 0;
}
+int display_handle_unknown(policydb_t * policydb, FILE * out_fp)
+{
+ if (policydb->handle_unknown == ALLOW_UNKNOWN)
+ fprintf(out_fp, "Allow unknown classes and perms\n");
+ else if (policydb->handle_unknown == DENY_UNKNOWN)
+ fprintf(out_fp, "Deny unknown classes and perms\n");
+ else if (policydb->handle_unknown == REJECT_UNKNOWN)
+ fprintf(out_fp, "Reject unknown classes and perms\n");
+ return 0;
+}
+
static int read_policy(char *filename, policydb_t * policy)
{
FILE *in_fp;
@@ -771,6 +782,7 @@
printf("a) Display avrule requirements\n");
printf("b) Display avrule declarations\n");
printf("l) Link in a module\n");
+ printf("u) Display the unknown handling setting\n");
printf("\n");
printf("f) set output file\n");
printf("m) display menu\n");
@@ -879,6 +891,10 @@
fprintf(out_fp, "avrule block declarations:\n");
display_avblock(6, 0, &policydb, out_fp);
break;
+ case 'u':
+ case 'U':
+ display_handle_unknown(&policydb, out_fp);
+ break;
case 'f':
printf
("\nFilename for output (<CR> for screen output): ");
Modified: branches/policyrep/checkpolicy/test/dispol.c
===================================================================
--- branches/policyrep/checkpolicy/test/dispol.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/checkpolicy/test/dispol.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -273,6 +273,17 @@
return 1;
}
+int display_handle_unknown(policydb_t * policydb, FILE * out_fp)
+{
+ if (policydb->handle_unknown == ALLOW_UNKNOWN)
+ fprintf(out_fp, "Allow unknown classes and permisions\n");
+ else if (policydb->handle_unknown == DENY_UNKNOWN)
+ fprintf(out_fp, "Deny unknown classes and permisions\n");
+ else if (policydb->handle_unknown == REJECT_UNKNOWN)
+ fprintf(out_fp, "Reject unknown classes and permisions\n");
+ return 0;
+}
+
int change_bool(char *name, int state, policydb_t * p, FILE * fp)
{
cond_bool_datum_t *bool;
@@ -298,6 +309,7 @@
printf("6) display conditional expressions\n");
printf("7) change a boolean value\n");
printf("\n");
+ printf("u) display unknown handling setting\n");
printf("f) set output file\n");
printf("m) display menu\n");
printf("q) quit\n");
@@ -409,6 +421,10 @@
change_bool(name, state, &policydb, out_fp);
free(name);
break;
+ case 'u':
+ case 'U':
+ display_handle_unknown(&policydb, out_fp);
+ break;
case 'f':
printf
("\nFilename for output (<CR> for screen output): ");
Modified: branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp
===================================================================
--- branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libpolicyrep/include/policyrep/policy_base.hpp 2007-10-05 14:05:52 UTC (rev 2639)
@@ -24,6 +24,8 @@
typedef boost::shared_ptr<Parent> ParentPtr;
class TreeIterator;
+
+ class Policydb;
// Convenience typedefs
typedef std::vector<NodePtr> NodeVector;
Modified: branches/policyrep/libpolicyrep/src/Makefile
===================================================================
--- branches/policyrep/libpolicyrep/src/Makefile 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libpolicyrep/src/Makefile 2007-10-05 14:05:52 UTC (rev 2639)
@@ -32,20 +32,20 @@
ranlib $@
$(LIBSO): $(LOBJS)
- g++ $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO)
+ $(CXX) $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO)
ln -sf $@ $(TARGET)
$(PYTHONSO): $(PYTHONLOBJ)
- g++ $(LDFLAGS) -lboost_python -shared -o $@ $< $(LOBJS) -Wl,-soname,$@
+ $(CXX) $(LDFLAGS) -lboost_python -shared -o $@ $< $(LOBJS) -Wl,-soname,$@
$(PYTHONLOBJ): $(PYTHONCPP)
- g++ $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CXX) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
%.o: %.cpp
- g++ $(CFLAGS) -fPIC -c -o $@ $<
+ $(CXX) $(CFLAGS) -fPIC -c -o $@ $<
%.lo: %.cpp
- g++ $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+ $(CXX) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
policy_parse.cpp: policy_parse.y
bison -o policy_parse.cpp -p policyrep -d policy_parse.y
Modified: branches/policyrep/libpolicyrep/tests/Makefile
===================================================================
--- branches/policyrep/libpolicyrep/tests/Makefile 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libpolicyrep/tests/Makefile 2007-10-05 14:05:52 UTC (rev 2639)
@@ -4,7 +4,7 @@
CFLAGS += -g3 -gdwarf-2 -o0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter -Werror -I../include
-LIBPOLICYREP := ../src/libpolicyrep.a
+LIBPOLICYREP := ../src/libpolicyrep.a ../../libsepol/src/libsepol.a
# test program object files
objs := $(patsubst %.cpp,%.o,$(wildcard *.cpp))
Modified: branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp
===================================================================
--- branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp 2007-10-05 14:05:52 UTC (rev 2639)
@@ -20,6 +20,7 @@
#include <policyrep/policy.hpp>
#include <policyrep/parse.hpp>
+#include <policyrep/generate.hpp>
#include <sstream>
#include <iostream>
@@ -79,6 +80,10 @@
parsed_mod->append_children(mod->children().begin(), mod->children().end());
+
+ Policydb *poldb = new Policydb();
+ poldb->generate(pol);
+
}
int main(int argc, char **argv)
Modified: branches/policyrep/libselinux/ChangeLog
===================================================================
--- branches/policyrep/libselinux/ChangeLog 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/ChangeLog 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,3 +1,20 @@
+2.0.36 2007-09-27
+ * Fix segfault resulting from missing file_contexts file.
+
+2.0.35 2007-09-24
+ * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
+ * Pass CFLAGS when using gcc for linking from Dennis Gilmore.
+
+2.0.34 2007-09-18
+ * Fix selabel option flag setting for 64-bit from Stephen Smalley.
+
+2.0.33 2007-09-12
+ * Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley.
+ * Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley.
+
+2.0.32 2007-09-10
+ * Fix swig binding for rpm_execcon from James Athey.
+
2.0.31 2007-08-23
* Fix file_contexts.homedirs path from Todd Miller.
Modified: branches/policyrep/libselinux/VERSION
===================================================================
--- branches/policyrep/libselinux/VERSION 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/VERSION 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1 +1 @@
-2.0.31
+2.0.36
Modified: branches/policyrep/libselinux/include/selinux/avc.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/avc.h 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/include/selinux/avc.h 2007-10-05 14:05:52 UTC (rev 2639)
@@ -182,6 +182,17 @@
const struct avc_lock_callback *lock_callbacks);
/**
+ * avc_open - Initialize the AVC.
+ * @opts: array of selabel_opt structures specifying AVC options or NULL.
+ * @nopts: number of elements in opts array or zero for no options.
+ *
+ * This function is identical to avc_init(), except the message prefix
+ * is set to "avc" and any callbacks desired should be specified via
+ * selinux_set_callback(). No options are currently supported.
+ */
+int avc_open(struct selinux_opt *opts, unsigned nopts);
+
+/**
* avc_cleanup - Remove unused SIDs and AVC entries.
*
* Search the SID table for SID structures with zero
Modified: branches/policyrep/libselinux/include/selinux/selinux.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/selinux.h 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/include/selinux/selinux.h 2007-10-05 14:05:52 UTC (rev 2639)
@@ -142,7 +142,8 @@
union selinux_callback {
/* log the printf-style format and arguments,
with the type code indicating the type of message */
- int (*func_log) (int type, const char *fmt, ...);
+ int __attribute__((format(printf, 2, 3)))
+ (*func_log) (int type, const char *fmt, ...);
/* store a string representation of auditdata (corresponding
to the given security class) into msgbuf. */
int (*func_audit) (void *auditdata, security_class_t cls,
@@ -155,6 +156,7 @@
#define SELINUX_CB_AUDIT 1
#define SELINUX_CB_VALIDATE 2
+extern union selinux_callback selinux_get_callback(int type);
extern void selinux_set_callback(int type, union selinux_callback cb);
/* Logging type codes, passed to the logging callback */
Modified: branches/policyrep/libselinux/src/Makefile
===================================================================
--- branches/policyrep/libselinux/src/Makefile 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/Makefile 2007-10-05 14:05:52 UTC (rev 2639)
@@ -57,10 +57,10 @@
$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
- $(CC) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
$(LIBSO): $(LOBJS)
- $(CC) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
%.o: %.c policy.h
Modified: branches/policyrep/libselinux/src/avc.c
===================================================================
--- branches/policyrep/libselinux/src/avc.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/avc.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -157,6 +157,12 @@
return rc;
}
+int avc_open(struct selinux_opt *opts __attribute__((unused)),
+ unsigned nopts __attribute__((unused)))
+{
+ return avc_init("avc", NULL, NULL, NULL, NULL);
+}
+
int avc_init(const char *prefix,
const struct avc_memory_callback *mem_cb,
const struct avc_log_callback *log_cb,
Modified: branches/policyrep/libselinux/src/avc_internal.c
===================================================================
--- branches/policyrep/libselinux/src/avc_internal.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/avc_internal.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -61,7 +61,8 @@
rc = fd;
goto out;
}
-
+
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
if (!blocking && fcntl(fd, F_SETFL, O_NONBLOCK)) {
close(fd);
rc = -1;
Modified: branches/policyrep/libselinux/src/avc_internal.h
===================================================================
--- branches/policyrep/libselinux/src/avc_internal.h 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/avc_internal.h 2007-10-05 14:05:52 UTC (rev 2639)
@@ -13,6 +13,7 @@
#include <stdlib.h>
#include <string.h>
#include <selinux/avc.h>
+#include "callbacks.h"
#include "dso.h"
/* SID reference counter manipulation */
@@ -93,13 +94,15 @@
if (avc_func_log) \
avc_func_log(format); \
else \
- fprintf(stderr, format)
+ selinux_log(SELINUX_ERROR, format);
static inline void avc_suppl_audit(void *ptr, security_class_t class,
char *buf, size_t len)
{
if (avc_func_audit)
avc_func_audit(ptr, class, buf, len);
+ else
+ selinux_audit(ptr, class, buf, len);
}
static inline void *avc_create_thread(void (*run) (void))
Modified: branches/policyrep/libselinux/src/callbacks.c
===================================================================
--- branches/policyrep/libselinux/src/callbacks.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/callbacks.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -6,6 +6,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
+#include <errno.h>
#include <selinux/selinux.h>
#include "callbacks.h"
@@ -65,3 +66,27 @@
break;
}
}
+
+/* callback getting function */
+union selinux_callback
+selinux_get_callback(int type)
+{
+ union selinux_callback cb;
+
+ switch (type) {
+ case SELINUX_CB_LOG:
+ cb.func_log = selinux_log;
+ break;
+ case SELINUX_CB_AUDIT:
+ cb.func_audit = selinux_audit;
+ break;
+ case SELINUX_CB_VALIDATE:
+ cb.func_validate = selinux_validate;
+ break;
+ default:
+ memset(&cb, 0, sizeof(cb));
+ errno = EINVAL;
+ break;
+ }
+ return cb;
+}
Modified: branches/policyrep/libselinux/src/fgetfilecon.c
===================================================================
--- branches/policyrep/libselinux/src/fgetfilecon.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/fgetfilecon.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -37,6 +37,11 @@
ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1);
}
out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
if (ret < 0)
free(buf);
else
Modified: branches/policyrep/libselinux/src/getfilecon.c
===================================================================
--- branches/policyrep/libselinux/src/getfilecon.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/getfilecon.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -37,6 +37,11 @@
ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
}
out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
if (ret < 0)
free(buf);
else
Modified: branches/policyrep/libselinux/src/lgetfilecon.c
===================================================================
--- branches/policyrep/libselinux/src/lgetfilecon.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/lgetfilecon.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -37,6 +37,11 @@
ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
}
out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
if (ret < 0)
free(buf);
else
Modified: branches/policyrep/libselinux/src/mapping.c
===================================================================
--- branches/policyrep/libselinux/src/mapping.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/mapping.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -68,6 +68,11 @@
k = 0;
while (p_in->perms && p_in->perms[k]) {
+ /* An empty permission string skips ahead */
+ if (!*p_in->perms[k]) {
+ k++;
+ continue;
+ }
p_out->perms[k] = string_to_av_perm(p_out->value,
p_in->perms[k]);
if (!p_out->perms[k])
@@ -111,6 +116,7 @@
for (i=0; i<current_mapping[tclass].num_perms; i++)
if (tperm & (1<<i)) {
+ assert(current_mapping[tclass].perms[i]);
kperm |= current_mapping[tclass].perms[i];
tperm &= ~(1<<i);
}
Modified: branches/policyrep/libselinux/src/matchpathcon.c
===================================================================
--- branches/policyrep/libselinux/src/matchpathcon.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/matchpathcon.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -119,10 +119,10 @@
memset(options, 0, sizeof(options));
i = SELABEL_OPT_BASEONLY;
options[i].type = i;
- options[i].value = (char *)(flags & MATCHPATHCON_BASEONLY);
+ options[i].value = (flags & MATCHPATHCON_BASEONLY) ? (char*)1 : NULL;
i = SELABEL_OPT_VALIDATE;
options[i].type = i;
- options[i].value = (char *)(flags & MATCHPATHCON_VALIDATE);
+ options[i].value = (flags & MATCHPATHCON_VALIDATE) ? (char*)1 : NULL;
notrans = flags & MATCHPATHCON_NOTRANS;
}
@@ -305,8 +305,10 @@
void matchpathcon_fini(void)
{
- selabel_close(hnd);
- hnd = NULL;
+ if (hnd) {
+ selabel_close(hnd);
+ hnd = NULL;
+ }
}
int matchpathcon(const char *name, mode_t mode, security_context_t * con)
Modified: branches/policyrep/libselinux/src/selinux.py
===================================================================
--- branches/policyrep/libselinux/src/selinux.py 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/selinux.py 2007-10-05 14:05:52 UTC (rev 2639)
@@ -277,6 +277,7 @@
selinux_file_context_local_path = _selinux.selinux_file_context_local_path
selinux_homedir_context_path = _selinux.selinux_homedir_context_path
selinux_media_context_path = _selinux.selinux_media_context_path
+selinux_x_context_path = _selinux.selinux_x_context_path
selinux_contexts_path = _selinux.selinux_contexts_path
selinux_securetty_types_path = _selinux.selinux_securetty_types_path
selinux_booleans_path = _selinux.selinux_booleans_path
Modified: branches/policyrep/libselinux/src/selinuxswig.i
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig.i 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/selinuxswig.i 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,22 +1,5 @@
/* Authors: Dan Walsh
* James Athey
- *
- * Copyright (C) 2004-2005 Red Hat
- * Copyright (C) 2007 Tresys Technology, LLC
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
%module selinux
Modified: branches/policyrep/libselinux/src/selinuxswig_python.i
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig_python.i 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/selinuxswig_python.i 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,20 +1,4 @@
/* Author: James Athey
- *
- * Copyright (C) 2007 Tresys Technology, LLC
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
%module selinux
@@ -98,4 +82,41 @@
}
}
+%typemap(in) char * const [] {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check($input)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size($input);
+
+ $1 = (char**) malloc(size + 1);
+
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem($input, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem($input, i);
+ $1[i] = (char*) malloc(PyString_Size(s) + 1);
+ strcpy($1[i], PyString_AsString(s));
+ }
+ $1[size] = NULL;
+}
+
+%typemap(freearg,match="in") char * const [] {
+ int i = 0;
+ while($1[i]) {
+ free($1[i]);
+ i++;
+ }
+ free($1);
+}
+
%include "selinuxswig.i"
Modified: branches/policyrep/libselinux/src/selinuxswig_wrap.c
===================================================================
--- branches/policyrep/libselinux/src/selinuxswig_wrap.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/selinuxswig_wrap.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -6856,6 +6856,19 @@
}
+SWIGINTERN PyObject *_wrap_selinux_x_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_x_context_path")) SWIG_fail;
+ result = (char *)selinux_x_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_selinux_contexts_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *result = 0 ;
@@ -7078,10 +7091,6 @@
int res2 ;
char *buf2 = 0 ;
int alloc2 = 0 ;
- void *argp3 = 0 ;
- int res3 = 0 ;
- void *argp4 = 0 ;
- int res4 = 0 ;
PyObject * obj0 = 0 ;
PyObject * obj1 = 0 ;
PyObject * obj2 = 0 ;
@@ -7098,22 +7107,98 @@
SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'");
}
arg2 = (char *)(buf2);
- res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_p_char, 0 | 0 );
- if (!SWIG_IsOK(res3)) {
- SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "rpm_execcon" "', argument " "3"" of type '" "char *const []""'");
- }
- arg3 = (char **)(argp3);
- res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_p_char, 0 | 0 );
- if (!SWIG_IsOK(res4)) {
- SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "rpm_execcon" "', argument " "4"" of type '" "char *const []""'");
- }
- arg4 = (char **)(argp4);
+ {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check(obj2)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size(obj2);
+
+ arg3 = (char**) malloc(size + 1);
+
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem(obj2, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem(obj2, i);
+ arg3[i] = (char*) malloc(PyString_Size(s) + 1);
+ strcpy(arg3[i], PyString_AsString(s));
+ }
+ arg3[size] = NULL;
+ }
+ {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check(obj3)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size(obj3);
+
+ arg4 = (char**) malloc(size + 1);
+
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem(obj3, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem(obj3, i);
+ arg4[i] = (char*) malloc(PyString_Size(s) + 1);
+ strcpy(arg4[i], PyString_AsString(s));
+ }
+ arg4[size] = NULL;
+ }
result = (int)rpm_execcon(arg1,(char const *)arg2,(char *const (*))arg3,(char *const (*))arg4);
resultobj = SWIG_From_int((int)(result));
if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ int i = 0;
+ while(arg3[i]) {
+ free(arg3[i]);
+ i++;
+ }
+ free(arg3);
+ }
+ {
+ int i = 0;
+ while(arg4[i]) {
+ free(arg4[i]);
+ i++;
+ }
+ free(arg4);
+ }
return resultobj;
fail:
if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ int i = 0;
+ while(arg3[i]) {
+ free(arg3[i]);
+ i++;
+ }
+ free(arg3);
+ }
+ {
+ int i = 0;
+ while(arg4[i]) {
+ free(arg4[i]);
+ i++;
+ }
+ free(arg4);
+ }
return NULL;
}
@@ -8002,6 +8087,7 @@
{ (char *)"selinux_file_context_local_path", _wrap_selinux_file_context_local_path, METH_VARARGS, NULL},
{ (char *)"selinux_homedir_context_path", _wrap_selinux_homedir_context_path, METH_VARARGS, NULL},
{ (char *)"selinux_media_context_path", _wrap_selinux_media_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_x_context_path", _wrap_selinux_x_context_path, METH_VARARGS, NULL},
{ (char *)"selinux_contexts_path", _wrap_selinux_contexts_path, METH_VARARGS, NULL},
{ (char *)"selinux_securetty_types_path", _wrap_selinux_securetty_types_path, METH_VARARGS, NULL},
{ (char *)"selinux_booleans_path", _wrap_selinux_booleans_path, METH_VARARGS, NULL},
Modified: branches/policyrep/libselinux/src/setrans_client.c
===================================================================
--- branches/policyrep/libselinux/src/setrans_client.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/setrans_client.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,4 +1,4 @@
-/* Copyright (c) 2006 Trusted Computer Solutions, Inc.
+/* Author: Trusted Computer Solutions, Inc.
*
* Modified:
* Yuichi Nakamura <yn...@hi...>
Modified: branches/policyrep/libselinux/src/setrans_internal.h
===================================================================
--- branches/policyrep/libselinux/src/setrans_internal.h 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/setrans_internal.h 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,4 +1,4 @@
-/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+/* Author: Trusted Computer Solutions, Inc. */
#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix"
Modified: branches/policyrep/libselinux/src/stringrep.c
===================================================================
--- branches/policyrep/libselinux/src/stringrep.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/src/stringrep.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -471,10 +471,9 @@
tclass = unmap_class(tclass);
node = get_class_cache_entry_value(tclass);
- if (node == NULL) {
- errno = EINVAL;
- return NULL;
- } else
+ if (node == NULL)
+ return security_class_to_string_compat(tclass);
+ else
return node->name;
}
@@ -495,8 +494,7 @@
if ((1<<i) & av)
return node->perms[i];
- errno = EINVAL;
- return NULL;
+ return security_av_perm_to_string_compat(tclass,av);
}
int security_av_string(security_class_t tclass, access_vector_t av, char **res)
Modified: branches/policyrep/libselinux/utils/togglesebool.c
===================================================================
--- branches/policyrep/libselinux/utils/togglesebool.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libselinux/utils/togglesebool.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,8 +1,3 @@
-/*
- * Copyright 1999-2004 Gentoo Technologies, Inc.
- * Distributed under the terms of the GNU General Public License v2
- * $Header: /var/cvsroot/gentoo-projects/hardened/policycoreutils-extra/src/toggle_bool.c,v 1.2 2004/06/18 04:09:04 pebenito Exp $
- */
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
Modified: branches/policyrep/libsemanage/ChangeLog
===================================================================
--- branches/policyrep/libsemanage/ChangeLog 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libsemanage/ChangeLog 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,3 +1,25 @@
+2.0.11 2007-09-28
+ * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.
+
+2.0.10 2007-09-28
+ * Fix error checking on getpw*_r functions from Todd Miller.
+ * Make genhomedircon skip invalid homedir contexts from Todd Miller.
+ * Set default user and prefix from seusers from Dan Walsh.
+ * Add swigify Makefile target from Dan Walsh.
+
+2.0.9 2007-09-24
+ * Pass CFLAGS to CC even on link command, per Dennis Gilmore.
+
+2.0.8 2007-09-19
+ * Clear errno on non-fatal errors to avoid reporting them upon a
+ later error that does not set errno.
+
+2.0.7 2007-09-19
+ * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.
+
+2.0.6 2007-09-10
+ * Change to use getpw* function calls to the _r versions from Todd Miller.
+
2.0.5 2007-08-23
* Replace genhomedircon script with equivalent functionality within
libsemanage and introduce disable-genhomedircon option in
Modified: branches/policyrep/libsemanage/Makefile
===================================================================
--- branches/policyrep/libsemanage/Makefile 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libsemanage/Makefile 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,6 +1,9 @@
all:
$(MAKE) -C src all
+swigify:
+ $(MAKE) -C src swigify
+
pywrap:
$(MAKE) -C src pywrap
Modified: branches/policyrep/libsemanage/VERSION
===================================================================
--- branches/policyrep/libsemanage/VERSION 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libsemanage/VERSION 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1 +1 @@
-2.0.5
+2.0.11
Modified: branches/policyrep/libsemanage/src/Makefile
===================================================================
--- branches/policyrep/libsemanage/src/Makefile 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libsemanage/src/Makefile 2007-10-05 14:05:52 UTC (rev 2639)
@@ -47,14 +47,14 @@
$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
- $(CC) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs
$(LIBA): $(OBJS)
$(AR) rcs $@ $^
ranlib $@
$(LIBSO): $(LOBJS)
- $(CC) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
ln -sf $@ $(TARGET)
conf-scan.c: conf-scan.l conf-parse.h
Modified: branches/policyrep/libsemanage/src/debug.c
===================================================================
--- branches/policyrep/libsemanage/src/debug.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libsemanage/src/debug.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -23,6 +23,8 @@
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
+#include <errno.h>
+#include <string.h>
#include "handle.h"
#include "debug.h"
@@ -55,10 +57,12 @@
{
FILE *stream = NULL;
+ int errsv = 0;
switch (semanage_msg_get_level(handle)) {
case SEMANAGE_MSG_ERR:
+ errsv = errno;
case SEMANAGE_MSG_WARN:
stream = stderr;
break;
@@ -77,6 +81,9 @@
vfprintf(stream, fmt, ap);
va_end(ap);
+ if (errsv)
+ fprintf(stream, " %s.", strerror(errsv));
+
fprintf(stream, "\n");
varg = NULL;
Modified: branches/policyrep/libsemanage/src/direct_api.c
===================================================================
--- branches/policyrep/libsemanage/src/direct_api.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libsemanage/src/direct_api.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -32,6 +32,7 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <limits.h>
+#include <errno.h>
#include "user_internal.h"
#include "seuser_internal.h"
@@ -540,6 +541,7 @@
* checking is done because this is likely to fail because
* the file does not exist - which is not an error. */
unlink(linked_filename);
+ errno = 0;
}
/* ==================== File-backed ================== */
@@ -700,7 +702,7 @@
goto cleanup;
if (sh->do_rebuild || modified) {
- retval = semanage_install_sandbox(sh);
+ retval = semanage_install_sandbox(sh, out);
}
cleanup:
Modified: branches/policyrep/libsemanage/src/genhomedircon.c
===================================================================
--- branches/policyrep/libsemanage/src/genhomedircon.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libsemanage/src/genhomedircon.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,5 +1,6 @@
-/* Author: Mark Goldman <mgo...@tr...>
- * Paul Rosenfeld <pro...@tr...>
+/* Author: Mark Goldman <mgo...@tr...>
+ * Paul Rosenfeld <pro...@tr...>
+ * Todd C. Miller <tm...@tr...>
*
* Copyright (C) 2007 Tresys Technology, LLC
*
@@ -23,6 +24,8 @@
#include <semanage/seusers_policy.h>
#include <semanage/users_policy.h>
#include <semanage/user_record.h>
+#include <sepol/context.h>
+#include <sepol/context_record.h>
#include "semanage_store.h"
#include "seuser_internal.h"
#include "debug.h"
@@ -41,6 +44,7 @@
#include <fcntl.h>
#include <pwd.h>
#include <errno.h>
+#include <unistd.h>
/* paths used in get_home_dirs() */
#define PATH_ETC_USERADD "/etc/default/useradd"
@@ -78,7 +82,10 @@
const char *fcfilepath;
int usepasswd;
const char *homedir_template_path;
+ char *fallback_user;
+ char *fallback_user_prefix;
semanage_handle_t *h_semanage;
+ sepol_policydb_t *policydb;
} genhomedircon_settings_t;
typedef struct user_entry {
@@ -145,12 +152,15 @@
{
semanage_list_t *homedir_list = NULL;
semanage_list_t *shells = NULL;
+ char *rbuf = NULL;
char *path = NULL;
+ long rbuflen;
size_t minuid = 0;
size_t minuid_set = 0;
size_t temp;
- struct passwd *pwbuf;
+ struct passwd pwstorage, *pwbuf;
struct stat buf;
+ int retval;
shells = get_shell_list();
assert(shells);
@@ -215,8 +225,14 @@
minuid_set = 1;
}
+ rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (rbuflen <= 0)
+ goto fail;
+ rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ goto fail;
setpwent();
- for (errno = 0; (pwbuf = getpwent()); errno = 0) {
+ while ((retval = getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf)) == 0) {
if (pwbuf->pw_uid < minuid)
continue;
if (!semanage_list_find(shells, pwbuf->pw_shell))
@@ -239,11 +255,12 @@
free(path);
}
- if (errno) {
+ if (retval && retval != ENOENT) {
WARN(s->h_semanage, "Error while fetching users. "
"Returning list so far.");
}
endpwent();
+ free(rbuf);
semanage_list_destroy(&shells);
if (semanage_list_sort(&homedir_list))
goto fail;
@@ -251,6 +268,8 @@
return homedir_list;
fail:
+ endpwent();
+ free(rbuf);
semanage_list_destroy(&homedir_list);
semanage_list_destroy(&shells);
return NULL;
@@ -322,7 +341,7 @@
static Ustr *replace_all(const char *str, const replacement_pair_t * repl)
{
Ustr *retval = USTR_NULL;
- int i, num_replaced = 0;
+ int i;
if (!str || !repl)
goto done;
@@ -330,20 +349,60 @@
goto done;
for (i = 0; repl[i].search_for; i++) {
- num_replaced += ustr_replace_cstr(&retval, repl[i].search_for,
- repl[i].replace_with, 0);
+ ustr_replace_cstr(&retval, repl[i].search_for,
+ repl[i].replace_with, 0);
}
- if (!num_replaced)
+ if (ustr_enomem(retval))
ustr_sc_free(&retval);
done:
return retval;
}
-static int write_home_dir_context(FILE * out, semanage_list_t * tpl,
- const char *user, const char *seuser,
- const char *home, const char *role_prefix)
+static const char * extract_context(Ustr *line)
{
+ const char whitespace[] = " \t\n";
+ size_t off, len;
+
+ /* check for trailing whitespace */
+ off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
+
+ /* find the length of the last field in line */
+ len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
+
+ if (len == 0)
+ return NULL;
+ return ustr_cstr(line) + ustr_len(line) - (len + off);
+}
+
+static int check_line(genhomedircon_settings_t * s, Ustr *line)
+{
+ sepol_context_t *ctx_record = NULL;
+ const char *ctx_str;
+ int result;
+
+ ctx_str = extract_context(line);
+ if (!ctx_str)
+ return STATUS_ERR;
+
+ result = sepol_context_from_string(s->h_semanage->sepolh,
+ ctx_str, &ctx_record);
+ if (result == STATUS_SUCCESS && ctx_record != NULL) {
+ sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
+ result = sepol_context_check(s->h_semanage->sepolh,
+ s->policydb, ctx_record);
+ sepol_msg_set_callback(s->h_semanage->sepolh,
+ semanage_msg_relay_handler, s->h_semanage);
+ sepol_context_free(ctx_record);
+ }
+ return result;
+}
+
+static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * tpl, const char *user,
+ const char *seuser, const char *home,
+ const char *role_prefix)
+{
replacement_pair_t repl[] = {
{.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
{.search_for = TEMPLATE_HOME_DIR,.replace_with = home},
@@ -357,8 +416,12 @@
for (; tpl; tpl = tpl->next) {
line = replace_all(tpl->data, repl);
- if (!line || !ustr_io_putfileline(&line, out))
+ if (!line)
goto fail;
+ if (check_line(s, line) == STATUS_SUCCESS) {
+ if (!ustr_io_putfileline(&line, out))
+ goto fail;
+ }
ustr_sc_free(&line);
}
return STATUS_SUCCESS;
@@ -368,8 +431,8 @@
return STATUS_ERR;
}
-static int write_home_root_context(FILE * out, semanage_list_t * tpl,
- char *homedir)
+static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * tpl, char *homedir)
{
replacement_pair_t repl[] = {
{.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
@@ -379,8 +442,12 @@
for (; tpl; tpl = tpl->next) {
line = replace_all(tpl->data, repl);
- if (!line || !ustr_io_putfileline(&line, out))
+ if (!line)
goto fail;
+ if (check_line(s, line) == STATUS_SUCCESS) {
+ if (!ustr_io_putfileline(&line, out))
+ goto fail;
+ }
ustr_sc_free(&line);
}
return STATUS_SUCCESS;
@@ -390,8 +457,9 @@
return STATUS_ERR;
}
-static int write_user_context(FILE * out, semanage_list_t * tpl, char *user,
- char *seuser, char *role_prefix)
+static int write_user_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * tpl, const char *user,
+ const char *seuser, const char *role_prefix)
{
replacement_pair_t repl[] = {
{.search_for = TEMPLATE_USER,.replace_with = user},
@@ -403,8 +471,12 @@
for (; tpl; tpl = tpl->next) {
line = replace_all(tpl->data, repl);
- if (!line || !ustr_io_putfileline(&line, out))
+ if (!line)
goto fail;
+ if (check_line(s, line) == STATUS_SUCCESS) {
+ if (!ustr_io_putfileline(&line, out))
+ goto fail;
+ }
ustr_sc_free(&line);
}
return STATUS_SUCCESS;
@@ -484,6 +556,76 @@
free(temp);
}
+static int set_fallback_user(genhomedircon_settings_t *s,
+ const char *user, const char *prefix)
+{
+ char *fallback_user = strdup(user);
+ char *fallback_user_prefix = strdup(prefix);
+
+ if (fallback_user == NULL || fallback_user_prefix == NULL) {
+ free(fallback_user);
+ free(fallback_user_prefix);
+ return STATUS_ERR;
+ }
+
+ free(s->fallback_user);
+ free(s->fallback_user_prefix);
+ s->fallback_user = fallback_user;
+ s->fallback_user_prefix = fallback_user_prefix;
+ return STATUS_SUCCESS;
+}
+
+static int setup_fallback_user(genhomedircon_settings_t * s)
+{
+ semanage_seuser_t **seuser_list = NULL;
+ unsigned int nseusers = 0;
+ semanage_user_key_t *key = NULL;
+ semanage_user_t *u = NULL;
+ const char *name = NULL;
+ const char *seuname = NULL;
+ const char *prefix = NULL;
+ unsigned int i;
+ int retval;
+ int errors = 0;
+
+ retval = semanage_seuser_list(s->h_semanage, &seuser_list, &nseusers);
+ if (retval < 0 || (nseusers < 1)) {
+ /* if there are no users, this function can't do any other work */
+ return errors;
+ }
+
+ for (i = 0; i < nseusers; i++) {
+ name = semanage_seuser_get_name(seuser_list[i]);
+ if (strcmp(name, DEFAULT_LOGIN) == 0) {
+ seuname = semanage_seuser_get_sename(seuser_list[i]);
+
+ /* find the user structure given the name */
+ if (semanage_user_key_create(s->h_semanage, seuname,
+ &key) < 0) {
+ errors = STATUS_ERR;
+ break;
+ }
+ if (semanage_user_query(s->h_semanage, key, &u) < 0)
+ prefix = name;
+ else
+ prefix = semanage_user_get_prefix(u);
+
+ if (set_fallback_user(s, seuname, prefix) != 0)
+ errors = STATUS_ERR;
+ semanage_user_key_free(key);
+ if (u)
+ semanage_user_free(u);
+ break;
+ }
+ }
+
+ for (i = 0; i < nseusers; i++)
+ semanage_seuser_free(seuser_list[i]);
+ free(seuser_list);
+
+ return errors;
+}
+
static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
int *errors)
{
@@ -496,8 +638,10 @@
const char *name = NULL;
const char *seuname = NULL;
const char *prefix = NULL;
- struct passwd *pwent = NULL;
+ struct passwd pwstorage, *pwent = NULL;
unsigned int i;
+ long rbuflen;
+ char *rbuf = NULL;
int retval;
*errors = 0;
@@ -514,15 +658,25 @@
qsort(user_list, nusers, sizeof(semanage_user_t *),
(int (*)(const void *, const void *))&user_sort_func);
+ /* Allocate space for the getpwnam_r buffer */
+ rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (rbuflen <= 0)
+ goto cleanup;
+ rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ goto cleanup;
+
for (i = 0; i < nseusers; i++) {
+ seuname = semanage_seuser_get_sename(seuser_list[i]);
name = semanage_seuser_get_name(seuser_list[i]);
- seuname = semanage_seuser_get_sename(seuser_list[i]);
- if (strcmp(seuname, FALLBACK_USER) == 0)
+ if (strcmp(name,"root") && strcmp(seuname, s->fallback_user) == 0)
continue;
- if (strcmp(seuname, DEFAULT_LOGIN) == 0)
+
+ if (strcmp(name, DEFAULT_LOGIN) == 0)
continue;
- if (strcmp(seuname, TEMPLATE_SEUSER) == 0)
+
+ if (strcmp(name, TEMPLATE_SEUSER) == 0)
continue;
/* find the user structure given the name */
@@ -535,13 +689,13 @@
prefix = name;
}
- errno = 0;
- pwent = getpwnam(name);
- if (!pwent) {
- if (errno != 0) {
+ retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+ if (retval != 0 || pwent == NULL) {
+ if (retval != 0 && retval != ENOENT) {
*errors = STATUS_ERR;
goto cleanup;
}
+
WARN(s->h_semanage,
"user %s not in password file", name);
continue;
@@ -561,6 +715,7 @@
}
cleanup:
+ free(rbuf);
if (*errors) {
for (; head; pop_user_entry(&head)) {
/* the pop function takes care of all the cleanup
@@ -580,7 +735,7 @@
return head;
}
-static int write_gen_home_dir_context(FILE * out, genhomedircon_settings_t * s,
+static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
semanage_list_t * user_context_tpl,
semanage_list_t * homedir_context_tpl)
{
@@ -593,13 +748,13 @@
}
for (; users; pop_user_entry(&users)) {
- if (write_home_dir_context(out, homedir_context_tpl,
+ if (write_home_dir_context(s, out, homedir_context_tpl,
users->name,
users->sename, users->home,
users->prefix)) {
return STATUS_ERR;
}
- if (write_user_context(out, user_context_tpl, users->name,
+ if (write_user_context(s, out, user_context_tpl, users->name,
users->sename, users->prefix)) {
return STATUS_ERR;
}
@@ -640,6 +795,10 @@
goto done;
}
+ if (setup_fallback_user(s) != 0) {
+ retval = STATUS_ERR;
+ goto done;
+ }
for (h = homedirs; h; h = h->next) {
Ustr *temp = ustr_dup_cstr(h->data);
@@ -649,16 +808,17 @@
goto done;
}
- if (write_home_dir_context(out,
- homedir_context_tpl, FALLBACK_USER,
- FALLBACK_USER, ustr_cstr(temp),
- FALLBACK_USER_PREFIX) !=
+ if (write_home_dir_context(s, out,
+ homedir_context_tpl,
+ s->fallback_user, s->fallback_user,
+ ustr_cstr(temp),
+ s->fallback_user_prefix) !=
STATUS_SUCCESS) {
ustr_sc_free(&temp);
retval = STATUS_ERR;
goto done;
}
- if (write_home_root_context(out,
+ if (write_home_root_context(s, out,
homeroot_context_tpl,
h->data) != STATUS_SUCCESS) {
ustr_sc_free(&temp);
@@ -668,13 +828,14 @@
ustr_sc_free(&temp);
}
- if (write_user_context(out, user_context_tpl,
- ".*", FALLBACK_USER,
- FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
+ if (write_user_context(s, out, user_context_tpl,
+ ".*", s->fallback_user,
+ s->fallback_user_prefix) != STATUS_SUCCESS) {
retval = STATUS_ERR;
goto done;
}
- if (write_gen_home_dir_context(out, s, user_context_tpl,
+
+ if (write_gen_home_dir_context(s, out, user_context_tpl,
homedir_context_tpl) != STATUS_SUCCESS) {
retval = STATUS_ERR;
}
@@ -689,7 +850,9 @@
return retval;
}
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd)
+int semanage_genhomedircon(semanage_handle_t * sh,
+ sepol_policydb_t * policydb,
+ int usepasswd)
{
genhomedircon_settings_t s;
FILE *out = NULL;
@@ -701,8 +864,14 @@
semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
s.fcfilepath = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_HOMEDIRS);
+ s.fallback_user = strdup(FALLBACK_USER);
+ s.fallback_user_prefix = strdup(FALLBACK_USER_PREFIX);
+ if (s.fallback_user == NULL || s.fallback_user_prefix == NULL)
+ return STATUS_ERR;
+
s.usepasswd = usepasswd;
s.h_semanage = sh;
+ s.policydb = policydb;
if (!(out = fopen(s.fcfilepath, "w"))) {
/* couldn't open output file */
@@ -713,5 +882,9 @@
retval = write_context_file(&s, out);
fclose(out);
+
+ free(s.fallback_user);
+ free(s.fallback_user_prefix);
+
return retval;
}
Modified: branches/policyrep/libsemanage/src/genhomedircon.h
===================================================================
--- branches/policyrep/libsemanage/src/genhomedircon.h 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libsemanage/src/genhomedircon.h 2007-10-05 14:05:52 UTC (rev 2639)
@@ -22,6 +22,7 @@
#include "utilities.h"
-int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd);
+int semanage_genhomedircon(semanage_handle_t * sh,
+ sepol_policydb_t * policydb, int usepasswd);
#endif
Modified: branches/policyrep/libsemanage/src/semanage.py
===================================================================
--- branches/policyrep/libsemanage/src/semanage.py 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libsemanage/src/semanage.py 2007-10-05 14:05:52 UTC (rev 2639)
@@ -1,10 +1,16 @@
-# This file was created automatically by SWIG 1.3.29.
+# This file was automatically generated by SWIG (http://www.swig.org).
+# Version 1.3.31
+#
# Don't modify this file, modify the SWIG interface instead.
# This file is compatible with both classic and new-style classes.
import _semanage
import new
new_instancemethod = new.instancemethod
+try:
+ _swig_property = property
+except NameError:
+ pass # Python < 2.2 doesn't have 'property'.
def _swig_setattr_nondynamic(self,class_type,name,value,static=1):
if (name == "thisown"): return self.this.own(value)
if (name == "this"):
@@ -60,6 +66,7 @@
semanage_set_reload = _semanage.semanage_set_reload
semanage_set_rebuild = _semanage.semanage_set_rebuild
semanage_set_create_store = _semanage.semanage_set_create_store
+semanage_set_disable_dontaudit = _semanage.semanage_set_disable_dontaudit
semanage_is_managed = _semanage.semanage_is_managed
semanage_connect = _semanage.semanage_connect
semanage_disconnect = _semanage.semanage_disconnect
Modified: branches/policyrep/libsemanage/src/semanage_store.c
===================================================================
--- branches/policyrep/libsemanage/src/semanage_store.c 2007-10-05 14:04:01 UTC (rev 2638)
+++ branches/policyrep/libsemanage/src/semanage_store.c 2007-10-05 14:05:52 UTC (rev 2639)
@@ -437,7 +437,7 @@
* overwrite it. Returns 0 on success, -1 on error. */
static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
{
- int in, out, retval = 0, amount_read, n;
+ int in, out, retval = 0, amount_read, n, errsv = errno;
char tmp[PATH_MAX];
char buf[4192];
@@ -453,23 +453,32 @@
mode = S_IRUSR | S_IWUSR;
if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) {
+ errsv = errno;
close(in);
- return -1;
+ retval = -1;
+ goto out;
}
while (retval == 0 && (amount_read = read(in, buf, sizeof(buf))) > 0) {
- if (write(out, buf, amount_read) != amount_read) {
+ if (write(out, buf, amount_read) < 0) {
+ errsv = errno;
retval = -1;
}
}
- if (amount_read < 0)
+ if (amount_read < 0) {
+ errsv = errno;
retval = -1;
+ }
close(in);
- if (close(out) < 0)
+ if (close(out) < 0) {
+ errsv = errno;
retval = -1;
+ }
if (!retval && rename(tmp, dst) == -1)
return -1;
+out:
+ errno = errsv;
return retval;
}
@@ -558,12 +567,14 @@
{
const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
struct stat buf;
+ int errsv;
if (stat(sandbox, &buf) == -1) {
if (errno != ENOENT) {
ERR(sh, "Error scanning directory %s.", sandbox);
return -1;
}
+ errno = 0;
} else {
/* remove the old sandbox */
if (semanage_remove_directory(sandbox) != 0) {
@@ -582,7 +593,9 @@
return 0;
cleanup:
+ errsv = errno;
semanage_remove_directory(sandbox);
+ errno = errsv;
return -1;
}
@@ -973,14 +986,14 @@
if (!strncmp(buf, "HOME_DIR", 8) ||
!strncmp(buf, "HOME_ROOT", 9) || strstr(buf, "ROLE")) {
/* This contains one of the template variables, write it to homedir.template */
- if (write(hd, buf, strlen(buf)) == 0) {
+ if (write(hd, buf, strlen(buf)) < 0) {
ERR(sh, "Write to %s failed.",
semanage_path(SEMANAGE_TMP,
SEMANAGE_HOMEDIR_TMPL));
goto cleanup;
}
} else {
- if (write(fc, buf, strlen(buf)) == 0) {
+ if (write(fc, buf, strlen(buf)) < 0) {
ERR(sh, "Write to %s failed.",
semanage_path(SEMANAGE_TMP, SEMANAGE_FC));
goto cleanup;
@@ -1084,6 +1097,7 @@
store_fc_loc);
goto cleanup;
}
+ errno = 0;
snprintf(store_seusers, PATH_MAX, "%s%s", storepath, running_seusers);
if (semanage_copy_file
@@ -1093,6 +1107,7 @@
store_seusers);
goto cleanup;
}
+ errno = 0;
snprintf(store_nc, PATH_MAX, "%s%s", storepath, running_nc);
if (semanage_copy_file(active_nc, store_nc, sh->conf->file_mode) == -1
@@ -1100,6 +1115,7 @@
ERR(sh, "Could not copy %s ...
[truncated message content] |
|
From: <ssm...@us...> - 2007-10-05 14:04:03
|
Revision: 2638
http://selinux.svn.sourceforge.net/selinux/?rev=2638&view=rev
Author: ssmalley
Date: 2007-10-05 07:04:01 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Revert - doesn't work.
Modified Paths:
--------------
trunk/libsepol/src/private.h
Modified: trunk/libsepol/src/private.h
===================================================================
--- trunk/libsepol/src/private.h 2007-10-05 13:53:14 UTC (rev 2637)
+++ trunk/libsepol/src/private.h 2007-10-05 14:04:01 UTC (rev 2638)
@@ -45,13 +45,3 @@
extern int next_entry(void *buf, struct policy_file *fp, size_t bytes) hidden;
extern size_t put_entry(const void *ptr, size_t size, size_t n,
struct policy_file *fp) hidden;
-
-#ifdef DEBUG
-# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR >= 1)
-# define next_entry(buf, fp, bytes) \
- ({ size_t _bytes = bytes; \
- __builtin_object_size (buf, 0) != (size_t) -1 && sizeof (buf) < _bytes \
- ? (abort (), -1) \
- : next_entry (buf, fp, _bytes); })
-# endif
-#endif
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 13:53:18
|
Revision: 2637
http://selinux.svn.sourceforge.net/selinux/?rev=2637&view=rev
Author: ssmalley
Date: 2007-10-05 06:53:14 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Wrap attribute with #ifdef __GNUC__ to avoid breaking swig.
Regenerate python bindings via make swigify.
Modified Paths:
--------------
trunk/libselinux/include/selinux/selinux.h
trunk/libselinux/src/selinux.py
trunk/libselinux/src/selinuxswig_wrap.c
Modified: trunk/libselinux/include/selinux/selinux.h
===================================================================
--- trunk/libselinux/include/selinux/selinux.h 2007-10-05 13:46:54 UTC (rev 2636)
+++ trunk/libselinux/include/selinux/selinux.h 2007-10-05 13:53:14 UTC (rev 2637)
@@ -142,7 +142,10 @@
union selinux_callback {
/* log the printf-style format and arguments,
with the type code indicating the type of message */
- int __attribute__((format(printf, 2, 3)))
+ int
+#ifdef __GNUC__
+__attribute__ ((format(printf, 2, 3)))
+#endif
(*func_log) (int type, const char *fmt, ...);
/* store a string representation of auditdata (corresponding
to the given security class) into msgbuf. */
Modified: trunk/libselinux/src/selinux.py
===================================================================
--- trunk/libselinux/src/selinux.py 2007-10-05 13:46:54 UTC (rev 2636)
+++ trunk/libselinux/src/selinux.py 2007-10-05 13:53:14 UTC (rev 2637)
@@ -166,6 +166,7 @@
SELINUX_CB_LOG = _selinux.SELINUX_CB_LOG
SELINUX_CB_AUDIT = _selinux.SELINUX_CB_AUDIT
SELINUX_CB_VALIDATE = _selinux.SELINUX_CB_VALIDATE
+selinux_get_callback = _selinux.selinux_get_callback
selinux_set_callback = _selinux.selinux_set_callback
SELINUX_ERROR = _selinux.SELINUX_ERROR
SELINUX_WARNING = _selinux.SELINUX_WARNING
Modified: trunk/libselinux/src/selinuxswig_wrap.c
===================================================================
--- trunk/libselinux/src/selinuxswig_wrap.c 2007-10-05 13:46:54 UTC (rev 2636)
+++ trunk/libselinux/src/selinuxswig_wrap.c 2007-10-05 13:53:14 UTC (rev 2637)
@@ -4651,6 +4651,28 @@
return SWIG_Py_Void();
}
+SWIGINTERN PyObject *_wrap_selinux_get_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ union selinux_callback result;
+ int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_get_callback",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_get_callback" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = selinux_get_callback(arg1);
+ resultobj = SWIG_NewPointerObj((union selinux_callback *)memcpy((union selinux_callback *)malloc(sizeof(union selinux_callback)),&result,sizeof(union selinux_callback)), SWIGTYPE_p_selinux_callback, SWIG_POINTER_OWN | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_selinux_set_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
int arg1 ;
@@ -8011,6 +8033,7 @@
{ (char *)"new_selinux_callback", _wrap_new_selinux_callback, METH_VARARGS, NULL},
{ (char *)"delete_selinux_callback", _wrap_delete_selinux_callback, METH_VARARGS, NULL},
{ (char *)"selinux_callback_swigregister", selinux_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"selinux_get_callback", _wrap_selinux_get_callback, METH_VARARGS, NULL},
{ (char *)"selinux_set_callback", _wrap_selinux_set_callback, METH_VARARGS, NULL},
{ (char *)"security_compute_av", _wrap_security_compute_av, METH_VARARGS, NULL},
{ (char *)"security_compute_av_raw", _wrap_security_compute_av_raw, METH_VARARGS, NULL},
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 13:46:58
|
Revision: 2636
http://selinux.svn.sourceforge.net/selinux/?rev=2636&view=rev
Author: ssmalley
Date: 2007-10-05 06:46:54 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: Ulrich Drepper
Email: dr...@re...
Subject: catch errors
Date: Tue, 28 Aug 2007 14:52:21 -0700
Given the buffer overflow which has been fixed recently I think it's
worthwhile adding to debug features. It's using the same technology as
glibc's _FORTIFY_SOURCE functionality. I would unconditionally define
DEBUG, in most cases the compiler can figure out there is no problem.
Modified Paths:
--------------
trunk/libsepol/src/private.h
Modified: trunk/libsepol/src/private.h
===================================================================
--- trunk/libsepol/src/private.h 2007-10-05 13:46:13 UTC (rev 2635)
+++ trunk/libsepol/src/private.h 2007-10-05 13:46:54 UTC (rev 2636)
@@ -45,3 +45,13 @@
extern int next_entry(void *buf, struct policy_file *fp, size_t bytes) hidden;
extern size_t put_entry(const void *ptr, size_t size, size_t n,
struct policy_file *fp) hidden;
+
+#ifdef DEBUG
+# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR >= 1)
+# define next_entry(buf, fp, bytes) \
+ ({ size_t _bytes = bytes; \
+ __builtin_object_size (buf, 0) != (size_t) -1 && sizeof (buf) < _bytes \
+ ? (abort (), -1) \
+ : next_entry (buf, fp, _bytes); })
+# endif
+#endif
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 13:46:14
|
Revision: 2635
http://selinux.svn.sourceforge.net/selinux/?rev=2635&view=rev
Author: ssmalley
Date: 2007-10-05 06:46:13 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: Eamon Walsh
Email: ew...@ty...
Subject: libselinux: minor updates to AVC, mapping, callbacks
Date: Thu, 04 Oct 2007 14:10:11 -0400
This patch allows empty strings to be specified as permissions in
the dynamic permission mapping. An empty string will be interpreted
as a "skipped bit" which allows userspace object managers to use
non-contiguous permission bits.
Signed-off-by: Eamon Walsh <ew...@ty...>
Modified Paths:
--------------
trunk/libselinux/src/mapping.c
Modified: trunk/libselinux/src/mapping.c
===================================================================
--- trunk/libselinux/src/mapping.c 2007-10-05 13:45:54 UTC (rev 2634)
+++ trunk/libselinux/src/mapping.c 2007-10-05 13:46:13 UTC (rev 2635)
@@ -68,6 +68,11 @@
k = 0;
while (p_in->perms && p_in->perms[k]) {
+ /* An empty permission string skips ahead */
+ if (!*p_in->perms[k]) {
+ k++;
+ continue;
+ }
p_out->perms[k] = string_to_av_perm(p_out->value,
p_in->perms[k]);
if (!p_out->perms[k])
@@ -111,6 +116,7 @@
for (i=0; i<current_mapping[tclass].num_perms; i++)
if (tperm & (1<<i)) {
+ assert(current_mapping[tclass].perms[i]);
kperm |= current_mapping[tclass].perms[i];
tperm &= ~(1<<i);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 13:45:58
|
Revision: 2634
http://selinux.svn.sourceforge.net/selinux/?rev=2634&view=rev
Author: ssmalley
Date: 2007-10-05 06:45:54 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: Eamon Walsh
Email: ew...@ty...
Subject: libselinux: minor updates to AVC, mapping, callbacks
Date: Thu, 04 Oct 2007 14:01:12 -0400
This patch introduces a replacement for avc_init(), avc_open().
The purpose of this is to move away from the callbacks specified
to avc_init() and instead set callbacks with selinux_set_callback(),
as well as to use the same option mechanism as selabel_open().
Also updated the old avc_init callbacks to call the new ones if they
are set.
Signed-off-by: Eamon Walsh <ew...@ty...>
Modified Paths:
--------------
trunk/libselinux/include/selinux/avc.h
trunk/libselinux/src/avc.c
trunk/libselinux/src/avc_internal.h
Modified: trunk/libselinux/include/selinux/avc.h
===================================================================
--- trunk/libselinux/include/selinux/avc.h 2007-10-05 13:45:26 UTC (rev 2633)
+++ trunk/libselinux/include/selinux/avc.h 2007-10-05 13:45:54 UTC (rev 2634)
@@ -182,6 +182,17 @@
const struct avc_lock_callback *lock_callbacks);
/**
+ * avc_open - Initialize the AVC.
+ * @opts: array of selabel_opt structures specifying AVC options or NULL.
+ * @nopts: number of elements in opts array or zero for no options.
+ *
+ * This function is identical to avc_init(), except the message prefix
+ * is set to "avc" and any callbacks desired should be specified via
+ * selinux_set_callback(). No options are currently supported.
+ */
+int avc_open(struct selinux_opt *opts, unsigned nopts);
+
+/**
* avc_cleanup - Remove unused SIDs and AVC entries.
*
* Search the SID table for SID structures with zero
Modified: trunk/libselinux/src/avc.c
===================================================================
--- trunk/libselinux/src/avc.c 2007-10-05 13:45:26 UTC (rev 2633)
+++ trunk/libselinux/src/avc.c 2007-10-05 13:45:54 UTC (rev 2634)
@@ -157,6 +157,12 @@
return rc;
}
+int avc_open(struct selinux_opt *opts __attribute__((unused)),
+ unsigned nopts __attribute__((unused)))
+{
+ return avc_init("avc", NULL, NULL, NULL, NULL);
+}
+
int avc_init(const char *prefix,
const struct avc_memory_callback *mem_cb,
const struct avc_log_callback *log_cb,
Modified: trunk/libselinux/src/avc_internal.h
===================================================================
--- trunk/libselinux/src/avc_internal.h 2007-10-05 13:45:26 UTC (rev 2633)
+++ trunk/libselinux/src/avc_internal.h 2007-10-05 13:45:54 UTC (rev 2634)
@@ -13,6 +13,7 @@
#include <stdlib.h>
#include <string.h>
#include <selinux/avc.h>
+#include "callbacks.h"
#include "dso.h"
/* SID reference counter manipulation */
@@ -93,13 +94,15 @@
if (avc_func_log) \
avc_func_log(format); \
else \
- fprintf(stderr, format)
+ selinux_log(SELINUX_ERROR, format);
static inline void avc_suppl_audit(void *ptr, security_class_t class,
char *buf, size_t len)
{
if (avc_func_audit)
avc_func_audit(ptr, class, buf, len);
+ else
+ selinux_audit(ptr, class, buf, len);
}
static inline void *avc_create_thread(void (*run) (void))
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 13:45:30
|
Revision: 2633
http://selinux.svn.sourceforge.net/selinux/?rev=2633&view=rev
Author: ssmalley
Date: 2007-10-05 06:45:26 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: Eamon Walsh
Email: ew...@ty...
Subject: libselinux: minor updates to AVC, mapping, callbacks
Date: Wed, 03 Oct 2007 18:50:30 -0400
This patch introduces the selinux_get_callback() companion
to selinux_set_callback() that was discussed on-list recently.
Added a format attribute to the callback union definition to
squash a gcc warning.
Signed-off-by: Eamon Walsh <ew...@ty...>
Modified Paths:
--------------
trunk/libselinux/include/selinux/selinux.h
trunk/libselinux/src/callbacks.c
Modified: trunk/libselinux/include/selinux/selinux.h
===================================================================
--- trunk/libselinux/include/selinux/selinux.h 2007-10-05 13:43:23 UTC (rev 2632)
+++ trunk/libselinux/include/selinux/selinux.h 2007-10-05 13:45:26 UTC (rev 2633)
@@ -142,7 +142,8 @@
union selinux_callback {
/* log the printf-style format and arguments,
with the type code indicating the type of message */
- int (*func_log) (int type, const char *fmt, ...);
+ int __attribute__((format(printf, 2, 3)))
+ (*func_log) (int type, const char *fmt, ...);
/* store a string representation of auditdata (corresponding
to the given security class) into msgbuf. */
int (*func_audit) (void *auditdata, security_class_t cls,
@@ -155,6 +156,7 @@
#define SELINUX_CB_AUDIT 1
#define SELINUX_CB_VALIDATE 2
+extern union selinux_callback selinux_get_callback(int type);
extern void selinux_set_callback(int type, union selinux_callback cb);
/* Logging type codes, passed to the logging callback */
Modified: trunk/libselinux/src/callbacks.c
===================================================================
--- trunk/libselinux/src/callbacks.c 2007-10-05 13:43:23 UTC (rev 2632)
+++ trunk/libselinux/src/callbacks.c 2007-10-05 13:45:26 UTC (rev 2633)
@@ -6,6 +6,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
+#include <errno.h>
#include <selinux/selinux.h>
#include "callbacks.h"
@@ -65,3 +66,27 @@
break;
}
}
+
+/* callback getting function */
+union selinux_callback
+selinux_get_callback(int type)
+{
+ union selinux_callback cb;
+
+ switch (type) {
+ case SELINUX_CB_LOG:
+ cb.func_log = selinux_log;
+ break;
+ case SELINUX_CB_AUDIT:
+ cb.func_audit = selinux_audit;
+ break;
+ case SELINUX_CB_VALIDATE:
+ cb.func_validate = selinux_validate;
+ break;
+ default:
+ memset(&cb, 0, sizeof(cb));
+ errno = EINVAL;
+ break;
+ }
+ return cb;
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 13:43:24
|
Revision: 2632
http://selinux.svn.sourceforge.net/selinux/?rev=2632&view=rev
Author: ssmalley
Date: 2007-10-05 06:43:23 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: policycoreutils patch for semanage/seobject.py
Date: Wed, 03 Oct 2007 11:31:22 -0400
Patch implements handling of booleans via semanage
Adds display of local list. So you can either show all booleans,
fcontext, ports or just your local modifications.
Implements a store command, so you can use semanage to manage
alternative stores.
Implements deleteall so you can remove all local customizations.
Add support for <<none>> as a context type for fcontext.
Modified Paths:
--------------
trunk/policycoreutils/semanage/semanage
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/semanage
===================================================================
--- trunk/policycoreutils/semanage/semanage 2007-10-05 13:42:48 UTC (rev 2631)
+++ trunk/policycoreutils/semanage/semanage 2007-10-05 13:43:23 UTC (rev 2632)
@@ -48,13 +48,14 @@
def usage(message = ""):
print _('\
-semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\
+semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n] \n\
semanage login -{a|d|m} [-sr] login_name\n\
semanage user -{a|d|m} [-LrRP] selinux_name\n\
semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\
semanage interface -{a|d|m} [-tr] interface_spec\n\
semanage fcontext -{a|d|m} [-frst] file_spec\n\
semanage translation -{a|d|m} [-T] level\n\n\
+semanage boolean -{d|m} boolean\n\n\
\
Primary Options:\n\
\
@@ -62,10 +63,12 @@
-d, --delete Delete a OBJECT record NAME\n\
-m, --modify Modify a OBJECT record NAME\n\
-l, --list List the OBJECTS\n\n\
+ -C, --locallist List OBJECTS local customizations\n\n\
+ -D, --deleteall Remove all OBJECTS local customizations\n\
\
-h, --help Display this message\n\
- -n, --noheading Do not print heading when listing OBJECTS\n\n\
-\
+ -n, --noheading Do not print heading when listing OBJECTS\n\
+ -S, --store Select and alternate SELinux store to manage\n\n\
Object-specific Options (see above):\n\
-f, --ftype File Type of OBJECT \n\
"" (all files) \n\
@@ -98,7 +101,7 @@
def get_options():
valid_option={}
- valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ]
+ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
valid_option["login"] = []
valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
valid_option["user"] = []
@@ -111,6 +114,8 @@
valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
valid_option["translation"] = []
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
+ valid_option["boolean"] = []
+ valid_option["boolean"] += valid_everyone
return valid_option
#
@@ -134,7 +139,10 @@
add = 0
modify = 0
delete = 0
+ deleteall = 0
list = 0
+ locallist = 0
+ store = ""
if len(sys.argv) < 3:
usage(_("Requires 2 or more arguments"))
@@ -146,16 +154,19 @@
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- 'adf:lhmnp:s:R:L:r:t:T:P:',
+ 'adf:lhmnp:s:CDR:L:r:t:T:P:S:',
['add',
'delete',
+ 'deleteall',
'ftype=',
'help',
'list',
'modify',
'noheading',
+ 'localist',
'proto=',
'seuser=',
+ 'store=',
'range=',
'level=',
'roles=',
@@ -177,6 +188,10 @@
if modify or add:
usage()
delete = 1
+ if o == "-D" or o == "--deleteall":
+ if modify:
+ usage()
+ deleteall = 1
if o == "-f" or o == "--ftype":
ftype=a
if o == "-h" or o == "--help":
@@ -185,11 +200,17 @@
if o == "-n" or o == "--noheading":
heading=0
+ if o == "-C" or o == "--locallist":
+ locallist=1
+
if o == "-m"or o == "--modify":
if delete or add:
usage()
modify = 1
+ if o == "-S" or o == '--store':
+ store = a
+
if o == "-r" or o == '--range':
if is_mls_enabled == 0:
errorExit(_("range not supported on Non MLS machines"))
@@ -222,32 +243,39 @@
setrans = a
if object == "login":
- OBJECT = seobject.loginRecords()
+ OBJECT = seobject.loginRecords(store)
if object == "user":
- OBJECT = seobject.seluserRecords()
+ OBJECT = seobject.seluserRecords(store)
if object == "port":
- OBJECT = seobject.portRecords()
+ OBJECT = seobject.portRecords(store)
if object == "interface":
- OBJECT = seobject.interfaceRecords()
+ OBJECT = seobject.interfaceRecords(store)
if object == "fcontext":
- OBJECT = seobject.fcontextRecords()
+ OBJECT = seobject.fcontextRecords(store)
+ if object == "boolean":
+ OBJECT = seobject.booleanRecords(store)
+
if object == "translation":
OBJECT = seobject.setransRecords()
if list:
- OBJECT.list(heading)
+ OBJECT.list(heading, locallist)
sys.exit(0);
+ if deleteall:
+ OBJECT.deleteall()
+ sys.exit(0);
+
if len(cmds) != 1:
usage()
+
+ target = cmds[0]
- target = cmds[0]
-
if add:
if object == "login":
OBJECT.add(target, seuser, serange)
@@ -274,6 +302,9 @@
sys.exit(0);
if modify:
+ if object == "boolean":
+ OBJECT.modify(target, value)
+
if object == "login":
OBJECT.modify(target, seuser, serange)
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-10-05 13:42:48 UTC (rev 2631)
+++ trunk/policycoreutils/semanage/seobject.py 2007-10-05 13:43:23 UTC (rev 2632)
@@ -170,7 +170,7 @@
rec += "%s=%s\n" % (k, self.ddict[k])
return rec
- def list(self,heading = 1):
+ def list(self,heading = 1, locallist = 0):
if heading:
print "\n%-25s %s\n" % (_("Level"), _("Translation"))
keys = self.ddict.keys()
@@ -210,13 +210,17 @@
os.write(fd, self.out())
os.close(fd)
os.rename(newfilename, self.filename)
+ os.system("/sbin/service mcstrans reload > /dev/null")
class semanageRecords:
- def __init__(self):
+ def __init__(self, store):
self.sh = semanage_handle_create()
if not self.sh:
raise ValueError(_("Could not create semanage handle"))
+ if store != "":
+ semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT);
+
self.semanaged = semanage_is_managed(self.sh)
if not self.semanaged:
@@ -234,8 +238,8 @@
raise ValueError(_("Could not establish semanage connection"))
class loginRecords(semanageRecords):
- def __init__(self):
- semanageRecords.__init__(self)
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
def add(self, name, sename, serange):
if is_mls_enabled == 1:
@@ -389,10 +393,12 @@
mylog.log(1,"delete SELinux user mapping", name);
semanage_seuser_key_free(k)
-
- def get_all(self):
+ def get_all(self, locallist = 0):
ddict = {}
- (rc, self.ulist) = semanage_seuser_list(self.sh)
+ if locallist:
+ (rc, self.ulist) = semanage_seuser_list_local(self.sh)
+ else:
+ (rc, self.ulist) = semanage_seuser_list(self.sh)
if rc < 0:
raise ValueError(_("Could not list login mappings"))
@@ -401,8 +407,8 @@
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
return ddict
- def list(self,heading = 1):
- ddict = self.get_all()
+ def list(self,heading = 1, locallist = 0):
+ ddict = self.get_all(locallist)
keys = ddict.keys()
keys.sort()
if is_mls_enabled == 1:
@@ -417,8 +423,8 @@
print "%-25s %-25s" % (k, ddict[k][0])
class seluserRecords(semanageRecords):
- def __init__(self):
- semanageRecords.__init__(self)
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
def add(self, name, roles, selevel, serange, prefix):
if is_mls_enabled == 1:
@@ -601,9 +607,12 @@
mylog.log(1,"delete SELinux user record", name)
semanage_user_key_free(k)
- def get_all(self):
+ def get_all(self, locallist = 0):
ddict = {}
- (rc, self.ulist) = semanage_user_list(self.sh)
+ if locallist:
+ (rc, self.ulist) = semanage_user_list_local(self.sh)
+ else:
+ (rc, self.ulist) = semanage_user_list(self.sh)
if rc < 0:
raise ValueError(_("Could not list SELinux users"))
@@ -618,8 +627,8 @@
return ddict
- def list(self, heading = 1):
- ddict = self.get_all()
+ def list(self, heading = 1, locallist = 0):
+ ddict = self.get_all(locallist)
keys = ddict.keys()
keys.sort()
if is_mls_enabled == 1:
@@ -635,8 +644,8 @@
print "%-15s %s" % (k, ddict[k][3])
class portRecords(semanageRecords):
- def __init__(self):
- semanageRecords.__init__(self)
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
def __genkey(self, port, proto):
if proto == "tcp":
@@ -795,9 +804,12 @@
semanage_port_key_free(k)
- def get_all(self):
+ def get_all(self, locallist = 0):
ddict = {}
- (rc, self.plist) = semanage_port_list(self.sh)
+ if locallist:
+ (rc, self.plist) = semanage_port_list_local(self.sh)
+ else:
+ (rc, self.plist) = semanage_port_list(self.sh)
if rc < 0:
raise ValueError(_("Could not list ports"))
@@ -814,9 +826,12 @@
ddict[(low, high)] = (ctype, proto_str, level)
return ddict
- def get_all_by_type(self):
+ def get_all_by_type(self, locallist = 0):
ddict = {}
- (rc, self.plist) = semanage_port_list(self.sh)
+ if locallist:
+ (rc, self.plist) = semanage_port_list_local(self.sh)
+ else:
+ (rc, self.plist) = semanage_port_list(self.sh)
if rc < 0:
raise ValueError(_("Could not list ports"))
@@ -837,10 +852,10 @@
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
return ddict
- def list(self, heading = 1):
+ def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
- ddict = self.get_all_by_type()
+ ddict = self.get_all_by_type(locallist)
keys = ddict.keys()
keys.sort()
for i in keys:
@@ -851,8 +866,8 @@
print rec
class interfaceRecords(semanageRecords):
- def __init__(self):
- semanageRecords.__init__(self)
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
def add(self, interface, serange, ctype):
if is_mls_enabled == 1:
@@ -995,9 +1010,12 @@
semanage_iface_key_free(k)
- def get_all(self):
+ def get_all(self, locallist = 0):
ddict = {}
- (rc, self.ilist) = semanage_iface_list(self.sh)
+ if locallist:
+ (rc, self.ilist) = semanage_iface_list_local(self.sh)
+ else:
+ (rc, self.ilist) = semanage_iface_list(self.sh)
if rc < 0:
raise ValueError(_("Could not list interfaces"))
@@ -1007,10 +1025,10 @@
return ddict
- def list(self, heading = 1):
+ def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
- ddict = self.get_all()
+ ddict = self.get_all(locallist)
keys = ddict.keys()
keys.sort()
if is_mls_enabled:
@@ -1021,17 +1039,34 @@
print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
class fcontextRecords(semanageRecords):
- def __init__(self):
- semanageRecords.__init__(self)
-
- def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+ def createcon(self, target, seuser = "system_u"):
+ (rc, con) = semanage_context_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create context for %s") % target)
if seuser == "":
seuser = "system_u"
+
+ rc = semanage_context_set_user(self.sh, con, seuser)
+ if rc < 0:
+ raise ValueError(_("Could not set user in file context for %s") % target)
+
+ rc = semanage_context_set_role(self.sh, con, "object_r")
+ if rc < 0:
+ raise ValueError(_("Could not set role in file context for %s") % target)
+
if is_mls_enabled == 1:
- if serange == "":
- serange = "s0"
- else:
- serange = untranslate(serange)
+ rc = semanage_context_set_mls(self.sh, con, "s0")
+ if rc < 0:
+ raise ValueError(_("Could not set mls fields in file context for %s") % target)
+
+ return con
+
+ def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
+ if is_mls_enabled == 1:
+ serange = untranslate(serange)
if type == "":
raise ValueError(_("SELinux Type is required"))
@@ -1051,33 +1086,23 @@
raise ValueError(_("Could not create file context for %s") % target)
rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
- (rc, con) = semanage_context_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create context for %s") % target)
+ if type != "<<none>>":
+ con = self.createcon(target, seuser)
- rc = semanage_context_set_user(self.sh, con, seuser)
- if rc < 0:
- raise ValueError(_("Could not set user in file context for %s") % target)
-
- rc = semanage_context_set_role(self.sh, con, "object_r")
- if rc < 0:
- raise ValueError(_("Could not set role in file context for %s") % target)
+ rc = semanage_context_set_type(self.sh, con, type)
+ if rc < 0:
+ raise ValueError(_("Could not set type in file context for %s") % target)
- rc = semanage_context_set_type(self.sh, con, type)
- if rc < 0:
- raise ValueError(_("Could not set type in file context for %s") % target)
+ if serange != "":
+ rc = semanage_context_set_mls(self.sh, con, serange)
+ if rc < 0:
+ raise ValueError(_("Could not set mls fields in file context for %s") % target)
+ rc = semanage_fcontext_set_con(self.sh, fcontext, con)
+ if rc < 0:
+ raise ValueError(_("Could not set file context for %s") % target)
- if serange != "":
- rc = semanage_context_set_mls(self.sh, con, serange)
- if rc < 0:
- raise ValueError(_("Could not set mls fields in file context for %s") % target)
-
semanage_fcontext_set_type(fcontext, file_types[ftype])
- rc = semanage_fcontext_set_con(self.sh, fcontext, con)
- if rc < 0:
- raise ValueError(_("Could not set file context for %s") % target)
-
rc = semanage_begin_transaction(self.sh)
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
@@ -1090,7 +1115,8 @@
if rc < 0:
raise ValueError(_("Could not add file context for %s") % target)
- semanage_context_free(con)
+ if type != "<<none>>":
+ semanage_context_free(con)
semanage_fcontext_key_free(k)
semanage_fcontext_free(fcontext)
@@ -1112,16 +1138,29 @@
if rc < 0:
raise ValueError(_("Could not query file context for %s") % target)
- con = semanage_fcontext_get_con(fcontext)
+ if setype != "<<none>>":
+ con = semanage_fcontext_get_con(fcontext)
- if serange != "":
- semanage_context_set_mls(self.sh, con, untranslate(serange))
- if seuser != "":
- semanage_context_set_user(self.sh, con, seuser)
- if setype != "":
- semanage_context_set_type(self.sh, con, setype)
+ if con == None:
+ con = self.createcon(target)
+
+ if serange != "":
+ semanage_context_set_mls(self.sh, con, untranslate(serange))
+ if seuser != "":
+ semanage_context_set_user(self.sh, con, seuser)
+
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
- rc = semanage_begin_transaction(self.sh)
+ rc = semanage_fcontext_set_con(self.sh, fcontext, con)
+ if rc < 0:
+ raise ValueError(_("Could not set file context for %s") % target)
+ else:
+ rc = semanage_fcontext_set_con(self.sh, fcontext, None)
+ if rc < 0:
+ raise ValueError(_("Could not set file context for %s") % target)
+
+ rc = semanage_begin_transaction(self.sh)
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
@@ -1167,17 +1206,20 @@
semanage_fcontext_key_free(k)
- def get_all(self):
+ def get_all(self, locallist = 0):
l = []
- (rc, self.flist) = semanage_fcontext_list(self.sh)
- if rc < 0:
- raise ValueError(_("Could not list file contexts"))
+ if locallist:
+ (rc, self.flist) = semanage_fcontext_list_local(self.sh)
+ else:
+ (rc, self.flist) = semanage_fcontext_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list file contexts"))
- (rc, fclocal) = semanage_fcontext_list_local(self.sh)
- if rc < 0:
- raise ValueError(_("Could not list local file contexts"))
+ (rc, fclocal) = semanage_fcontext_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list local file contexts"))
- self.flist += fclocal
+ self.flist += fclocal
for fcontext in self.flist:
expr = semanage_fcontext_get_expr(fcontext)
@@ -1191,10 +1233,10 @@
return l
- def list(self, heading = 1):
+ def list(self, heading = 1, locallist = 0 ):
if heading:
print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
- fcon_list = self.get_all()
+ fcon_list = self.get_all(locallist)
for fcon in fcon_list:
if len(fcon) > 3:
if is_mls_enabled:
@@ -1205,9 +1247,9 @@
print "%-50s %-18s <<None>>" % (fcon[0], fcon[1])
class booleanRecords(semanageRecords):
- def __init__(self):
- semanageRecords.__init__(self)
-
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
def modify(self, name, value = ""):
if value == "":
raise ValueError(_("Requires value"))
@@ -1266,34 +1308,62 @@
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
- rc = semanage_fcontext_del_local(self.sh, k)
+ rc = semanage_bool_del_local(self.sh, k)
if rc < 0:
raise ValueError(_("Could not delete boolean %s") % name)
rc = semanage_commit(self.sh)
if rc < 0:
raise ValueError(_("Could not delete boolean %s") % name)
-
semanage_bool_key_free(k)
- def get_all(self):
+ def deleteall(self):
+ (rc, self.blist) = semanage_bool_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list booleans"))
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ for boolean in self.blist:
+ name = semanage_bool_get_name(boolean)
+ (rc,k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+
+ rc = semanage_bool_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete boolean %s") % name)
+ semanage_bool_key_free(k)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete boolean %s") % name)
+ def get_all(self, locallist = 0):
ddict = {}
- (rc, self.blist) = semanage_bool_list(self.sh)
+ if locallist:
+ (rc, self.blist) = semanage_bool_list_local(self.sh)
+ else:
+ (rc, self.blist) = semanage_bool_list(self.sh)
if rc < 0:
raise ValueError(_("Could not list booleans"))
for boolean in self.blist:
- name = semanage_bool_get_name(boolean)
- value = semanage_bool_get_value(boolean)
- ddict[name] = value
+ value = []
+ name = semanage_bool_get_name(boolean)
+ value.append(semanage_bool_get_value(boolean))
+ value.append(selinux.security_get_boolean_pending(name))
+ value.append(selinux.security_get_boolean_active(name))
+ ddict[name] = value
return ddict
- def list(self, heading = 1):
+ def list(self, heading = 1, locallist = 0):
if heading:
- print "%-50s %-18s\n" % (_("SELinux boolean"), _("value"))
- ddict = self.get_all()
+ print "%-50s %7s %7s %7s\n" % (_("SELinux boolean"), _("value"), _("pending"), _("active") )
+ ddict = self.get_all(locallist)
keys = ddict.keys()
for k in keys:
if ddict[k]:
- print "%-50s %-18s " % (k[0], ddict[k][0])
+ print "%-50s %7d %7d %7d " % (k, ddict[k][0],ddict[k][1], ddict[k][2])
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 13:42:50
|
Revision: 2631
http://selinux.svn.sourceforge.net/selinux/?rev=2631&view=rev
Author: ssmalley
Date: 2007-10-05 06:42:48 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Man page change for semodule -D qualifier
Date: Wed, 03 Oct 2007 11:33:43 -0400
Modified Paths:
--------------
trunk/policycoreutils/semodule/semodule.8
Modified: trunk/policycoreutils/semodule/semodule.8
===================================================================
--- trunk/policycoreutils/semodule/semodule.8 2007-10-05 13:40:36 UTC (rev 2630)
+++ trunk/policycoreutils/semodule/semodule.8 2007-10-05 13:42:48 UTC (rev 2631)
@@ -23,6 +23,9 @@
.B \-B, \-\-build
force a rebuild of policy (also reloads unless -n is used)
.TP
+.B \-D, \-\-disable_dontaudit
+Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
+.TP
.B \-i,\-\-install=MODULE_PKG
install/replace a module package
.TP
@@ -58,6 +61,10 @@
$ semodule -i httpd.pp
# List non-base modules.
$ semodule -l
+# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
+$ semodule -DB
+# Turn "dontaudit" rules back on.
+$ semodule -B
# Install or replace all non-base modules in the current directory.
$ semodule -i *.pp
# Install or replace all modules in the current directory.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 13:41:38
|
Revision: 2630
http://selinux.svn.sourceforge.net/selinux/?rev=2630&view=rev
Author: ssmalley
Date: 2007-10-05 06:40:36 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: libsemanage: genhomedircon regressions
Date: Mon, 01 Oct 2007 12:31:09 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch makes sure /root gets labeled even if it is using the default
context.
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2007-10-05 13:39:39 UTC (rev 2629)
+++ trunk/libsemanage/src/genhomedircon.c 2007-10-05 13:40:36 UTC (rev 2630)
@@ -668,12 +668,11 @@
for (i = 0; i < nseusers; i++) {
seuname = semanage_seuser_get_sename(seuser_list[i]);
+ name = semanage_seuser_get_name(seuser_list[i]);
- if (strcmp(seuname, s->fallback_user) == 0)
+ if (strcmp(name,"root") && strcmp(seuname, s->fallback_user) == 0)
continue;
- name = semanage_seuser_get_name(seuser_list[i]);
-
if (strcmp(name, DEFAULT_LOGIN) == 0)
continue;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 13:40:23
|
Revision: 2629
http://selinux.svn.sourceforge.net/selinux/?rev=2629&view=rev
Author: ssmalley
Date: 2007-10-05 06:39:39 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: James Antill
Email: ja...@re...
Subject: ustr cleanups (policyrep branch)
Date: Mon, 01 Oct 2007 02:46:36 -0400
Here are two cleanups for ustr usage within libsemanage on the
policyrep branch.
The first is a corner case where you have two or more replacements in
the "replace_all" function of genhomedircon, previously one of those
multiple replacements (in theory) could fail due to malloc() returning
NULL and that would be missed. The fix probably makes the free test more
readable too.
The second is that semanage_is_prefix() was previously defined by
calling ustr functions (inefficiently, even), and so had to allocate a
ustr to do it's work ... the fix just calls strncmp() directly.
--
James Antill <ja...@re...>
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
trunk/libsemanage/src/utilities.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2007-09-28 19:12:52 UTC (rev 2628)
+++ trunk/libsemanage/src/genhomedircon.c 2007-10-05 13:39:39 UTC (rev 2629)
@@ -341,7 +341,7 @@
static Ustr *replace_all(const char *str, const replacement_pair_t * repl)
{
Ustr *retval = USTR_NULL;
- int i, num_replaced = 0;
+ int i;
if (!str || !repl)
goto done;
@@ -349,10 +349,10 @@
goto done;
for (i = 0; repl[i].search_for; i++) {
- num_replaced += ustr_replace_cstr(&retval, repl[i].search_for,
- repl[i].replace_with, 0);
+ ustr_replace_cstr(&retval, repl[i].search_for,
+ repl[i].replace_with, 0);
}
- if (!num_replaced)
+ if (ustr_enomem(retval))
ustr_sc_free(&retval);
done:
Modified: trunk/libsemanage/src/utilities.c
===================================================================
--- trunk/libsemanage/src/utilities.c 2007-09-28 19:12:52 UTC (rev 2628)
+++ trunk/libsemanage/src/utilities.c 2007-10-05 13:39:39 UTC (rev 2629)
@@ -60,22 +60,14 @@
int semanage_is_prefix(const char *str, const char *prefix)
{
- int retval;
- Ustr *ustr = USTR_NULL;
-
if (!str) {
return FALSE;
}
if (!prefix) {
return TRUE;
}
- if (!(ustr = ustr_dup_cstr(str))) {
- return FALSE;
- }
- retval = (ustr_srch_cstr_fwd(ustr, 0, prefix) == 1);
- ustr_sc_free(&ustr);
- return retval;
+ return strncmp(str, prefix, strlen(prefix)) == 0;
}
char *semanage_split_on_space(const char *str)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-28 19:12:57
|
Revision: 2628
http://selinux.svn.sourceforge.net/selinux/?rev=2628&view=rev
Author: ssmalley
Date: 2007-09-28 12:12:52 -0700 (Fri, 28 Sep 2007)
Log Message:
-----------
applied r2626:2627 (copyright disclaimed) from trunk
Modified Paths:
--------------
branches/stable/1_0/libselinux/src/selinuxswig.i
branches/stable/1_0/libselinux/src/selinuxswig_python.i
branches/stable/1_0/libselinux/src/setrans_client.c
branches/stable/1_0/libselinux/src/setrans_internal.h
branches/stable/1_0/libselinux/utils/togglesebool.c
Modified: branches/stable/1_0/libselinux/src/selinuxswig.i
===================================================================
--- branches/stable/1_0/libselinux/src/selinuxswig.i 2007-09-28 19:09:13 UTC (rev 2627)
+++ branches/stable/1_0/libselinux/src/selinuxswig.i 2007-09-28 19:12:52 UTC (rev 2628)
@@ -1,22 +1,5 @@
/* Authors: Dan Walsh
* James Athey
- *
- * Copyright (C) 2004-2005 Red Hat
- * Copyright (C) 2007 Tresys Technology, LLC
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
%module selinux
Modified: branches/stable/1_0/libselinux/src/selinuxswig_python.i
===================================================================
--- branches/stable/1_0/libselinux/src/selinuxswig_python.i 2007-09-28 19:09:13 UTC (rev 2627)
+++ branches/stable/1_0/libselinux/src/selinuxswig_python.i 2007-09-28 19:12:52 UTC (rev 2628)
@@ -1,20 +1,4 @@
/* Author: James Athey
- *
- * Copyright (C) 2007 Tresys Technology, LLC
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
%module selinux
Modified: branches/stable/1_0/libselinux/src/setrans_client.c
===================================================================
--- branches/stable/1_0/libselinux/src/setrans_client.c 2007-09-28 19:09:13 UTC (rev 2627)
+++ branches/stable/1_0/libselinux/src/setrans_client.c 2007-09-28 19:12:52 UTC (rev 2628)
@@ -1,4 +1,4 @@
-/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+/* Author: Trusted Computer Solutions, Inc. */
#include <sys/types.h>
#include <sys/socket.h>
Modified: branches/stable/1_0/libselinux/src/setrans_internal.h
===================================================================
--- branches/stable/1_0/libselinux/src/setrans_internal.h 2007-09-28 19:09:13 UTC (rev 2627)
+++ branches/stable/1_0/libselinux/src/setrans_internal.h 2007-09-28 19:12:52 UTC (rev 2628)
@@ -1,4 +1,4 @@
-/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+/* Author: Trusted Computer Solutions, Inc. */
#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix"
Modified: branches/stable/1_0/libselinux/utils/togglesebool.c
===================================================================
--- branches/stable/1_0/libselinux/utils/togglesebool.c 2007-09-28 19:09:13 UTC (rev 2627)
+++ branches/stable/1_0/libselinux/utils/togglesebool.c 2007-09-28 19:12:52 UTC (rev 2628)
@@ -1,8 +1,3 @@
-/*
- * Copyright 1999-2004 Gentoo Technologies, Inc.
- * Distributed under the terms of the GNU General Public License v2
- * $Header: /var/cvsroot/gentoo-projects/hardened/policycoreutils-extra/src/toggle_bool.c,v 1.2 2004/06/18 04:09:04 pebenito Exp $
- */
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-28 19:09:16
|
Revision: 2627
http://selinux.svn.sourceforge.net/selinux/?rev=2627&view=rev
Author: ssmalley
Date: 2007-09-28 12:09:13 -0700 (Fri, 28 Sep 2007)
Log Message:
-----------
Copyright disclaimed.
Modified Paths:
--------------
trunk/libselinux/src/selinuxswig.i
trunk/libselinux/src/selinuxswig_python.i
trunk/libselinux/src/setrans_client.c
trunk/libselinux/src/setrans_internal.h
trunk/libselinux/utils/togglesebool.c
Modified: trunk/libselinux/src/selinuxswig.i
===================================================================
--- trunk/libselinux/src/selinuxswig.i 2007-09-28 18:21:04 UTC (rev 2626)
+++ trunk/libselinux/src/selinuxswig.i 2007-09-28 19:09:13 UTC (rev 2627)
@@ -1,22 +1,5 @@
/* Authors: Dan Walsh
* James Athey
- *
- * Copyright (C) 2004-2005 Red Hat
- * Copyright (C) 2007 Tresys Technology, LLC
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
%module selinux
Modified: trunk/libselinux/src/selinuxswig_python.i
===================================================================
--- trunk/libselinux/src/selinuxswig_python.i 2007-09-28 18:21:04 UTC (rev 2626)
+++ trunk/libselinux/src/selinuxswig_python.i 2007-09-28 19:09:13 UTC (rev 2627)
@@ -1,20 +1,4 @@
/* Author: James Athey
- *
- * Copyright (C) 2007 Tresys Technology, LLC
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
%module selinux
Modified: trunk/libselinux/src/setrans_client.c
===================================================================
--- trunk/libselinux/src/setrans_client.c 2007-09-28 18:21:04 UTC (rev 2626)
+++ trunk/libselinux/src/setrans_client.c 2007-09-28 19:09:13 UTC (rev 2627)
@@ -1,4 +1,4 @@
-/* Copyright (c) 2006 Trusted Computer Solutions, Inc.
+/* Author: Trusted Computer Solutions, Inc.
*
* Modified:
* Yuichi Nakamura <yn...@hi...>
Modified: trunk/libselinux/src/setrans_internal.h
===================================================================
--- trunk/libselinux/src/setrans_internal.h 2007-09-28 18:21:04 UTC (rev 2626)
+++ trunk/libselinux/src/setrans_internal.h 2007-09-28 19:09:13 UTC (rev 2627)
@@ -1,4 +1,4 @@
-/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+/* Author: Trusted Computer Solutions, Inc. */
#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix"
Modified: trunk/libselinux/utils/togglesebool.c
===================================================================
--- trunk/libselinux/utils/togglesebool.c 2007-09-28 18:21:04 UTC (rev 2626)
+++ trunk/libselinux/utils/togglesebool.c 2007-09-28 19:09:13 UTC (rev 2627)
@@ -1,8 +1,3 @@
-/*
- * Copyright 1999-2004 Gentoo Technologies, Inc.
- * Distributed under the terms of the GNU General Public License v2
- * $Header: /var/cvsroot/gentoo-projects/hardened/policycoreutils-extra/src/toggle_bool.c,v 1.2 2004/06/18 04:09:04 pebenito Exp $
- */
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-28 18:21:30
|
Revision: 2626
http://selinux.svn.sourceforge.net/selinux/?rev=2626&view=rev
Author: ssmalley
Date: 2007-09-28 11:21:04 -0700 (Fri, 28 Sep 2007)
Log Message:
-----------
updated libsemanage to version 2.0.11
Modified Paths:
--------------
trunk/libsemanage/ChangeLog
trunk/libsemanage/VERSION
Modified: trunk/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2007-09-28 18:20:26 UTC (rev 2625)
+++ trunk/libsemanage/ChangeLog 2007-09-28 18:21:04 UTC (rev 2626)
@@ -1,3 +1,6 @@
+2.0.11 2007-09-28
+ * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.
+
2.0.10 2007-09-28
* Fix error checking on getpw*_r functions from Todd Miller.
* Make genhomedircon skip invalid homedir contexts from Todd Miller.
Modified: trunk/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2007-09-28 18:20:26 UTC (rev 2625)
+++ trunk/libsemanage/VERSION 2007-09-28 18:21:04 UTC (rev 2626)
@@ -1 +1 @@
-2.0.10
+2.0.11
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
