Menu
▾
▴
selinux-commits — Commits to the subversion repo
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(24) |
Sep
(38) |
Oct
(29) |
Nov
(40) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(88) |
Feb
(66) |
Mar
(44) |
Apr
(104) |
May
(35) |
Jun
(34) |
Jul
(12) |
Aug
(42) |
Sep
(84) |
Oct
(34) |
Nov
(30) |
Dec
(22) |
| 2008 |
Jan
(60) |
Feb
(54) |
Mar
(32) |
Apr
(14) |
May
(16) |
Jun
(26) |
Jul
(22) |
Aug
(12) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <ssm...@us...> - 2008-01-24 19:27:51
|
Revision: 2751
http://selinux.svn.sourceforge.net/selinux/?rev=2751&view=rev
Author: ssmalley
Date: 2008-01-24 11:27:50 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.38
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-24 19:24:32 UTC (rev 2750)
+++ trunk/policycoreutils/ChangeLog 2008-01-24 19:27:50 UTC (rev 2751)
@@ -1,3 +1,8 @@
+2.0.38 2008-01-24
+ * Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
+ * Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
+ * Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
+
2.0.37 2008-01-23
* Merged replacement for audit2why from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-24 19:24:32 UTC (rev 2750)
+++ trunk/policycoreutils/VERSION 2008-01-24 19:27:50 UTC (rev 2751)
@@ -1 +1 @@
-2.0.37
+2.0.38
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 19:24:37
|
Revision: 2750
http://selinux.svn.sourceforge.net/selinux/?rev=2750&view=rev
Author: ssmalley
Date: 2008-01-24 11:24:32 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: patch to setfiles/fixfiles to handle file names with special characters in them.
Date: Wed, 23 Jan 2008 17:40:48 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Benny Amorsen Provided the patch added -0 option.
Also added support to fixfiles for ext4 ext4dev and gfs2
Fixes quoting in fixfiles also.
Cleaned up description in man page.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeXwm8ACgkQrlYvE4MpobPTHgCfXoMY6qmBuOSBPXcCszFpkRfA
WuoAn1Dw9NWg1gUJmZbyPF1IoXdyuL7D
=pglo
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/policycoreutils/scripts/fixfiles
trunk/policycoreutils/scripts/fixfiles.8
trunk/policycoreutils/setfiles/setfiles.8
trunk/policycoreutils/setfiles/setfiles.c
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2008-01-24 19:20:15 UTC (rev 2749)
+++ trunk/policycoreutils/scripts/fixfiles 2008-01-24 19:24:32 UTC (rev 2750)
@@ -36,8 +36,8 @@
LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(rw/{print $3}';`
-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(ro/{print $3}';`
+FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';`
+FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';`
FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then
@@ -88,11 +88,11 @@
esac; \
fi; \
done | \
- while read pattern ; do sh -c "find $pattern" \
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
- \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
+ while read pattern ; do sh -c "find $pattern \
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \
+ \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
done 2> /dev/null | \
- ${RESTORECON} $2 -f -
+ ${RESTORECON} $2 -0 -f -
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
fi
}
@@ -129,8 +129,8 @@
if [ ! -z "$FILEPATH" ]; then
if [ -x /usr/bin/find ]; then
/usr/bin/find "$FILEPATH" \
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o -print0 | \
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
else
${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
fi
Modified: trunk/policycoreutils/scripts/fixfiles.8
===================================================================
--- trunk/policycoreutils/scripts/fixfiles.8 2008-01-24 19:20:15 UTC (rev 2749)
+++ trunk/policycoreutils/scripts/fixfiles.8 2008-01-24 19:24:32 UTC (rev 2750)
@@ -35,7 +35,7 @@
.TP
.B -f
-Don't prompt for removal of /tmp directory.
+Clear /tmp directory with out prompt for removal.
.TP
.B -R rpmpackagename[,rpmpackagename...]
Modified: trunk/policycoreutils/setfiles/setfiles.8
===================================================================
--- trunk/policycoreutils/setfiles/setfiles.8 2008-01-24 19:20:15 UTC (rev 2749)
+++ trunk/policycoreutils/setfiles/setfiles.8 2008-01-24 19:24:32 UTC (rev 2750)
@@ -59,6 +59,9 @@
.TP
.B \-W
display warnings about entries that had no matching files.
+.TP
+.B \-0
+Input items are terminated by a null character instead of by whitespace, and the quotes and backslash are not special (every character is taken literally). Disables the end of file string, which is treated like any other argument. Useful when input items might contain white space, quote marks, or backslashes.The GNU find -print0 option produces input suitable for this mode.
.SH "ARGUMENTS"
.B spec_file
Modified: trunk/policycoreutils/setfiles/setfiles.c
===================================================================
--- trunk/policycoreutils/setfiles/setfiles.c 2008-01-24 19:20:15 UTC (rev 2749)
+++ trunk/policycoreutils/setfiles/setfiles.c 2008-01-24 19:24:32 UTC (rev 2750)
@@ -55,6 +55,7 @@
static int verbose = 0;
static int logging = 0;
static int warn_no_match = 0;
+static int null_terminated = 0;
static char *rootpath = NULL;
static int rootpathlen = 0;
static int recurse; /* Recursive descent. */
@@ -384,7 +385,7 @@
{
if (iamrestorecon) {
fprintf(stderr,
- "usage: %s [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ "usage: %s [-iFnrRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
name);
} else {
fprintf(stderr,
@@ -805,7 +806,7 @@
}
/* Process any options. */
- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW")) > 0) {
+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
switch (opt) {
case 'c':
{
@@ -927,6 +928,9 @@
case 'W':
warn_no_match = 1;
break;
+ case '0':
+ null_terminated = 1;
+ break;
case '?':
usage(argv[0]);
}
@@ -983,6 +987,7 @@
if (use_input_file) {
FILE *f = stdin;
ssize_t len;
+ int delim;
if (strcmp(input_filename, "-") != 0)
f = fopen(input_filename, "r");
if (f == NULL) {
@@ -991,7 +996,9 @@
usage(argv[0]);
}
__fsetlocking(f, FSETLOCKING_BYCALLER);
- while ((len = getline(&buf, &buf_len, f)) > 0) {
+
+ delim = (null_terminated != 0) ? '\0' : '\n';
+ while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
buf[len - 1] = 0;
errors |= process_one(buf);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 21:15:14
|
Revision: 2748
http://selinux.svn.sourceforge.net/selinux/?rev=2748&view=rev
Author: ssmalley
Date: 2008-01-23 13:15:12 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Remove old audit2why.
Removed Paths:
-------------
trunk/policycoreutils/audit2why/audit2why.8
trunk/policycoreutils/audit2why/audit2why.c
Deleted: trunk/policycoreutils/audit2why/audit2why.8
===================================================================
--- trunk/policycoreutils/audit2why/audit2why.8 2008-01-23 20:58:18 UTC (rev 2747)
+++ trunk/policycoreutils/audit2why/audit2why.8 2008-01-23 21:15:12 UTC (rev 2748)
@@ -1,79 +0,0 @@
-.\" Hey, Emacs! This is an -*- nroff -*- source file.
-.\" Copyright (c) 2005 Dan Walsh <dw...@re...>
-.\"
-.\" This is free documentation; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License as
-.\" published by the Free Software Foundation; either version 2 of
-.\" the License, or (at your option) any later version.
-.\"
-.\" The GNU General Public License's references to "object code"
-.\" and "executables" are to be interpreted as the output of any
-.\" document formatting or typesetting system, including
-.\" intermediate and printed output.
-.\"
-.\" This manual is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public
-.\" License along with this manual; if not, write to the Free
-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
-.\" USA.
-.\"
-.\"
-.TH AUDIT2WHY "8" "May 2005" "Security Enhanced Linux" NSA
-.SH NAME
-audit2why \- Translates SELinux audit messages into a description of why the access was denied
-.SH SYNOPSIS
-.B audit2why
-.RI [ options "] "
-.SH OPTIONS
-.TP
-
-.B "\-\-help"
-Print a short usage message
-.TP
-.B "\-p <policyfile>"
-Specify an alternate policy file.
-.SH DESCRIPTION
-.PP
-This utility processes SELinux audit messages from standard
-input and and reports which component of the policy caused each
-permission denial based on the specified policy file if the -p option
-was used or the active policy otherwise. There are three possible
-causes: 1) a missing or disabled TE allow rule, 2) a constraint violation,
-or 3) a missing role allow rule. In the first case, the TE allow
-rule may exist in the policy but may be disabled due to boolean settings.
-See
-.BR booleans (8).
-If the allow rule is not present at all, it can be generated via
-.BR audit2allow (1).
-In the second case, a constraint is being violated; see policy/constraints
-or policy/mls to identify the particular constraint. Typically, this can
-be resolved by adding a type attribute to the domain. In the third case,
-a role transition was attempted but no allow rule existed for the role pair.
-This can be resolved by adding an allow rule for the role pair to the policy.
-.PP
-.SH EXAMPLE
-.nf
-$ /usr/sbin/audit2why < /var/log/audit/audit.log
-
-type=KERNEL msg=audit(1115316408.926:336418): avc: denied { getattr } for path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir
- Was caused by:
- Missing or disabled TE allow rule.
- Allow rules may exist but be disabled by boolean settings; check boolean settings.
- You can see the necessary allow rules by running audit2allow with this audit message as input.
-
-type=KERNEL msg=audit(1115320071.648:606858): avc: denied { append } for name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file
- Was caused by:
- Constraint violation.
- Check policy/constraints.
- Typically, you just need to add a type attribute to the domain to satisfy the constraint.
-.fi
-.PP
-.SH AUTHOR
-This manual page was written by
-.I Dan Walsh <dw...@re...>,
-.B audit2why
-utility was written by Stephen Smalley <sd...@ty...>.
Deleted: trunk/policycoreutils/audit2why/audit2why.c
===================================================================
--- trunk/policycoreutils/audit2why/audit2why.c 2008-01-23 20:58:18 UTC (rev 2747)
+++ trunk/policycoreutils/audit2why/audit2why.c 2008-01-23 21:15:12 UTC (rev 2748)
@@ -1,313 +0,0 @@
-#define _GNU_SOURCE
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-#include <getopt.h>
-#include <limits.h>
-#include <sepol/sepol.h>
-#include <sepol/policydb/services.h>
-#include <selinux/selinux.h>
-
-#define AVCPREFIX "avc: denied { "
-#define SCONTEXT "scontext="
-#define TCONTEXT "tcontext="
-#define TCLASS "tclass="
-
-void usage(char *progname, int rc)
-{
- fprintf(stderr, "usage: %s [-p policy] < /var/log/audit/audit.log\n",
- progname);
- exit(rc);
-}
-
-int main(int argc, char **argv)
-{
- char path[PATH_MAX];
- char *buffer = NULL, *bufcopy = NULL;
- unsigned int lineno = 0;
- size_t len = 0, bufcopy_len = 0;
- FILE *fp = NULL;
- int opt, rc, set_path = 0;
- char *p, *scon, *tcon, *tclassstr, *permstr;
- sepol_security_id_t ssid, tsid;
- sepol_security_class_t tclass;
- sepol_access_vector_t perm, av;
- struct sepol_av_decision avd;
- unsigned int reason;
- int vers = 0;
- sidtab_t sidtab;
- policydb_t policydb;
- struct policy_file pf;
-
- while ((opt = getopt(argc, argv, "p:?h")) > 0) {
- switch (opt) {
- case 'p':
- set_path = 1;
- strncpy(path, optarg, PATH_MAX);
- fp = fopen(path, "r");
- if (!fp) {
- fprintf(stderr, "%s: unable to open %s: %s\n",
- argv[0], path, strerror(errno));
- exit(1);
- }
- break;
- default:
- usage(argv[0], 0);
- }
- }
-
- if (argc - optind)
- usage(argv[0], 1);
-
- if (!set_path) {
- if (!is_selinux_enabled()) {
- fprintf(stderr,
- "%s: Must specify -p policy on non-SELinux systems\n",
- argv[0]);
- exit(1);
- }
- vers = security_policyvers();
- if (vers < 0) {
- fprintf(stderr,
- "%s: Could not get policy version: %s\n",
- argv[0], strerror(errno));
- exit(1);
- }
- snprintf(path, PATH_MAX, "%s.%d",
- selinux_binary_policy_path(), vers);
- fp = fopen(path, "r");
- while (!fp && errno == ENOENT && --vers) {
- snprintf(path, PATH_MAX, "%s.%d",
- selinux_binary_policy_path(), vers);
- fp = fopen(path, "r");
- }
- if (!fp) {
- snprintf(path, PATH_MAX, "%s.%d",
- selinux_binary_policy_path(),
- security_policyvers());
- fprintf(stderr, "%s: unable to open %s: %s\n",
- argv[0], path, strerror(errno));
- exit(1);
- }
- }
-
- /* Set up a policydb directly so that we can mutate it later
- for booleans and user settings. Otherwise we would just use
- sepol_set_policydb_from_file() here. */
- pf.fp = fp;
- pf.type = PF_USE_STDIO;
- if (policydb_init(&policydb)) {
- fprintf(stderr, "%s: policydb_init failed: %s\n",
- argv[0], strerror(errno));
- exit(1);
- }
- if (policydb_read(&policydb, &pf, 0)) {
- fprintf(stderr, "%s: invalid binary policy %s\n",
- argv[0], path);
- exit(1);
- }
- fclose(fp);
- sepol_set_policydb(&policydb);
-
- if (!set_path) {
- /* If they didn't specify a full path of a binary policy file,
- then also try loading any boolean settings and user
- definitions from the active locations. Otherwise,
- they can use genpolbools and genpolusers to build a
- binary policy file that includes any desired settings
- and then apply audit2why -p to the resulting file.
- Errors are non-fatal as such settings are optional. */
- sepol_debug(0);
- (void)sepol_genbools_policydb(&policydb,
- selinux_booleans_path());
- (void)sepol_genusers_policydb(&policydb, selinux_users_path());
- }
-
- /* Initialize the sidtab for subsequent use by sepol_context_to_sid
- and sepol_compute_av_reason. */
- rc = sepol_sidtab_init(&sidtab);
- if (rc < 0) {
- fprintf(stderr, "%s: unable to init sidtab\n", argv[0]);
- exit(1);
- }
- sepol_set_sidtab(&sidtab);
-
- /* Process the audit messages. */
- while (getline(&buffer, &len, stdin) > 0) {
- size_t len2 = strlen(buffer);
-
- if (buffer[len2 - 1] == '\n')
- buffer[len2 - 1] = 0;
- lineno++;
-
- p = buffer;
- while (*p && strncmp(p, AVCPREFIX, sizeof(AVCPREFIX) - 1))
- p++;
- if (!(*p))
- continue; /* not an avc denial */
-
- p += sizeof(AVCPREFIX) - 1;
-
- /* Save a copy of the original unmodified buffer. */
- if (!bufcopy) {
- /* Initial allocation */
- bufcopy_len = len;
- bufcopy = malloc(len);
- } else if (bufcopy_len < len) {
- /* Grow */
- bufcopy_len = len;
- bufcopy = realloc(bufcopy, len);
- }
- if (!bufcopy) {
- fprintf(stderr, "%s: OOM on buffer copy\n", argv[0]);
- exit(2);
- }
- memcpy(bufcopy, buffer, len);
-
- /* Remember where the permission list begins,
- and terminate the list. */
- permstr = p;
- while (*p && *p != '}')
- p++;
- if (!(*p)) {
- fprintf(stderr,
- "Missing closing bracket on line %u, skipping...\n",
- lineno);
- continue;
- }
- *p++ = 0;
-
- /* Get scontext and convert to SID. */
- while (*p && strncmp(p, SCONTEXT, sizeof(SCONTEXT) - 1))
- p++;
- if (!(*p)) {
- fprintf(stderr, "Missing %s on line %u, skipping...\n",
- SCONTEXT, lineno);
- continue;
- }
- p += sizeof(SCONTEXT) - 1;
- scon = p;
- while (*p && !isspace(*p))
- p++;
- if (*p)
- *p++ = 0;
- rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
- if (rc < 0) {
- fprintf(stderr,
- "Invalid %s%s on line %u, skipping...\n",
- SCONTEXT, scon, lineno);
- continue;
- }
-
- /* Get tcontext and convert to SID. */
- while (*p && strncmp(p, TCONTEXT, sizeof(TCONTEXT) - 1))
- p++;
- if (!(*p)) {
- fprintf(stderr, "Missing %s on line %u, skipping...\n",
- TCONTEXT, lineno);
- continue;
- }
- p += sizeof(TCONTEXT) - 1;
- tcon = p;
- while (*p && !isspace(*p))
- p++;
- if (*p)
- *p++ = 0;
- rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
- if (rc < 0) {
- fprintf(stderr,
- "Invalid %s%s on line %u, skipping...\n",
- TCONTEXT, tcon, lineno);
- continue;
- }
-
- /* Get tclass= and convert to value. */
- while (*p && strncmp(p, TCLASS, sizeof(TCLASS) - 1))
- p++;
- if (!(*p)) {
- fprintf(stderr, "Missing %s on line %u, skipping...\n",
- TCLASS, lineno);
- continue;
- }
- p += sizeof(TCLASS) - 1;
- tclassstr = p;
- while (*p && !isspace(*p))
- p++;
- if (*p)
- *p = 0;
- tclass = string_to_security_class(tclassstr);
- if (!tclass) {
- fprintf(stderr,
- "Invalid %s%s on line %u, skipping...\n",
- TCLASS, tclassstr, lineno);
- continue;
- }
-
- /* Convert the permission list to an AV. */
- p = permstr;
- av = 0;
- while (*p) {
- while (*p && !isspace(*p))
- p++;
- if (*p)
- *p++ = 0;
- perm = string_to_av_perm(tclass, permstr);
- if (!perm) {
- fprintf(stderr,
- "Invalid permission %s on line %u, skipping...\n",
- permstr, lineno);
- continue;
- }
- av |= perm;
- permstr = p;
- }
-
- /* Reproduce the computation. */
- rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd,
- &reason);
- if (rc < 0) {
- fprintf(stderr,
- "Error during access vector computation on line %u, skipping...\n",
- lineno);
- continue;
- }
-
- printf("%s\n\tWas caused by:\n", bufcopy);
-
- if (!reason) {
- printf("\t\tUnknown - would be allowed by %s policy\n",
- set_path ? "specified" : "active");
- printf
- ("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n");
- printf
- ("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n");
- }
-
- if (reason & SEPOL_COMPUTEAV_TE) {
- printf("\t\tMissing or disabled TE allow rule.\n");
- printf
- ("\t\tAllow rules may exist but be disabled by boolean settings; check boolean settings.\n");
- printf
- ("\t\tYou can see the necessary allow rules by running audit2allow with this audit message as input.\n");
- }
-
- if (reason & SEPOL_COMPUTEAV_CONS) {
- printf("\t\tConstraint violation.\n");
- printf("\t\tCheck policy/constraints.\n");
- printf
- ("\t\tTypically, you just need to add a type attribute to the domain to satisfy the constraint.\n");
- }
-
- if (reason & SEPOL_COMPUTEAV_RBAC) {
- printf("\t\tMissing role allow rule.\n");
- printf("\t\tAdd allow rule for the role pair.\n");
- }
-
- printf("\n");
- }
- free(buffer);
- free(bufcopy);
- exit(0);
-}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 20:58:19
|
Revision: 2747
http://selinux.svn.sourceforge.net/selinux/?rev=2747&view=rev
Author: ssmalley
Date: 2008-01-23 12:58:18 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.37
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-23 20:57:24 UTC (rev 2746)
+++ trunk/policycoreutils/ChangeLog 2008-01-23 20:58:18 UTC (rev 2747)
@@ -1,3 +1,6 @@
+2.0.37 2008-01-23
+ * Merged replacement for audit2why from Dan Walsh.
+
2.0.36 2008-01-23
* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-23 20:57:24 UTC (rev 2746)
+++ trunk/policycoreutils/VERSION 2008-01-23 20:58:18 UTC (rev 2747)
@@ -1 +1 @@
-2.0.36
+2.0.37
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 20:57:26
|
Revision: 2746
http://selinux.svn.sourceforge.net/selinux/?rev=2746&view=rev
Author: ssmalley
Date: 2008-01-23 12:57:24 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
updated libselinux to version 2.0.49
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-01-23 20:54:01 UTC (rev 2745)
+++ trunk/libselinux/ChangeLog 2008-01-23 20:57:24 UTC (rev 2746)
@@ -1,3 +1,6 @@
+2.0.49 2008-01-23
+ * Merged audit2why python binding from Dan Walsh.
+
2.0.48 2008-01-23
* Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-01-23 20:54:01 UTC (rev 2745)
+++ trunk/libselinux/VERSION 2008-01-23 20:57:24 UTC (rev 2746)
@@ -1 +1 @@
-2.0.48
+2.0.49
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 20:54:04
|
Revision: 2745
http://selinux.svn.sourceforge.net/selinux/?rev=2745&view=rev
Author: ssmalley
Date: 2008-01-23 12:54:01 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Add relabel target
Modified Paths:
--------------
trunk/policycoreutils/audit2why/Makefile
Modified: trunk/policycoreutils/audit2why/Makefile
===================================================================
--- trunk/policycoreutils/audit2why/Makefile 2008-01-23 20:53:41 UTC (rev 2744)
+++ trunk/policycoreutils/audit2why/Makefile 2008-01-23 20:54:01 UTC (rev 2745)
@@ -14,3 +14,5 @@
install -m 644 audit2why.1 $(MANDIR)/man1/
clean:
+
+relabel:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 20:53:42
|
Revision: 2744
http://selinux.svn.sourceforge.net/selinux/?rev=2744&view=rev
Author: ssmalley
Date: 2008-01-23 12:53:41 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Add clean target
Modified Paths:
--------------
trunk/policycoreutils/audit2why/Makefile
Modified: trunk/policycoreutils/audit2why/Makefile
===================================================================
--- trunk/policycoreutils/audit2why/Makefile 2008-01-23 20:51:55 UTC (rev 2743)
+++ trunk/policycoreutils/audit2why/Makefile 2008-01-23 20:53:41 UTC (rev 2744)
@@ -12,3 +12,5 @@
install -m 755 $(TARGETS) $(BINDIR)
-mkdir -p $(MANDIR)/man1
install -m 644 audit2why.1 $(MANDIR)/man1/
+
+clean:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 20:51:59
|
Revision: 2743
http://selinux.svn.sourceforge.net/selinux/?rev=2743&view=rev
Author: ssmalley
Date: 2008-01-23 12:51:55 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Various cleanups, e.g. use the exported data structures and interfaces to the extent that we
can even if we still have to use some private structures and interfaces from libsepol, and
minimize pointer casting. Fix some incorrect types and casting as well.
Modified Paths:
--------------
trunk/libselinux/src/audit2why.c
Modified: trunk/libselinux/src/audit2why.c
===================================================================
--- trunk/libselinux/src/audit2why.c 2008-01-23 20:25:18 UTC (rev 2742)
+++ trunk/libselinux/src/audit2why.c 2008-01-23 20:51:55 UTC (rev 2743)
@@ -33,7 +33,7 @@
struct avc_t {
sepol_handle_t *handle;
- policydb_t policydb;
+ sepol_policydb_t *policydb;
sepol_security_id_t ssid;
sepol_security_id_t tsid;
sepol_security_class_t tclass;
@@ -47,15 +47,14 @@
static int load_booleans(const sepol_bool_t * boolean,
void *arg __attribute__ ((__unused__)))
{
- boollist[boolcnt] =
- (struct boolean_t *)malloc(sizeof(struct boolean_t));
+ boollist[boolcnt] = malloc(sizeof(struct boolean_t));
boollist[boolcnt]->name = strdup(sepol_bool_get_name(boolean));
boollist[boolcnt]->active = sepol_bool_get_value(boolean);
boolcnt++;
return 0;
}
-static int check_booleans(struct avc_t *avc, struct boolean_t ***bools)
+static int check_booleans(struct avc_t *avc, struct boolean_t **bools)
{
char errormsg[PATH_MAX];
struct sepol_av_decision avd;
@@ -80,7 +79,7 @@
break;
}
rc = sepol_bool_query(avc->handle,
- (sepol_policydb_t *) & avc->policydb,
+ avc->policydb,
key, &boolean);
if (rc < 0) {
@@ -93,7 +92,7 @@
sepol_bool_set_value(boolean, !active);
rc = sepol_bool_set(avc->handle,
- (sepol_policydb_t *) & avc->policydb,
+ avc->policydb,
key, boolean);
if (rc < 0) {
snprintf(errormsg, sizeof(errormsg),
@@ -117,11 +116,10 @@
foundlist[fcnt] = i;
fcnt++;
}
- sepol_bool_set_value((sepol_bool_t *) boolean, active);
+ sepol_bool_set_value(boolean, active);
rc = sepol_bool_set(avc->handle,
- (sepol_policydb_t *) & avc->
- policydb, key,
- (sepol_bool_t *) boolean);
+ avc->policydb, key,
+ boolean);
if (rc < 0) {
snprintf(errormsg, sizeof(errormsg),
"Could not set boolean data %s.\n",
@@ -143,9 +141,8 @@
sepol_bool_free(boolean);
if (fcnt > 0) {
- *bools = (struct boolean_t **)
- calloc(sizeof(struct boolean_t), fcnt + 1);
- struct boolean_t *b = (struct boolean_t *) *bools;
+ *bools = calloc(sizeof(struct boolean_t), fcnt + 1);
+ struct boolean_t *b = *bools;
for (i = 0; i < fcnt; i++) {
int ctr = foundlist[i];
b[i].name = strdup(boollist[ctr]->name);
@@ -168,7 +165,7 @@
free(boollist);
sepol_sidtab_shutdown(&sidtab);
sepol_sidtab_destroy(&sidtab);
- policydb_destroy(&avc->policydb);
+ sepol_policydb_free(avc->policydb);
sepol_handle_destroy(avc->handle);
free(avc);
avc = NULL;
@@ -188,7 +185,7 @@
int vers = 0;
char path[PATH_MAX];
char errormsg[PATH_MAX];
- struct policy_file pf;
+ struct sepol_policy_file *pf = NULL;
int rc;
unsigned int cnt;
@@ -236,18 +233,18 @@
}
/* Set up a policydb directly so that we can mutate it later
- for booleans and user settings. Otherwise we would just use
- sepol_set_policydb_from_file() here. */
- pf.fp = fp;
- pf.type = PF_USE_STDIO;
- if (policydb_init(&avc->policydb)) {
+ for testing what booleans might have allowed the access.
+ Otherwise, we'd just use sepol_set_policydb_from_file() here. */
+ if (sepol_policy_file_create(&pf) ||
+ sepol_policydb_create(&avc->policydb)) {
snprintf(errormsg, sizeof(errormsg),
"policydb_init failed: %s\n", strerror(errno));
PyErr_SetString( PyExc_RuntimeError, errormsg);
fclose(fp);
return 1;
}
- if (policydb_read(&avc->policydb, &pf, 0)) {
+ sepol_policy_file_set_fp(pf, fp);
+ if (sepol_policydb_read(avc->policydb, pf)) {
snprintf(errormsg, sizeof(errormsg),
"invalid binary policy %s\n", path);
PyErr_SetString( PyExc_ValueError, errormsg);
@@ -255,25 +252,11 @@
return 1;
}
fclose(fp);
- sepol_set_policydb(&avc->policydb);
- if (!init_path) {
- /* If they didn't specify a full path of a binary policy file,
- then also try loading any boolean settings and user
- definitions from the active locations. Otherwise,
- they can use genpolbools and genpolusers to build a
- binary policy file that includes any desired settings
- and then apply audit2why -p to the resulting file.
- Errors are non-fatal as such settings are optional. */
- sepol_debug(0);
- (void)sepol_genbools_policydb(&avc->policydb,
- selinux_booleans_path());
- (void)sepol_genusers_policydb(&avc->policydb,
- selinux_users_path());
- }
+ sepol_set_policydb(&avc->policydb->p);
avc->handle = sepol_handle_create();
rc = sepol_bool_count(avc->handle,
- (sepol_policydb_t *) & avc->policydb, &cnt);
+ avc->policydb, &cnt);
if (rc < 0) {
PyErr_SetString( PyExc_RuntimeError, "unable to get bool count\n");
return 1;
@@ -285,8 +268,7 @@
return 1;
}
- sepol_bool_iterate(avc->handle,
- (const sepol_policydb_t *)&avc->policydb,
+ sepol_bool_iterate(avc->handle, avc->policydb,
load_booleans, (void *)NULL);
/* Initialize the sidtab for subsequent use by sepol_context_to_sid
@@ -320,7 +302,7 @@
PyObject *listObj;
PyObject *strObj;
int numlines;
- struct boolean_t **bools;
+ struct boolean_t *bools;
unsigned int reason;
sepol_security_id_t ssid, tsid;
sepol_security_class_t tclass;
@@ -401,12 +383,12 @@
}
} else {
PyTuple_SetItem(result, 0, Py_BuildValue("i", BOOLEAN));
- struct boolean_t *b=(struct boolean_t *) bools;
+ struct boolean_t *b = bools;
int len=0;
while (b->name) {
len++; b++;
}
- b = (struct boolean_t *) bools;
+ b = bools;
PyObject *boollist = PyTuple_New(len);
len=0;
while(b->name) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 20:25:20
|
Revision: 2742
http://selinux.svn.sourceforge.net/selinux/?rev=2742&view=rev
Author: ssmalley
Date: 2008-01-23 12:25:18 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Tidy up the output.
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow
Modified: trunk/policycoreutils/audit2allow/audit2allow
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow 2008-01-23 20:24:15 UTC (rev 2741)
+++ trunk/policycoreutils/audit2allow/audit2allow 2008-01-23 20:25:18 UTC (rev 2742)
@@ -249,18 +249,18 @@
continue
if rc == audit2why.BOOLEAN:
if len(bools) > 1:
- print "\tOne of the following booleans being set incorrectly."
+ print "\tOne of the following booleans was set incorrectly."
for b in bools:
print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
print "\t# setsebool -P %s %d" % (b[0], b[1])
else:
- print "\tThe boolean %s set incorrectly. Allow access by executing:" % bools[0][0]
+ print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0]
print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
continue
if rc == audit2why.TERULE:
- print "\t\tMissing or disabled type enforcingment (TE) allow rule.\n"
+ print "\t\tMissing or disabled type enforcing (TE) allow rule.\n"
print "\t\tYou can use audit2allow to generate the missing allow rules and/or load policy to allow this access.\n"
continue
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 20:24:18
|
Revision: 2741
http://selinux.svn.sourceforge.net/selinux/?rev=2741&view=rev
Author: ssmalley
Date: 2008-01-23 12:24:15 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Patch to use new audit2why interface in via audit2allow
Date: Fri, 11 Jan 2008 16:11:30 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Added a --why qualifier to audit2allow, which gives the same output as
audit2why.
Removed audit2why.c and replaced it with a script
#!/bin/sh
/usr/bin/audit2allow -w $*
This way audit2why can take advantage of the parsing available in
audit2allow.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeH24EACgkQrlYvE4MpobMSagCgmK5S8TGx8485X1769oqrzLF6
iuwAoKUWB6tGrrTHFkDJqz41xTSv1Tvy
=M+CO
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow
trunk/policycoreutils/audit2allow/audit2allow.1
trunk/policycoreutils/audit2why/Makefile
Added Paths:
-----------
trunk/policycoreutils/audit2why/audit2why
trunk/policycoreutils/audit2why/audit2why.1
Modified: trunk/policycoreutils/audit2allow/audit2allow
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow 2008-01-23 20:22:37 UTC (rev 2740)
+++ trunk/policycoreutils/audit2allow/audit2allow 2008-01-23 20:24:15 UTC (rev 2741)
@@ -60,7 +60,10 @@
parser.add_option("-o", "--output", dest="output",
help="append output to <filename>, conflicts with -M")
parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
- default=False, help="generate refpolicy style output")
+ default=True, help="generate refpolicy style output")
+
+ parser.add_option("-N", "--noreference", action="store_false", dest="refpolicy",
+ default=False, help="do not generate refpolicy style output")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
default=False, help="explain generated output")
parser.add_option("-e", "--explain", action="store_true", dest="explain_long",
@@ -72,6 +75,9 @@
parser.add_option("--debug", dest="debug", action="store_true", default=False,
help="leave generated modules for -M")
+ parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False,
+ help="Translates SELinux audit messages into a description of why the access was denied")
+
options, args = parser.parse_args()
# Make -d, -a, and -i conflict
@@ -149,8 +155,10 @@
if self.__options.type:
filter = audit.TypeFilter(self.__options.type)
self.__avs = self.__parser.to_access(filter)
+ self.__selinux_errs = self.__parser.to_role(filter)
else:
self.__avs = self.__parser.to_access()
+ self.__selinux_errs = self.__parser.to_role()
def __load_interface_info(self):
# Load interface info file
@@ -210,7 +218,71 @@
sys.stdout.write((_("To make this policy package active, execute:" +\
"\n\nsemodule -i %s\n\n") % packagename))
+ def __output_audit2why(self):
+ import selinux
+ import selinux.audit2why as audit2why
+ audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
+ for i in self.__parser.avc_msgs:
+ rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
+ if rc >= 0:
+ print "%s\n\tWas caused by:" % i.message
+ if rc == audit2why.NOPOLICY:
+ raise "Must call policy_init first"
+ if rc == audit2why.BADTCON:
+ print "Invalid Target Context %s\n" % i.tcontext
+ continue
+ if rc == audit2why.BADSCON:
+ print "Invalid Source Context %s\n" % i.scontext
+ continue
+ if rc == audit2why.BADSCON:
+ print "Invalid Type Class %s\n" % i.tclass
+ continue
+ if rc == audit2why.BADPERM:
+ print "Invalid permission %s\n" % i.accesses
+ continue
+ if rc == audit2why. BADCOMPUTE:
+ raise "Error during access vector computation"
+ if rc == audit2why.ALLOW:
+ print "\t\tUnknown - would be allowed by active policy\n",
+ print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
+ print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
+ continue
+ if rc == audit2why.BOOLEAN:
+ if len(bools) > 1:
+ print "\tOne of the following booleans being set incorrectly."
+ for b in bools:
+ print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
+ print "\t# setsebool -P %s %d" % (b[0], b[1])
+ else:
+ print "\tThe boolean %s set incorrectly. Allow access by executing:" % bools[0][0]
+ print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
+
+ continue
+
+ if rc == audit2why.TERULE:
+ print "\t\tMissing or disabled type enforcingment (TE) allow rule.\n"
+ print "\t\tYou can use audit2allow to generate the missing allow rules and/or load policy to allow this access.\n"
+ continue
+
+ if rc == audit2why.CONSTRAINT:
+ print "\t\tConstraint violation.\n"
+ print "\t\tCheck policy/constraints.\n"
+ print "\t\tTypically, you just need to add a type attribute to the domain to satisfy the constraint.\n"
+ continue
+
+ if rc == audit2why.RBAC:
+ print "\t\tMissing role allow rule.\n"
+ print "\t\tAdd allow rule for the role pair.\n"
+ continue
+
+ audit2why.finish()
+ return
+
def __output(self):
+
+ if self.__options.audit2why:
+ return self.__output_audit2why()
+
g = policygen.PolicyGenerator()
if self.__options.module:
@@ -251,6 +323,12 @@
fd = sys.stdout
writer.write(g.get_module(), fd)
+ if len(self.__selinux_errs) > 0:
+ fd.write("\n=========== ROLES ===============\n")
+
+ for role in self.__selinux_errs:
+ fd.write(role.output())
+
def main(self):
try:
self.__parse_options()
Modified: trunk/policycoreutils/audit2allow/audit2allow.1
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow.1 2008-01-23 20:22:37 UTC (rev 2740)
+++ trunk/policycoreutils/audit2allow/audit2allow.1 2008-01-23 20:24:15 UTC (rev 2741)
@@ -24,7 +24,12 @@
.\"
.TH AUDIT2ALLOW "1" "January 2005" "Security Enhanced Linux" NSA
.SH NAME
-audit2allow \- generate SELinux policy allow rules from logs of denied operations
+.BR audit2allow
+ \- generate SELinux policy allow rules from logs of denied operations
+
+.BR audit2why
+ \- translates SELinux audit messages into a description of why the access was denied (audit2allow -w)
+
.SH SYNOPSIS
.B audit2allow
.RI [ options "] "
@@ -65,12 +70,19 @@
.B "\-r" | "\-\-requires"
Generate require output syntax for loadable modules.
.TP
+.B "\-N" | "\-\-noreference"
+Do not generate reference policy, traditional style allow rules.
+.TP
.B "\-R" | "\-\-reference"
-Generate reference policy using installed macros. Requires the selinux-policy-devel package.
+Generate reference policy using installed macros.Default
.TP
.B "\-t " | "\-\-tefile"
Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
.TP
+.B "\-w" | "\-\-why"
+Translates SELinux audit messages into a description of why the access wasn denied
+
+.TP
.B "\-v" | "\-\-verbose"
Turn on verbose output
Modified: trunk/policycoreutils/audit2why/Makefile
===================================================================
--- trunk/policycoreutils/audit2why/Makefile 2008-01-23 20:22:37 UTC (rev 2740)
+++ trunk/policycoreutils/audit2why/Makefile 2008-01-23 20:24:15 UTC (rev 2741)
@@ -1,16 +1,8 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
-INCLUDEDIR ?= ${PREFIX}/include
-
-CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = ${LIBDIR}/libsepol.a -lselinux -L$(LIBDIR)
-
TARGETS=audit2why
all: $(TARGETS)
@@ -18,13 +10,5 @@
install: all
-mkdir -p $(BINDIR)
install -m 755 $(TARGETS) $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 audit2why.8 $(MANDIR)/man8/
-
-clean:
- -rm -f $(TARGETS) *.o
-
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
-relabel:
+ -mkdir -p $(MANDIR)/man1
+ install -m 644 audit2why.1 $(MANDIR)/man1/
Added: trunk/policycoreutils/audit2why/audit2why
===================================================================
--- trunk/policycoreutils/audit2why/audit2why (rev 0)
+++ trunk/policycoreutils/audit2why/audit2why 2008-01-23 20:24:15 UTC (rev 2741)
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/audit2allow -w $*
Added: trunk/policycoreutils/audit2why/audit2why.1
===================================================================
--- trunk/policycoreutils/audit2why/audit2why.1 (rev 0)
+++ trunk/policycoreutils/audit2why/audit2why.1 2008-01-23 20:24:15 UTC (rev 2741)
@@ -0,0 +1 @@
+.so man1/audit2allow.1
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 20:22:39
|
Revision: 2740
http://selinux.svn.sourceforge.net/selinux/?rev=2740&view=rev
Author: ssmalley
Date: 2008-01-23 12:22:37 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Patch to add python audit2why bindings.
Date: Fri, 11 Jan 2008 11:03:54 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Updated policycoreutils will be coming to take advantage of these bindings.
setroubleshoot will also.
import selinux
will work the way it always did, but now you can execute
import selinux.audit2allow as audit2allow
audit2allow.init()
for i in avc:
print audit2allow.analyze(i.scon, i,tcon, i,class, i.access)
audit2allow.finish()
And get the reason for the AVC.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeHk2kACgkQrlYvE4MpobPJHACgqRs9BJ9tKwYSQJUR+AjjqXIF
7foAoLcHRAbEE4GAr9DFWopttFOqd/ra
=rrAB
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/libselinux/src/Makefile
Added Paths:
-----------
trunk/libselinux/src/audit2why.c
Modified: trunk/libselinux/src/Makefile
===================================================================
--- trunk/libselinux/src/Makefile 2008-01-23 14:26:14 UTC (rev 2739)
+++ trunk/libselinux/src/Makefile 2008-01-23 20:22:37 UTC (rev 2740)
@@ -18,6 +18,7 @@
SWIGSO=_selinux.so
SWIGFILES=$(SWIGSO) selinux.py
LIBSO=$(TARGET).$(LIBVERSION)
+AUDIT2WHYSO=audit2why.so
ifeq ($(DISABLE_AVC),y)
UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c
@@ -28,7 +29,7 @@
ifeq ($(DISABLE_RPM),y)
UNUSED_SRCS+=rpm.c
endif
-SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out $(SWIGCOUT),$(wildcard *.c)))
+SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(SWIGCOUT),$(wildcard *.c)))
OBJS= $(patsubst %.c,%.o,$(SRCS))
LOBJS= $(patsubst %.c,%.lo,$(SRCS))
@@ -47,7 +48,7 @@
all: $(LIBA) $(LIBSO)
-pywrap: all $(SWIGSO)
+pywrap: all $(SWIGSO) $(AUDIT2WHYSO)
$(LIBA): $(OBJS)
$(AR) rcs $@ $^
@@ -63,6 +64,12 @@
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
+audit2why.lo: audit2why.c
+ $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+
+$(AUDIT2WHYSO): audit2why.lo
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+
%.o: %.c policy.h
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -83,14 +90,16 @@
cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
install-pywrap: pywrap
- test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
- install -m 755 $(SWIGFILES) $(PYTHONLIBDIR)/site-packages
+ test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
relabel:
/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
clean:
- -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET)
+ -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~
distclean: clean
rm -f $(SWIGCOUT) $(SWIGFILES)
Added: trunk/libselinux/src/audit2why.c
===================================================================
--- trunk/libselinux/src/audit2why.c (rev 0)
+++ trunk/libselinux/src/audit2why.c 2008-01-23 20:22:37 UTC (rev 2740)
@@ -0,0 +1,460 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <errno.h>
+#include <getopt.h>
+#include <limits.h>
+#include <sepol/sepol.h>
+#include <sepol/policydb/services.h>
+#include <Python.h>
+#include <selinux/selinux.h>
+
+#define UNKNOWN -1
+#define BADSCON -2
+#define BADTCON -3
+#define BADTCLASS -4
+#define BADPERM -5
+#define BADCOMPUTE -6
+#define NOPOLICY -7
+#define ALLOW 0
+#define DONTAUDIT 1
+#define TERULE 2
+#define BOOLEAN 3
+#define CONSTRAINT 4
+#define RBAC 5
+
+struct boolean_t {
+ char *name;
+ int active;
+};
+
+static struct boolean_t **boollist = NULL;
+static int boolcnt = 0;
+
+struct avc_t {
+ sepol_handle_t *handle;
+ policydb_t policydb;
+ sepol_security_id_t ssid;
+ sepol_security_id_t tsid;
+ sepol_security_class_t tclass;
+ sepol_access_vector_t av;
+};
+
+static struct avc_t *avc = NULL;
+
+static sidtab_t sidtab;
+
+static int load_booleans(const sepol_bool_t * boolean,
+ void *arg __attribute__ ((__unused__)))
+{
+ boollist[boolcnt] =
+ (struct boolean_t *)malloc(sizeof(struct boolean_t));
+ boollist[boolcnt]->name = strdup(sepol_bool_get_name(boolean));
+ boollist[boolcnt]->active = sepol_bool_get_value(boolean);
+ boolcnt++;
+ return 0;
+}
+
+static int check_booleans(struct avc_t *avc, struct boolean_t ***bools)
+{
+ char errormsg[PATH_MAX];
+ struct sepol_av_decision avd;
+ unsigned int reason;
+ int rc;
+ int i;
+ sepol_bool_key_t *key = NULL;
+ sepol_bool_t *boolean = NULL;
+ int fcnt = 0;
+ int *foundlist = calloc(boolcnt, sizeof(int));
+ if (!foundlist) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return fcnt;
+ }
+ for (i = 0; i < boolcnt; i++) {
+ char *name = boollist[i]->name;
+ int active = boollist[i]->active;
+ rc = sepol_bool_key_create(avc->handle, name, &key);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError,
+ "Could not create boolean key.\n");
+ break;
+ }
+ rc = sepol_bool_query(avc->handle,
+ (sepol_policydb_t *) & avc->policydb,
+ key, &boolean);
+
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not find boolean %s.\n", name);
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+
+ sepol_bool_set_value(boolean, !active);
+
+ rc = sepol_bool_set(avc->handle,
+ (sepol_policydb_t *) & avc->policydb,
+ key, boolean);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not set boolean data %s.\n", name);
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+
+ /* Reproduce the computation. */
+ rc = sepol_compute_av_reason(avc->ssid, avc->tsid, avc->tclass,
+ avc->av, &avd, &reason);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Error during access vector computation, skipping...");
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+
+ sepol_bool_free(boolean);
+ break;
+ } else {
+ if (!reason) {
+ foundlist[fcnt] = i;
+ fcnt++;
+ }
+ sepol_bool_set_value((sepol_bool_t *) boolean, active);
+ rc = sepol_bool_set(avc->handle,
+ (sepol_policydb_t *) & avc->
+ policydb, key,
+ (sepol_bool_t *) boolean);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not set boolean data %s.\n",
+ name);
+
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+ }
+ sepol_bool_free(boolean);
+ sepol_bool_key_free(key);
+ key = NULL;
+ boolean = NULL;
+ }
+ if (key)
+ sepol_bool_key_free(key);
+
+ if (boolean)
+ sepol_bool_free(boolean);
+
+ if (fcnt > 0) {
+ *bools = (struct boolean_t **)
+ calloc(sizeof(struct boolean_t), fcnt + 1);
+ struct boolean_t *b = (struct boolean_t *) *bools;
+ for (i = 0; i < fcnt; i++) {
+ int ctr = foundlist[i];
+ b[i].name = strdup(boollist[ctr]->name);
+ b[i].active = !boollist[ctr]->active;
+ }
+ }
+ free(foundlist);
+ return fcnt;
+}
+
+static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args) {
+ PyObject *result = 0;
+
+ if (PyArg_ParseTuple(args,(char *)":finish")) {
+ int i = 0;
+ for (i = 0; i < boolcnt; i++) {
+ free(boollist[i]->name);
+ free(boollist[i]);
+ }
+ free(boollist);
+ sepol_sidtab_shutdown(&sidtab);
+ sepol_sidtab_destroy(&sidtab);
+ policydb_destroy(&avc->policydb);
+ sepol_handle_destroy(avc->handle);
+ free(avc);
+ avc = NULL;
+ boollist = NULL;
+ boolcnt = 0;
+
+ /* Boilerplate to return "None" */
+ Py_RETURN_NONE;
+ }
+ return result;
+}
+
+
+static int __policy_init(const char *init_path)
+{
+ FILE *fp;
+ int vers = 0;
+ char path[PATH_MAX];
+ char errormsg[PATH_MAX];
+ struct policy_file pf;
+ int rc;
+ unsigned int cnt;
+
+ if (init_path) {
+ strncpy(path, init_path, PATH_MAX);
+ fp = fopen(path, "r");
+ if (!fp) {
+ snprintf(errormsg, sizeof(errormsg),
+ "unable to open %s: %s\n",
+ path, strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 0; // trigger exception
+ }
+ } else {
+ vers = security_policyvers();
+ if (vers < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not get policy version: %s\n",
+ strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 1;
+ }
+ snprintf(path, PATH_MAX, "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fp = fopen(path, "r");
+ while (!fp && errno == ENOENT && --vers) {
+ snprintf(path, PATH_MAX, "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fp = fopen(path, "r");
+ }
+ if (!fp) {
+ snprintf(errormsg, sizeof(errormsg),
+ "unable to open %s.%d: %s\n",
+ selinux_binary_policy_path(),
+ security_policyvers(), strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 1;
+ }
+ }
+
+ avc = calloc(sizeof(struct avc_t), 1);
+ if (!avc) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return 1;
+ }
+
+ /* Set up a policydb directly so that we can mutate it later
+ for booleans and user settings. Otherwise we would just use
+ sepol_set_policydb_from_file() here. */
+ pf.fp = fp;
+ pf.type = PF_USE_STDIO;
+ if (policydb_init(&avc->policydb)) {
+ snprintf(errormsg, sizeof(errormsg),
+ "policydb_init failed: %s\n", strerror(errno));
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ fclose(fp);
+ return 1;
+ }
+ if (policydb_read(&avc->policydb, &pf, 0)) {
+ snprintf(errormsg, sizeof(errormsg),
+ "invalid binary policy %s\n", path);
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ fclose(fp);
+ return 1;
+ }
+ fclose(fp);
+ sepol_set_policydb(&avc->policydb);
+ if (!init_path) {
+ /* If they didn't specify a full path of a binary policy file,
+ then also try loading any boolean settings and user
+ definitions from the active locations. Otherwise,
+ they can use genpolbools and genpolusers to build a
+ binary policy file that includes any desired settings
+ and then apply audit2why -p to the resulting file.
+ Errors are non-fatal as such settings are optional. */
+ sepol_debug(0);
+ (void)sepol_genbools_policydb(&avc->policydb,
+ selinux_booleans_path());
+ (void)sepol_genusers_policydb(&avc->policydb,
+ selinux_users_path());
+ }
+ avc->handle = sepol_handle_create();
+
+ rc = sepol_bool_count(avc->handle,
+ (sepol_policydb_t *) & avc->policydb, &cnt);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError, "unable to get bool count\n");
+ return 1;
+ }
+
+ boollist = calloc(cnt, sizeof(struct boolean_t));
+ if (!boollist) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return 1;
+ }
+
+ sepol_bool_iterate(avc->handle,
+ (const sepol_policydb_t *)&avc->policydb,
+ load_booleans, (void *)NULL);
+
+ /* Initialize the sidtab for subsequent use by sepol_context_to_sid
+ and sepol_compute_av_reason. */
+ rc = sepol_sidtab_init(&sidtab);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError, "unable to init sidtab\n");
+ free(boollist);
+ return 1;
+ }
+ sepol_set_sidtab(&sidtab);
+ return 0;
+}
+
+static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
+ int result;
+ char *init_path=NULL;
+ if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
+ result = __policy_init(init_path);
+ return Py_BuildValue("i", result);
+}
+
+#define RETURN(X) \
+ PyTuple_SetItem(result, 0, Py_BuildValue("i", X)); \
+ return result;
+
+static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args) {
+ security_context_t scon;
+ security_context_t tcon;
+ char *tclassstr;
+ PyObject *listObj;
+ PyObject *strObj;
+ int numlines;
+ struct boolean_t **bools;
+ unsigned int reason;
+ sepol_security_id_t ssid, tsid;
+ sepol_security_class_t tclass;
+ sepol_access_vector_t perm, av;
+ struct sepol_av_decision avd;
+ int rc;
+ int i=0;
+ PyObject *result = PyTuple_New(2);
+ if (!result) return NULL;
+ Py_INCREF(Py_None);
+ PyTuple_SetItem(result, 1, Py_None);
+
+ if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj))
+ return NULL;
+
+ /* get the number of lines passed to us */
+ numlines = PyList_Size(listObj);
+
+ /* should raise an error here. */
+ if (numlines < 0) return NULL; /* Not a list */
+
+ if (!avc) {
+ RETURN(NOPOLICY)
+ }
+
+ rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
+ if (rc < 0) {
+ RETURN(BADSCON)
+ }
+ rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
+ if (rc < 0) {
+ RETURN(BADTCON)
+ }
+ tclass = string_to_security_class(tclassstr);
+ if (!tclass) {
+ RETURN(BADTCLASS)
+ }
+ /* Convert the permission list to an AV. */
+ av = 0;
+
+ /* iterate over items of the list, grabbing strings, and parsing
+ for numbers */
+ for (i=0; i<numlines; i++){
+ char *permstr;
+
+ /* grab the string object from the next element of the list */
+ strObj = PyList_GetItem(listObj, i); /* Can't fail */
+
+ /* make it a string */
+ permstr = PyString_AsString( strObj );
+
+ perm = string_to_av_perm(tclass, permstr);
+ if (!perm) {
+ RETURN(BADPERM)
+ }
+ av |= perm;
+ }
+
+ /* Reproduce the computation. */
+ rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd, &reason);
+ if (rc < 0) {
+ RETURN(BADCOMPUTE)
+ }
+
+ if (!reason) {
+ RETURN(ALLOW)
+ }
+ if (reason & SEPOL_COMPUTEAV_TE) {
+ avc->ssid = ssid;
+ avc->tsid = tsid;
+ avc->tclass = tclass;
+ avc->av = av;
+ if (check_booleans(avc, &bools) == 0) {
+ if (av & ~avd.auditdeny) {
+ RETURN(DONTAUDIT)
+ } else {
+ RETURN(TERULE)
+ }
+ } else {
+ PyTuple_SetItem(result, 0, Py_BuildValue("i", BOOLEAN));
+ struct boolean_t *b=(struct boolean_t *) bools;
+ int len=0;
+ while (b->name) {
+ len++; b++;
+ }
+ b = (struct boolean_t *) bools;
+ PyObject *boollist = PyTuple_New(len);
+ len=0;
+ while(b->name) {
+ PyObject *bool = Py_BuildValue("(si)", b->name, b->active);
+ PyTuple_SetItem(boollist, len++, bool);
+ b++;
+ }
+ free(bools);
+ PyTuple_SetItem(result, 1, boollist);
+ return result;
+ }
+ }
+
+ if (reason & SEPOL_COMPUTEAV_CONS) {
+ RETURN(CONSTRAINT);
+ }
+
+ if (reason & SEPOL_COMPUTEAV_RBAC) {
+ RETURN(RBAC)
+ }
+ RETURN(BADCOMPUTE)
+}
+
+static PyMethodDef audit2whyMethods[] = {
+ {"init", init, METH_VARARGS,
+ "Initialize policy database."},
+ {"analyze", analyze, METH_VARARGS,
+ "Analyze AVC."},
+ {"finish", finish, METH_VARARGS,
+ "Finish using policy, free memory."},
+ {NULL, NULL, 0, NULL} /* Sentinel */
+};
+
+PyMODINIT_FUNC
+initaudit2why(void)
+{
+ PyObject *m = Py_InitModule("audit2why", audit2whyMethods);
+ PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN);
+ PyModule_AddIntConstant(m,"BADSCON", BADSCON);
+ PyModule_AddIntConstant(m,"BADTCON", BADTCON);
+ PyModule_AddIntConstant(m,"BADTCLASS", BADTCLASS);
+ PyModule_AddIntConstant(m,"BADPERM", BADPERM);
+ PyModule_AddIntConstant(m,"BADCOMPUTE", BADCOMPUTE);
+ PyModule_AddIntConstant(m,"NOPOLICY", NOPOLICY);
+ PyModule_AddIntConstant(m,"ALLOW", ALLOW);
+ PyModule_AddIntConstant(m,"DONTAUDIT", DONTAUDIT);
+ PyModule_AddIntConstant(m,"TERULE", TERULE);
+ PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN);
+ PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT);
+ PyModule_AddIntConstant(m,"RBAC", RBAC);
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 14:26:15
|
Revision: 2739
http://selinux.svn.sourceforge.net/selinux/?rev=2739&view=rev
Author: ssmalley
Date: 2008-01-23 06:26:14 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.36
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-23 14:25:22 UTC (rev 2738)
+++ trunk/policycoreutils/ChangeLog 2008-01-23 14:26:14 UTC (rev 2739)
@@ -1,3 +1,6 @@
+2.0.36 2008-01-23
+ * Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
+
2.0.35 2007-12-21
* Merged support for non-interactive newrole command invocation from Tim Reed.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-23 14:25:22 UTC (rev 2738)
+++ trunk/policycoreutils/VERSION 2008-01-23 14:26:14 UTC (rev 2739)
@@ -1 +1 @@
-2.0.35
+2.0.36
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 14:25:23
|
Revision: 2738
http://selinux.svn.sourceforge.net/selinux/?rev=2738&view=rev
Author: ssmalley
Date: 2008-01-23 06:25:22 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
updated sepolgen to version 1.0.11
Modified Paths:
--------------
trunk/sepolgen/ChangeLog
trunk/sepolgen/VERSION
Modified: trunk/sepolgen/ChangeLog
===================================================================
--- trunk/sepolgen/ChangeLog 2008-01-23 14:23:57 UTC (rev 2737)
+++ trunk/sepolgen/ChangeLog 2008-01-23 14:25:22 UTC (rev 2738)
@@ -1,3 +1,6 @@
+1.0.11 2008-01-23
+ * Merged sepolgen fixes from Dan Walsh.
+
1.0.10 2007-09-10
* Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan.
* Suppress generation of rules for non-denials from Karl MacMillan (take 3).
Modified: trunk/sepolgen/VERSION
===================================================================
--- trunk/sepolgen/VERSION 2008-01-23 14:23:57 UTC (rev 2737)
+++ trunk/sepolgen/VERSION 2008-01-23 14:25:22 UTC (rev 2738)
@@ -1 +1 @@
-1.0.10
+1.0.11
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 14:23:58
|
Revision: 2737
http://selinux.svn.sourceforge.net/selinux/?rev=2737&view=rev
Author: ssmalley
Date: 2008-01-23 06:23:57 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
updated libselinux to version 2.0.48
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-01-23 14:19:47 UTC (rev 2736)
+++ trunk/libselinux/ChangeLog 2008-01-23 14:23:57 UTC (rev 2737)
@@ -1,3 +1,6 @@
+2.0.48 2008-01-23
+ * Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
+
2.0.47 2007-12-21
* Fix for the avc: granted null message bug from Stephen Smalley.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-01-23 14:19:47 UTC (rev 2736)
+++ trunk/libselinux/VERSION 2008-01-23 14:23:57 UTC (rev 2737)
@@ -1 +1 @@
-2.0.47
+2.0.48
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 14:19:51
|
Revision: 2736
http://selinux.svn.sourceforge.net/selinux/?rev=2736&view=rev
Author: ssmalley
Date: 2008-01-23 06:19:47 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Fixes for policycoreutils scripts
Date: Fri, 11 Jan 2008 16:20:14 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Remove python hack to handle lanquage translations on errors. Python
works properly now.
Fix fixfiles to handle multiple inputs on the command line correctly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeH3Y0ACgkQrlYvE4MpobO5HwCg6xLhCuOPYY0NBIVa8XCa/rYN
+t8An3eqHjDNSsGhN9hAEoULsyiWkAqo
=Oasn
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/policycoreutils/scripts/chcat
trunk/policycoreutils/scripts/fixfiles
trunk/policycoreutils/semanage/semanage
Modified: trunk/policycoreutils/scripts/chcat
===================================================================
--- trunk/policycoreutils/scripts/chcat 2008-01-23 14:18:22 UTC (rev 2735)
+++ trunk/policycoreutils/scripts/chcat 2008-01-23 14:19:47 UTC (rev 2736)
@@ -25,10 +25,6 @@
import commands, sys, os, pwd, string, getopt, selinux
import seobject
import gettext
-import codecs
-import locale
-sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
try:
gettext.install('policycoreutils')
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2008-01-23 14:18:22 UTC (rev 2735)
+++ trunk/policycoreutils/scripts/fixfiles 2008-01-23 14:19:47 UTC (rev 2736)
@@ -126,17 +126,15 @@
done
exit $?
fi
-if [ ! -z "$DIRS" ]; then
+if [ ! -z "$FILEPATH" ]; then
if [ -x /usr/bin/find ]; then
- for d in ${DIRS} ; do find $d \
+ /usr/bin/find "$FILEPATH" \
! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
- done
else
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>&1 >> $LOGFILE
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
fi
-
- exit $?
+ return
fi
LogReadOnly
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
@@ -173,6 +171,20 @@
fi
}
+process() {
+#
+# Make sure they specified one of the three valid commands
+#
+case "$1" in
+ restore) restore -p ;;
+ check) restore -n -v;;
+ verify) restore -n -o -;;
+ relabel) relabel;;
+ *)
+ usage
+ exit 1
+esac
+}
usage() {
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
echo or
@@ -229,22 +241,19 @@
shift 1
if [ ! -z "$RPMFILES" ]; then
+ process $command
if [ $# -gt 0 ]; then
usage
fi
else
- DIRS=$*
+ if [ -z "$1" ]; then
+ process $command
+ else
+ while [ -n "$1" ]; do
+ FILEPATH=$1
+ process $command
+ shift
+ done
+ fi
fi
-
-#
-# Make sure they specified one of the three valid commands
-#
-case "$command" in
- restore) restore -p ;;
- check) restore -n -v ;;
- verify) restore -n -o -;;
- relabel) relabel;;
- *)
- usage
- exit 1
-esac
+exit $?
Modified: trunk/policycoreutils/semanage/semanage
===================================================================
--- trunk/policycoreutils/semanage/semanage 2008-01-23 14:18:22 UTC (rev 2735)
+++ trunk/policycoreutils/semanage/semanage 2008-01-23 14:19:47 UTC (rev 2736)
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005 Red Hat
+# Copyright (C) 2005, 2006, 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# semanage is a tool for managing SELinux configuration files
@@ -28,10 +28,6 @@
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
-import codecs
-import locale
-sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
try:
gettext.install(PROGNAME,
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 14:18:23
|
Revision: 2735
http://selinux.svn.sourceforge.net/selinux/?rev=2735&view=rev
Author: ssmalley
Date: 2008-01-23 06:18:22 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: policycoreutils patch
Date: Fri, 11 Jan 2008 16:15:38 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Make sepolgen-ifgen return errors.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeH3HkACgkQrlYvE4MpobNe3ACeN095D7eEMgV1K6YlWMtXX1ck
6JoAniapk+chTq3cOQ3kqWZbvYhwEAAf
=Eslh
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/sepolgen-ifgen
Modified: trunk/policycoreutils/audit2allow/sepolgen-ifgen
===================================================================
--- trunk/policycoreutils/audit2allow/sepolgen-ifgen 2008-01-23 14:13:23 UTC (rev 2734)
+++ trunk/policycoreutils/audit2allow/sepolgen-ifgen 2008-01-23 14:18:22 UTC (rev 2735)
@@ -80,7 +80,10 @@
if_set.to_file(f)
f.close()
- return 0
+ if refparser.success:
+ return 0
+ else:
+ return 1
if __name__ == "__main__":
sys.exit(main())
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 14:13:24
|
Revision: 2734
http://selinux.svn.sourceforge.net/selinux/?rev=2734&view=rev
Author: ssmalley
Date: 2008-01-23 06:13:23 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Patch to improve sepopolgen error reporting
Date: Fri, 11 Jan 2008 16:22:56 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Resent minus patch for blacklist.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeH3i8ACgkQrlYvE4MpobNQKwCgoJ2EgHctehpYyJSHQb5uxgud
YdoAoNV7KfTw6DopBWUlXjqjo2A5QmcS
=T56w
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/sepolgen/src/sepolgen/audit.py
trunk/sepolgen/src/sepolgen/refparser.py
Modified: trunk/sepolgen/src/sepolgen/audit.py
===================================================================
--- trunk/sepolgen/src/sepolgen/audit.py 2008-01-23 13:59:29 UTC (rev 2733)
+++ trunk/sepolgen/src/sepolgen/audit.py 2008-01-23 14:13:23 UTC (rev 2734)
@@ -32,7 +32,7 @@
string contain all of the audit messages returned by ausearch.
"""
import subprocess
- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START"],
+ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
stdout=subprocess.PIPE).communicate()[0]
return output
@@ -251,7 +251,9 @@
self.type = refpolicy.SecurityContext(dict["tcontext"]).type
except:
raise ValueError("Split string does not represent a valid compute sid message")
-
+ def output(self):
+ return "role %s types %s;\n" % (self.role, self.type)
+
# Parser for audit messages
class AuditParser:
@@ -402,6 +404,26 @@
self.__parse(l)
self.__post_process()
+ def to_role(self, role_filter=None):
+ """Return list of SELINUX_ERR messages matching the specified filter
+
+ Filter out types that match the filer, or all roles
+
+ Params:
+ role_filter - [optional] Filter object used to filter the
+ output.
+ Returns:
+ Access vector set representing the denied access in the
+ audit logs parsed by this object.
+ """
+ roles = []
+ if role_filter:
+ for selinux_err in self.compute_sid_msgs:
+ if role_filter.filter(selinux_err):
+ roles.append(selinux_err)
+ return roles
+ return self.compute_sid_msgs
+
def to_access(self, avc_filter=None, only_denials=True):
"""Convert the audit logs access into a an access vector set.
Modified: trunk/sepolgen/src/sepolgen/refparser.py
===================================================================
--- trunk/sepolgen/src/sepolgen/refparser.py 2008-01-23 13:59:29 UTC (rev 2733)
+++ trunk/sepolgen/src/sepolgen/refparser.py 2008-01-23 14:13:23 UTC (rev 2734)
@@ -118,6 +118,7 @@
'TEMPLATE',
'GEN_CONTEXT',
# m4
+ 'IFELSE',
'IFDEF',
'IFNDEF',
'DEFINE'
@@ -174,6 +175,7 @@
'template' : 'TEMPLATE',
'gen_context' : 'GEN_CONTEXT',
# M4
+ 'ifelse' : 'IFELSE',
'ifndef' : 'IFNDEF',
'ifdef' : 'IFDEF',
'define' : 'DEFINE'
@@ -220,6 +222,12 @@
# Ignore all comments
t.lexer.lineno += 1
+def t_refpolicywarn1(t):
+ r'define.*refpolicywarn\(.*\n'
+ # Ignore refpolicywarn statements - they sometimes
+ # contain text that we can't parse.
+ t.skip(1)
+
def t_refpolicywarn(t):
r'refpolicywarn\(.*\n'
# Ignore refpolicywarn statements - they sometimes
@@ -258,10 +266,12 @@
m = None
# error is either None (indicating no error) or a string error message.
error = None
+parse_file = ""
# spt is the support macros (e.g., obj/perm sets) - it is an instance of
# refpolicy.SupportMacros and should always be present during parsing
# though it may not contain any macros.
spt = None
+success=True
# utilities
def collect(stmts, parent, val=None):
@@ -382,6 +392,19 @@
collect(p[12], x, val=False)
p[0] = [x]
+def p_ifelse(p):
+ '''ifelse : IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
+ | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
+ '''
+# x = refpolicy.IfDef(p[4])
+# v = True
+# collect(p[8], x, val=v)
+# if len(p) > 12:
+# collect(p[12], x, val=False)
+# p[0] = [x]
+ pass
+
+
def p_ifdef(p):
'''ifdef : IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
| IFNDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
@@ -446,6 +469,7 @@
| optional_policy
| tunable_policy
| ifdef
+ | ifelse
| conditional
'''
p[0] = p[1]
@@ -844,8 +868,11 @@
def p_error(tok):
global error
- error = "Syntax error on line %d %s [type=%s]" % (tok.lineno, tok.value, tok.type)
+ global parse_file
+ global success
+ error = "%s: Syntax error on line %d %s [type=%s]" % (parse_file, tok.lineno, tok.value, tok.type)
print error
+ success = False
def prep_spt(spt):
if not spt:
@@ -941,12 +968,14 @@
output.write(msg)
def parse_file(f, module, spt=None):
+ global parse_file
if debug:
o("parsing file %s\n" % f)
try:
fd = open(f)
txt = fd.read()
fd.close()
+ parse_file = f
parse(txt, module, spt, debug)
except IOError, e:
return
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 13:59:35
|
Revision: 2733
http://selinux.svn.sourceforge.net/selinux/?rev=2733&view=rev
Author: ssmalley
Date: 2008-01-23 05:59:29 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Swig patch for libselinux to stop warning messages and update to latest swig
Date: Fri, 11 Jan 2008 13:59:53 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Todd Miller wrote:
> Is "security_contextx_t" a typo?
>
> - todd
Yes, And I don't think we need that line. It was added for something
else I was attempting and no longer do. (obviously.)
Updated patch.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeHvKgACgkQrlYvE4MpobMVlQCg1L3TYAU1qbrnemuFhz5bgRTQ
eXgAn3462Yl1VgldAuUIxDiqf+TSHBv0
=l+ts
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/libselinux/src/selinuxswig.i
trunk/libselinux/src/selinuxswig_wrap.c
Modified: trunk/libselinux/src/selinuxswig.i
===================================================================
--- trunk/libselinux/src/selinuxswig.i 2008-01-23 13:47:32 UTC (rev 2732)
+++ trunk/libselinux/src/selinuxswig.i 2008-01-23 13:59:29 UTC (rev 2733)
@@ -5,6 +5,9 @@
%module selinux
%{
#include "selinux/selinux.h"
+ #include "../include/selinux/selinux.h"
+ #include "../include/selinux/get_default_type.h"
+ #include "../include/selinux/get_context_list.h"
%}
%apply int *OUTPUT { int *enforce };
%apply int *OUTPUT { size_t * };
Modified: trunk/libselinux/src/selinuxswig_wrap.c
===================================================================
--- trunk/libselinux/src/selinuxswig_wrap.c 2008-01-23 13:47:32 UTC (rev 2732)
+++ trunk/libselinux/src/selinuxswig_wrap.c 2008-01-23 13:59:29 UTC (rev 2733)
@@ -2503,6 +2503,9 @@
#include "selinux/selinux.h"
+ #include "../include/selinux/selinux.h"
+ #include "../include/selinux/get_default_type.h"
+ #include "../include/selinux/get_context_list.h"
#define SWIG_From_long PyInt_FromLong
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 13:47:35
|
Revision: 2732
http://selinux.svn.sourceforge.net/selinux/?rev=2732&view=rev
Author: ssmalley
Date: 2008-01-23 05:47:32 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: TypeError: in method 'getpidcon', argument 1 of type 'pid_t'
Date: Tue, 08 Jan 2008 05:15:48 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stephen Smalley wrote:
> On Mon, 2008-01-07 at 10:08 -0600, Xavier Toth wrote:
>> import selinux
>> import os
>>
>> pid = os.getpid()
>> print "Type of pid ", type(pid)
>> (ret,con) = selinux.getpidcon(pid)
>> type = con.split(":", 4)
>> print type
>>
>> Running this script results in:
>>
>> Type of pid <type 'int'>
>> Traceback (most recent call last):
>> File "test.py", line 8, in <module>
>> (ret,con) = selinux.getpidcon(pid)
>> TypeError: in method 'getpidcon', argument 1 of type 'pid_t'
>>
>> How do I make a pid_t in python? Or is the swig broke?
>
> Possibly we need a typemap for it in the python binding?
>
Patch to add pid_t typemap
Modified Paths:
--------------
trunk/libselinux/src/selinux.py
trunk/libselinux/src/selinuxswig.i
trunk/libselinux/src/selinuxswig_wrap.c
Modified: trunk/libselinux/src/selinux.py
===================================================================
--- trunk/libselinux/src/selinux.py 2008-01-21 15:42:48 UTC (rev 2731)
+++ trunk/libselinux/src/selinux.py 2008-01-23 13:47:32 UTC (rev 2732)
@@ -1,5 +1,5 @@
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.31
+# Version 1.3.33
#
# Don't modify this file, modify the SWIG interface instead.
# This file is compatible with both classic and new-style classes.
Modified: trunk/libselinux/src/selinuxswig.i
===================================================================
--- trunk/libselinux/src/selinuxswig.i 2008-01-21 15:42:48 UTC (rev 2731)
+++ trunk/libselinux/src/selinuxswig.i 2008-01-23 13:47:32 UTC (rev 2732)
@@ -10,6 +10,7 @@
%apply int *OUTPUT { size_t * };
%typedef unsigned mode_t;
+%typedef unsigned pid_t;
%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) {
$1 = &temp1;
Modified: trunk/libselinux/src/selinuxswig_wrap.c
===================================================================
--- trunk/libselinux/src/selinuxswig_wrap.c 2008-01-21 15:42:48 UTC (rev 2731)
+++ trunk/libselinux/src/selinuxswig_wrap.c 2008-01-23 13:47:32 UTC (rev 2732)
@@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
- * Version 1.3.31
+ * Version 1.3.33
*
* This file is not intended to be easily readable and contains a number of
* coding conventions designed to improve portability and efficiency. Do not make
@@ -17,14 +17,14 @@
/* template workaround for compilers that cannot correctly implement the C++ standard */
#ifndef SWIGTEMPLATEDISAMBIGUATOR
-# if defined(__SUNPRO_CC)
-# if (__SUNPRO_CC <= 0x560)
-# define SWIGTEMPLATEDISAMBIGUATOR template
-# else
-# define SWIGTEMPLATEDISAMBIGUATOR
-# endif
+# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560)
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# elif defined(__HP_aCC)
+/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */
+/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */
+# define SWIGTEMPLATEDISAMBIGUATOR template
# else
-# define SWIGTEMPLATEDISAMBIGUATOR
+# define SWIGTEMPLATEDISAMBIGUATOR
# endif
#endif
@@ -107,7 +107,13 @@
# define _CRT_SECURE_NO_DEPRECATE
#endif
+/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */
+#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE)
+# define _SCL_SECURE_NO_DEPRECATE
+#endif
+
+
/* Python.h has to appear first */
#include <Python.h>
@@ -343,7 +349,7 @@
while ((*f2 == ' ') && (f2 != l2)) ++f2;
if (*f1 != *f2) return (*f1 > *f2) ? 1 : -1;
}
- return (l1 - f1) - (l2 - f2);
+ return (int)((l1 - f1) - (l2 - f2));
}
/*
@@ -1090,14 +1096,14 @@
/* Unpack the argument tuple */
SWIGINTERN int
-SWIG_Python_UnpackTuple(PyObject *args, const char *name, int min, int max, PyObject **objs)
+SWIG_Python_UnpackTuple(PyObject *args, const char *name, Py_ssize_t min, Py_ssize_t max, PyObject **objs)
{
if (!args) {
if (!min && !max) {
return 1;
} else {
PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got none",
- name, (min == max ? "" : "at least "), min);
+ name, (min == max ? "" : "at least "), (int)min);
return 0;
}
}
@@ -1105,14 +1111,14 @@
PyErr_SetString(PyExc_SystemError, "UnpackTuple() argument list is not a tuple");
return 0;
} else {
- register int l = PyTuple_GET_SIZE(args);
+ register Py_ssize_t l = PyTuple_GET_SIZE(args);
if (l < min) {
PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
- name, (min == max ? "" : "at least "), min, l);
+ name, (min == max ? "" : "at least "), (int)min, (int)l);
return 0;
} else if (l > max) {
PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
- name, (min == max ? "" : "at most "), max, l);
+ name, (min == max ? "" : "at most "), (int)max, (int)l);
return 0;
} else {
register int i;
@@ -1591,9 +1597,11 @@
(unaryfunc)0, /*nb_float*/
(unaryfunc)PySwigObject_oct, /*nb_oct*/
(unaryfunc)PySwigObject_hex, /*nb_hex*/
-#if PY_VERSION_HEX >= 0x02020000
- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
-#elif PY_VERSION_HEX >= 0x02000000
+#if PY_VERSION_HEX >= 0x02050000 /* 2.5.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_index */
+#elif PY_VERSION_HEX >= 0x02020000 /* 2.2.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
+#elif PY_VERSION_HEX >= 0x02000000 /* 2.0.0 */
0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_or */
#endif
};
@@ -2458,14 +2466,13 @@
#define SWIGTYPE_p_int swig_types[7]
#define SWIGTYPE_p_p_char swig_types[8]
#define SWIGTYPE_p_p_p_char swig_types[9]
-#define SWIGTYPE_p_pid_t swig_types[10]
-#define SWIGTYPE_p_security_class_mapping swig_types[11]
-#define SWIGTYPE_p_selinux_callback swig_types[12]
-#define SWIGTYPE_p_selinux_opt swig_types[13]
-#define SWIGTYPE_p_unsigned_int swig_types[14]
-#define SWIGTYPE_p_unsigned_short swig_types[15]
-static swig_type_info *swig_types[17];
-static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
+#define SWIGTYPE_p_security_class_mapping swig_types[10]
+#define SWIGTYPE_p_selinux_callback swig_types[11]
+#define SWIGTYPE_p_selinux_opt swig_types[12]
+#define SWIGTYPE_p_unsigned_int swig_types[13]
+#define SWIGTYPE_p_unsigned_short swig_types[14]
+static swig_type_info *swig_types[16];
+static swig_module_info swig_module = {swig_types, 15, 0, 0, 0, 0};
#define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
#define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
@@ -2484,7 +2491,7 @@
#define SWIG_name "_selinux"
-#define SWIGVERSION 0x010331
+#define SWIGVERSION 0x010333
#define SWIG_VERSION SWIGVERSION
@@ -2577,15 +2584,13 @@
#include <limits.h>
-#ifndef LLONG_MIN
-# define LLONG_MIN LONG_LONG_MIN
+#if !defined(SWIG_NO_LLONG_MAX)
+# if !defined(LLONG_MAX) && defined(__GNUC__) && defined (__LONG_LONG_MAX__)
+# define LLONG_MAX __LONG_LONG_MAX__
+# define LLONG_MIN (-LLONG_MAX - 1LL)
+# define ULLONG_MAX (LLONG_MAX * 2ULL + 1ULL)
+# endif
#endif
-#ifndef LLONG_MAX
-# define LLONG_MAX LONG_LONG_MAX
-#endif
-#ifndef ULLONG_MAX
-# define ULLONG_MAX ULONG_LONG_MAX
-#endif
SWIGINTERN int
@@ -2669,13 +2674,18 @@
SWIGINTERN int
-SWIG_AsVal_long (PyObject *obj, long* val)
+SWIG_AsVal_unsigned_SS_long (PyObject *obj, unsigned long *val)
{
if (PyInt_Check(obj)) {
- if (val) *val = PyInt_AsLong(obj);
- return SWIG_OK;
+ long v = PyInt_AsLong(obj);
+ if (v >= 0) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ return SWIG_OverflowError;
+ }
} else if (PyLong_Check(obj)) {
- long v = PyLong_AsLong(obj);
+ unsigned long v = PyLong_AsUnsignedLong(obj);
if (!PyErr_Occurred()) {
if (val) *val = v;
return SWIG_OK;
@@ -2686,7 +2696,7 @@
#ifdef SWIG_PYTHON_CAST_MODE
{
int dispatch = 0;
- long v = PyInt_AsLong(obj);
+ unsigned long v = PyLong_AsUnsignedLong(obj);
if (!PyErr_Occurred()) {
if (val) *val = v;
return SWIG_AddCast(SWIG_OK);
@@ -2696,8 +2706,8 @@
if (!dispatch) {
double d;
int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d));
- if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, LONG_MIN, LONG_MAX)) {
- if (val) *val = (long)(d);
+ if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, 0, ULONG_MAX)) {
+ if (val) *val = (unsigned long)(d);
return res;
}
}
@@ -2708,15 +2718,15 @@
SWIGINTERN int
-SWIG_AsVal_int (PyObject * obj, int *val)
+SWIG_AsVal_unsigned_SS_int (PyObject * obj, unsigned int *val)
{
- long v;
- int res = SWIG_AsVal_long (obj, &v);
+ unsigned long v;
+ int res = SWIG_AsVal_unsigned_SS_long (obj, &v);
if (SWIG_IsOK(res)) {
- if ((v < INT_MIN || v > INT_MAX)) {
+ if ((v > UINT_MAX)) {
return SWIG_OverflowError;
} else {
- if (val) *val = (int)(v);
+ if (val) *val = (unsigned int)(v);
}
}
return res;
@@ -2724,18 +2734,13 @@
SWIGINTERN int
-SWIG_AsVal_unsigned_SS_long (PyObject *obj, unsigned long *val)
+SWIG_AsVal_long (PyObject *obj, long* val)
{
if (PyInt_Check(obj)) {
- long v = PyInt_AsLong(obj);
- if (v >= 0) {
- if (val) *val = v;
- return SWIG_OK;
- } else {
- return SWIG_OverflowError;
- }
+ if (val) *val = PyInt_AsLong(obj);
+ return SWIG_OK;
} else if (PyLong_Check(obj)) {
- unsigned long v = PyLong_AsUnsignedLong(obj);
+ long v = PyLong_AsLong(obj);
if (!PyErr_Occurred()) {
if (val) *val = v;
return SWIG_OK;
@@ -2746,7 +2751,7 @@
#ifdef SWIG_PYTHON_CAST_MODE
{
int dispatch = 0;
- unsigned long v = PyLong_AsUnsignedLong(obj);
+ long v = PyInt_AsLong(obj);
if (!PyErr_Occurred()) {
if (val) *val = v;
return SWIG_AddCast(SWIG_OK);
@@ -2756,8 +2761,8 @@
if (!dispatch) {
double d;
int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d));
- if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, 0, ULONG_MAX)) {
- if (val) *val = (unsigned long)(d);
+ if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, LONG_MIN, LONG_MAX)) {
+ if (val) *val = (long)(d);
return res;
}
}
@@ -2768,15 +2773,15 @@
SWIGINTERN int
-SWIG_AsVal_unsigned_SS_int (PyObject * obj, unsigned int *val)
+SWIG_AsVal_int (PyObject * obj, int *val)
{
- unsigned long v;
- int res = SWIG_AsVal_unsigned_SS_long (obj, &v);
+ long v;
+ int res = SWIG_AsVal_long (obj, &v);
if (SWIG_IsOK(res)) {
- if ((v > UINT_MAX)) {
+ if ((v < INT_MIN || v > INT_MAX)) {
return SWIG_OverflowError;
} else {
- if (val) *val = (unsigned int)(v);
+ if (val) *val = (int)(v);
}
}
return res;
@@ -2986,24 +2991,18 @@
pid_t arg1 ;
security_context_t *arg2 = (security_context_t *) 0 ;
int result;
- void *argp1 ;
- int res1 = 0 ;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
security_context_t temp2 = 0 ;
PyObject * obj0 = 0 ;
arg2 = &temp2;
if (!PyArg_ParseTuple(args,(char *)"O:getpidcon",&obj0)) SWIG_fail;
- {
- res1 = SWIG_ConvertPtr(obj0, &argp1, SWIGTYPE_p_pid_t, 0 );
- if (!SWIG_IsOK(res1)) {
- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getpidcon" "', argument " "1"" of type '" "pid_t""'");
- }
- if (!argp1) {
- SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in method '" "getpidcon" "', argument " "1"" of type '" "pid_t""'");
- } else {
- arg1 = *((pid_t *)(argp1));
- }
- }
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpidcon" "', argument " "1"" of type '" "pid_t""'");
+ }
+ arg1 = (pid_t)(val1);
result = (int)getpidcon(arg1,arg2);
resultobj = SWIG_From_int((int)(result));
if (*arg2) {
@@ -3025,24 +3024,18 @@
pid_t arg1 ;
security_context_t *arg2 = (security_context_t *) 0 ;
int result;
- void *argp1 ;
- int res1 = 0 ;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
security_context_t temp2 = 0 ;
PyObject * obj0 = 0 ;
arg2 = &temp2;
if (!PyArg_ParseTuple(args,(char *)"O:getpidcon_raw",&obj0)) SWIG_fail;
- {
- res1 = SWIG_ConvertPtr(obj0, &argp1, SWIGTYPE_p_pid_t, 0 );
- if (!SWIG_IsOK(res1)) {
- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getpidcon_raw" "', argument " "1"" of type '" "pid_t""'");
- }
- if (!argp1) {
- SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in method '" "getpidcon_raw" "', argument " "1"" of type '" "pid_t""'");
- } else {
- arg1 = *((pid_t *)(argp1));
- }
- }
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpidcon_raw" "', argument " "1"" of type '" "pid_t""'");
+ }
+ arg1 = (pid_t)(val1);
result = (int)getpidcon_raw(arg1,arg2);
resultobj = SWIG_From_int((int)(result));
if (*arg2) {
@@ -8149,7 +8142,7 @@
/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */
static swig_type_info _swigt__p_SELboolean = {"_p_SELboolean", "SELboolean *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_av_decision = {"_p_av_decision", "struct av_decision *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_av_decision = {"_p_av_decision", "struct av_decision *|av_decision *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_f_int_p_q_const__char_v_______int = {"_p_f_int_p_q_const__char_v_______int", "int (*)(int,char const *,...)", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_f_p_p_char__int = {"_p_f_p_p_char__int", "int (*)(char **)|int (*)(security_context_t *)", 0, 0, (void*)0, 0};
@@ -8158,12 +8151,11 @@
static swig_type_info _swigt__p_int = {"_p_int", "int *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_char = {"_p_p_char", "char **|security_context_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_p_char = {"_p_p_p_char", "char ***|security_context_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_pid_t = {"_p_pid_t", "pid_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_security_class_mapping = {"_p_security_class_mapping", "struct security_class_mapping *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_selinux_callback = {"_p_selinux_callback", "union selinux_callback *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_selinux_opt = {"_p_selinux_opt", "selinux_opt *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "unsigned int *|access_vector_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|security_class_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_security_class_mapping = {"_p_security_class_mapping", "struct security_class_mapping *|security_class_mapping *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_selinux_callback = {"_p_selinux_callback", "union selinux_callback *|selinux_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_selinux_opt = {"_p_selinux_opt", "struct selinux_opt *|selinux_opt *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "unsigned int *|access_vector_t *|mode_t *|pid_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "security_class_t *|unsigned short *", 0, 0, (void*)0, 0};
static swig_type_info *swig_type_initial[] = {
&_swigt__p_SELboolean,
@@ -8176,7 +8168,6 @@
&_swigt__p_int,
&_swigt__p_p_char,
&_swigt__p_p_p_char,
- &_swigt__p_pid_t,
&_swigt__p_security_class_mapping,
&_swigt__p_selinux_callback,
&_swigt__p_selinux_opt,
@@ -8194,7 +8185,6 @@
static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_p_char[] = { {&_swigt__p_p_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_p_p_char[] = { {&_swigt__p_p_p_char, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_pid_t[] = { {&_swigt__p_pid_t, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_security_class_mapping[] = { {&_swigt__p_security_class_mapping, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_selinux_callback[] = { {&_swigt__p_selinux_callback, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_selinux_opt[] = { {&_swigt__p_selinux_opt, 0, 0, 0},{0, 0, 0, 0}};
@@ -8212,7 +8202,6 @@
_swigc__p_int,
_swigc__p_p_char,
_swigc__p_p_p_char,
- _swigc__p_pid_t,
_swigc__p_security_class_mapping,
_swigc__p_selinux_callback,
_swigc__p_selinux_opt,
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-01-21 15:42:50
|
Revision: 2731
http://selinux.svn.sourceforge.net/selinux/?rev=2731&view=rev
Author: madmethod
Date: 2008-01-21 07:42:48 -0800 (Mon, 21 Jan 2008)
Log Message:
-----------
remove policydb generate calls mistakenly checked in
Modified Paths:
--------------
branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp
Modified: branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp
===================================================================
--- branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp 2008-01-09 17:10:44 UTC (rev 2730)
+++ branches/policyrep/libpolicyrep/tests/libpolicyrep-test.cpp 2008-01-21 15:42:48 UTC (rev 2731)
@@ -20,7 +20,6 @@
#include <policyrep/policy.hpp>
#include <policyrep/parse.hpp>
-#include <policyrep/generate.hpp>
#include <sstream>
#include <iostream>
@@ -38,12 +37,12 @@
t->aliases().insert("bar"); // duplicate - will be ingored
t->attributes().insert("domain");
t->attributes().insert("userdomain");
-
+
mod->append_child(t);
RolePtr r(new Role("foo"));
r->types().insert("foo");
- mod->append_child(r);
+ mod->append_child(r);
UserPtr u(new User("bang"));
u->roles().insert("bust");
@@ -53,7 +52,7 @@
sen->aliases().insert("whiskey");
sen->aliases().insert("tango");
mod->append_child(sen);
-
+
CategoryPtr cat(new Category("c1"));
cat->aliases().insert("alpha");
cat->aliases().insert("delta");
@@ -65,7 +64,7 @@
std::cout << "============ basic test ============" << std::endl;
output_tree(std::cout, pol);
-
+
std::stringstream s;
output_tree(s, pol);
std::cout << s.str() << std::endl;
@@ -80,10 +79,6 @@
parsed_mod->append_children(mod->children().begin(), mod->children().end());
-
- Policydb *poldb = new Policydb();
- poldb->generate(pol);
-
}
int main(int argc, char **argv)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-09 17:10:50
|
Revision: 2730
http://selinux.svn.sourceforge.net/selinux/?rev=2730&view=rev
Author: millertc
Date: 2008-01-09 09:10:44 -0800 (Wed, 09 Jan 2008)
Log Message:
-----------
Merge from trunk, rev 2719
Revision Links:
--------------
http://selinux.svn.sourceforge.net/selinux/?rev=2719&view=rev
Modified Paths:
--------------
branches/policyrep/checkpolicy/Makefile
branches/policyrep/checkpolicy/test/dismod.c
branches/policyrep/checkpolicy/test/dispol.c
Modified: branches/policyrep/checkpolicy/Makefile
===================================================================
--- branches/policyrep/checkpolicy/Makefile 2008-01-09 16:09:26 UTC (rev 2729)
+++ branches/policyrep/checkpolicy/Makefile 2008-01-09 17:10:44 UTC (rev 2730)
@@ -8,6 +8,8 @@
INCLUDEDIR ?= $(PREFIX)/include
TARGETS = checkpolicy checkmodule
+YACC = bison -y
+
CFLAGS ?= -g -Wall -Werror -O2 -pipe -fno-strict-aliasing
override CFLAGS += -I. -I${INCLUDEDIR}
Modified: branches/policyrep/checkpolicy/test/dismod.c
===================================================================
--- branches/policyrep/checkpolicy/test/dismod.c 2008-01-09 16:09:26 UTC (rev 2729)
+++ branches/policyrep/checkpolicy/test/dismod.c 2008-01-09 17:10:44 UTC (rev 2730)
@@ -665,13 +665,13 @@
return 0;
}
-int display_handle_unknown(policydb_t * policydb, FILE * out_fp)
+int display_handle_unknown(policydb_t * p, FILE * out_fp)
{
- if (policydb->handle_unknown == ALLOW_UNKNOWN)
+ if (p->handle_unknown == ALLOW_UNKNOWN)
fprintf(out_fp, "Allow unknown classes and perms\n");
- else if (policydb->handle_unknown == DENY_UNKNOWN)
+ else if (p->handle_unknown == DENY_UNKNOWN)
fprintf(out_fp, "Deny unknown classes and perms\n");
- else if (policydb->handle_unknown == REJECT_UNKNOWN)
+ else if (p->handle_unknown == REJECT_UNKNOWN)
fprintf(out_fp, "Reject unknown classes and perms\n");
return 0;
}
Modified: branches/policyrep/checkpolicy/test/dispol.c
===================================================================
--- branches/policyrep/checkpolicy/test/dispol.c 2008-01-09 16:09:26 UTC (rev 2729)
+++ branches/policyrep/checkpolicy/test/dispol.c 2008-01-09 17:10:44 UTC (rev 2730)
@@ -273,13 +273,13 @@
return 1;
}
-int display_handle_unknown(policydb_t * policydb, FILE * out_fp)
+int display_handle_unknown(policydb_t * p, FILE * out_fp)
{
- if (policydb->handle_unknown == ALLOW_UNKNOWN)
+ if (p->handle_unknown == ALLOW_UNKNOWN)
fprintf(out_fp, "Allow unknown classes and permisions\n");
- else if (policydb->handle_unknown == DENY_UNKNOWN)
+ else if (p->handle_unknown == DENY_UNKNOWN)
fprintf(out_fp, "Deny unknown classes and permisions\n");
- else if (policydb->handle_unknown == REJECT_UNKNOWN)
+ else if (p->handle_unknown == REJECT_UNKNOWN)
fprintf(out_fp, "Reject unknown classes and permisions\n");
return 0;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-09 16:10:23
|
Revision: 2729
http://selinux.svn.sourceforge.net/selinux/?rev=2729&view=rev
Author: millertc
Date: 2008-01-09 08:09:26 -0800 (Wed, 09 Jan 2008)
Log Message:
-----------
Merge warning fixes from trunk; revs 2719-2727 inclusive
Modified Paths:
--------------
branches/stable/1_0/Makefile
branches/stable/1_0/checkpolicy/Makefile
branches/stable/1_0/checkpolicy/test/dismod.c
branches/stable/1_0/checkpolicy/test/dispol.c
branches/stable/1_0/libselinux/src/Makefile
branches/stable/1_0/libselinux/utils/getdefaultcon.c
branches/stable/1_0/libsemanage/src/Makefile
branches/stable/1_0/libsemanage/src/conf-scan.l
branches/stable/1_0/libsepol/include/sepol/policydb/ebitmap.h
branches/stable/1_0/libsepol/include/sepol/policydb/mls_types.h
branches/stable/1_0/libsepol/src/Makefile
branches/stable/1_0/libsepol/src/ebitmap.c
branches/stable/1_0/libsepol/src/genusers.c
branches/stable/1_0/libsepol/src/hierarchy.c
branches/stable/1_0/libsepol/utils/Makefile
branches/stable/1_0/policycoreutils/audit2why/audit2why.c
branches/stable/1_0/policycoreutils/newrole/newrole.c
branches/stable/1_0/policycoreutils/secon/Makefile
branches/stable/1_0/policycoreutils/semodule/semodule.c
branches/stable/1_0/policycoreutils/semodule_deps/semodule_deps.c
branches/stable/1_0/policycoreutils/setfiles/Makefile
branches/stable/1_0/policycoreutils/setfiles/setfiles.c
Modified: branches/stable/1_0/Makefile
===================================================================
--- branches/stable/1_0/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/Makefile 2008-01-09 16:09:26 UTC (rev 2729)
@@ -2,7 +2,7 @@
PYSUBDIRS=libselinux libsemanage
ifeq ($(DEBUG),1)
- export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow
+ export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
export LDFLAGS = -g
endif
Modified: branches/stable/1_0/checkpolicy/Makefile
===================================================================
--- branches/stable/1_0/checkpolicy/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/checkpolicy/Makefile 2008-01-09 16:09:26 UTC (rev 2729)
@@ -8,8 +8,10 @@
INCLUDEDIR ?= $(PREFIX)/include
TARGETS = checkpolicy checkmodule
-CFLAGS ?= -g -Wall -O2 -pipe -fno-strict-aliasing
+YACC = bison -y
+CFLAGS ?= -g -Wall -Werror -O2 -pipe -fno-strict-aliasing
+
override CFLAGS += -I. -I${INCLUDEDIR}
CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o
Modified: branches/stable/1_0/checkpolicy/test/dismod.c
===================================================================
--- branches/stable/1_0/checkpolicy/test/dismod.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/checkpolicy/test/dismod.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -665,13 +665,13 @@
return 0;
}
-int display_handle_unknown(policydb_t * policydb, FILE * out_fp)
+int display_handle_unknown(policydb_t * p, FILE * out_fp)
{
- if (policydb->handle_unknown == ALLOW_UNKNOWN)
+ if (p->handle_unknown == ALLOW_UNKNOWN)
fprintf(out_fp, "Allow unknown classes and perms\n");
- else if (policydb->handle_unknown == DENY_UNKNOWN)
+ else if (p->handle_unknown == DENY_UNKNOWN)
fprintf(out_fp, "Deny unknown classes and perms\n");
- else if (policydb->handle_unknown == REJECT_UNKNOWN)
+ else if (p->handle_unknown == REJECT_UNKNOWN)
fprintf(out_fp, "Reject unknown classes and perms\n");
return 0;
}
Modified: branches/stable/1_0/checkpolicy/test/dispol.c
===================================================================
--- branches/stable/1_0/checkpolicy/test/dispol.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/checkpolicy/test/dispol.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -273,13 +273,13 @@
return 1;
}
-int display_handle_unknown(policydb_t * policydb, FILE * out_fp)
+int display_handle_unknown(policydb_t * p, FILE * out_fp)
{
- if (policydb->handle_unknown == ALLOW_UNKNOWN)
+ if (p->handle_unknown == ALLOW_UNKNOWN)
fprintf(out_fp, "Allow unknown classes and permisions\n");
- else if (policydb->handle_unknown == DENY_UNKNOWN)
+ else if (p->handle_unknown == DENY_UNKNOWN)
fprintf(out_fp, "Deny unknown classes and permisions\n");
- else if (policydb->handle_unknown == REJECT_UNKNOWN)
+ else if (p->handle_unknown == REJECT_UNKNOWN)
fprintf(out_fp, "Reject unknown classes and permisions\n");
return 0;
}
Modified: branches/stable/1_0/libselinux/src/Makefile
===================================================================
--- branches/stable/1_0/libselinux/src/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libselinux/src/Makefile 2008-01-09 16:09:26 UTC (rev 2729)
@@ -20,7 +20,7 @@
LIBSO=$(TARGET).$(LIBVERSION)
OBJS= $(patsubst %.c,%.o,$(filter-out $(SWIGCOUT),$(wildcard *.c)))
LOBJS= $(patsubst %.c,%.lo,$(filter-out $(SWIGCOUT),$(wildcard *.c)))
-CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
RANLIB=ranlib
@@ -42,7 +42,7 @@
$(RANLIB) $@
$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
Modified: branches/stable/1_0/libselinux/utils/getdefaultcon.c
===================================================================
--- branches/stable/1_0/libselinux/utils/getdefaultcon.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libselinux/utils/getdefaultcon.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -57,7 +57,7 @@
} else
cur_context = argv[optind + 1];
- if (getseuserbyname(user, &seuser, &dlevel)==0) {
+ if ((ret = getseuserbyname(user, &seuser, &dlevel)) == 0) {
if (! level) level=dlevel;
if (role != NULL && role[0])
ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
Modified: branches/stable/1_0/libsemanage/src/Makefile
===================================================================
--- branches/stable/1_0/libsemanage/src/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libsemanage/src/Makefile 2008-01-09 16:09:26 UTC (rev 2729)
@@ -10,7 +10,7 @@
DEFAULT_SEMANAGE_CONF_LOCATION=$(DESTDIR)/etc/selinux/semanage.conf
ifeq ($(DEBUG),1)
- export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow
+ export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
export LDFLAGS = -g
endif
@@ -44,7 +44,7 @@
pywrap: all $(SWIGLOBJ) $(SWIGSO)
$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs
Modified: branches/stable/1_0/libsemanage/src/conf-scan.l
===================================================================
--- branches/stable/1_0/libsemanage/src/conf-scan.l 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libsemanage/src/conf-scan.l 2008-01-09 16:09:26 UTC (rev 2729)
@@ -32,6 +32,7 @@
%}
%option stack prefix="semanage_"
+%option nounput noyy_push_state noyy_pop_state noyy_top_state
%x arg
Modified: branches/stable/1_0/libsepol/include/sepol/policydb/ebitmap.h
===================================================================
--- branches/stable/1_0/libsepol/include/sepol/policydb/ebitmap.h 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libsepol/include/sepol/policydb/ebitmap.h 2008-01-09 16:09:26 UTC (rev 2729)
@@ -73,12 +73,12 @@
#define ebitmap_for_each_bit(e, n, bit) \
for (bit = ebitmap_start(e, &n); bit < ebitmap_length(e); bit = ebitmap_next(&n, bit)) \
-extern int ebitmap_cmp(ebitmap_t * e1, ebitmap_t * e2);
-extern int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2);
-extern int ebitmap_union(ebitmap_t * dst, ebitmap_t * e1);
-extern int ebitmap_cpy(ebitmap_t * dst, ebitmap_t * src);
-extern int ebitmap_contains(ebitmap_t * e1, ebitmap_t * e2);
-extern int ebitmap_get_bit(ebitmap_t * e, unsigned int bit);
+extern int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_union(ebitmap_t * dst, const ebitmap_t * e1);
+extern int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src);
+extern int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit);
extern int ebitmap_set_bit(ebitmap_t * e, unsigned int bit, int value);
extern void ebitmap_destroy(ebitmap_t * e);
extern int ebitmap_read(ebitmap_t * e, void *fp);
Modified: branches/stable/1_0/libsepol/include/sepol/policydb/mls_types.h
===================================================================
--- branches/stable/1_0/libsepol/include/sepol/policydb/mls_types.h 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libsepol/include/sepol/policydb/mls_types.h 2008-01-09 16:09:26 UTC (rev 2729)
@@ -70,12 +70,12 @@
mls_level_init(level);
}
-static inline int mls_level_eq(struct mls_level *l1, struct mls_level *l2)
+static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
{
return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
}
-static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2)
+static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
{
return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
}
Modified: branches/stable/1_0/libsepol/src/Makefile
===================================================================
--- branches/stable/1_0/libsepol/src/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libsepol/src/Makefile 2008-01-09 16:09:26 UTC (rev 2729)
@@ -10,7 +10,7 @@
LIBSO=$(TARGET).$(LIBVERSION)
OBJS= $(patsubst %.c,%.o,$(wildcard *.c))
LOBJS= $(patsubst %.c,%.lo,$(wildcard *.c))
-CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I. -I../include -D_GNU_SOURCE
all: $(LIBA) $(LIBSO)
Modified: branches/stable/1_0/libsepol/src/ebitmap.c
===================================================================
--- branches/stable/1_0/libsepol/src/ebitmap.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libsepol/src/ebitmap.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -15,7 +15,7 @@
#include "debug.h"
#include "private.h"
-int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2)
+int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2)
{
ebitmap_node_t *n1, *n2, *new, *prev;
@@ -58,7 +58,7 @@
return 0;
}
-int ebitmap_union(ebitmap_t * dst, ebitmap_t * e1)
+int ebitmap_union(ebitmap_t * dst, const ebitmap_t * e1)
{
ebitmap_t tmp;
@@ -71,7 +71,7 @@
return 0;
}
-int ebitmap_cmp(ebitmap_t * e1, ebitmap_t * e2)
+int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2)
{
ebitmap_node_t *n1, *n2;
@@ -92,7 +92,7 @@
return 1;
}
-int ebitmap_cpy(ebitmap_t * dst, ebitmap_t * src)
+int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src)
{
ebitmap_node_t *n, *new, *prev;
@@ -121,7 +121,7 @@
return 0;
}
-int ebitmap_contains(ebitmap_t * e1, ebitmap_t * e2)
+int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2)
{
ebitmap_node_t *n1, *n2;
@@ -148,7 +148,7 @@
return 1;
}
-int ebitmap_get_bit(ebitmap_t * e, unsigned int bit)
+int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit)
{
ebitmap_node_t *n;
Modified: branches/stable/1_0/libsepol/src/genusers.c
===================================================================
--- branches/stable/1_0/libsepol/src/genusers.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libsepol/src/genusers.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -117,17 +117,18 @@
} else
islist = 0;
+ oldc = 0;
do {
while (*p && isspace(*p))
p++;
if (!(*p))
- BADLINE();
+ break;
q = p;
while (*p && *p != ';' && *p != '}' && !isspace(*p))
p++;
if (!(*p))
- BADLINE();
+ break;
if (*p == '}')
islist = 0;
oldc = *p;
@@ -153,6 +154,8 @@
}
}
} while (islist);
+ if (oldc == 0)
+ BADLINE();
if (policydb->mls) {
context_struct_t context;
Modified: branches/stable/1_0/libsepol/src/hierarchy.c
===================================================================
--- branches/stable/1_0/libsepol/src/hierarchy.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libsepol/src/hierarchy.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -130,7 +130,7 @@
avtab_key_t key;
avtab_datum_t *avdatump;
hierarchy_args_t *a;
- uint32_t av;
+ uint32_t av = 0;
type_datum_t *t = NULL, *t2 = NULL;
if (!(k->specified & AVTAB_ALLOWED)) {
@@ -164,8 +164,7 @@
return 0;
}
av = avdatump->data;
- } else
- av = 0;
+ }
if (a->opt_cond_list) {
/* if a conditional list is present search it before continuing */
avdatump = cond_av_list_search(&key, a->opt_cond_list);
@@ -202,8 +201,7 @@
return 0;
}
av = avdatump->data;
- } else
- av = 0;
+ }
if (a->opt_cond_list) {
/* if a conditional list is present search it before continuing */
avdatump = cond_av_list_search(&key, a->opt_cond_list);
@@ -228,8 +226,7 @@
return 0;
}
av = avdatump->data;
- } else
- av = 0;
+ }
if (a->opt_cond_list) {
/* if a conditional list is present search it before continuing */
avdatump = cond_av_list_search(&key, a->opt_cond_list);
Modified: branches/stable/1_0/libsepol/utils/Makefile
===================================================================
--- branches/stable/1_0/libsepol/utils/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/libsepol/utils/Makefile 2008-01-09 16:09:26 UTC (rev 2729)
@@ -2,7 +2,7 @@
PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
-CFLAGS ?= -Wall
+CFLAGS ?= -Wall -Werror
override CFLAGS += -I../include
LDLIBS += -L../src -lsepol
Modified: branches/stable/1_0/policycoreutils/audit2why/audit2why.c
===================================================================
--- branches/stable/1_0/policycoreutils/audit2why/audit2why.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/policycoreutils/audit2why/audit2why.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -28,7 +28,7 @@
char *buffer = NULL, *bufcopy = NULL;
unsigned int lineno = 0;
size_t len = 0, bufcopy_len = 0;
- FILE *fp;
+ FILE *fp = NULL;
int opt, rc, set_path = 0;
char *p, *scon, *tcon, *tclassstr, *permstr;
sepol_security_id_t ssid, tsid;
Modified: branches/stable/1_0/policycoreutils/newrole/newrole.c
===================================================================
--- branches/stable/1_0/policycoreutils/newrole/newrole.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/policycoreutils/newrole/newrole.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -1081,13 +1081,13 @@
* since we are doing cleanup which needs to be done.
* We can exit with a bad rc though
*/
- int rc;
+ pid_t pid;
int exit_code = 0;
int status;
do {
- rc = wait(&status);
- } while (rc < 0 && errno == EINTR);
+ pid = wait(&status);
+ } while (pid < 0 && errno == EINTR);
/* Preserve child exit status, unless there is another error. */
if (WIFEXITED(status))
Modified: branches/stable/1_0/policycoreutils/secon/Makefile
===================================================================
--- branches/stable/1_0/policycoreutils/secon/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/policycoreutils/secon/Makefile 2008-01-09 16:09:26 UTC (rev 2729)
@@ -5,7 +5,7 @@
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= ${PREFIX}/lib
-WARNS=-W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
+WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
VERSION = $(shell cat ../VERSION)
CFLAGS ?= $(WARNS) -O1
override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR)
Modified: branches/stable/1_0/policycoreutils/semodule/semodule.c
===================================================================
--- branches/stable/1_0/policycoreutils/semodule/semodule.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/policycoreutils/semodule/semodule.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -339,8 +339,8 @@
for (i = 0; i < num_commands; i++) {
enum client_modes mode = commands[i].mode;
char *mode_arg = commands[i].arg;
- char *data;
- size_t data_len;
+ char *data = NULL;
+ size_t data_len = 0;
if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
if ((data_len = map_file(mode_arg, &data)) == 0) {
fprintf(stderr,
Modified: branches/stable/1_0/policycoreutils/semodule_deps/semodule_deps.c
===================================================================
--- branches/stable/1_0/policycoreutils/semodule_deps/semodule_deps.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/policycoreutils/semodule_deps/semodule_deps.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -138,7 +138,7 @@
* of the policy.
* - levels / cats: can't be required or used in modules.
*/
-static int generate_requires(policydb_t * p, hashtab_t * r)
+static hashtab_t generate_requires(policydb_t * p)
{
avrule_block_t *block;
avrule_decl_t *decl;
@@ -153,7 +153,7 @@
mods = hashtab_create(reqsymhash, reqsymcmp, 64);
if (mods == NULL)
- return -1;
+ return NULL;
for (block = p->global; block != NULL; block = block->next) {
if (block->flags & AVRULE_OPTIONAL)
@@ -195,14 +195,14 @@
reqsymcmp,
64);
if (reqs == NULL) {
- return -1;
+ return NULL;
}
ret =
hashtab_insert(mods,
mod_name,
reqs);
if (ret != HASHTAB_SUCCESS)
- return ret;
+ return NULL;
}
ret =
hashtab_insert(reqs, req_name,
@@ -210,16 +210,14 @@
if (!
(ret == HASHTAB_PRESENT
|| ret == HASHTAB_SUCCESS))
- return -1;
+ return NULL;
}
}
}
}
- *r = mods;
-
- return 0;
+ return mods;
}
static void free_requires(hashtab_t req)
@@ -322,6 +320,7 @@
int verbose = 0, exclude_base = 1, command = SHOW_DEPS;
char *basename;
sepol_module_package_t *base, **mods;
+ policydb_t *p;
hashtab_t req;
while ((ch = getopt(argc, argv, "vgb")) != EOF) {
@@ -382,10 +381,14 @@
exit(1);
}
- if (generate_requires
- ((policydb_t *) sepol_module_package_get_policy(base), &req) < 0)
+ p = (policydb_t *) sepol_module_package_get_policy(base);
+ if (p == NULL)
exit(1);
+ req = generate_requires(p);
+ if (req == NULL)
+ exit(1);
+
if (command == SHOW_DEPS)
output_requirements(req, exclude_base, stdout);
else
Modified: branches/stable/1_0/policycoreutils/setfiles/Makefile
===================================================================
--- branches/stable/1_0/policycoreutils/setfiles/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/policycoreutils/setfiles/Makefile 2008-01-09 16:09:26 UTC (rev 2729)
@@ -6,7 +6,7 @@
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-CFLAGS = -Werror -Wall -W
+CFLAGS = -Werror -Wall -W
override CFLAGS += -D_FILE_OFFSET_BITS=64 -I$(PREFIX)/include
LDLIBS = -lselinux -lsepol -L$(LIBDIR)
Modified: branches/stable/1_0/policycoreutils/setfiles/setfiles.c
===================================================================
--- branches/stable/1_0/policycoreutils/setfiles/setfiles.c 2008-01-09 15:49:07 UTC (rev 2728)
+++ branches/stable/1_0/policycoreutils/setfiles/setfiles.c 2008-01-09 16:09:26 UTC (rev 2729)
@@ -109,7 +109,7 @@
static int quiet = 0;
static int use_stdin = 0;
static int verbose = 0;
-static int log = 0;
+static int logging = 0;
static int warn_no_match = 0;
static char *rootpath = NULL;
static int rootpathlen = 0;
@@ -375,7 +375,7 @@
}
}
- if (log && !user_only_changed) {
+ if (logging && !user_only_changed) {
if (context)
syslog(LOG_INFO, "relabeling %s from %s to %s\n",
my_file, context, newcon);
@@ -562,7 +562,7 @@
debug = 1;
break;
case 'l':
- log = 1;
+ logging = 1;
break;
case 'F':
force = 1;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-09 15:49:09
|
Revision: 2728
http://selinux.svn.sourceforge.net/selinux/?rev=2728&view=rev
Author: millertc
Date: 2008-01-09 07:49:07 -0800 (Wed, 09 Jan 2008)
Log Message:
-----------
Merge from trunk, 2719-2727
Modified Paths:
--------------
branches/policyrep/Makefile
branches/policyrep/checkpolicy/Makefile
branches/policyrep/libselinux/src/Makefile
branches/policyrep/libselinux/utils/getdefaultcon.c
branches/policyrep/libsemanage/src/Makefile
branches/policyrep/libsemanage/src/conf-scan.l
branches/policyrep/libsepol/include/sepol/policydb/ebitmap.h
branches/policyrep/libsepol/include/sepol/policydb/mls_types.h
branches/policyrep/libsepol/src/Makefile
branches/policyrep/libsepol/src/ebitmap.c
branches/policyrep/libsepol/src/genusers.c
branches/policyrep/libsepol/src/hierarchy.c
branches/policyrep/libsepol/utils/Makefile
branches/policyrep/policycoreutils/audit2why/audit2why.c
branches/policyrep/policycoreutils/newrole/newrole.c
branches/policyrep/policycoreutils/secon/Makefile
branches/policyrep/policycoreutils/semodule/semodule.c
branches/policyrep/policycoreutils/semodule_deps/semodule_deps.c
branches/policyrep/policycoreutils/setfiles/Makefile
branches/policyrep/policycoreutils/setfiles/setfiles.c
Modified: branches/policyrep/Makefile
===================================================================
--- branches/policyrep/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -2,7 +2,7 @@
PYSUBDIRS=libselinux
ifeq ($(DEBUG),1)
- export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow
+ export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
export LDFLAGS = -g
endif
Modified: branches/policyrep/checkpolicy/Makefile
===================================================================
--- branches/policyrep/checkpolicy/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/checkpolicy/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -8,7 +8,7 @@
INCLUDEDIR ?= $(PREFIX)/include
TARGETS = checkpolicy checkmodule
-CFLAGS ?= -g -Wall -O2 -pipe -fno-strict-aliasing
+CFLAGS ?= -g -Wall -Werror -O2 -pipe -fno-strict-aliasing
override CFLAGS += -I. -I${INCLUDEDIR}
Modified: branches/policyrep/libselinux/src/Makefile
===================================================================
--- branches/policyrep/libselinux/src/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libselinux/src/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -32,7 +32,7 @@
OBJS= $(patsubst %.c,%.o,$(SRCS))
LOBJS= $(patsubst %.c,%.lo,$(SRCS))
-CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
RANLIB=ranlib
@@ -54,7 +54,7 @@
$(RANLIB) $@
$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
Modified: branches/policyrep/libselinux/utils/getdefaultcon.c
===================================================================
--- branches/policyrep/libselinux/utils/getdefaultcon.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libselinux/utils/getdefaultcon.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -57,7 +57,7 @@
} else
cur_context = argv[optind + 1];
- if (getseuserbyname(user, &seuser, &dlevel)==0) {
+ if ((ret = getseuserbyname(user, &seuser, &dlevel)) == 0) {
if (! level) level=dlevel;
if (role != NULL && role[0])
ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
Modified: branches/policyrep/libsemanage/src/Makefile
===================================================================
--- branches/policyrep/libsemanage/src/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsemanage/src/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -10,7 +10,7 @@
DEFAULT_SEMANAGE_CONF_LOCATION=$(DESTDIR)/etc/selinux/semanage.conf
ifeq ($(DEBUG),1)
- export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow
+ export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
export LDFLAGS = -g
endif
@@ -44,7 +44,7 @@
pywrap: all $(SWIGLOBJ) $(SWIGSO)
$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs
Modified: branches/policyrep/libsemanage/src/conf-scan.l
===================================================================
--- branches/policyrep/libsemanage/src/conf-scan.l 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsemanage/src/conf-scan.l 2008-01-09 15:49:07 UTC (rev 2728)
@@ -32,6 +32,7 @@
%}
%option stack prefix="semanage_"
+%option nounput noyy_push_state noyy_pop_state noyy_top_state
%x arg
Modified: branches/policyrep/libsepol/include/sepol/policydb/ebitmap.h
===================================================================
--- branches/policyrep/libsepol/include/sepol/policydb/ebitmap.h 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/include/sepol/policydb/ebitmap.h 2008-01-09 15:49:07 UTC (rev 2728)
@@ -73,12 +73,12 @@
#define ebitmap_for_each_bit(e, n, bit) \
for (bit = ebitmap_start(e, &n); bit < ebitmap_length(e); bit = ebitmap_next(&n, bit)) \
-extern int ebitmap_cmp(ebitmap_t * e1, ebitmap_t * e2);
-extern int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2);
-extern int ebitmap_union(ebitmap_t * dst, ebitmap_t * e1);
-extern int ebitmap_cpy(ebitmap_t * dst, ebitmap_t * src);
-extern int ebitmap_contains(ebitmap_t * e1, ebitmap_t * e2);
-extern int ebitmap_get_bit(ebitmap_t * e, unsigned int bit);
+extern int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_union(ebitmap_t * dst, const ebitmap_t * e1);
+extern int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src);
+extern int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit);
extern int ebitmap_set_bit(ebitmap_t * e, unsigned int bit, int value);
extern void ebitmap_destroy(ebitmap_t * e);
extern int ebitmap_read(ebitmap_t * e, void *fp);
Modified: branches/policyrep/libsepol/include/sepol/policydb/mls_types.h
===================================================================
--- branches/policyrep/libsepol/include/sepol/policydb/mls_types.h 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/include/sepol/policydb/mls_types.h 2008-01-09 15:49:07 UTC (rev 2728)
@@ -70,12 +70,12 @@
mls_level_init(level);
}
-static inline int mls_level_eq(struct mls_level *l1, struct mls_level *l2)
+static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
{
return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
}
-static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2)
+static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
{
return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
}
Modified: branches/policyrep/libsepol/src/Makefile
===================================================================
--- branches/policyrep/libsepol/src/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/src/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -10,7 +10,7 @@
LIBSO=$(TARGET).$(LIBVERSION)
OBJS= $(patsubst %.c,%.o,$(wildcard *.c))
LOBJS= $(patsubst %.c,%.lo,$(wildcard *.c))
-CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I. -I../include -D_GNU_SOURCE
all: $(LIBA) $(LIBSO)
Modified: branches/policyrep/libsepol/src/ebitmap.c
===================================================================
--- branches/policyrep/libsepol/src/ebitmap.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/src/ebitmap.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -15,7 +15,7 @@
#include "debug.h"
#include "private.h"
-int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2)
+int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2)
{
ebitmap_node_t *n1, *n2, *new, *prev;
@@ -58,7 +58,7 @@
return 0;
}
-int ebitmap_union(ebitmap_t * dst, ebitmap_t * e1)
+int ebitmap_union(ebitmap_t * dst, const ebitmap_t * e1)
{
ebitmap_t tmp;
@@ -71,7 +71,7 @@
return 0;
}
-int ebitmap_cmp(ebitmap_t * e1, ebitmap_t * e2)
+int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2)
{
ebitmap_node_t *n1, *n2;
@@ -92,7 +92,7 @@
return 1;
}
-int ebitmap_cpy(ebitmap_t * dst, ebitmap_t * src)
+int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src)
{
ebitmap_node_t *n, *new, *prev;
@@ -121,7 +121,7 @@
return 0;
}
-int ebitmap_contains(ebitmap_t * e1, ebitmap_t * e2)
+int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2)
{
ebitmap_node_t *n1, *n2;
@@ -148,7 +148,7 @@
return 1;
}
-int ebitmap_get_bit(ebitmap_t * e, unsigned int bit)
+int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit)
{
ebitmap_node_t *n;
Modified: branches/policyrep/libsepol/src/genusers.c
===================================================================
--- branches/policyrep/libsepol/src/genusers.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/src/genusers.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -117,17 +117,18 @@
} else
islist = 0;
+ oldc = 0;
do {
while (*p && isspace(*p))
p++;
if (!(*p))
- BADLINE();
+ break;
q = p;
while (*p && *p != ';' && *p != '}' && !isspace(*p))
p++;
if (!(*p))
- BADLINE();
+ break;
if (*p == '}')
islist = 0;
oldc = *p;
@@ -153,6 +154,8 @@
}
}
} while (islist);
+ if (oldc == 0)
+ BADLINE();
if (policydb->mls) {
context_struct_t context;
Modified: branches/policyrep/libsepol/src/hierarchy.c
===================================================================
--- branches/policyrep/libsepol/src/hierarchy.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/src/hierarchy.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -129,7 +129,7 @@
avtab_key_t key;
avtab_datum_t *avdatump;
hierarchy_args_t *a;
- uint32_t av;
+ uint32_t av = 0;
type_datum_t *t = NULL, *t2 = NULL;
if (!(k->specified & AVTAB_ALLOWED)) {
@@ -163,8 +163,7 @@
return 0;
}
av = avdatump->data;
- } else
- av = 0;
+ }
if (a->opt_cond_list) {
/* if a conditional list is present search it before continuing */
avdatump = cond_av_list_search(&key, a->opt_cond_list);
@@ -201,8 +200,7 @@
return 0;
}
av = avdatump->data;
- } else
- av = 0;
+ }
if (a->opt_cond_list) {
/* if a conditional list is present search it before continuing */
avdatump = cond_av_list_search(&key, a->opt_cond_list);
@@ -227,8 +225,7 @@
return 0;
}
av = avdatump->data;
- } else
- av = 0;
+ }
if (a->opt_cond_list) {
/* if a conditional list is present search it before continuing */
avdatump = cond_av_list_search(&key, a->opt_cond_list);
Modified: branches/policyrep/libsepol/utils/Makefile
===================================================================
--- branches/policyrep/libsepol/utils/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/libsepol/utils/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -2,7 +2,7 @@
PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
-CFLAGS ?= -Wall
+CFLAGS ?= -Wall -Werror
override CFLAGS += -I../include
LDLIBS += -L../src -lsepol
Modified: branches/policyrep/policycoreutils/audit2why/audit2why.c
===================================================================
--- branches/policyrep/policycoreutils/audit2why/audit2why.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/audit2why/audit2why.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -28,7 +28,7 @@
char *buffer = NULL, *bufcopy = NULL;
unsigned int lineno = 0;
size_t len = 0, bufcopy_len = 0;
- FILE *fp;
+ FILE *fp = NULL;
int opt, rc, set_path = 0;
char *p, *scon, *tcon, *tclassstr, *permstr;
sepol_security_id_t ssid, tsid;
Modified: branches/policyrep/policycoreutils/newrole/newrole.c
===================================================================
--- branches/policyrep/policycoreutils/newrole/newrole.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/newrole/newrole.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -1216,13 +1216,13 @@
* since we are doing cleanup which needs to be done.
* We can exit with a bad rc though
*/
- int rc;
+ pid_t pid;
int exit_code = 0;
int status;
do {
- rc = wait(&status);
- } while (rc < 0 && errno == EINTR);
+ pid = wait(&status);
+ } while (pid < 0 && errno == EINTR);
/* Preserve child exit status, unless there is another error. */
if (WIFEXITED(status))
Modified: branches/policyrep/policycoreutils/secon/Makefile
===================================================================
--- branches/policyrep/policycoreutils/secon/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/secon/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -5,7 +5,7 @@
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= ${PREFIX}/lib
-WARNS=-W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
+WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
VERSION = $(shell cat ../VERSION)
CFLAGS ?= $(WARNS) -O1
override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR)
Modified: branches/policyrep/policycoreutils/semodule/semodule.c
===================================================================
--- branches/policyrep/policycoreutils/semodule/semodule.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/semodule/semodule.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -339,8 +339,8 @@
for (i = 0; i < num_commands; i++) {
enum client_modes mode = commands[i].mode;
char *mode_arg = commands[i].arg;
- char *data;
- size_t data_len;
+ char *data = NULL;
+ size_t data_len = 0;
if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
if ((data_len = map_file(mode_arg, &data)) == 0) {
fprintf(stderr,
Modified: branches/policyrep/policycoreutils/semodule_deps/semodule_deps.c
===================================================================
--- branches/policyrep/policycoreutils/semodule_deps/semodule_deps.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/semodule_deps/semodule_deps.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -139,7 +139,7 @@
* of the policy.
* - levels / cats: can't be required or used in modules.
*/
-static int generate_requires(policydb_t * p, hashtab_t * r)
+static hashtab_t generate_requires(policydb_t * p)
{
avrule_block_t *block;
avrule_decl_t *decl;
@@ -154,7 +154,7 @@
mods = hashtab_create(reqsymhash, reqsymcmp, 64);
if (mods == NULL)
- return -1;
+ return NULL;
for (block = p->global; block != NULL; block = block->next) {
if (block->flags & AVRULE_OPTIONAL)
@@ -196,14 +196,14 @@
reqsymcmp,
64);
if (reqs == NULL) {
- return -1;
+ return NULL;
}
ret =
hashtab_insert(mods,
mod_name,
reqs);
if (ret != SEPOL_OK)
- return ret;
+ return NULL;
}
ret =
hashtab_insert(reqs, req_name,
@@ -211,16 +211,14 @@
if (!
(ret == SEPOL_EEXIST
|| ret == SEPOL_OK))
- return -1;
+ return NULL;
}
}
}
}
- *r = mods;
-
- return 0;
+ return mods;
}
static void free_requires(hashtab_t req)
@@ -323,6 +321,7 @@
int verbose = 0, exclude_base = 1, command = SHOW_DEPS;
char *basename;
sepol_module_package_t *base, **mods;
+ policydb_t *p;
hashtab_t req;
while ((ch = getopt(argc, argv, "vgb")) != EOF) {
@@ -383,10 +382,14 @@
exit(1);
}
- if (generate_requires
- ((policydb_t *) sepol_module_package_get_policy(base), &req) < 0)
+ p = (policydb_t *) sepol_module_package_get_policy(base);
+ if (p == NULL)
exit(1);
+ req = generate_requires(p);
+ if (req == NULL)
+ exit(1);
+
if (command == SHOW_DEPS)
output_requirements(req, exclude_base, stdout);
else
Modified: branches/policyrep/policycoreutils/setfiles/Makefile
===================================================================
--- branches/policyrep/policycoreutils/setfiles/Makefile 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/setfiles/Makefile 2008-01-09 15:49:07 UTC (rev 2728)
@@ -6,7 +6,7 @@
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-CFLAGS = -Werror -Wall -W
+CFLAGS = -Werror -Wall -W
override CFLAGS += -D_FILE_OFFSET_BITS=64 -I$(PREFIX)/include
LDLIBS = -lselinux -lsepol -L$(LIBDIR)
Modified: branches/policyrep/policycoreutils/setfiles/setfiles.c
===================================================================
--- branches/policyrep/policycoreutils/setfiles/setfiles.c 2008-01-09 15:33:51 UTC (rev 2727)
+++ branches/policyrep/policycoreutils/setfiles/setfiles.c 2008-01-09 15:49:07 UTC (rev 2728)
@@ -53,7 +53,7 @@
static int quiet = 0;
static int ignore_enoent;
static int verbose = 0;
-static int log = 0;
+static int logging = 0;
static int warn_no_match = 0;
static char *rootpath = NULL;
static int rootpathlen = 0;
@@ -519,7 +519,7 @@
}
}
- if (log && !user_only_changed) {
+ if (logging && !user_only_changed) {
if (context)
syslog(LOG_INFO, "relabeling %s from %s to %s\n",
my_file, context, newcon);
@@ -858,7 +858,7 @@
ignore_enoent = 1;
break;
case 'l':
- log = 1;
+ logging = 1;
break;
case 'F':
force = 1;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-09 15:33:53
|
Revision: 2727
http://selinux.svn.sourceforge.net/selinux/?rev=2727&view=rev
Author: millertc
Date: 2008-01-09 07:33:51 -0800 (Wed, 09 Jan 2008)
Log Message:
-----------
Fix shadowed variable declaration.
Modified Paths:
--------------
trunk/policycoreutils/newrole/newrole.c
Modified: trunk/policycoreutils/newrole/newrole.c
===================================================================
--- trunk/policycoreutils/newrole/newrole.c 2008-01-09 14:25:39 UTC (rev 2726)
+++ trunk/policycoreutils/newrole/newrole.c 2008-01-09 15:33:51 UTC (rev 2727)
@@ -1233,13 +1233,13 @@
* since we are doing cleanup which needs to be done.
* We can exit with a bad rc though
*/
- int rc;
+ pid_t pid;
int exit_code = 0;
int status;
do {
- rc = wait(&status);
- } while (rc < 0 && errno == EINTR);
+ pid = wait(&status);
+ } while (pid < 0 && errno == EINTR);
/* Preserve child exit status, unless there is another error. */
if (WIFEXITED(status))
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-09 14:25:41
|
Revision: 2726
http://selinux.svn.sourceforge.net/selinux/?rev=2726&view=rev
Author: millertc
Date: 2008-01-09 06:25:39 -0800 (Wed, 09 Jan 2008)
Log Message:
-----------
Filter out -Werror in CFLAGS when building swig wrappers as
we have no control over the code generated by swig.
Signed-off-by: Todd C. Miller <tm...@tr...>
Modified Paths:
--------------
trunk/libselinux/src/Makefile
trunk/libsemanage/src/Makefile
Modified: trunk/libselinux/src/Makefile
===================================================================
--- trunk/libselinux/src/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
+++ trunk/libselinux/src/Makefile 2008-01-09 14:25:39 UTC (rev 2726)
@@ -54,7 +54,7 @@
$(RANLIB) $@
$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
Modified: trunk/libsemanage/src/Makefile
===================================================================
--- trunk/libsemanage/src/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
+++ trunk/libsemanage/src/Makefile 2008-01-09 14:25:39 UTC (rev 2726)
@@ -44,7 +44,7 @@
pywrap: all $(SWIGLOBJ) $(SWIGSO)
$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
