Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2007-04-09 18:13:13
|
Revision: 2326
http://svn.sourceforge.net/selinux/?rev=2326&view=rev
Author: ssmalley
Date: 2007-04-09 11:13:11 -0700 (Mon, 09 Apr 2007)
Log Message:
-----------
Revert
Modified Paths:
--------------
trunk/libselinux/include/selinux/selinux.h
trunk/libselinux/man/man3/security_compute_av.3
trunk/libselinux/man/man3/security_get_initial_context.3
trunk/libselinux/src/Makefile
trunk/libselinux/src/load_policy.c
trunk/libselinux/src/selinux_internal.h
trunk/libsepol/src/Makefile
Modified: trunk/libselinux/include/selinux/selinux.h
===================================================================
--- trunk/libselinux/include/selinux/selinux.h 2007-04-09 18:02:21 UTC (rev 2325)
+++ trunk/libselinux/include/selinux/selinux.h 2007-04-09 18:13:11 UTC (rev 2326)
@@ -189,13 +189,6 @@
/* Load a policy configuration. */
extern int security_load_policy(void *data, size_t len);
-/* Get the context of an initial kernel security identifier by name.
- Caller must free via freecon */
- extern int security_get_initial_context(const char * name,
- security_context_t * con);
- extern int security_get_initial_context_raw(const char * name,
- security_context_t * con);
-
/*
* Make a policy image and load it.
* This function provides a higher level interface for loading policy
Modified: trunk/libselinux/man/man3/security_compute_av.3
===================================================================
--- trunk/libselinux/man/man3/security_compute_av.3 2007-04-09 18:02:21 UTC (rev 2325)
+++ trunk/libselinux/man/man3/security_compute_av.3 2007-04-09 18:13:11 UTC (rev 2326)
@@ -1,7 +1,6 @@
.TH "security_compute_av" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
.SH "NAME"
-security_compute_av, security_compute_create, security_compute_relabel,
-security_compute_user, security_get_initial_context \- query
+security_compute_av, security_compute_create, security_compute_relabel, security_compute_user \- query
the SELinux policy database in the kernel.
.SH "SYNOPSIS"
@@ -17,9 +16,6 @@
.sp
.BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );
.sp
-.BI "int security_get_initial_context(const char *" name ", security_context_t
-"con );
-.sp
.BI "int checkPasswdAccess(access_vector_t " requested );
.SH "DESCRIPTION"
@@ -48,9 +44,6 @@
source context. Is mainly used by
.B get_ordered_context_list.
-.B security_get_initial_context
-is used to get the context of an initial kernel security identifier by name.
-
.B checkPasswdAccess
This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts.
Modified: trunk/libselinux/man/man3/security_get_initial_context.3
===================================================================
--- trunk/libselinux/man/man3/security_get_initial_context.3 2007-04-09 18:02:21 UTC (rev 2325)
+++ trunk/libselinux/man/man3/security_get_initial_context.3 2007-04-09 18:13:11 UTC (rev 2326)
@@ -1 +0,0 @@
-.so man3/security_compute_av.3
Modified: trunk/libselinux/src/Makefile
===================================================================
--- trunk/libselinux/src/Makefile 2007-04-09 18:02:21 UTC (rev 2325)
+++ trunk/libselinux/src/Makefile 2007-04-09 18:13:11 UTC (rev 2326)
@@ -18,27 +18,10 @@
SWIGSO=_selinux.so
SWIGFILES=$(SWIGSO) selinux.py
LIBSO=$(TARGET).$(LIBVERSION)
-
-LSEPOL=-lsepol
-SRCS=$(filter-out $(SWIGCOUT),$(wildcard *.c))
-ifeq ($(EMBEDDED),1)
-UNUSED_SRCS=avc.c avc_internal.c avc_sidtab.c
-SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out $(SWIGCOUT),$(wildcard *.c)))
-endif
-ifeq ($(DISABLE_SEPOL),1)
-UNUSED_SRCS+=booleans.c
-LSEPOL=
-SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out $(SWIGCOUT),$(wildcard *.c)))
-endif
-
-OBJS= $(patsubst %.c,%.o,$(SRCS))
-LOBJS= $(patsubst %.c,%.lo,$(SRCS))
+OBJS= $(patsubst %.c,%.o,$(filter-out $(SWIGCOUT),$(wildcard *.c)))
+LOBJS= $(patsubst %.c,%.lo,$(filter-out $(SWIGCOUT),$(wildcard *.c)))
CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
-ifeq ($(DISABLE_SEPOL),1)
-override CFLAGS += -DDISABLE_SEPOL
-endif
-
RANLIB=ranlib
ARCH := $(patsubst i%86,i386,$(shell uname -m))
@@ -65,7 +48,7 @@
$(CC) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
$(LIBSO): $(LOBJS)
- $(CC) $(LDFLAGS) -shared -o $@ $^ -ldl $(LSEPOL) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ $(CC) $(LDFLAGS) -shared -o $@ $^ -ldl -lsepol -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
%.o: %.c policy.h
Modified: trunk/libselinux/src/load_policy.c
===================================================================
--- trunk/libselinux/src/load_policy.c 2007-04-09 18:02:21 UTC (rev 2325)
+++ trunk/libselinux/src/load_policy.c 2007-04-09 18:13:11 UTC (rev 2326)
@@ -41,56 +41,7 @@
int load_setlocaldefs hidden = 1;
-/*
- This function is used only if DISABLE_SEPOL is defined.
- Size of libsepol is big, so you may want to disable libsepol for embedded devices.
- This function is selinux_mkload_policy with limitations.
- Limitations:
- - Binary policy file name is assumed as "policy.<value in /selinux/policyvers>".
- - Preserve boolean is not supported, so it is recommended not to use boolean,
- if you want to disable sepol.
- - system.users and local.users are not supported.
-*/
-static int selinux_mkload_policy_nosepol(int preservebools) {
- int rc = -1;
- char path[PATH_MAX];
- size_t size;
- void *data;
- int fd;
- struct stat sb;
-
- if (preservebools) {
- return -1;
- }
-
- snprintf(path, sizeof(path), "%s", selinux_binary_policy_path());
-
- fd = open(path, O_RDONLY);
- if (fd < 0)
- return -1;
-
- if (fstat(fd, &sb) < 0)
- goto close;
-
- size = sb.st_size;
- data = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (data == MAP_FAILED)
- goto close;
-
- rc = security_load_policy(data, size);
-
- close:
- close(fd);
- return rc;
-
-}
-
-#ifndef DISABLE_SEPOL
-/*
- selinux_mkload_policy with full features.
- This is used usually(when DISABLE_SEPOL is not defined).
-*/
-static int selinux_mkload_policy_sepol(int preservebools)
+int selinux_mkload_policy(int preservebools)
{
int vers = sepol_policy_kern_vers_max();
int kernvers = security_policyvers();
@@ -203,16 +154,7 @@
close(fd);
return rc;
}
-#endif /*ifndef DISABLE_SEPOL*/
-int selinux_mkload_policy(int preservebools) {
-#ifdef DISABLE_SEPOL
- return selinux_mkload_policy_nosepol(preservebools);
-#else
- return selinux_mkload_policy_sepol(preservebools);
-#endif
-}
-
hidden_def(selinux_mkload_policy)
/*
Modified: trunk/libselinux/src/selinux_internal.h
===================================================================
--- trunk/libselinux/src/selinux_internal.h 2007-04-09 18:02:21 UTC (rev 2325)
+++ trunk/libselinux/src/selinux_internal.h 2007-04-09 18:13:11 UTC (rev 2326)
@@ -76,8 +76,6 @@
hidden_proto(selinux_getpolicytype);
hidden_proto(selinux_raw_to_trans_context);
hidden_proto(selinux_trans_to_raw_context);
-hidden_proto(security_get_initial_context);
-hidden_proto(security_get_initial_context_raw);
extern int load_setlocaldefs hidden;
extern int require_seusers hidden;
Modified: trunk/libsepol/src/Makefile
===================================================================
--- trunk/libsepol/src/Makefile 2007-04-09 18:02:21 UTC (rev 2325)
+++ trunk/libsepol/src/Makefile 2007-04-09 18:13:11 UTC (rev 2326)
@@ -8,18 +8,11 @@
LIBA=libsepol.a
TARGET=libsepol.so
LIBSO=$(TARGET).$(LIBVERSION)
-
-SRCS=$(wildcard *.c)
-ifeq ($(EMBEDDED),1)
-UNUSED_SRCS=link.c nodes.c roles.c iface_record.c module.c port_record.c user_record.c interfaces.c node_record.c ports.c users.c
-SRCS= $(filter-out $(UNUSED_SRCS), $(wildcard *.c))
-endif
-OBJS= $(patsubst %.c,%.o,$(SRCS))
-LOBJS= $(patsubst %.c,%.lo,$(SRCS))
+OBJS= $(patsubst %.c,%.o,$(wildcard *.c))
+LOBJS= $(patsubst %.c,%.lo,$(wildcard *.c))
CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I. -I../include -D_GNU_SOURCE
-
all: $(LIBA) $(LIBSO)
$(LIBA): $(OBJS)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-10 19:01:37
|
Revision: 2334
http://svn.sourceforge.net/selinux/?rev=2334&view=rev
Author: ssmalley
Date: 2007-04-10 12:01:32 -0700 (Tue, 10 Apr 2007)
Log Message:
-----------
Author: Karl MacMillan
Email: kma...@me...
Subject: sepolgen updates
Date: Tue, 10 Apr 2007 12:26:45 -0400
Updates to the sepolgen parser and tools:
* Adding debugging option to sepolgen-ifgen
* Corrected handling of interface calls with list paramaters (e.g.,
foo_interface(a_t, { b_t c_t }).
* Added support for role transition rules in the parser
* Updated range transition rule handling to accept more statements
* Moved ignoring refpolicywarn statements to the lexer to better handle
arbitrary text in the warnings.
* Fixed parsing of single files by sepolgen-ifgen (useful for testing)
* Loosened the matching slightly (higher distance interfaces returned
by default).
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/sepolgen-ifgen
trunk/sepolgen/src/sepolgen/interfaces.py
trunk/sepolgen/src/sepolgen/matching.py
trunk/sepolgen/src/sepolgen/refparser.py
trunk/sepolgen/src/sepolgen/refpolicy.py
Modified: trunk/policycoreutils/audit2allow/sepolgen-ifgen
===================================================================
--- trunk/policycoreutils/audit2allow/sepolgen-ifgen 2007-04-10 15:24:37 UTC (rev 2333)
+++ trunk/policycoreutils/audit2allow/sepolgen-ifgen 2007-04-10 19:01:32 UTC (rev 2334)
@@ -45,7 +45,9 @@
parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),
help="location of the interface header files")
parser.add_option("-v", "--verbose", action="store_true", default=False,
- help="print debuging output")
+ help="print debuging output")
+ parser.add_option("-d", "--debug", action="store_true", default=False,
+ help="extra debugging output")
options, args = parser.parse_args()
return options
@@ -67,7 +69,7 @@
log = None
try:
- headers = refparser.parse_headers(options.headers, output=log)
+ headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
except ValueError, e:
print "error parsing headers"
print str(e)
Modified: trunk/sepolgen/src/sepolgen/interfaces.py
===================================================================
--- trunk/sepolgen/src/sepolgen/interfaces.py 2007-04-10 15:24:37 UTC (rev 2333)
+++ trunk/sepolgen/src/sepolgen/interfaces.py 2007-04-10 19:01:32 UTC (rev 2334)
@@ -365,21 +365,25 @@
# been generated from an optional param.
return None
else:
- return ifcall.args[num - 1]
+ arg = ifcall.args[num - 1]
+ if isinstance(arg, list):
+ return arg
+ else:
+ return [arg]
else:
- return id
+ return [id]
def map_add_av(self, ifv, av, ifcall):
- src_type = self.map_param(av.src_type, ifcall)
- if src_type is None:
+ src_types = self.map_param(av.src_type, ifcall)
+ if src_types is None:
return
- tgt_type = self.map_param(av.tgt_type, ifcall)
- if tgt_type is None:
+ tgt_types = self.map_param(av.tgt_type, ifcall)
+ if tgt_types is None:
return
- obj_class = self.map_param(av.obj_class, ifcall)
- if obj_class is None:
+ obj_classes = self.map_param(av.obj_class, ifcall)
+ if obj_classes is None:
return
new_perms = refpolicy.IdSet()
@@ -388,14 +392,15 @@
if p is None:
continue
else:
- new_perms.add(p)
+ new_perms.update(p)
if len(new_perms) == 0:
return
- ifv.access.add(src_type, tgt_type, obj_class, new_perms)
+ for src_type in src_types:
+ for tgt_type in tgt_types:
+ for obj_class in obj_classes:
+ ifv.access.add(src_type, tgt_type, obj_class, new_perms)
-
-
def do_expand_ifcalls(self, interface, if_by_name):
# Descend an interface call tree adding the access
# from each interface. This is a depth first walk
Modified: trunk/sepolgen/src/sepolgen/matching.py
===================================================================
--- trunk/sepolgen/src/sepolgen/matching.py 2007-04-10 15:24:37 UTC (rev 2333)
+++ trunk/sepolgen/src/sepolgen/matching.py 2007-04-10 19:01:32 UTC (rev 2334)
@@ -50,7 +50,7 @@
return 1
class MatchList:
- DEFAULT_THRESHOLD = 100
+ DEFAULT_THRESHOLD = 120
def __init__(self):
# Match objects that pass the threshold
self.children = []
Modified: trunk/sepolgen/src/sepolgen/refparser.py
===================================================================
--- trunk/sepolgen/src/sepolgen/refparser.py 2007-04-10 15:24:37 UTC (rev 2333)
+++ trunk/sepolgen/src/sepolgen/refparser.py 2007-04-10 19:01:32 UTC (rev 2334)
@@ -35,6 +35,7 @@
import refpolicy
import access
+import defaults
import lex
import yacc
@@ -59,7 +60,6 @@
'MINUS',
'TILDE',
'ASTERISK',
- 'PERIOD',
'AMP',
'BAR',
'EXPL',
@@ -89,13 +89,13 @@
'TYPE_CHANGE',
'TYPE_MEMBER',
'RANGE_TRANSITION',
+ 'ROLE_TRANSITION',
# refpolicy keywords
'OPT_POLICY',
'INTERFACE',
'TUNABLE_POLICY',
'GEN_REQ',
'TEMPLATE',
- 'REFPOLICYWARN',
# m4
'IFDEF',
'IFNDEF',
@@ -128,13 +128,13 @@
'type_change' : 'TYPE_CHANGE',
'type_member' : 'TYPE_MEMBER',
'range_transition' : 'RANGE_TRANSITION',
+ 'role_transition' : 'ROLE_TRANSITION',
# refpolicy keywords
'optional_policy' : 'OPT_POLICY',
'interface' : 'INTERFACE',
'tunable_policy' : 'TUNABLE_POLICY',
'gen_require' : 'GEN_REQ',
'template' : 'TEMPLATE',
- 'refpolicywarn' : 'REFPOLICYWARN',
# M4
'ifndef' : 'IFNDEF',
'ifdef' : 'IFDEF',
@@ -158,7 +158,6 @@
t_MINUS = r'\-'
t_TILDE = r'\~'
t_ASTERISK = r'\*'
-t_PERIOD = r'\.'
t_AMP = r'\&'
t_BAR = r'\|'
t_EXPL = r'\!'
@@ -175,8 +174,14 @@
# Ignore all comments
t.lineno += 1
+def t_refpolicywarn(t):
+ r'refpolicywarn\(.*\n'
+ # Ignore refpolicywarn statements - they sometimes
+ # contain text that we can't parse.
+ t.lineno += 1
+
def t_IDENTIFIER(t):
- r'[a-zA-Z_\$\-][a-zA-Z0-9_\.\$\*]*'
+ r'[a-zA-Z_\$][a-zA-Z0-9_\.\$\*]*'
# Handle any keywords
t.type = reserved.get(t.value,'IDENTIFIER')
return t
@@ -311,6 +316,28 @@
str = "-" + p[2]
p[0] = [str]
+def p_interface_call_param(p):
+ '''interface_call_param : IDENTIFIER
+ | IDENTIFIER MINUS IDENTIFIER
+ | nested_id_set
+ '''
+ # Intentionally let single identifiers pass through
+ # List means set, non-list identifier
+ if len(p) == 2:
+ p[0] = p[1]
+ else:
+ p[0] = [p[1], "-" + p[3]]
+
+def p_interface_call_param_list(p):
+ '''interface_call_param_list : interface_call_param
+ | interface_call_param_list COMMA interface_call_param
+ '''
+ if len(p) == 2:
+ p[0] = [p[1]]
+ else:
+ p[0] = p[1] + [p[3]]
+
+
def p_comma_list(p):
'''comma_list : nested_id_list
| comma_list COMMA nested_id_list
@@ -406,23 +433,8 @@
collect(p[12], x, val=False)
p[0] = [x]
-def p_refpolicywarn_stmts(p):
- '''refpolicywarn_stmts : names
- | refpolicywarn_stmts names
- | OPAREN
- | refpolicywarn_stmts OPAREN
- | CPAREN
- | refpolicywarn_stmts CPAREN
- | PERIOD
- | refpolicywarn_stmts PERIOD
- '''
-
-def p_refpolicywarn(p):
- '''refpolicywarn : REFPOLICYWARN OPAREN TICK refpolicywarn_stmts SQUOTE CPAREN'''
- pass
-
def p_interface_call(p):
- 'interface_call : IDENTIFIER OPAREN comma_list CPAREN'
+ 'interface_call : IDENTIFIER OPAREN interface_call_param_list CPAREN'
i = refpolicy.InterfaceCall(ifname=p[1])
i.args.extend(p[3])
@@ -455,9 +467,9 @@
| role_allow
| type_def
| typealias_def
- | refpolicywarn
| attribute_def
| range_transition_def
+ | role_transition_def
'''
p[0] = [p[1]]
@@ -592,9 +604,14 @@
def p_range_transition_def(p):
- '''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI'''
+ '''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI
+ | RANGE_TRANSITION names names names SEMI'''
pass
+def p_role_transition_def(p):
+ '''role_transition_def : ROLE_TRANSITION names names names SEMI'''
+ pass
+
def p_error(tok):
global error
error = "Syntax error on line %d %s [type=%s]" % (tok.lineno, tok.value, tok.type)
@@ -640,7 +657,6 @@
if error is not None:
msg = 'could not parse text: "%s"' % error
- print msg
raise ValueError(msg)
return m
@@ -684,7 +700,7 @@
raise ValueError("Invalid file name %s" % root)
modname = os.path.splitext(name)
modules.append((modname[0], root))
- all_modules, support_macros = list_headers(DEFAULT_HEADERS_ROOT)
+ all_modules, support_macros = list_headers(defaults.headers())
else:
modules, support_macros = list_headers(root)
@@ -741,7 +757,8 @@
parse_file(x[1], m, spt)
else:
parse_file(x[1], m)
- except ValueError:
+ except ValueError, e:
+ o(str(e) + "\n")
failures.append(x[1])
continue
Modified: trunk/sepolgen/src/sepolgen/refpolicy.py
===================================================================
--- trunk/sepolgen/src/sepolgen/refpolicy.py 2007-04-10 15:24:37 UTC (rev 2333)
+++ trunk/sepolgen/src/sepolgen/refpolicy.py 2007-04-10 19:01:32 UTC (rev 2334)
@@ -579,9 +579,6 @@
self.args = []
self.comments = []
- def to_string(self):
- return self.to_string()
-
def matches(self, other):
if self.ifname != other.ifname:
return False
@@ -596,10 +593,15 @@
s = "%s(" % self.ifname
i = 0
for a in self.args:
+ if isinstance(a, list):
+ str = list_to_space_str(a)
+ else:
+ str = a
+
if i != 0:
- s = s + ", %s" % a
+ s = s + ", %s" % str
else:
- s = s + a
+ s = s + str
i += 1
return s + ")"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-13 18:03:23
|
Revision: 2355
http://svn.sourceforge.net/selinux/?rev=2355&view=rev
Author: ssmalley
Date: 2007-04-13 11:03:12 -0700 (Fri, 13 Apr 2007)
Log Message:
-----------
Fix build.
Modified Paths:
--------------
trunk/checkpolicy/test/Makefile
trunk/policycoreutils/secon/Makefile
Modified: trunk/checkpolicy/test/Makefile
===================================================================
--- trunk/checkpolicy/test/Makefile 2007-04-13 14:38:21 UTC (rev 2354)
+++ trunk/checkpolicy/test/Makefile 2007-04-13 18:03:12 UTC (rev 2355)
@@ -9,7 +9,7 @@
CFLAGS ?= -g -Wall -O2 -pipe
override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS=-lfl -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
all: dispol dismod
Modified: trunk/policycoreutils/secon/Makefile
===================================================================
--- trunk/policycoreutils/secon/Makefile 2007-04-13 14:38:21 UTC (rev 2354)
+++ trunk/policycoreutils/secon/Makefile 2007-04-13 18:03:12 UTC (rev 2355)
@@ -9,7 +9,7 @@
VERSION = $(shell cat ../VERSION)
CFLAGS ?= $(WARNS) -O1
override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR)
-LDLIBS = -lselinux -L$(LIBDIR)
+LDLIBS = -lsepol -lselinux -L$(LIBDIR)
all: secon
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kma...@us...> - 2007-04-26 19:15:53
|
Revision: 2401
http://svn.sourceforge.net/selinux/?rev=2401&view=rev
Author: kmacmillan
Date: 2007-04-26 12:15:47 -0700 (Thu, 26 Apr 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.15
Modified Paths:
--------------
trunk/libsepol/VERSION
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
trunk/policycoreutils/audit2why/Makefile
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2007-04-26 19:13:45 UTC (rev 2400)
+++ trunk/libsepol/VERSION 2007-04-26 19:15:47 UTC (rev 2401)
@@ -1 +1 @@
-2.0.3
+2.1.0
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-04-26 19:13:45 UTC (rev 2400)
+++ trunk/policycoreutils/ChangeLog 2007-04-26 19:15:47 UTC (rev 2401)
@@ -1,3 +1,6 @@
+2.0.15 2007-04-26
+ * Merged move of audit2why to /usr/bin from Dan Walsh.
+
2.0.14 2007-04-25
* Build fix for setsebool.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-04-26 19:13:45 UTC (rev 2400)
+++ trunk/policycoreutils/VERSION 2007-04-26 19:15:47 UTC (rev 2401)
@@ -1 +1 @@
-2.0.14
+2.0.15
Modified: trunk/policycoreutils/audit2why/Makefile
===================================================================
--- trunk/policycoreutils/audit2why/Makefile 2007-04-26 19:13:45 UTC (rev 2400)
+++ trunk/policycoreutils/audit2why/Makefile 2007-04-26 19:15:47 UTC (rev 2401)
@@ -1,6 +1,6 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
-BINDIR ?= $(PREFIX)/sbin
+BINDIR ?= $(PREFIX)/bin
LIBDIR ?= ${PREFIX}/lib
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kma...@us...> - 2007-04-27 15:29:17
|
Revision: 2406
http://svn.sourceforge.net/selinux/?rev=2406&view=rev
Author: kmacmillan
Date: 2007-04-27 08:29:14 -0700 (Fri, 27 Apr 2007)
Log Message:
-----------
added script dir and selinux-maint script
Added Paths:
-----------
trunk/scripts/
trunk/scripts/selinux-maint
Added: trunk/scripts/selinux-maint
===================================================================
--- trunk/scripts/selinux-maint (rev 0)
+++ trunk/scripts/selinux-maint 2007-04-27 15:29:14 UTC (rev 2406)
@@ -0,0 +1,221 @@
+#! /usr/bin/python
+
+# Basic instructions
+#
+# 1. Save patch email to file [patch.email]
+#
+# 2. Go to the svn directory to which you want to apply the patch.
+#
+# 3. Run "selinux-maint split patch.email". This will run vi on the
+# logmsg (pulled out of the email) to allow you to add anything (ack
+# messages). When you quit vi the current directory will have files
+# called "patch" and "logmsg".
+#
+# 4. Run "selinux-maint apply" (optionally with a strip level as
+# the last argument). This will do a dry run of applying the patch
+# showing the results and ask if you want to apply the patch. If you
+# say yes it will apply the patch and attempt to detect file adds (by
+# comparing svn status and the output of patch). If it finds adds it
+# will ask if you want to add each file.
+#
+# 5. Run "selinux-maint commit" to commit that patch with the log
+# message.
+#
+# 6. Repeat 4 and 5 as often as necessary for a set of patch emails.
+#
+# 7. Run "selinux-maint rev packagename" where packagename is
+# something like "libsepol". This will prompt for the new version
+# number (showing the current), update VERSION, add a Changelog entry
+# with the version and date, and vi the changelog for you to add
+# entries.
+#
+# 8. Run "selinux-maint commit" again to commit the revision change
+# (rev adds a simple log message - I just fixed this as my last
+# checkin had the wrong log message).
+
+import sys
+import subprocess
+import shutil
+import os
+import os.path
+import datetime
+
+dir = "/tmp/selinux-maint/"
+
+def usage():
+ print "selinux-maint [command] [options]"
+ print ""
+ print "commands:"
+ print "\tsplit patch-email: split patch-email into a patch and log message"
+ print "\tapply [patch-level]: apply the patch and logmsg with optional level"
+ print "\tcommit username: commit the changes"
+ print "\trev package: update the version number and changelog of package"
+
+def create_tmpdir():
+ try:
+ os.mkdir(dir)
+ except OSError:
+ if not os.path.isdir(dir):
+ print "path %s exists and is not a directory" % dir
+ sys.exit(1)
+
+def split_email(args):
+ # Get an absolute path for the patch email since we are going to
+ # change the working directory
+ patch_path = os.path.abspath(args[0])
+
+ create_tmpdir()
+ prevdir = os.getcwd()
+ os.chdir(dir)
+
+ infd = open(patch_path)
+ outfd = open("info", "w")
+ retcode = subprocess.call(["git-mailinfo", "msg", "patch"], stdin=infd,
+ stdout=outfd)
+ if retcode != 0:
+ sys.exit(1)
+
+ msgfd = open("logmsg", "w")
+ retcode = subprocess.call(["cat", "info", "msg"], stdout=msgfd)
+
+ msgfd.close()
+
+ retcode = subprocess.call(["vi", "logmsg"])
+
+ shutil.copyfile("logmsg", prevdir + "/logmsg")
+ shutil.copyfile("patch", prevdir + "/patch")
+
+def apply(args):
+ if len(args):
+ patch_level = "-p%d" % int(args[0])
+ else:
+ patch_level = "-p1"
+
+ print "Test applying patch:"
+ patchfd = open("patch")
+ retcode = subprocess.call(["patch", patch_level, "--dry-run"], stdin=patchfd)
+ resp = raw_input("apply [y/n]: ")
+ if resp != "y":
+ sys.exit(0)
+
+ patchfd = open("patch")
+ patch_output = subprocess.Popen(["patch", patch_level], stdin=patchfd,
+ stdout=subprocess.PIPE).communicate()[0]
+
+ status_output = subprocess.Popen(["svn", "status"], stdout=subprocess.PIPE).communicate()[0]
+
+
+ # Detect adds
+ unknown_files = []
+ for status_line in status_output.split("\n"):
+ try:
+ status, fname = status_line.split()
+ except ValueError:
+ continue
+ if status == "?":
+ unknown_files.append(fname)
+
+ added_files = []
+ for patch_line in patch_output.split("\n"):
+ try:
+ patched_fname = patch_line.split(" ")[2]
+ except:
+ continue
+ if patched_fname in unknown_files:
+ added_files.append(patched_fname)
+
+ for fname in added_files:
+ input = raw_input("add file %s [y/n]: " % fname)
+ if input == "y":
+ subprocess.call(["svn", "add", fname])
+
+def commit(args):
+ if len(args) != 1:
+ print "you must provide a username"
+ usage()
+ sys.exit(1)
+ retcode = subprocess.call(["svn", "commit", "--username", args[0], "-F", "logmsg"])
+
+def rev(args):
+ if len(args) != 1:
+ print "you must provide a package name"
+ usage()
+ sys.exit(1)
+ package = args[0]
+
+ ver_fd = open("%s/VERSION" % package, "r")
+ cur = ver_fd.read()
+ cur = cur.split("\n")[0]
+ ver_fd.close()
+ input = raw_input("new version [current is %s]: " % cur)
+ new_fd = open("%s/VERSION.new" % package, "w")
+ new_fd.write(input + "\n")
+ new_fd.close()
+ shutil.copyfile("%s/VERSION.new" % package, "%s/VERSION" % package)
+
+ old_changelog = "%s/ChangeLog" % package
+ new_changelog = "%s/ChangeLog.new" % package
+
+ n = open(new_changelog, "w")
+
+ entry = "%s %s\n" % (input, str(datetime.date.today()))
+ n.write(entry)
+ n.write("\t*\n\n")
+ o = open(old_changelog)
+ n.write(o.read())
+ n.close()
+ o.close()
+
+ subprocess.call(["vi", new_changelog])
+ shutil.copyfile(new_changelog, old_changelog)
+
+ logmsg = open("logmsg", "w")
+ logmsg.write("updated %s to version %s\n" % (package, input))
+
+def merge(args):
+ if len(args) != 2:
+ print "you must provide a revision pair and source branch"
+ usage()
+ sys.exit(1)
+
+ rev = args[0]
+ branch = args[1]
+
+ if branch == "trunk":
+ url = "https://selinux.svn.sourceforge.net/svnroot/selinux/trunk"
+ elif branch == "stable":
+ url = "https://selinux.svn.sourceforge.net/svnroot/selinux/branches/stable/1_0"
+ else:
+ url = "https://selinux.svn.sourceforge.net/svnroot/selinux/branches/%s" % branch
+
+ subprocess.call(["svn", "diff", "-r%s" % rev, url])
+ input = raw_input("apply these changes [y/n]? ")
+ if input != "y":
+ sys.exit(0)
+
+ subprocess.call(["svn", "merge", "-r%s" % rev, url])
+
+ logmsg = open("logmsg", "w")
+ logmsg.write("applied r%s from %s\n" % (rev, branch))
+
+
+def main():
+ if len(sys.argv) < 2:
+ usage()
+ sys.exit(1)
+
+ command = sys.argv[1]
+ if command == "split":
+ split_email(sys.argv[2:])
+ elif command == "apply":
+ apply(sys.argv[2:])
+ elif command == "commit":
+ commit(sys.argv[2:])
+ elif command == "rev":
+ rev(sys.argv[2:])
+ elif command == "merge":
+ merge(sys.argv[2:])
+ else:
+ usage()
+
+main()
Property changes on: trunk/scripts/selinux-maint
___________________________________________________________________
Name: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-05-03 16:46:15
|
Revision: 2422
http://svn.sourceforge.net/selinux/?rev=2422&view=rev
Author: ssmalley
Date: 2007-05-03 09:46:13 -0700 (Thu, 03 May 2007)
Log Message:
-----------
Update path to Lindent script in Makefiles.
Modified Paths:
--------------
trunk/checkpolicy/Makefile
trunk/libselinux/include/Makefile
trunk/libselinux/src/Makefile
trunk/libselinux/utils/Makefile
trunk/libsemanage/include/Makefile
trunk/libsemanage/src/Makefile
trunk/libsepol/include/Makefile
trunk/libsepol/src/Makefile
trunk/libsepol/utils/Makefile
trunk/policycoreutils/audit2why/Makefile
trunk/policycoreutils/load_policy/Makefile
trunk/policycoreutils/newrole/Makefile
trunk/policycoreutils/restorecon/Makefile
trunk/policycoreutils/restorecond/Makefile
trunk/policycoreutils/run_init/Makefile
trunk/policycoreutils/secon/Makefile
trunk/policycoreutils/semodule/Makefile
trunk/policycoreutils/semodule_deps/Makefile
trunk/policycoreutils/semodule_expand/Makefile
trunk/policycoreutils/semodule_link/Makefile
trunk/policycoreutils/semodule_package/Makefile
trunk/policycoreutils/sestatus/Makefile
trunk/policycoreutils/setfiles/Makefile
trunk/policycoreutils/setsebool/Makefile
Modified: trunk/checkpolicy/Makefile
===================================================================
--- trunk/checkpolicy/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/checkpolicy/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -58,4 +58,4 @@
$(MAKE) -C test clean
indent:
- ../Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
+ ../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
Modified: trunk/libselinux/include/Makefile
===================================================================
--- trunk/libselinux/include/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/libselinux/include/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -7,5 +7,5 @@
install -m 644 $(wildcard selinux/*.h) $(INCDIR)
indent:
- ../../Lindent $(wildcard selinux/*.h)
+ ../../scripts/Lindent $(wildcard selinux/*.h)
Modified: trunk/libselinux/src/Makefile
===================================================================
--- trunk/libselinux/src/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/libselinux/src/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -84,5 +84,5 @@
rm -f $(SWIGCOUT) $(SWIGFILES)
indent:
- ../../Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
+ ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
Modified: trunk/libselinux/utils/Makefile
===================================================================
--- trunk/libselinux/utils/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/libselinux/utils/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -19,7 +19,7 @@
rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel:
Modified: trunk/libsemanage/include/Makefile
===================================================================
--- trunk/libsemanage/include/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/libsemanage/include/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -7,4 +7,4 @@
install -m 644 $(wildcard semanage/*.h) $(INCDIR)
indent:
- ../../Lindent $(wildcard semanage/*.h)
+ ../../scripts/Lindent $(wildcard semanage/*.h)
Modified: trunk/libsemanage/src/Makefile
===================================================================
--- trunk/libsemanage/src/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/libsemanage/src/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -99,6 +99,6 @@
rm -f $(SWIGCOUT) $(SWIGFILES)
indent:
- ../../Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
+ ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
.PHONY: all clean pywrap swigify install install-pywrap distclean
Modified: trunk/libsepol/include/Makefile
===================================================================
--- trunk/libsepol/include/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/libsepol/include/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -9,4 +9,4 @@
install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb
indent:
- ../../Lindent $(wildcard sepol/*.h)
+ ../../scripts/Lindent $(wildcard sepol/*.h)
Modified: trunk/libsepol/src/Makefile
===================================================================
--- trunk/libsepol/src/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/libsepol/src/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -43,5 +43,5 @@
-rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET)
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: trunk/libsepol/utils/Makefile
===================================================================
--- trunk/libsepol/utils/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/libsepol/utils/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -18,7 +18,7 @@
-rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel:
Modified: trunk/policycoreutils/audit2why/Makefile
===================================================================
--- trunk/policycoreutils/audit2why/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/audit2why/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -25,6 +25,6 @@
-rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel:
Modified: trunk/policycoreutils/load_policy/Makefile
===================================================================
--- trunk/policycoreutils/load_policy/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/load_policy/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -22,7 +22,7 @@
-rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel:
/sbin/restorecon $(SBINDIR)/load_policy
Modified: trunk/policycoreutils/newrole/Makefile
===================================================================
--- trunk/policycoreutils/newrole/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/newrole/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -76,7 +76,7 @@
rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel: install
/sbin/restorecon $(BINDIR)/newrole
Modified: trunk/policycoreutils/restorecon/Makefile
===================================================================
--- trunk/policycoreutils/restorecon/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/restorecon/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -22,7 +22,7 @@
-rm -f restorecon *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel: install
/sbin/restorecon $(SBINDIR)/restorecon
Modified: trunk/policycoreutils/restorecond/Makefile
===================================================================
--- trunk/policycoreutils/restorecond/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/restorecond/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -31,5 +31,5 @@
-rm -f restorecond *.o *~
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: trunk/policycoreutils/run_init/Makefile
===================================================================
--- trunk/policycoreutils/run_init/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/run_init/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -46,7 +46,7 @@
-rm -f $(TARGETS) *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel: install
/sbin/restorecon $(SBINDIR)/run_init $(SBINDIR)/open_init_pty
Modified: trunk/policycoreutils/secon/Makefile
===================================================================
--- trunk/policycoreutils/secon/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/secon/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -30,7 +30,7 @@
rm -f *.o core* secon *~ *.bak
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
bare: clean
Modified: trunk/policycoreutils/semodule/Makefile
===================================================================
--- trunk/policycoreutils/semodule/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/semodule/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -26,5 +26,5 @@
-rm -f semodule *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: trunk/policycoreutils/semodule_deps/Makefile
===================================================================
--- trunk/policycoreutils/semodule_deps/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/semodule_deps/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -25,5 +25,5 @@
-rm -f semodule_deps *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: trunk/policycoreutils/semodule_expand/Makefile
===================================================================
--- trunk/policycoreutils/semodule_expand/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/semodule_expand/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -25,5 +25,5 @@
-rm -f semodule_expand *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: trunk/policycoreutils/semodule_link/Makefile
===================================================================
--- trunk/policycoreutils/semodule_link/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/semodule_link/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -25,5 +25,5 @@
-rm -f semodule_link *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: trunk/policycoreutils/semodule_package/Makefile
===================================================================
--- trunk/policycoreutils/semodule_package/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/semodule_package/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -25,5 +25,5 @@
-rm -f semodule_package *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
Modified: trunk/policycoreutils/sestatus/Makefile
===================================================================
--- trunk/policycoreutils/sestatus/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/sestatus/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -25,6 +25,6 @@
rm -f sestatus *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel:
Modified: trunk/policycoreutils/setfiles/Makefile
===================================================================
--- trunk/policycoreutils/setfiles/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/setfiles/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -29,7 +29,7 @@
rm -f setfiles *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
relabel: install
/sbin/restorecon $(SBINDIR)/setfiles
Modified: trunk/policycoreutils/setsebool/Makefile
===================================================================
--- trunk/policycoreutils/setsebool/Makefile 2007-04-27 17:41:32 UTC (rev 2421)
+++ trunk/policycoreutils/setsebool/Makefile 2007-05-03 16:46:13 UTC (rev 2422)
@@ -26,5 +26,5 @@
-rm -f setsebool *.o
indent:
- ../../Lindent $(wildcard *.[ch])
+ ../../scripts/Lindent $(wildcard *.[ch])
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2007-06-20 18:42:54
|
Revision: 2487
http://svn.sourceforge.net/selinux/?rev=2487&view=rev
Author: ewalsh
Date: 2007-06-20 11:42:48 -0700 (Wed, 20 Jun 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.22
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2007-06-20 18:39:27 UTC (rev 2486)
+++ trunk/libselinux/ChangeLog 2007-06-20 18:42:48 UTC (rev 2487)
@@ -1,3 +1,6 @@
+2.0.22 2007-06-20
+ * Labeling and callback interface patches from Eamon Walsh.
+
2.0.21 2007-06-11
* Class and permission mapping support patches from Eamon Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2007-06-20 18:39:27 UTC (rev 2486)
+++ trunk/libselinux/VERSION 2007-06-20 18:42:48 UTC (rev 2487)
@@ -1 +1 @@
-2.0.21
+2.0.22
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-06-20 18:39:27 UTC (rev 2486)
+++ trunk/policycoreutils/ChangeLog 2007-06-20 18:42:48 UTC (rev 2487)
@@ -1,3 +1,6 @@
+2.0.22 2007-06-20
+ * Rebase setfiles to use new labeling interface.
+
2.0.21 2007-06-13
* Fixed setsebool (falling through to error path on success).
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-06-20 18:39:27 UTC (rev 2486)
+++ trunk/policycoreutils/VERSION 2007-06-20 18:42:48 UTC (rev 2487)
@@ -1 +1 @@
-2.0.21
+2.0.22
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2007-08-16 19:19:31
|
Revision: 2518
http://selinux.svn.sourceforge.net/selinux/?rev=2518&view=rev
Author: madmethod
Date: 2007-08-16 12:19:24 -0700 (Thu, 16 Aug 2007)
Log Message:
-----------
Disable dontaudits via semodule -D
Signed-off-by: Joshua Brindle <me...@ma...
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsemanage/ChangeLog
trunk/libsemanage/VERSION
trunk/libsemanage/include/semanage/handle.h
trunk/libsemanage/src/handle.c
trunk/libsemanage/src/libsemanage.map
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
trunk/libsepol/include/sepol/handle.h
trunk/libsepol/src/expand.c
trunk/libsepol/src/handle.c
trunk/libsepol/src/handle.h
trunk/libsepol/src/libsepol.map
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
trunk/policycoreutils/semodule/semodule.c
Modified: trunk/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsemanage/ChangeLog 2007-08-16 19:19:24 UTC (rev 2518)
@@ -1,3 +1,7 @@
+2.0.4 2007-08-16
+ * Allow dontaudits to be turned off via semanage interface when
+ updating policy
+
2.0.3 2007-04-25
* Fix to libsemanage man patches so whatis will work better from Dan Walsh
Modified: trunk/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsemanage/VERSION 2007-08-16 19:19:24 UTC (rev 2518)
@@ -1 +1 @@
-2.0.3
+2.0.4
Modified: trunk/libsemanage/include/semanage/handle.h
===================================================================
--- trunk/libsemanage/include/semanage/handle.h 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsemanage/include/semanage/handle.h 2007-08-16 19:19:24 UTC (rev 2518)
@@ -69,6 +69,9 @@
* 1 for yes, 0 for no (default) */
void semanage_set_create_store(semanage_handle_t * handle, int create_store);
+/* Set whether or not to disable dontaudits upon commit */
+void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
+
/* Check whether policy is managed via libsemanage on this system.
* Must be called prior to trying to connect.
* Return 1 if policy is managed via libsemanage on this system,
Modified: trunk/libsemanage/src/handle.c
===================================================================
--- trunk/libsemanage/src/handle.c 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsemanage/src/handle.c 2007-08-16 19:19:24 UTC (rev 2518)
@@ -109,6 +109,14 @@
return;
}
+void semanage_set_disable_dontaudit(semanage_handle_t * sh, int disable_dontaudit)
+{
+ assert(sh != NULL);
+
+ sepol_set_disable_dontaudit(sh->sepolh, disable_dontaudit);
+ return;
+}
+
int semanage_is_connected(semanage_handle_t * sh)
{
assert(sh != NULL);
Modified: trunk/libsemanage/src/libsemanage.map
===================================================================
--- trunk/libsemanage/src/libsemanage.map 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsemanage/src/libsemanage.map 2007-08-16 19:19:24 UTC (rev 2518)
@@ -13,6 +13,6 @@
semanage_iface_*; semanage_port_*; semanage_context_*;
semanage_node_*;
semanage_fcontext_*; semanage_access_check; semanage_set_create_store;
- semanage_is_connected;
+ semanage_is_connected; semanage_set_disable_dontaudit;
local: *;
};
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsepol/ChangeLog 2007-08-16 19:19:24 UTC (rev 2518)
@@ -1,3 +1,6 @@
+2.0.6 2007-08-16
+ * Allow dontaudits to be turned off during policy expansion
+
2.0.5 2007-08-01
* Fix sepol_context_clone to handle a NULL context correctly.
This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL)
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsepol/VERSION 2007-08-16 19:19:24 UTC (rev 2518)
@@ -1 +1 @@
-2.0.5
+2.0.6
Modified: trunk/libsepol/include/sepol/handle.h
===================================================================
--- trunk/libsepol/include/sepol/handle.h 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsepol/include/sepol/handle.h 2007-08-16 19:19:24 UTC (rev 2518)
@@ -7,6 +7,10 @@
/* Create and return a sepol handle. */
sepol_handle_t *sepol_handle_create(void);
+/* Set whether or not to disable dontaudits, 0 is default and does
+ * not disable dontaudits, 1 disables them */
+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
+
/* Destroy a sepol handle. */
void sepol_handle_destroy(sepol_handle_t *);
Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsepol/src/expand.c 2007-08-16 19:19:24 UTC (rev 2518)
@@ -1367,6 +1367,8 @@
} else if (specified & AVRULE_AUDITDENY) {
spec = AVTAB_AUDITDENY;
} else if (specified & AVRULE_DONTAUDIT) {
+ if (handle->disable_dontaudit)
+ return EXPAND_RULE_SUCCESS;
spec = AVTAB_AUDITDENY;
} else if (specified & AVRULE_NEVERALLOW) {
spec = AVTAB_NEVERALLOW;
Modified: trunk/libsepol/src/handle.c
===================================================================
--- trunk/libsepol/src/handle.c 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsepol/src/handle.c 2007-08-16 19:19:24 UTC (rev 2518)
@@ -1,4 +1,5 @@
#include <stdlib.h>
+#include <assert.h>
#include "handle.h"
#include "debug.h"
@@ -13,9 +14,18 @@
sh->msg_callback = sepol_msg_default_handler;
sh->msg_callback_arg = NULL;
+ /* by default do not disable dontaudits */
+ sh->disable_dontaudit = 0;
+
return sh;
}
+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
+{
+ assert(sh !=NULL);
+ sh->disable_dontaudit = disable_dontaudit;
+}
+
void sepol_handle_destroy(sepol_handle_t * sh)
{
free(sh);
Modified: trunk/libsepol/src/handle.h
===================================================================
--- trunk/libsepol/src/handle.h 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsepol/src/handle.h 2007-08-16 19:19:24 UTC (rev 2518)
@@ -14,6 +14,9 @@
void (*msg_callback) (void *varg,
sepol_handle_t * handle, const char *fmt, ...);
void *msg_callback_arg;
+
+ int disable_dontaudit;
+
};
#endif
Modified: trunk/libsepol/src/libsepol.map
===================================================================
--- trunk/libsepol/src/libsepol.map 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/libsepol/src/libsepol.map 2007-08-16 19:19:24 UTC (rev 2518)
@@ -12,5 +12,6 @@
sepol_policydb_*; sepol_set_policydb_from_file;
sepol_policy_kern_*;
sepol_policy_file_*;
+ sepol_set_disable_dontaudit;
local: *;
};
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/policycoreutils/ChangeLog 2007-08-16 19:19:24 UTC (rev 2518)
@@ -1,3 +1,6 @@
+2.0.23 2007-08-16
+ * Disable dontaudits via semodule -D
+
2.0.22 2007-06-20
* Rebase setfiles to use new labeling interface.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/policycoreutils/VERSION 2007-08-16 19:19:24 UTC (rev 2518)
@@ -1 +1 @@
-2.0.22
+2.0.23
Modified: trunk/policycoreutils/semodule/semodule.c
===================================================================
--- trunk/policycoreutils/semodule/semodule.c 2007-08-12 20:26:56 UTC (rev 2517)
+++ trunk/policycoreutils/semodule/semodule.c 2007-08-16 19:19:24 UTC (rev 2518)
@@ -44,6 +44,7 @@
static int no_reload;
static int create_store;
static int build;
+static int disable_dontaudit;
static semanage_handle_t *sh = NULL;
static char *store;
@@ -131,6 +132,7 @@
printf(" -n,--noreload do not reload policy after commit\n");
printf(" -h,--help print this message and quit\n");
printf(" -v,--verbose be verbose\n");
+ printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
}
/* Sets the global mode variable to new_mode, but only if no other
@@ -173,6 +175,7 @@
{"reload", 0, NULL, 'R'},
{"noreload", 0, NULL, 'n'},
{"build", 0, NULL, 'B'},
+ {"disable_dontaudit", 0, NULL, 'D'},
{NULL, 0, NULL, 0}
};
int i;
@@ -181,7 +184,7 @@
no_reload = 0;
create_store = 0;
while ((i =
- getopt_long(argc, argv, "s:b:hi:lvqr:u:RnB", opts,
+ getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
NULL)) != -1) {
switch (i) {
case 'b':
@@ -218,6 +221,9 @@
case 'B':
build = 1;
break;
+ case 'D':
+ disable_dontaudit = 1;
+ break;
case '?':
default:{
usage(argv[0]);
@@ -441,6 +447,8 @@
semanage_set_reload(sh, 0);
if (build)
semanage_set_rebuild(sh, 1);
+ if (disable_dontaudit)
+ semanage_set_disable_dontaudit(sh, 1);
result = semanage_commit(sh);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-08-23 14:41:52
|
Revision: 2527
http://selinux.svn.sourceforge.net/selinux/?rev=2527&view=rev
Author: ssmalley
Date: 2007-08-23 07:41:50 -0700 (Thu, 23 Aug 2007)
Log Message:
-----------
Author: tm...@tr...
Email: tm...@tr...
Subject: libsemanage: genhomedircon replacement
Date: Tue, 21 Aug 2007 15:10:44 -0400
Remove python script genhomedircon from libsemanage and replace
with C functionality.
Note: This code fixes a bug in the orignal genhomedircon python script; the
following two lines are added to the file contexts whereas the old
genhomedircon would not add them:
/tmp/\.exchange-.*(/.*)? user_u:object_r:user_evolution_exchange_tmp_t:s0
/tmp/\.exchange-root(/.*)? root:object_r:user_evolution_exchange_tmp_t:s0
Modified Paths:
--------------
trunk/libselinux/src/file_path_suffixes.h
trunk/libsemanage/src/Makefile
trunk/libsemanage/src/semanage_store.c
trunk/libsemanage/src/semanage_store.h
Added Paths:
-----------
trunk/libsemanage/src/genhomedircon.c
trunk/libsemanage/src/genhomedircon.h
trunk/libsemanage/src/utilities.c
trunk/libsemanage/src/utilities.h
Modified: trunk/libselinux/src/file_path_suffixes.h
===================================================================
--- trunk/libselinux/src/file_path_suffixes.h 2007-08-23 14:39:48 UTC (rev 2526)
+++ trunk/libselinux/src/file_path_suffixes.h 2007-08-23 14:41:50 UTC (rev 2527)
@@ -16,6 +16,6 @@
S_(SEUSERS, "/seusers")
S_(TRANSLATIONS, "/setrans.conf")
S_(NETFILTER_CONTEXTS, "/contexts/netfilter_contexts")
- S_(FILE_CONTEXTS_HOMEDIR, "/contexts/files/file_contexts.homedir")
+ S_(FILE_CONTEXTS_HOMEDIR, "/contexts/files/file_contexts.homedirs")
S_(FILE_CONTEXTS_LOCAL, "/contexts/files/file_contexts.local")
S_(X_CONTEXTS, "/contexts/x_contexts")
Modified: trunk/libsemanage/src/Makefile
===================================================================
--- trunk/libsemanage/src/Makefile 2007-08-23 14:39:48 UTC (rev 2526)
+++ trunk/libsemanage/src/Makefile 2007-08-23 14:41:50 UTC (rev 2527)
@@ -54,7 +54,7 @@
ranlib $@
$(LIBSO): $(LOBJS)
- $(CC) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+ $(CC) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
ln -sf $@ $(TARGET)
conf-scan.c: conf-scan.l conf-parse.h
Added: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c (rev 0)
+++ trunk/libsemanage/src/genhomedircon.c 2007-08-23 14:41:50 UTC (rev 2527)
@@ -0,0 +1,717 @@
+/* Author: Mark Goldman <mgo...@tr...>
+ * Paul Rosenfeld <pro...@tr...>
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of the
+ * License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <semanage/handle.h>
+#include <semanage/seusers_policy.h>
+#include <semanage/users_policy.h>
+#include <semanage/user_record.h>
+#include "semanage_store.h"
+#include "seuser_internal.h"
+#include "debug.h"
+
+#include "utilities.h"
+#include "genhomedircon.h"
+#include <ustr.h>
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <errno.h>
+
+/* paths used in get_home_dirs() */
+#define PATH_ETC_USERADD "/etc/default/useradd"
+#define PATH_ETC_LIBUSER "/etc/libuser.conf"
+#define PATH_DEFAULT_HOME "/home"
+#define PATH_EXPORT_HOME "/export/home"
+#define PATH_ETC_LOGIN_DEFS "/etc/login.defs"
+
+/* other paths */
+#define PATH_SHELLS_FILE "/etc/shells"
+#define PATH_NOLOGIN_SHELL "/sbin/nologin"
+
+/* comments written to context file */
+#define COMMENT_FILE_CONTEXT_HEADER "#\n#\n# " \
+ "User-specific file contexts, generated via libsemanage\n" \
+ "# use semanage command to manage system users to change" \
+ " the file_context\n#\n#\n"
+
+#define COMMENT_USER_HOME_CONTEXT "\n\n#\n# Home Context for user %s" \
+ "\n#\n\n"
+
+/* placeholders used in the template file
+ which are searched for and replaced */
+#define TEMPLATE_HOME_ROOT "HOME_ROOT"
+#define TEMPLATE_HOME_DIR "HOME_DIR"
+#define TEMPLATE_USER "USER"
+#define TEMPLATE_ROLE "ROLE"
+#define TEMPLATE_SEUSER "system_u"
+
+#define FALLBACK_USER "user_u"
+#define FALLBACK_USER_PREFIX "user"
+#define DEFAULT_LOGIN "__default__"
+
+typedef struct {
+ const char *fcfilepath;
+ int usepasswd;
+ const char *homedir_template_path;
+ semanage_handle_t *h_semanage;
+} genhomedircon_settings_t;
+
+typedef struct user_entry {
+ char *name;
+ char *sename;
+ char *prefix;
+ char *home;
+ struct user_entry *next;
+} genhomedircon_user_entry_t;
+
+typedef struct {
+ const char *search_for;
+ const char *replace_with;
+} replacement_pair_t;
+
+static semanage_list_t *default_shell_list(void)
+{
+ semanage_list_t *list = NULL;
+
+ if (semanage_list_push(&list, "/bin/csh")
+ || semanage_list_push(&list, "/bin/tcsh")
+ || semanage_list_push(&list, "/bin/ksh")
+ || semanage_list_push(&list, "/bin/bsh")
+ || semanage_list_push(&list, "/bin/ash")
+ || semanage_list_push(&list, "/usr/bin/ksh")
+ || semanage_list_push(&list, "/usr/bin/pdksh")
+ || semanage_list_push(&list, "/bin/zsh")
+ || semanage_list_push(&list, "/bin/sh")
+ || semanage_list_push(&list, "/bin/bash"))
+ goto fail;
+
+ return list;
+
+ fail:
+ semanage_list_destroy(&list);
+ return NULL;
+}
+
+static semanage_list_t *get_shell_list(void)
+{
+ FILE *shells;
+ char *temp = NULL;
+ semanage_list_t *list = NULL;
+ size_t buff_len = 0;
+
+ shells = fopen(PATH_SHELLS_FILE, "r");
+ if (!shells)
+ return default_shell_list();
+ while (getline(&temp, &buff_len, shells) >= 0) {
+ if (strcmp(temp, PATH_NOLOGIN_SHELL)) {
+ if (semanage_list_push(&list, temp)) {
+ free(temp);
+ semanage_list_destroy(&list);
+ return default_shell_list();
+ }
+ }
+ }
+ free(temp);
+
+ return list;
+}
+
+static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
+{
+ semanage_list_t *homedir_list = NULL;
+ semanage_list_t *shells = NULL;
+ char *path = NULL;
+ size_t minuid = 0;
+ size_t minuid_set = 0;
+ size_t temp;
+ struct passwd *pwbuf;
+ struct stat buf;
+
+ shells = get_shell_list();
+ assert(shells);
+
+ path = semanage_findval(PATH_ETC_USERADD, "HOME", "=");
+ if (path && *path) {
+ if (semanage_list_push(&homedir_list, path)) {
+ free(path);
+ goto fail;
+ }
+ }
+ free(path);
+
+ path = semanage_findval(PATH_ETC_LIBUSER, "LU_HOMEDIRECTORY", "=");
+ if (path && *path) {
+ if (semanage_list_push(&homedir_list, path)) {
+ free(path);
+ goto fail;
+ }
+ }
+ free(path);
+
+ if (!homedir_list) {
+ if (semanage_list_push(&homedir_list, PATH_DEFAULT_HOME)) {
+ goto fail;
+ }
+ }
+
+ if (!stat(PATH_EXPORT_HOME, &buf)) {
+ if (S_ISDIR(buf.st_mode)) {
+ if (semanage_list_push(&homedir_list, PATH_EXPORT_HOME)) {
+ goto fail;
+ }
+ }
+ }
+
+ if (!(s->usepasswd))
+ return homedir_list;
+
+ path = semanage_findval(PATH_ETC_LOGIN_DEFS, "UID_MIN", NULL);
+ if (path && *path) {
+ temp = atoi(path);
+ if (!minuid_set || temp < minuid) {
+ minuid = temp;
+ minuid_set = 1;
+ }
+ }
+ free(path);
+
+ path = semanage_findval(PATH_ETC_LIBUSER, "LU_UIDNUMBER", "=");
+ if (path && *path) {
+ temp = atoi(path);
+ if (!minuid_set || temp < minuid) {
+ minuid = temp;
+ minuid_set = 1;
+ }
+ }
+ free(path);
+
+ if (!minuid_set) {
+ minuid = 500;
+ minuid_set = 1;
+ }
+
+ setpwent();
+ for (errno = 0; (pwbuf = getpwent()); errno = 0) {
+ if (pwbuf->pw_uid < minuid)
+ continue;
+ if (!semanage_list_find(shells, pwbuf->pw_shell))
+ continue;
+ if (strcmp(pwbuf->pw_dir, "/") == 0)
+ continue;
+ if (semanage_str_count(pwbuf->pw_dir, '/') <= 1)
+ continue;
+ if (!(path = strdup(pwbuf->pw_dir))) {
+ break;
+ }
+
+ semanage_rtrim(path, '/');
+ if (!semanage_list_find(homedir_list, path)) {
+ if (semanage_list_push(&homedir_list, path)) {
+ free(path);
+ goto fail;
+ }
+ }
+ free(path);
+ }
+
+ if (errno) {
+ WARN(s->h_semanage, "Error while fetching users. "
+ "Returning list so far.");
+ }
+ endpwent();
+ semanage_list_destroy(&shells);
+ if (semanage_list_sort(&homedir_list))
+ goto fail;
+
+ return homedir_list;
+
+ fail:
+ semanage_list_destroy(&homedir_list);
+ semanage_list_destroy(&shells);
+ return NULL;
+}
+
+/**
+ * @param s settings structure, stores various paths etc. Must never be NULL
+ * @param out the FILE to put all the output in.
+ * @return 0 on success
+ */
+static int write_file_context_header(genhomedircon_settings_t * s, FILE * out)
+{
+ if (fprintf(out, COMMENT_FILE_CONTEXT_HEADER) < 0) {
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+/* Predicates for use with semanage_slurp_file_filter() the homedir_template
+ * file currently contains lines that serve as the template for a user's
+ * homedir.
+ *
+ * It also contains lines that are the template for the parent of a
+ * user's home directory.
+ *
+ * Currently, the only lines that apply to the the root of a user's home
+ * directory are all prefixed with the string "HOME_ROOT". All other
+ * lines apply to a user's home directory. If this changes the
+ * following predicates need to change to reflect that.
+ */
+static int HOME_ROOT_PRED(const char *string)
+{
+ return semanage_is_prefix(string, TEMPLATE_HOME_ROOT);
+}
+
+static int HOME_DIR_PRED(const char *string)
+{
+ return semanage_is_prefix(string, TEMPLATE_HOME_DIR);
+}
+
+static int USER_CONTEXT_PRED(const char *string)
+{
+ return (int)(strstr(string, TEMPLATE_USER) != NULL);
+}
+
+/* make_tempate
+ * @param s the settings holding the paths to various files
+ * @param pred function pointer to function to use as filter for slurp
+ * file filter
+ * @return a list of lines from the template file with inappropriate
+ * lines filtered out.
+ */
+static semanage_list_t *make_template(genhomedircon_settings_t * s,
+ int (*pred) (const char *))
+{
+ FILE *template_file = NULL;
+ semanage_list_t *template_data = NULL;
+
+ template_file = fopen(s->homedir_template_path, "r");
+ if (!template_file)
+ return NULL;
+ template_data = semanage_slurp_file_filter(template_file, pred);
+ fclose(template_file);
+
+ return template_data;
+}
+
+static Ustr *replace_all(const char *str, const replacement_pair_t * repl)
+{
+ Ustr *retval = USTR_NULL;
+ int i, num_replaced = 0;
+
+ if (!str || !repl)
+ goto done;
+ if (!(retval = ustr_dup_cstr(str)))
+ goto done;
+
+ for (i = 0; repl[i].search_for; i++) {
+ num_replaced += ustr_replace_cstr(&retval, repl[i].search_for,
+ repl[i].replace_with, 0);
+ }
+ if (!num_replaced)
+ ustr_sc_free(&retval);
+
+ done:
+ return retval;
+}
+
+static int write_home_dir_context(FILE * out, semanage_list_t * tpl,
+ const char *user, const char *seuser,
+ const char *home, const char *role_prefix)
+{
+ replacement_pair_t repl[] = {
+ {.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
+ {.search_for = TEMPLATE_HOME_DIR,.replace_with = home},
+ {.search_for = TEMPLATE_ROLE,.replace_with = role_prefix},
+ {NULL, NULL}
+ };
+ Ustr *line = USTR_NULL;
+
+ if (fprintf(out, COMMENT_USER_HOME_CONTEXT, user) < 0)
+ return STATUS_ERR;
+
+ for (; tpl; tpl = tpl->next) {
+ line = replace_all(tpl->data, repl);
+ if (!line || !ustr_io_putfileline(&line, out))
+ goto fail;
+ ustr_sc_free(&line);
+ }
+ return STATUS_SUCCESS;
+
+ fail:
+ ustr_sc_free(&line);
+ return STATUS_ERR;
+}
+
+static int write_home_root_context(FILE * out, semanage_list_t * tpl,
+ char *homedir)
+{
+ replacement_pair_t repl[] = {
+ {.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
+ {NULL, NULL}
+ };
+ Ustr *line = USTR_NULL;
+
+ for (; tpl; tpl = tpl->next) {
+ line = replace_all(tpl->data, repl);
+ if (!line || !ustr_io_putfileline(&line, out))
+ goto fail;
+ ustr_sc_free(&line);
+ }
+ return STATUS_SUCCESS;
+
+ fail:
+ ustr_sc_free(&line);
+ return STATUS_ERR;
+}
+
+static int write_user_context(FILE * out, semanage_list_t * tpl, char *user,
+ char *seuser, char *role_prefix)
+{
+ replacement_pair_t repl[] = {
+ {.search_for = TEMPLATE_USER,.replace_with = user},
+ {.search_for = TEMPLATE_ROLE,.replace_with = role_prefix},
+ {.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
+ {NULL, NULL}
+ };
+ Ustr *line = USTR_NULL;
+
+ for (; tpl; tpl = tpl->next) {
+ line = replace_all(tpl->data, repl);
+ if (!line || !ustr_io_putfileline(&line, out))
+ goto fail;
+ ustr_sc_free(&line);
+ }
+ return STATUS_SUCCESS;
+
+ fail:
+ ustr_sc_free(&line);
+ return STATUS_ERR;
+}
+
+static int user_sort_func(semanage_user_t ** arg1, semanage_user_t ** arg2)
+{
+ return strcmp(semanage_user_get_name(*arg1),
+ semanage_user_get_name(*arg2));
+}
+
+static int name_user_cmp(char *key, semanage_user_t ** val)
+{
+ return strcmp(key, semanage_user_get_name(*val));
+}
+
+static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
+ const char *sen, const char *pre, const char *h)
+{
+ genhomedircon_user_entry_t *temp = NULL;
+ char *name = NULL;
+ char *sename = NULL;
+ char *prefix = NULL;
+ char *home = NULL;
+
+ temp = malloc(sizeof(genhomedircon_user_entry_t));
+ if (!temp)
+ goto cleanup;
+ name = strdup(n);
+ if (!name)
+ goto cleanup;
+ sename = strdup(sen);
+ if (!sename)
+ goto cleanup;
+ prefix = strdup(pre);
+ if (!prefix)
+ goto cleanup;
+ home = strdup(h);
+ if (!home)
+ goto cleanup;
+
+ temp->name = name;
+ temp->sename = sename;
+ temp->prefix = prefix;
+ temp->home = home;
+ temp->next = (*list);
+ (*list) = temp;
+
+ return STATUS_SUCCESS;
+
+ cleanup:
+ free(name);
+ free(sename);
+ free(prefix);
+ free(home);
+ free(temp);
+ return STATUS_ERR;
+}
+
+static void pop_user_entry(genhomedircon_user_entry_t ** list)
+{
+ genhomedircon_user_entry_t *temp;
+
+ if (!list || !(*list))
+ return;
+
+ temp = *list;
+ *list = temp->next;
+ free(temp->name);
+ free(temp->sename);
+ free(temp->prefix);
+ free(temp->home);
+ free(temp);
+}
+
+static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
+ int *errors)
+{
+ genhomedircon_user_entry_t *head = NULL;
+ semanage_seuser_t **seuser_list = NULL;
+ unsigned int nseusers = 0;
+ semanage_user_t **user_list = NULL;
+ unsigned int nusers = 0;
+ semanage_user_t **u = NULL;
+ const char *name = NULL;
+ const char *seuname = NULL;
+ const char *prefix = NULL;
+ struct passwd *pwent = NULL;
+ unsigned int i;
+ int retval;
+
+ *errors = 0;
+ retval = semanage_seuser_list(s->h_semanage, &seuser_list, &nseusers);
+ if (retval < 0 || (nseusers < 1)) {
+ /* if there are no users, this function can't do any other work */
+ return NULL;
+ }
+
+ if (semanage_user_list(s->h_semanage, &user_list, &nusers) < 0) {
+ nusers = 0;
+ }
+
+ qsort(user_list, nusers, sizeof(semanage_user_t *),
+ (int (*)(const void *, const void *))&user_sort_func);
+
+ for (i = 0; i < nseusers; i++) {
+ name = semanage_seuser_get_name(seuser_list[i]);
+ seuname = semanage_seuser_get_sename(seuser_list[i]);
+
+ if (strcmp(seuname, FALLBACK_USER) == 0)
+ continue;
+ if (strcmp(seuname, DEFAULT_LOGIN) == 0)
+ continue;
+ if (strcmp(seuname, TEMPLATE_SEUSER) == 0)
+ continue;
+
+ /* find the user structure given the name */
+ u = bsearch(seuname, user_list, nusers, sizeof(semanage_user_t *),
+ (int (*)(const void *, const void *))
+ &name_user_cmp);
+ if (u) {
+ prefix = semanage_user_get_prefix(*u);
+ } else {
+ prefix = name;
+ }
+
+ errno = 0;
+ pwent = getpwnam(name);
+ if (!pwent) {
+ if (errno != 0) {
+ *errors = STATUS_ERR;
+ goto cleanup;
+ }
+ WARN(s->h_semanage,
+ "user %s not in password file", name);
+ continue;
+ }
+
+ if (strcmp(pwent->pw_dir, "/") == 0) {
+ /* don't relabel / genhomdircon checked to see if root
+ * was the user and if so, set his home directory to
+ * /root */
+ continue;
+ }
+ if (push_user_entry(&head, name, seuname,
+ prefix, pwent->pw_dir) != STATUS_SUCCESS) {
+ *errors = STATUS_ERR;
+ break;
+ }
+ }
+
+ cleanup:
+ if (*errors) {
+ for (; head; pop_user_entry(&head)) {
+ /* the pop function takes care of all the cleanup
+ so the loop body is just empty */
+ }
+ }
+ for (i = 0; i < nseusers; i++) {
+ semanage_seuser_free(seuser_list[i]);
+ }
+ free(seuser_list);
+
+ for (i = 0; i < nusers; i++) {
+ semanage_user_free(user_list[i]);
+ }
+ free(user_list);
+
+ return head;
+}
+
+static int write_gen_home_dir_context(FILE * out, genhomedircon_settings_t * s,
+ semanage_list_t * user_context_tpl,
+ semanage_list_t * homedir_context_tpl)
+{
+ genhomedircon_user_entry_t *users;
+ int errors = 0;
+
+ users = get_users(s, &errors);
+ if (!users && errors) {
+ return STATUS_ERR;
+ }
+
+ for (; users; pop_user_entry(&users)) {
+ if (write_home_dir_context(out, homedir_context_tpl,
+ users->name,
+ users->sename, users->home,
+ users->prefix)) {
+ return STATUS_ERR;
+ }
+ if (write_user_context(out, user_context_tpl, users->name,
+ users->sename, users->prefix)) {
+ return STATUS_ERR;
+ }
+ }
+
+ return STATUS_SUCCESS;
+}
+
+/**
+ * @param s settings structure, stores various paths etc. Must never be NULL
+ * @param out the FILE to put all the output in.
+ * @return 0 on success
+ */
+static int write_context_file(genhomedircon_settings_t * s, FILE * out)
+{
+ semanage_list_t *homedirs = NULL;
+ semanage_list_t *h = NULL;
+ semanage_list_t *user_context_tpl = NULL;
+ semanage_list_t *homedir_context_tpl = NULL;
+ semanage_list_t *homeroot_context_tpl = NULL;
+ int retval = STATUS_SUCCESS;
+
+ homedirs = get_home_dirs(s);
+ if (!homedirs) {
+ WARN(s->h_semanage,
+ "no home directories were available, exiting without writing");
+ return STATUS_ERR; /* No homedirs so no output */
+ }
+
+ if (write_file_context_header(s, out) != STATUS_SUCCESS)
+ return STATUS_ERR;
+
+ homedir_context_tpl = make_template(s, &HOME_DIR_PRED);
+ homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED);
+ user_context_tpl = make_template(s, &USER_CONTEXT_PRED);
+ if (!homedir_context_tpl || !homeroot_context_tpl || !user_context_tpl) {
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ for (h = homedirs; h; h = h->next) {
+ Ustr *temp = ustr_dup_cstr(h->data);
+
+ if (!temp || !ustr_add_cstr(&temp, "/[^/]*")) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ if (write_home_dir_context(out,
+ homedir_context_tpl, FALLBACK_USER,
+ FALLBACK_USER, ustr_cstr(temp),
+ FALLBACK_USER_PREFIX) !=
+ STATUS_SUCCESS) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+ if (write_home_root_context(out,
+ homeroot_context_tpl,
+ h->data) != STATUS_SUCCESS) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ ustr_sc_free(&temp);
+ }
+ if (write_user_context(out, user_context_tpl,
+ ".*", FALLBACK_USER,
+ FALLBACK_USER_PREFIX) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ goto done;
+ }
+ if (write_gen_home_dir_context(out, s, user_context_tpl,
+ homedir_context_tpl) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ }
+
+ done:
+ /* Cleanup */
+ semanage_list_destroy(&homedirs);
+ semanage_list_destroy(&user_context_tpl);
+ semanage_list_destroy(&homedir_context_tpl);
+ semanage_list_destroy(&homeroot_context_tpl);
+
+ return retval;
+}
+
+int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd)
+{
+ genhomedircon_settings_t s;
+ FILE *out = NULL;
+ int retval = 0;
+
+ assert(sh);
+
+ s.homedir_template_path =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
+ s.fcfilepath = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_HOMEDIRS);
+
+ s.usepasswd = usepasswd;
+ s.h_semanage = sh;
+
+ if (!(out = fopen(s.fcfilepath, "w"))) {
+ /* couldn't open output file */
+ ERR(sh, "Could not open the file_context file for writing");
+ return STATUS_ERR;
+ }
+
+ retval = write_context_file(&s, out);
+
+ fclose(out);
+ return retval;
+}
Added: trunk/libsemanage/src/genhomedircon.h
===================================================================
--- trunk/libsemanage/src/genhomedircon.h (rev 0)
+++ trunk/libsemanage/src/genhomedircon.h 2007-08-23 14:41:50 UTC (rev 2527)
@@ -0,0 +1,27 @@
+/* Author: Mark Goldman <mgo...@tr...>
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_GENHOMEDIRCON_H_
+#define _SEMANAGE_GENHOMEDIRCON_H_
+
+#include "utilities.h"
+
+int semanage_genhomedircon(semanage_handle_t * sh, int usepasswd);
+
+#endif
Modified: trunk/libsemanage/src/semanage_store.c
===================================================================
--- trunk/libsemanage/src/semanage_store.c 2007-08-23 14:39:48 UTC (rev 2526)
+++ trunk/libsemanage/src/semanage_store.c 2007-08-23 14:41:50 UTC (rev 2527)
@@ -34,6 +34,7 @@
#include "semanage_store.h"
#include "database_policydb.h"
#include "handle.h"
+#include "genhomedircon.h"
#include <selinux/selinux.h>
#include <sepol/policydb.h>
@@ -60,6 +61,9 @@
#define SEMANAGE_CONF_FILE "semanage.conf"
/* relative path names to enum semanage_paths to special files and
* directories for the module store */
+
+#define TRUE 1
+
enum semanage_file_defs {
SEMANAGE_ROOT,
SEMANAGE_TRANS_LOCK,
@@ -110,6 +114,7 @@
"/seusers.final",
"/users_extra",
"/netfilter_contexts",
+ "/file_contexts.homedirs",
};
/* A node used in a linked list of file contexts; used for sorting.
@@ -1264,15 +1269,15 @@
goto cleanup;
}
- if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
- retval = commit_num;
+ if ((retval =
+ semanage_genhomedircon(sh, TRUE)) != 0) {
+ ERR(sh, "semanage_genhomedircon returned error code %d.",
+ retval);
goto cleanup;
}
- if ((retval =
- semanage_exec_prog(sh, sh->conf->genhomedircon,
- sh->conf->store_path, "")) != 0) {
- ERR(sh, "genhomedircon returned error code %d.", retval);
+ if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
+ retval = commit_num;
goto cleanup;
}
Modified: trunk/libsemanage/src/semanage_store.h
===================================================================
--- trunk/libsemanage/src/semanage_store.h 2007-08-23 14:39:48 UTC (rev 2526)
+++ trunk/libsemanage/src/semanage_store.h 2007-08-23 14:41:50 UTC (rev 2527)
@@ -57,6 +57,7 @@
SEMANAGE_SEUSERS,
SEMANAGE_USERS_EXTRA,
SEMANAGE_NC,
+ SEMANAGE_FC_HOMEDIRS,
SEMANAGE_STORE_NUM_PATHS
};
Added: trunk/libsemanage/src/utilities.c
===================================================================
--- trunk/libsemanage/src/utilities.c (rev 0)
+++ trunk/libsemanage/src/utilities.c 2007-08-23 14:41:50 UTC (rev 2527)
@@ -0,0 +1,312 @@
+/* Author: Mark Goldman <mgo...@tr...>
+ * Paul Rosenfeld <pro...@tr...>
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+#include "utilities.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <sys/types.h>
+#include <assert.h>
+#include <ustr.h>
+
+#define TRUE 1
+#define FALSE 0
+
+char *semanage_findval(char *file, char *var, char *delim)
+{
+ FILE *fd;
+ char *buff = NULL;
+ char *retval = NULL;
+ size_t buff_len = 0;
+
+ assert(file);
+ assert(var);
+
+ if ((fd = fopen(file, "r")) == NULL)
+ return NULL;
+
+ while (getline(&buff, &buff_len, fd) > 0) {
+ if (semanage_is_prefix(buff, var)) {
+ retval = semanage_split(buff, delim);
+ if (retval)
+ semanage_rtrim(retval, '\n');
+ break;
+ }
+ }
+ free(buff);
+ fclose(fd);
+
+ return retval;
+}
+
+int semanage_is_prefix(const char *str, const char *prefix)
+{
+ int retval;
+ Ustr *ustr = USTR_NULL;
+
+ if (!str) {
+ return FALSE;
+ }
+ if (!prefix) {
+ return TRUE;
+ }
+ if (!(ustr = ustr_dup_cstr(str))) {
+ return FALSE;
+ }
+ retval = (ustr_srch_cstr_fwd(ustr, 0, prefix) == 1);
+ ustr_sc_free(&ustr);
+
+ return retval;
+}
+
+char *semanage_split_on_space(const char *str)
+{
+ /* as per the man page, these are the isspace() chars */
+ const char *seps = "\f\n\r\t\v ";
+ size_t slen = strlen(seps);
+ size_t off = 0, rside_len = 0;
+ char *retval = NULL;
+ Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
+
+ if (!str)
+ goto done;
+ if (!(ustr = ustr_dup_cstr(str)))
+ goto done;
+ temp =
+ ustr_split_spn_chrs(ustr, &off, seps, slen, USTR_NULL,
+ USTR_FLAG_SPLIT_DEF);
+ if (!temp)
+ goto done;
+ /* throw away the left hand side */
+ ustr_sc_free(&temp);
+
+ rside_len = ustr_len(ustr) - off;
+ temp = ustr_dup_subustr(ustr, off + 1, rside_len);
+ if (!temp)
+ goto done;
+ retval = strdup(ustr_cstr(temp));
+ ustr_sc_free(&temp);
+
+ done:
+ ustr_sc_free(&ustr);
+ return retval;
+}
+
+char *semanage_split(const char *str, const char *delim)
+{
+ Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
+ size_t off = 0, rside_len = 0;
+ char *retval = NULL;
+
+ if (!str)
+ goto done;
+ if (!delim || !(*delim))
+ return semanage_split_on_space(str);
+ ustr = ustr_dup_cstr(str);
+ temp =
+ ustr_split_cstr(ustr, &off, delim, USTR_NULL, USTR_FLAG_SPLIT_DEF);
+ if (!temp)
+ goto done;
+ /* throw away the left hand side */
+ ustr_sc_free(&temp);
+
+ rside_len = ustr_len(ustr) - off;
+
+ temp = ustr_dup_subustr(ustr, off + 1, rside_len);
+ if (!temp)
+ goto done;
+ retval = strdup(ustr_cstr(temp));
+ ustr_sc_free(&temp);
+
+ done:
+ ustr_sc_free(&ustr);
+ return retval;
+}
+
+int semanage_list_push(semanage_list_t ** list, char *data)
+{
+ semanage_list_t *temp = NULL;
+
+ if (!data)
+ return EINVAL;
+ if (!(temp = malloc(sizeof(semanage_list_t))))
+ return ENOMEM;
+
+ if (!(temp->data = strdup(data))) {
+ free(temp);
+ return ENOMEM;
+ }
+ temp->next = *list;
+ *list = temp;
+
+ return 0;
+}
+
+char *semanage_list_pop(semanage_list_t ** list)
+{
+ semanage_list_t *node = NULL;
+ char *data = NULL;
+
+ if (!list || !(*list))
+ return NULL;
+
+ node = (*list);
+ data = node->data;
+
+ (*list) = node->next;
+ free(node);
+
+ return data;
+}
+
+void semanage_list_destroy(semanage_list_t ** list)
+{
+ semanage_list_t *temp;
+
+ while ((temp = (*list))) {
+ free(temp->data);
+ (*list) = temp->next;
+ free(temp);
+ }
+}
+
+semanage_list_t *semanage_list_find(semanage_list_t * l, char *data)
+{
+ if (!data)
+ return NULL;
+ while (l && strcmp(l->data, data))
+ l = l->next;
+
+ return l;
+}
+
+int semanage_list_sort(semanage_list_t ** l)
+{
+ semanage_list_t **array = NULL;
+ semanage_list_t *temp = NULL;
+ size_t count = 0;
+ size_t i = 0;
+
+ if (!l)
+ return 0;
+
+ for (temp = *l; temp; temp = temp->next)
+ ++count;
+
+ array = malloc(sizeof(semanage_list_t *) * count);
+ if (!array)
+ return ENOMEM; /* couldn't allocate memory for sort */
+ for (temp = *l; temp; temp = temp->next) {
+ array[i++] = temp;
+ }
+
+ qsort(array, count, sizeof(semanage_list_t *),
+ (int (*)(const void *, const void *))&semanage_cmp_plist_t);
+ for (i = 0; i < (count - 1); ++i) {
+ array[i]->next = array[i + 1];
+ }
+ array[i]->next = NULL;
+ (*l) = array[0];
+ free(array);
+
+ return 0;
+}
+
+int semanage_cmp_plist_t(const semanage_list_t ** x, const semanage_list_t ** y)
+{
+ return strcmp((*x)->data, (*y)->data);
+}
+
+int semanage_str_count(char *data, char what)
+{
+ int count = 0;
+
+ if (!data)
+ return 0;
+ while (*data) {
+ if (*data == what)
+ ++count;
+ ++data;
+ }
+
+ return count;
+}
+
+void semanage_rtrim(char *str, char trim_to)
+{
+ int len = 0;
+
+ if (!str)
+ return;
+ len = strlen(str);
+
+ while (len > 0) {
+ if (str[--len] == trim_to) {
+ str[len] = '\0';
+ return;
+ }
+ }
+}
+
+/* list_addafter_controlmem does *NOT* duplicate the data argument
+ * use at your own risk, I am building a list out of malloc'd memory and
+ * it is only going to get stored into this list, thus when I destroy it
+ * later I won't free a ptr twice.
+ *
+ * returns the newly created node or NULL on error
+ */
+semanage_list_t *list_addafter_controlmem(semanage_list_t * item, char *data)
+{
+ semanage_list_t *temp = malloc(sizeof(semanage_list_t));
+
+ if (!temp)
+ return NULL;
+ temp->data = data;
+ temp->next = item->next;
+ item->next = temp;
+
+ return temp;
+}
+
+semanage_list_t *semanage_slurp_file_filter(FILE * file,
+ int (*pred) (const char *))
+{
+ semanage_list_t head;
+ semanage_list_t *current = &head;
+ char *line = NULL;
+ size_t buff_len = 0;
+
+ head.next = NULL; /* initialize head, we aren't going to use the data */
+ while (getline(&line, &buff_len, file) >= 0) {
+ if (pred(line)) {
+ semanage_rtrim(line, '\n');
+ current = list_addafter_controlmem(current, line);
+ if (!current)
+ break;
+ line = NULL;
+ buff_len = 0;
+ }
+ }
+ free(line);
+
+ return head.next;
+}
Added: trunk/libsemanage/src/utilities.h
===================================================================
--- trunk/libsemanage/src/utilities.h (rev 0)
+++ trunk/libsemanage/src/utilities.h 2007-08-23 14:41:50 UTC (rev 2527)
@@ -0,0 +1,137 @@
+/* Author: Mark Goldman <mgo...@tr...>
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This file contains helper functions that are loosely based off of what is
+ * available from the python script genhomedircon. Also this file contains
+ * c implementations of a couple of python functions so that genhomedircon will
+ * look/act like the python script.
+ */
+#ifndef _SEMANAGE_UTILITIES_H_
+#define _SEMANAGE_UTILITIES_H_
+
+#include <stdio.h>
+
+#if defined(__GNUC__) && !defined(__STRICT_ANSI__)
+#define WARN_UNUSED \
+ __attribute__ ((__warn_unused_result__))
+#else
+# define WARN_UNUSED /* nothing */
+#endif
+
+typedef struct list {
+ char *data;
+ struct list *next;
+} semanage_list_t;
+
+/**
+ * @param file the path to the file to look for a variable in
+ * @param var the variable that you want the value of
+ * @param delim the value that separates the part you care about from the part
+ * that you don't.
+ * @return for the first instance of var in the file, returns everything after
+ * delim.
+ * returns "" if not found IE if(*(semanage_findval(f,v,d)) == '\0'){
+ * printf("%s not found in file", v);
+ * }
+ *
+ * NULL for error (out of memory, etc)
+ */
+char *semanage_findval(char *file, char *var, char *delim) WARN_UNUSED;
+
+/**
+ * @param str string to test
+ * @param val prefix
+ * @return 1 if val is the prefix of str
+ * 0 if val is not the prefix of str
+ *
+ * note: if str == NULL, returns false
+ * if val == NULL, returns true --nothing can always be the prefix of
+ * something
+ * if (*val) == "" returns true same as above.
+ */
+int semanage_is_prefix(const char *str, const char *val) WARN_UNUSED;
+
+/**
+ * @param str the string to semanage_split
+ * @return malloc'd string after the first run of charachters that aren't whitespace
+ */
+char *semanage_split_on_space(const char *str) WARN_UNUSED;
+
+/**
+ * @param str the string to semanage_split
+ * @param delim the string delimiter. NOT a set of charachters that can be
+ * a delimiter.
+ * if *delim == '\0' behaves as semanage_splitOnSpace()
+ * @return a ptr to the first charachter past the delimiter.
+ * if delim doesn't appear in the string, returns a ptr to the
+ * trailing null in the string
+ */
+char *semanage_split(const char *str, const char *delim) WARN_UNUSED;
+
+/* linked list string functions
+ * Functions allocate memory. Must be free'd with
+ * either semanage_list_pop until list == NULL or semanage_list_destroy()
+ */
+int semanage_list_push(semanage_list_t ** list, char *data) WARN_UNUSED;
+char *semanage_list_pop(semanage_list_t ** list);
+void semanage_list_destroy(semanage_list_t ** list);
+semanage_list_t *semanage_list_find(semanage_list_t * l,
+ char *data) WARN_UNUSED;
+int semanage_list_sort(semanage_list_t ** l) WARN_UNUSED;
+/* function to compare 2 semanage_list_t nodes,
+ * returns strcmp(x->data, y->data)
+ * used internally by semanage_list_sort()
+ */
+int semanage_cmp_plist_t(const semanage_list_t ** x,
+ const semanage_list_t ** y);
+/**
+ * @param data a target string
+ * @param what a charachter
+ * @returns the number of times the char appears in the string
+ */
+int semanage_str_count(char *data, char what);
+/**
+ * @param - a string
+ * @param the charachter to trim to
+ * @return - mangles the string, converting the first
+ * occurrance of the charachter to a '\0' from
+ * the end of the string.
+ */
+void semanage_rtrim(char *str, char trim_to);
+
+/**
+ * @param data some string
+ * @return modifies the string such that the first whitespace char becomes
+ * '\0', ending the string.
+ */
+void semanage_keep_until_space(char *data);
+
+/**
+ * @param file - an open FILE to read from
+ * @param pred - a function taking a string that
+ * returns 1 if the string should be
+ * kept and 0 otherwise
+ * @return a list of lines from the file (empty lines become
+ * empty strings) in the file order where pred(line)
+ * returns > 0
+ */
+semanage_list_t *semanage_slurp_file_filter(FILE * file,
+ int (*pred) (const char *))
+ WARN_UNUSED;
+#endif
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-18 19:40:10
|
Revision: 2563
http://selinux.svn.sourceforge.net/selinux/?rev=2563&view=rev
Author: ssmalley
Date: 2007-09-18 12:40:06 -0700 (Tue, 18 Sep 2007)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libselinux, setfiles: fix selabel option flag setting
Date: Tue, 18 Sep 2007 14:20:48 -0400
Fix selabel option flag setting to eliminate a build error on 64-bit.
Modified Paths:
--------------
trunk/libselinux/src/matchpathcon.c
trunk/policycoreutils/setfiles/setfiles.c
Modified: trunk/libselinux/src/matchpathcon.c
===================================================================
--- trunk/libselinux/src/matchpathcon.c 2007-09-18 14:26:11 UTC (rev 2562)
+++ trunk/libselinux/src/matchpathcon.c 2007-09-18 19:40:06 UTC (rev 2563)
@@ -119,10 +119,10 @@
memset(options, 0, sizeof(options));
i = SELABEL_OPT_BASEONLY;
options[i].type = i;
- options[i].value = (char *)(flags & MATCHPATHCON_BASEONLY);
+ options[i].value = (flags & MATCHPATHCON_BASEONLY) ? (char*)1 : NULL;
i = SELABEL_OPT_VALIDATE;
options[i].type = i;
- options[i].value = (char *)(flags & MATCHPATHCON_VALIDATE);
+ options[i].value = (flags & MATCHPATHCON_VALIDATE) ? (char*)1 : NULL;
notrans = flags & MATCHPATHCON_NOTRANS;
}
Modified: trunk/policycoreutils/setfiles/setfiles.c
===================================================================
--- trunk/policycoreutils/setfiles/setfiles.c 2007-09-18 14:26:11 UTC (rev 2562)
+++ trunk/policycoreutils/setfiles/setfiles.c 2007-09-18 19:40:06 UTC (rev 2563)
@@ -967,8 +967,8 @@
}
/* Load the file contexts configuration and check it. */
- opts[0].value = (char *)ctx_validate;
- opts[1].value = (char *)base_only;
+ opts[0].value = (ctx_validate ? (char*)1 : NULL);
+ opts[1].value = (base_only ? (char *)1 : NULL);
opts[2].value = altpath;
hnd = selabel_open(SELABEL_CTX_FILE, opts, 3);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-19 18:42:26
|
Revision: 2570
http://selinux.svn.sourceforge.net/selinux/?rev=2570&view=rev
Author: ssmalley
Date: 2007-09-19 11:42:25 -0700 (Wed, 19 Sep 2007)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libsemanage, semodule: Improve error reporting
Date: Wed, 19 Sep 2007 14:29:40 -0400
Change libsemanage to save errno values appropriately so they aren't lost
on cleanup paths and to include the strerror output in error messages.
Also change semodule to include strerror output as appropriate on some common error cases.
In particular, this yields useful error messages when invoking semodule
on a full filesystem or a read-only filesystem. Erich Schubert reported this
as a bug a year ago.
Also fixes a couple of bugs in write() error checking in libsemanage.
Signed-off-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsemanage/src/debug.c
trunk/libsemanage/src/semanage_store.c
trunk/policycoreutils/semodule/semodule.c
Modified: trunk/libsemanage/src/debug.c
===================================================================
--- trunk/libsemanage/src/debug.c 2007-09-18 19:46:46 UTC (rev 2569)
+++ trunk/libsemanage/src/debug.c 2007-09-19 18:42:25 UTC (rev 2570)
@@ -23,6 +23,8 @@
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
+#include <errno.h>
+#include <string.h>
#include "handle.h"
#include "debug.h"
@@ -55,10 +57,12 @@
{
FILE *stream = NULL;
+ int errsv = 0;
switch (semanage_msg_get_level(handle)) {
case SEMANAGE_MSG_ERR:
+ errsv = errno;
case SEMANAGE_MSG_WARN:
stream = stderr;
break;
@@ -77,6 +81,9 @@
vfprintf(stream, fmt, ap);
va_end(ap);
+ if (errsv)
+ fprintf(stream, " %s.", strerror(errsv));
+
fprintf(stream, "\n");
varg = NULL;
Modified: trunk/libsemanage/src/semanage_store.c
===================================================================
--- trunk/libsemanage/src/semanage_store.c 2007-09-18 19:46:46 UTC (rev 2569)
+++ trunk/libsemanage/src/semanage_store.c 2007-09-19 18:42:25 UTC (rev 2570)
@@ -437,7 +437,7 @@
* overwrite it. Returns 0 on success, -1 on error. */
static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
{
- int in, out, retval = 0, amount_read, n;
+ int in, out, retval = 0, amount_read, n, errsv = errno;
char tmp[PATH_MAX];
char buf[4192];
@@ -453,23 +453,32 @@
mode = S_IRUSR | S_IWUSR;
if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) {
+ errsv = errno;
close(in);
- return -1;
+ retval = -1;
+ goto out;
}
while (retval == 0 && (amount_read = read(in, buf, sizeof(buf))) > 0) {
- if (write(out, buf, amount_read) != amount_read) {
+ if (write(out, buf, amount_read) < 0) {
+ errsv = errno;
retval = -1;
}
}
- if (amount_read < 0)
+ if (amount_read < 0) {
+ errsv = errno;
retval = -1;
+ }
close(in);
- if (close(out) < 0)
+ if (close(out) < 0) {
+ errsv = errno;
retval = -1;
+ }
if (!retval && rename(tmp, dst) == -1)
return -1;
+out:
+ errno = errsv;
return retval;
}
@@ -558,6 +567,7 @@
{
const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
struct stat buf;
+ int errsv;
if (stat(sandbox, &buf) == -1) {
if (errno != ENOENT) {
@@ -582,7 +592,9 @@
return 0;
cleanup:
+ errsv = errno;
semanage_remove_directory(sandbox);
+ errno = errsv;
return -1;
}
@@ -973,14 +985,14 @@
if (!strncmp(buf, "HOME_DIR", 8) ||
!strncmp(buf, "HOME_ROOT", 9) || strstr(buf, "ROLE")) {
/* This contains one of the template variables, write it to homedir.template */
- if (write(hd, buf, strlen(buf)) == 0) {
+ if (write(hd, buf, strlen(buf)) < 0) {
ERR(sh, "Write to %s failed.",
semanage_path(SEMANAGE_TMP,
SEMANAGE_HOMEDIR_TMPL));
goto cleanup;
}
} else {
- if (write(fc, buf, strlen(buf)) == 0) {
+ if (write(fc, buf, strlen(buf)) < 0) {
ERR(sh, "Write to %s failed.",
semanage_path(SEMANAGE_TMP, SEMANAGE_FC));
goto cleanup;
@@ -1226,6 +1238,7 @@
/* note that if an error occurs during the next three
* function then the store will be left in an
* inconsistent state */
+ int errsv = errno;
if (rename(active, sandbox) < 0)
ERR(sh, "Error while renaming %s back to %s.", active,
sandbox);
@@ -1234,16 +1247,19 @@
active);
else
semanage_install_active(sh);
+ errno = errsv;
retval = -1;
goto cleanup;
}
if (!sh->conf->save_previous) {
+ int errsv = errno;
retval = semanage_remove_directory(backup);
if (retval < 0) {
ERR(sh, "Could not delete previous directory %s.", backup);
goto cleanup;
}
+ errno = errsv;
}
cleanup:
@@ -1409,22 +1425,26 @@
* there. */
void semanage_release_trans_lock(semanage_handle_t * sh)
{
+ int errsv = errno;
if (sh->u.direct.translock_file_fd >= 0) {
flock(sh->u.direct.translock_file_fd, LOCK_UN);
close(sh->u.direct.translock_file_fd);
sh->u.direct.translock_file_fd = -1;
}
+ errno = errsv;
}
/* Releases the read lock. Does nothing if there was not one already
* there. */
void semanage_release_active_lock(semanage_handle_t * sh)
{
+ int errsv = errno;
if (sh->u.direct.activelock_file_fd >= 0) {
flock(sh->u.direct.activelock_file_fd, LOCK_UN);
close(sh->u.direct.activelock_file_fd);
sh->u.direct.activelock_file_fd = -1;
}
+ errno = errsv;
}
/* Read the current commit number from the commit number file which
Modified: trunk/policycoreutils/semodule/semodule.c
===================================================================
--- trunk/policycoreutils/semodule/semodule.c 2007-09-18 19:46:46 UTC (rev 2569)
+++ trunk/policycoreutils/semodule/semodule.c 2007-09-19 18:42:25 UTC (rev 2570)
@@ -329,8 +329,8 @@
if (build) {
if ((result = semanage_begin_transaction(sh)) < 0) {
- fprintf(stderr, "%s: Could not begin transaction\n",
- argv[0]);
+ fprintf(stderr, "%s: Could not begin transaction: %s\n",
+ argv[0], errno ? strerror(errno) : "");
goto cleanup;
}
}
@@ -343,8 +343,8 @@
if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
if ((data_len = map_file(mode_arg, &data)) == 0) {
fprintf(stderr,
- "%s: Could not read file '%s':\n",
- argv[0], mode_arg);
+ "%s: Could not read file '%s': %s\n",
+ argv[0], mode_arg, errno ? strerror(errno) : "");
goto cleanup;
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-24 16:33:56
|
Revision: 2580
http://selinux.svn.sourceforge.net/selinux/?rev=2580&view=rev
Author: ssmalley
Date: 2007-09-24 09:33:53 -0700 (Mon, 24 Sep 2007)
Log Message:
-----------
Update other Makefiles in the same way as libselinux.
Modified Paths:
--------------
trunk/libsemanage/src/Makefile
trunk/libsepol/src/Makefile
Modified: trunk/libsemanage/src/Makefile
===================================================================
--- trunk/libsemanage/src/Makefile 2007-09-24 16:21:53 UTC (rev 2579)
+++ trunk/libsemanage/src/Makefile 2007-09-24 16:33:53 UTC (rev 2580)
@@ -47,14 +47,14 @@
$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
- $(CC) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs
$(LIBA): $(OBJS)
$(AR) rcs $@ $^
ranlib $@
$(LIBSO): $(LOBJS)
- $(CC) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
ln -sf $@ $(TARGET)
conf-scan.c: conf-scan.l conf-parse.h
Modified: trunk/libsepol/src/Makefile
===================================================================
--- trunk/libsepol/src/Makefile 2007-09-24 16:21:53 UTC (rev 2579)
+++ trunk/libsepol/src/Makefile 2007-09-24 16:33:53 UTC (rev 2580)
@@ -20,7 +20,7 @@
ranlib $@
$(LIBSO): $(LOBJS)
- $(CC) $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO),--version-script=libsepol.map,-z,defs
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO),--version-script=libsepol.map,-z,defs
ln -sf $@ $(TARGET)
%.o: %.c
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-15 14:49:15
|
Revision: 2653
http://selinux.svn.sourceforge.net/selinux/?rev=2653&view=rev
Author: ssmalley
Date: 2007-10-15 07:49:13 -0700 (Mon, 15 Oct 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Fix semodule option handling
Date: Thu, 11 Oct 2007 16:03:18 -0400
semodule -B lksjdlj
will blow up.
Acked-by: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/libselinux/src/stringrep.c
trunk/policycoreutils/semodule/semodule.c
Modified: trunk/libselinux/src/stringrep.c
===================================================================
--- trunk/libselinux/src/stringrep.c 2007-10-11 20:35:12 UTC (rev 2652)
+++ trunk/libselinux/src/stringrep.c 2007-10-15 14:49:13 UTC (rev 2653)
@@ -370,8 +370,6 @@
static const char *security_class_to_string_compat(security_class_t tclass)
{
- tclass = unmap_class(tclass);
-
if (tclass > 0 && tclass < NCLASSES)
return class_to_string_data.str + class_to_string[tclass];
@@ -386,9 +384,6 @@
access_vector_t common_base = 0;
unsigned int i;
- av = unmap_perm(tclass, av);
- tclass = unmap_class(tclass);
-
if (!av)
return NULL;
@@ -466,10 +461,11 @@
{
struct discover_class_node *node;
+ tclass = unmap_class(tclass);
+
if (obj_class_compat)
return security_class_to_string_compat(tclass);
- tclass = unmap_class(tclass);
node = get_class_cache_entry_value(tclass);
if (node == NULL)
return security_class_to_string_compat(tclass);
@@ -483,11 +479,12 @@
struct discover_class_node *node;
size_t i;
+ av = unmap_perm(tclass, av);
+ tclass = unmap_class(tclass);
+
if (obj_class_compat)
return security_av_perm_to_string_compat(tclass,av);
- av = unmap_perm(tclass, av);
- tclass = unmap_class(tclass);
node = get_class_cache_entry_value(tclass);
if (av && node)
for (i = 0; i<MAXVECTORS; i++)
Modified: trunk/policycoreutils/semodule/semodule.c
===================================================================
--- trunk/policycoreutils/semodule/semodule.c 2007-10-11 20:35:12 UTC (rev 2652)
+++ trunk/policycoreutils/semodule/semodule.c 2007-10-15 14:49:13 UTC (rev 2653)
@@ -249,11 +249,12 @@
* arguments as args. Will allow 'semodule -i *.pp' to
* work as expected.
*/
- if (commands[num_commands - 1].mode == INSTALL_M) {
+
+ if (commands && commands[num_commands - 1].mode == INSTALL_M) {
mode = INSTALL_M;
- } else if (commands[num_commands - 1].mode == UPGRADE_M) {
+ } else if (commands && commands[num_commands - 1].mode == UPGRADE_M) {
mode = UPGRADE_M;
- } else if (commands[num_commands - 1].mode == REMOVE_M) {
+ } else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
mode = REMOVE_M;
} else {
fprintf(stderr, "unknown additional arguments:\n");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-11-05 18:54:09
|
Revision: 2667
http://selinux.svn.sourceforge.net/selinux/?rev=2667&view=rev
Author: ssmalley
Date: 2007-11-05 10:53:56 -0800 (Mon, 05 Nov 2007)
Log Message:
-----------
Allow handle_unknown in base module to be overridden by semanage.conf.
Modified Paths:
--------------
trunk/libsemanage/src/conf-parse.y
trunk/libsemanage/src/conf-scan.l
trunk/libsemanage/src/semanage_conf.h
trunk/libsemanage/src/semanage_store.c
trunk/libsepol/include/sepol/policydb/policydb.h
trunk/libsepol/include/sepol/policydb.h
trunk/libsepol/src/policydb_public.c
Modified: trunk/libsemanage/src/conf-parse.y
===================================================================
--- trunk/libsemanage/src/conf-parse.y 2007-11-01 20:15:48 UTC (rev 2666)
+++ trunk/libsemanage/src/conf-parse.y 2007-11-05 18:53:56 UTC (rev 2667)
@@ -57,7 +57,7 @@
}
%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
-%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON
+%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN
%token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
%token PROG_PATH PROG_ARGS
%token <s> ARG
@@ -81,6 +81,7 @@
| save_previous
| save_linked
| disable_genhomedircon
+ | handle_unknown
;
module_store: MODULE_STORE '=' ARG {
@@ -139,16 +140,29 @@
;
disable_genhomedircon: DISABLE_GENHOMEDIRCON '=' ARG {
- if (strcasecmp($3, "false") == 0) {
- current_conf->disable_genhomedircon = 0;
- } else if (strcasecmp($3, "true") == 0) {
- current_conf->disable_genhomedircon = 1;
- } else {
- yyerror("disable-genhomedircon can only be 'true' or 'false'");
- }
- free($3);
- }
+ if (strcasecmp($3, "false") == 0) {
+ current_conf->disable_genhomedircon = 0;
+ } else if (strcasecmp($3, "true") == 0) {
+ current_conf->disable_genhomedircon = 1;
+ } else {
+ yyerror("disable-genhomedircon can only be 'true' or 'false'");
+ }
+ free($3);
+ }
+handle_unknown: HANDLE_UNKNOWN '=' ARG {
+ if (strcasecmp($3, "deny") == 0) {
+ current_conf->handle_unknown = SEPOL_DENY_UNKNOWN;
+ } else if (strcasecmp($3, "reject") == 0) {
+ current_conf->handle_unknown = SEPOL_REJECT_UNKNOWN;
+ } else if (strcasecmp($3, "allow") == 0) {
+ current_conf->handle_unknown = SEPOL_ALLOW_UNKNOWN;
+ } else {
+ yyerror("handle-unknown can only be 'deny', 'reject' or 'allow'");
+ }
+ free($3);
+ }
+
command_block:
command_start external_opts BLOCK_END {
if (new_external->path == NULL) {
@@ -214,6 +228,7 @@
conf->store_path = strdup(basename(selinux_policy_root()));
conf->policyvers = sepol_policy_kern_vers_max();
conf->expand_check = 1;
+ conf->handle_unknown = -1;
conf->file_mode = 0644;
conf->save_previous = 0;
Modified: trunk/libsemanage/src/conf-scan.l
===================================================================
--- trunk/libsemanage/src/conf-scan.l 2007-11-01 20:15:48 UTC (rev 2666)
+++ trunk/libsemanage/src/conf-scan.l 2007-11-05 18:53:56 UTC (rev 2667)
@@ -45,6 +45,7 @@
save-previous return SAVE_PREVIOUS;
save-linked return SAVE_LINKED;
disable-genhomedircon return DISABLE_GENHOMEDIRCON;
+handle-unknown return HANDLE_UNKNOWN;
"[load_policy]" return LOAD_POLICY_START;
"[setfiles]" return SETFILES_START;
"[verify module]" return VERIFY_MOD_START;
Modified: trunk/libsemanage/src/semanage_conf.h
===================================================================
--- trunk/libsemanage/src/semanage_conf.h 2007-11-01 20:15:48 UTC (rev 2666)
+++ trunk/libsemanage/src/semanage_conf.h 2007-11-05 18:53:56 UTC (rev 2667)
@@ -38,6 +38,7 @@
int save_previous;
int save_linked;
int disable_genhomedircon;
+ int handle_unknown;
mode_t file_mode;
struct external_prog *load_policy;
struct external_prog *setfiles;
Modified: trunk/libsemanage/src/semanage_store.c
===================================================================
--- trunk/libsemanage/src/semanage_store.c 2007-11-01 20:15:48 UTC (rev 2666)
+++ trunk/libsemanage/src/semanage_store.c 2007-11-05 18:53:56 UTC (rev 2667)
@@ -1647,6 +1647,8 @@
ERR(sh, "Unknown/Invalid policy version %d.", policyvers);
goto err;
}
+ if (sh->conf->handle_unknown >= 0)
+ sepol_policydb_set_handle_unknown(out, sh->conf->handle_unknown);
*policydb = out;
return STATUS_SUCCESS;
Modified: trunk/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/policydb.h 2007-11-01 20:15:48 UTC (rev 2666)
+++ trunk/libsepol/include/sepol/policydb/policydb.h 2007-11-05 18:53:56 UTC (rev 2667)
@@ -602,9 +602,9 @@
#define POLICYDB_CONFIG_MLS 1
/* the config flags related to unknown classes/perms are bits 2 and 3 */
-#define DENY_UNKNOWN 0x00000000
-#define REJECT_UNKNOWN 0x00000002
-#define ALLOW_UNKNOWN 0x00000004
+#define DENY_UNKNOWN SEPOL_DENY_UNKNOWN
+#define REJECT_UNKNOWN SEPOL_REJECT_UNKNOWN
+#define ALLOW_UNKNOWN SEPOL_ALLOW_UNKNOWN
#define POLICYDB_CONFIG_UNKNOWN_MASK (DENY_UNKNOWN | REJECT_UNKNOWN | ALLOW_UNKNOWN)
Modified: trunk/libsepol/include/sepol/policydb.h
===================================================================
--- trunk/libsepol/include/sepol/policydb.h 2007-11-01 20:15:48 UTC (rev 2666)
+++ trunk/libsepol/include/sepol/policydb.h 2007-11-05 18:53:56 UTC (rev 2667)
@@ -83,6 +83,13 @@
*/
extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
+/* Set how to handle unknown class/perms. */
+#define SEPOL_DENY_UNKNOWN 0
+#define SEPOL_REJECT_UNKNOWN 2
+#define SEPOL_ALLOW_UNKNOWN 4
+extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
+ unsigned int handle_unknown);
+
/*
* Read a policydb from a policy file.
* This automatically sets the type and version based on the
Modified: trunk/libsepol/src/policydb_public.c
===================================================================
--- trunk/libsepol/src/policydb_public.c 2007-11-01 20:15:48 UTC (rev 2666)
+++ trunk/libsepol/src/policydb_public.c 2007-11-05 18:53:56 UTC (rev 2667)
@@ -134,6 +134,24 @@
return 0;
}
+int sepol_policydb_set_handle_unknown(sepol_policydb_t * sp,
+ unsigned int handle_unknown)
+{
+ struct policydb *p = &sp->p;
+
+ switch (handle_unknown) {
+ case SEPOL_DENY_UNKNOWN:
+ case SEPOL_REJECT_UNKNOWN:
+ case SEPOL_ALLOW_UNKNOWN:
+ break;
+ default:
+ return -1;
+ }
+
+ p->handle_unknown = handle_unknown;
+ return 0;
+}
+
int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf)
{
return policydb_read(&p->p, &pf->pf, 0);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-02 21:40:30
|
Revision: 2716
http://selinux.svn.sourceforge.net/selinux/?rev=2716&view=rev
Author: millertc
Date: 2008-01-02 13:40:28 -0800 (Wed, 02 Jan 2008)
Log Message:
-----------
Subject: checkpolicy capability support
This patch includes checkpolicy support for policy capabilities. In this
version of the patch policy capabilities are only allowed in the base
module. Attempted use in other modules will result in a syntax error.
Also included is dismod/dispol support for printing the capabilities.
I chose to use the 'c' command for this in both dismod and dispol to
keep things consistent (dismod has run out of numbered commands).
Signed-off-by: Todd C. Miller <tm...@tr...>
Modified Paths:
--------------
trunk/checkpolicy/policy_parse.y
trunk/checkpolicy/policy_scan.l
trunk/checkpolicy/test/dismod.c
trunk/checkpolicy/test/dispol.c
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2008-01-02 21:36:27 UTC (rev 2715)
+++ trunk/checkpolicy/policy_parse.y 2008-01-02 21:40:28 UTC (rev 2716)
@@ -47,6 +47,7 @@
#include <sepol/policydb/conditional.h>
#include <sepol/policydb/flask.h>
#include <sepol/policydb/hierarchy.h>
+#include <sepol/policydb/polcaps.h>
#include "queue.h"
#include "checkpolicy.h"
#include "module_compiler.h"
@@ -198,6 +199,7 @@
%token IPV4_ADDR
%token IPV6_ADDR
%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
+%token POLICYCAP
%left OR
%left XOR
@@ -308,6 +310,7 @@
| rbac_decl
| cond_stmt_def
| optional_block
+ | policycap_def
| ';'
;
rbac_decl : role_type_def
@@ -765,6 +768,9 @@
ipv6_addr : IPV6_ADDR
{ if (insert_id(yytext,0)) return -1; }
;
+policycap_def : POLICYCAP identifier ';'
+ {if (define_polcap()) return -1;}
+ ;
/*********** module grammar below ***********/
@@ -962,6 +968,44 @@
return -1;
}
+static int define_polcap(void)
+{
+ char *id = 0;
+ int capnum;
+
+ if (pass == 2) {
+ id = queue_remove(id_queue);
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no capability name for policycap definition?");
+ goto bad;
+ }
+
+ /* Check for valid cap name -> number mapping */
+ capnum = sepol_polcap_getnum(id);
+ if (capnum < 0) {
+ yyerror2("invalid policy capability name %s", id);
+ goto bad;
+ }
+
+ /* Store it */
+ if (ebitmap_set_bit(&policydbp->policycaps, capnum, TRUE)) {
+ yyerror("out of memory");
+ goto bad;
+ }
+
+ free(id);
+ return 0;
+
+ bad:
+ free(id);
+ return -1;
+}
+
static int define_initial_sid(void)
{
char *id = 0;
Modified: trunk/checkpolicy/policy_scan.l
===================================================================
--- trunk/checkpolicy/policy_scan.l 2008-01-02 21:36:27 UTC (rev 2715)
+++ trunk/checkpolicy/policy_scan.l 2008-01-02 21:40:28 UTC (rev 2716)
@@ -201,6 +201,8 @@
H1 { return(H1); }
h2 |
H2 { return(H2); }
+policycap |
+POLICYCAP { return(POLICYCAP);}
"/"({alnum}|[_.-/])* { return(PATH); }
{letter}({alnum}|[_-])*([.]?({alnum}|[_-]))* { return(IDENTIFIER); }
{digit}+ { return(NUMBER); }
Modified: trunk/checkpolicy/test/dismod.c
===================================================================
--- trunk/checkpolicy/test/dismod.c 2008-01-02 21:36:27 UTC (rev 2715)
+++ trunk/checkpolicy/test/dismod.c 2008-01-02 21:40:28 UTC (rev 2716)
@@ -34,6 +34,7 @@
#include <sepol/policydb/link.h>
#include <sepol/policydb/module.h>
#include <sepol/policydb/util.h>
+#include <sepol/policydb/polcaps.h>
#include <byteswap.h>
#include <endian.h>
@@ -765,6 +766,26 @@
return;
}
+static void display_policycaps(policydb_t * p, FILE * fp)
+{
+ ebitmap_node_t *node;
+ const char *capname;
+ char buf[64];
+ int i;
+
+ fprintf(fp, "policy capabilities:\n");
+ ebitmap_for_each_bit(&p->policycaps, node, i) {
+ if (ebitmap_node_get_bit(node, i)) {
+ capname = sepol_polcap_getname(i);
+ if (capname == NULL) {
+ snprintf(buf, sizeof(buf), "unknown (%d)", i);
+ capname = buf;
+ }
+ fprintf(fp, "\t%s\n", capname);
+ }
+ }
+}
+
int menu()
{
printf("\nSelect a command:\n");
@@ -781,6 +802,7 @@
printf("\n");
printf("a) Display avrule requirements\n");
printf("b) Display avrule declarations\n");
+ printf("c) Display policy capabilities\n");
printf("l) Link in a module\n");
printf("u) Display the unknown handling setting\n");
printf("\n");
@@ -891,6 +913,9 @@
fprintf(out_fp, "avrule block declarations:\n");
display_avblock(6, 0, &policydb, out_fp);
break;
+ case 'c':
+ display_policycaps(&policydb, out_fp);
+ break;
case 'u':
case 'U':
display_handle_unknown(&policydb, out_fp);
Modified: trunk/checkpolicy/test/dispol.c
===================================================================
--- trunk/checkpolicy/test/dispol.c 2008-01-02 21:36:27 UTC (rev 2715)
+++ trunk/checkpolicy/test/dispol.c 2008-01-02 21:40:28 UTC (rev 2716)
@@ -23,6 +23,7 @@
#include <sepol/policydb/conditional.h>
#include <sepol/policydb/expand.h>
#include <sepol/policydb/util.h>
+#include <sepol/policydb/polcaps.h>
#include <getopt.h>
#include <assert.h>
#include <unistd.h>
@@ -298,6 +299,26 @@
return 0;
}
+static void display_policycaps(policydb_t * p, FILE * fp)
+{
+ ebitmap_node_t *node;
+ const char *capname;
+ char buf[64];
+ int i;
+
+ fprintf(fp, "policy capabilities:\n");
+ ebitmap_for_each_bit(&p->policycaps, node, i) {
+ if (ebitmap_node_get_bit(node, i)) {
+ capname = sepol_polcap_getname(i);
+ if (capname == NULL) {
+ snprintf(buf, sizeof(buf), "unknown (%d)", i);
+ capname = buf;
+ }
+ fprintf(fp, "\t%s\n", capname);
+ }
+ }
+}
+
int menu()
{
printf("\nSelect a command:\n");
@@ -309,6 +330,7 @@
printf("6) display conditional expressions\n");
printf("7) change a boolean value\n");
printf("\n");
+ printf("c) display policy capabilities\n");
printf("u) display unknown handling setting\n");
printf("f) set output file\n");
printf("m) display menu\n");
@@ -421,6 +443,9 @@
change_bool(name, state, &policydb, out_fp);
free(name);
break;
+ case 'c':
+ display_policycaps(&policydb, out_fp);
+ break;
case 'u':
case 'U':
display_handle_unknown(&policydb, out_fp);
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2008-01-02 21:36:27 UTC (rev 2715)
+++ trunk/libsepol/ChangeLog 2008-01-02 21:40:28 UTC (rev 2716)
@@ -1,3 +1,6 @@
+2.0.18 2008-01-02
+ * Added support for policy capabilities from Todd Miller.
+
2.0.17 2007-12-21
* Prevent generation of policy.18 with MLS enabled from Todd Miller.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2008-01-02 21:36:27 UTC (rev 2715)
+++ trunk/libsepol/VERSION 2008-01-02 21:40:28 UTC (rev 2716)
@@ -1 +1 @@
-2.0.17
+2.0.18
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-08 16:18:25
|
Revision: 2725
http://selinux.svn.sourceforge.net/selinux/?rev=2725&view=rev
Author: millertc
Date: 2008-01-08 08:18:23 -0800 (Tue, 08 Jan 2008)
Log Message:
-----------
Subject: Use -Werror
Add -Werror to Makefiles that currently lack it. We can't turn on
-Werror for libsemanage yet due to warnings from the generated scanner.
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/Makefile
trunk/checkpolicy/Makefile
trunk/libselinux/src/Makefile
trunk/libsemanage/src/Makefile
trunk/libsepol/src/Makefile
trunk/libsepol/utils/Makefile
trunk/policycoreutils/secon/Makefile
trunk/policycoreutils/setfiles/Makefile
Modified: trunk/Makefile
===================================================================
--- trunk/Makefile 2008-01-08 16:16:39 UTC (rev 2724)
+++ trunk/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
@@ -2,7 +2,7 @@
PYSUBDIRS=libselinux libsemanage
ifeq ($(DEBUG),1)
- export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow
+ export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
export LDFLAGS = -g
endif
Modified: trunk/checkpolicy/Makefile
===================================================================
--- trunk/checkpolicy/Makefile 2008-01-08 16:16:39 UTC (rev 2724)
+++ trunk/checkpolicy/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
@@ -10,7 +10,7 @@
YACC = bison -y
-CFLAGS ?= -g -Wall -O2 -pipe -fno-strict-aliasing
+CFLAGS ?= -g -Wall -Werror -O2 -pipe -fno-strict-aliasing
override CFLAGS += -I. -I${INCLUDEDIR}
Modified: trunk/libselinux/src/Makefile
===================================================================
--- trunk/libselinux/src/Makefile 2008-01-08 16:16:39 UTC (rev 2724)
+++ trunk/libselinux/src/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
@@ -32,7 +32,7 @@
OBJS= $(patsubst %.c,%.o,$(SRCS))
LOBJS= $(patsubst %.c,%.lo,$(SRCS))
-CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
RANLIB=ranlib
Modified: trunk/libsemanage/src/Makefile
===================================================================
--- trunk/libsemanage/src/Makefile 2008-01-08 16:16:39 UTC (rev 2724)
+++ trunk/libsemanage/src/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
@@ -10,7 +10,7 @@
DEFAULT_SEMANAGE_CONF_LOCATION=$(DESTDIR)/etc/selinux/semanage.conf
ifeq ($(DEBUG),1)
- export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow
+ export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
export LDFLAGS = -g
endif
Modified: trunk/libsepol/src/Makefile
===================================================================
--- trunk/libsepol/src/Makefile 2008-01-08 16:16:39 UTC (rev 2724)
+++ trunk/libsepol/src/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
@@ -10,7 +10,7 @@
LIBSO=$(TARGET).$(LIBVERSION)
OBJS= $(patsubst %.c,%.o,$(wildcard *.c))
LOBJS= $(patsubst %.c,%.lo,$(wildcard *.c))
-CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I. -I../include -D_GNU_SOURCE
all: $(LIBA) $(LIBSO)
Modified: trunk/libsepol/utils/Makefile
===================================================================
--- trunk/libsepol/utils/Makefile 2008-01-08 16:16:39 UTC (rev 2724)
+++ trunk/libsepol/utils/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
@@ -2,7 +2,7 @@
PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
-CFLAGS ?= -Wall
+CFLAGS ?= -Wall -Werror
override CFLAGS += -I../include
LDLIBS += -L../src -lsepol
Modified: trunk/policycoreutils/secon/Makefile
===================================================================
--- trunk/policycoreutils/secon/Makefile 2008-01-08 16:16:39 UTC (rev 2724)
+++ trunk/policycoreutils/secon/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
@@ -5,7 +5,7 @@
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= ${PREFIX}/lib
-WARNS=-W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
+WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
VERSION = $(shell cat ../VERSION)
CFLAGS ?= $(WARNS) -O1
override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR)
Modified: trunk/policycoreutils/setfiles/Makefile
===================================================================
--- trunk/policycoreutils/setfiles/Makefile 2008-01-08 16:16:39 UTC (rev 2724)
+++ trunk/policycoreutils/setfiles/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
@@ -6,7 +6,7 @@
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-CFLAGS = -Werror -Wall -W
+CFLAGS = -Werror -Wall -W
override CFLAGS += -D_FILE_OFFSET_BITS=64 -I$(PREFIX)/include
LDLIBS = -lselinux -lsepol -L$(LIBDIR)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-09 14:25:41
|
Revision: 2726
http://selinux.svn.sourceforge.net/selinux/?rev=2726&view=rev
Author: millertc
Date: 2008-01-09 06:25:39 -0800 (Wed, 09 Jan 2008)
Log Message:
-----------
Filter out -Werror in CFLAGS when building swig wrappers as
we have no control over the code generated by swig.
Signed-off-by: Todd C. Miller <tm...@tr...>
Modified Paths:
--------------
trunk/libselinux/src/Makefile
trunk/libsemanage/src/Makefile
Modified: trunk/libselinux/src/Makefile
===================================================================
--- trunk/libselinux/src/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
+++ trunk/libselinux/src/Makefile 2008-01-09 14:25:39 UTC (rev 2726)
@@ -54,7 +54,7 @@
$(RANLIB) $@
$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
Modified: trunk/libsemanage/src/Makefile
===================================================================
--- trunk/libsemanage/src/Makefile 2008-01-08 16:18:23 UTC (rev 2725)
+++ trunk/libsemanage/src/Makefile 2008-01-09 14:25:39 UTC (rev 2726)
@@ -44,7 +44,7 @@
pywrap: all $(SWIGLOBJ) $(SWIGSO)
$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-02-02 15:37:01
|
Revision: 2775
http://selinux.svn.sourceforge.net/selinux/?rev=2775&view=rev
Author: madmethod
Date: 2008-02-02 07:36:53 -0800 (Sat, 02 Feb 2008)
Log Message:
-----------
On Fri, 2008-02-01 at 09:12 -0500, Joshua Brindle wrote:
> > This patch should reduce the amount of peak memory required to expand
> > the policy by consuming part of the input policy during expansion. It
> > reduced the rss of semodule_expand with a full refpolicy from 86 to 66 meg.
> >
> > On a side note, if anyone knows of a good tool for profiling heap usage
> > I'd like to hear, I've tried valgrind massif, google-perftools, and
> > smaps and none of them seem to work that well...
> >
> > Signed-off-by: Joshua Brindle <me...@ma...>
Looks sane, but patch is whitespace damaged here. Feel free to apply.
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsemanage/src/semanage_store.c
trunk/libsepol/include/sepol/handle.h
trunk/libsepol/src/expand.c
trunk/libsepol/src/handle.c
trunk/libsepol/src/handle.h
trunk/libsepol/src/libsepol.map
trunk/policycoreutils/semodule_expand/semodule_expand.c
Modified: trunk/libsemanage/src/semanage_store.c
===================================================================
--- trunk/libsemanage/src/semanage_store.c 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsemanage/src/semanage_store.c 2008-02-02 15:36:53 UTC (rev 2775)
@@ -1636,6 +1636,8 @@
if (sepol_policydb_create(&out))
goto err;
+ sepol_set_expand_consume_base(sh->sepolh, 1);
+
if (sepol_expand_module(sh->sepolh,
sepol_module_package_get_policy(base), out, 0,
expand_check)
Modified: trunk/libsepol/include/sepol/handle.h
===================================================================
--- trunk/libsepol/include/sepol/handle.h 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsepol/include/sepol/handle.h 2008-02-02 15:36:53 UTC (rev 2775)
@@ -11,6 +11,10 @@
* not disable dontaudits, 1 disables them */
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
+/* Set whether module_expand() should consume the base policy passed in.
+ * This should reduce the amount of memory required to expand the policy. */
+void sepol_set_expand_consume_base(sepol_handle_t * sh, int consume_base);
+
/* Destroy a sepol handle. */
void sepol_handle_destroy(sepol_handle_t *);
Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsepol/src/expand.c 2008-02-02 15:36:53 UTC (rev 2775)
@@ -2134,17 +2134,17 @@
*/
static int copy_and_expand_avrule_block(expand_state_t * state)
{
- avrule_block_t *curblock;
+ avrule_block_t *curblock = state->base->global;
+ avrule_block_t *prevblock;
int retval = -1;
- for (curblock = state->base->global; curblock != NULL;
- curblock = curblock->next) {
+ while (curblock) {
avrule_decl_t *decl = curblock->enabled;
avrule_t *cur_avrule;
if (decl == NULL) {
/* nothing was enabled within this block */
- continue;
+ goto cont;
}
/* copy role allows and role trans */
@@ -2186,6 +2186,18 @@
/* copy conditional rules */
if (cond_node_copy(state, decl->cond_list))
goto cleanup;
+
+ cont:
+ prevblock = curblock;
+ curblock = curblock->next;
+
+ if (state->handle && state->handle->expand_consume_base) {
+ /* set base top avrule block in case there
+ * is an error condition and the policy needs
+ * to be destroyed */
+ state->base->global = curblock;
+ avrule_block_destroy(prevblock);
+ }
}
retval = 0;
Modified: trunk/libsepol/src/handle.c
===================================================================
--- trunk/libsepol/src/handle.c 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsepol/src/handle.c 2008-02-02 15:36:53 UTC (rev 2775)
@@ -16,6 +16,7 @@
/* by default do not disable dontaudits */
sh->disable_dontaudit = 0;
+ sh->expand_consume_base = 0;
return sh;
}
@@ -26,6 +27,12 @@
sh->disable_dontaudit = disable_dontaudit;
}
+void sepol_set_expand_consume_base(sepol_handle_t *sh, int consume_base)
+{
+ assert(sh != NULL);
+ sh->expand_consume_base = consume_base;
+}
+
void sepol_handle_destroy(sepol_handle_t * sh)
{
free(sh);
Modified: trunk/libsepol/src/handle.h
===================================================================
--- trunk/libsepol/src/handle.h 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsepol/src/handle.h 2008-02-02 15:36:53 UTC (rev 2775)
@@ -16,6 +16,7 @@
void *msg_callback_arg;
int disable_dontaudit;
+ int expand_consume_base;
};
Modified: trunk/libsepol/src/libsepol.map
===================================================================
--- trunk/libsepol/src/libsepol.map 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/libsepol/src/libsepol.map 2008-02-02 15:36:53 UTC (rev 2775)
@@ -13,5 +13,6 @@
sepol_policy_kern_*;
sepol_policy_file_*;
sepol_set_disable_dontaudit;
+ sepol_set_expand_consume_base;
local: *;
};
Modified: trunk/policycoreutils/semodule_expand/semodule_expand.c
===================================================================
--- trunk/policycoreutils/semodule_expand/semodule_expand.c 2008-01-31 19:42:58 UTC (rev 2774)
+++ trunk/policycoreutils/semodule_expand/semodule_expand.c 2008-02-02 15:36:53 UTC (rev 2775)
@@ -44,6 +44,7 @@
sepol_policydb_t *out, *p;
FILE *fp, *outfile;
int check_assertions = 1;
+ sepol_handle_t *handle;
while ((ch = getopt(argc, argv, "c:Vva")) != EOF) {
switch (ch) {
@@ -105,6 +106,10 @@
basename = argv[optind++];
outname = argv[optind];
+ handle = sepol_handle_create();
+ if (!handle)
+ exit(1);
+
if (sepol_policy_file_create(&pf)) {
fprintf(stderr, "%s: Out of memory\n", argv[0]);
exit(1);
@@ -132,7 +137,7 @@
/* linking the base takes care of enabling optional avrules */
p = sepol_module_package_get_policy(base);
- if (sepol_link_modules(NULL, p, NULL, 0, 0)) {
+ if (sepol_link_modules(handle, p, NULL, 0, 0)) {
fprintf(stderr, "%s: Error while enabling avrules\n", argv[0]);
exit(1);
}
@@ -144,7 +149,9 @@
exit(1);
}
- if (sepol_expand_module(NULL, p, out, verbose, check_assertions)) {
+ sepol_set_expand_consume_base(handle, 1);
+
+ if (sepol_expand_module(handle, p, out, verbose, check_assertions)) {
fprintf(stderr, "%s: Error while expanding policy\n", argv[0]);
exit(1);
}
@@ -174,6 +181,7 @@
exit(1);
}
fclose(outfile);
+ sepol_handle_destroy(handle);
sepol_policydb_free(out);
sepol_policy_file_free(pf);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-02-02 15:40:58
|
Revision: 2776
http://selinux.svn.sourceforge.net/selinux/?rev=2776&view=rev
Author: madmethod
Date: 2008-02-02 07:40:55 -0800 (Sat, 02 Feb 2008)
Log Message:
-----------
bump policycoreutils, libsemanage, libsepol
Modified Paths:
--------------
trunk/libsemanage/ChangeLog
trunk/libsemanage/VERSION
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2008-02-02 15:36:53 UTC (rev 2775)
+++ trunk/libsemanage/ChangeLog 2008-02-02 15:40:55 UTC (rev 2776)
@@ -1,3 +1,7 @@
+2.0.12 2008-02-02
+ * Use sepol_set_expand_consume_base to reduce peak memory usage when
+ using semodule
+
2.0.19 2008-01-31
* Fix genhomedircon to not override a file context with a homedir context from Todd Miller.
Modified: trunk/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2008-02-02 15:36:53 UTC (rev 2775)
+++ trunk/libsemanage/VERSION 2008-02-02 15:40:55 UTC (rev 2776)
@@ -1 +1 @@
-2.0.19
+2.0.20
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2008-02-02 15:36:53 UTC (rev 2775)
+++ trunk/libsepol/ChangeLog 2008-02-02 15:40:55 UTC (rev 2776)
@@ -1,3 +1,7 @@
+2.0.19 2008-02-02
+ * Add support for consuming avrule_blocks during expansion to reduce
+ peak memory usage.
+
2.0.18 2008-01-02
* Added support for policy capabilities from Todd Miller.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2008-02-02 15:36:53 UTC (rev 2775)
+++ trunk/libsepol/VERSION 2008-02-02 15:40:55 UTC (rev 2776)
@@ -1 +1 @@
-2.0.18
+2.0.19
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-02-02 15:36:53 UTC (rev 2775)
+++ trunk/policycoreutils/ChangeLog 2008-02-02 15:40:55 UTC (rev 2776)
@@ -1,3 +1,7 @@
+2.0.42 2008-02-02
+ * Make semodule_expand use sepol_set_expand_consume_base to reduce
+ peak memory usage.
+
2.0.41 2008-01-28
* Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-02-02 15:36:53 UTC (rev 2775)
+++ trunk/policycoreutils/VERSION 2008-02-02 15:40:55 UTC (rev 2776)
@@ -1 +1 @@
-2.0.41
+2.0.42
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-04 15:59:48
|
Revision: 2777
http://selinux.svn.sourceforge.net/selinux/?rev=2777&view=rev
Author: ssmalley
Date: 2008-02-04 07:24:49 -0800 (Mon, 04 Feb 2008)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libsepol: tune avtab to reduce memory usage
Date: Fri, 01 Feb 2008 08:58:56 -0500
Port of Yuichi Nakamura's tune avtab to reduce memory usage patch
from the kernel avtab to libsepol.
This patch decides the number of hash slots dynamically based on the
number of rules. It also avoids allocating the avtab altogether when
reading policy modules, as they don't need it.
Signed-off-by: Stephen Smalley <sd...@ty...>
Acked-By: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/checkpolicy/test/dispol.c
trunk/libsepol/include/sepol/policydb/avtab.h
trunk/libsepol/src/avtab.c
trunk/libsepol/src/conditional.c
trunk/libsepol/src/expand.c
trunk/libsepol/src/policydb.c
trunk/libsepol/src/write.c
Modified: trunk/checkpolicy/test/dispol.c
===================================================================
--- trunk/checkpolicy/test/dispol.c 2008-02-02 15:40:55 UTC (rev 2776)
+++ trunk/checkpolicy/test/dispol.c 2008-02-04 15:24:49 UTC (rev 2777)
@@ -169,7 +169,7 @@
}
/* hmm...should have used avtab_map. */
- for (i = 0; i < AVTAB_SIZE; i++) {
+ for (i = 0; i < expa.nslot; i++) {
for (cur = expa.htable[i]; cur; cur = cur->next) {
render_av_rule(&cur->key, &cur->datum, what, p, fp);
}
Modified: trunk/libsepol/include/sepol/policydb/avtab.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/avtab.h 2008-02-02 15:40:55 UTC (rev 2776)
+++ trunk/libsepol/include/sepol/policydb/avtab.h 2008-02-04 15:24:49 UTC (rev 2777)
@@ -1,6 +1,11 @@
/* Author : Stephen Smalley, <sd...@ep...> */
+/*
+ * Updated: Yuichi Nakamura <yn...@hi...>
+ * Tuned number of hash slots for avtab to reduce memory usage
+ */
+
/* Updated: Frank Mayer <ma...@tr...> and Karl MacMillan <kma...@tr...>
*
* Added conditional policy language extensions
@@ -75,10 +80,12 @@
typedef struct avtab {
avtab_ptr_t *htable;
uint32_t nel; /* number of elements */
+ uint32_t nslot; /* number of hash slots */
+ uint16_t mask; /* mask to compute hash func */
} avtab_t;
extern int avtab_init(avtab_t *);
-
+extern int avtab_alloc(avtab_t *, uint32_t);
extern int avtab_insert(avtab_t * h, avtab_key_t * k, avtab_datum_t * d);
extern avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * k);
@@ -110,12 +117,11 @@
extern avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified);
-#define AVTAB_HASH_BITS 15
-#define AVTAB_HASH_BUCKETS (1 << AVTAB_HASH_BITS)
-#define AVTAB_HASH_MASK (AVTAB_HASH_BUCKETS-1)
+#define MAX_AVTAB_HASH_BITS 13
+#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
+#define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1)
+#define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS
-#define AVTAB_SIZE AVTAB_HASH_BUCKETS
-
#endif /* _AVTAB_H_ */
/* FLASK */
Modified: trunk/libsepol/src/avtab.c
===================================================================
--- trunk/libsepol/src/avtab.c 2008-02-02 15:40:55 UTC (rev 2776)
+++ trunk/libsepol/src/avtab.c 2008-02-04 15:24:49 UTC (rev 2777)
@@ -1,6 +1,11 @@
/* Author : Stephen Smalley, <sd...@ep...> */
+/*
+ * Updated: Yuichi Nakamura <yn...@hi...>
+ * Tuned number of hash slots for avtab to reduce memory usage
+ */
+
/* Updated: Frank Mayer <ma...@tr...>
* and Karl MacMillan <kma...@me...>
*
@@ -44,11 +49,11 @@
#include "debug.h"
#include "private.h"
-#define AVTAB_HASH(keyp) \
-((keyp->target_class + \
- (keyp->target_type << 2) + \
- (keyp->source_type << 9)) & \
- AVTAB_HASH_MASK)
+static inline int avtab_hash(struct avtab_key *keyp, uint16_t mask)
+{
+ return ((keyp->target_class + (keyp->target_type << 2) +
+ (keyp->source_type << 9)) & mask);
+}
static avtab_ptr_t
avtab_insert_node(avtab_t * h, int hvalue, avtab_ptr_t prev, avtab_key_t * key,
@@ -80,10 +85,10 @@
uint16_t specified =
key->specified & ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);
- if (!h)
+ if (!h || !h->htable)
return SEPOL_ENOMEM;
- hvalue = AVTAB_HASH(key);
+ hvalue = avtab_hash(key, h->mask);
for (prev = NULL, cur = h->htable[hvalue];
cur; prev = cur, cur = cur->next) {
if (key->source_type == cur->key.source_type &&
@@ -121,9 +126,9 @@
uint16_t specified =
key->specified & ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);
- if (!h)
+ if (!h || !h->htable)
return NULL;
- hvalue = AVTAB_HASH(key);
+ hvalue = avtab_hash(key, h->mask);
for (prev = NULL, cur = h->htable[hvalue];
cur; prev = cur, cur = cur->next) {
if (key->source_type == cur->key.source_type &&
@@ -153,10 +158,10 @@
uint16_t specified =
key->specified & ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);
- if (!h)
+ if (!h || !h->htable)
return NULL;
- hvalue = AVTAB_HASH(key);
+ hvalue = avtab_hash(key, h->mask);
for (cur = h->htable[hvalue]; cur; cur = cur->next) {
if (key->source_type == cur->key.source_type &&
key->target_type == cur->key.target_type &&
@@ -188,10 +193,10 @@
uint16_t specified =
key->specified & ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);
- if (!h)
+ if (!h || !h->htable)
return NULL;
- hvalue = AVTAB_HASH(key);
+ hvalue = avtab_hash(key, h->mask);
for (cur = h->htable[hvalue]; cur; cur = cur->next) {
if (key->source_type == cur->key.source_type &&
key->target_type == cur->key.target_type &&
@@ -242,13 +247,13 @@
void avtab_destroy(avtab_t * h)
{
- int i;
+ unsigned int i;
avtab_ptr_t cur, temp;
if (!h || !h->htable)
return;
- for (i = 0; i < AVTAB_SIZE; i++) {
+ for (i = 0; i < h->nslot; i++) {
cur = h->htable[i];
while (cur != NULL) {
temp = cur;
@@ -259,19 +264,22 @@
}
free(h->htable);
h->htable = NULL;
+ h->nslot = 0;
+ h->mask = 0;
}
int avtab_map(avtab_t * h,
int (*apply) (avtab_key_t * k,
avtab_datum_t * d, void *args), void *args)
{
- int i, ret;
+ unsigned int i;
+ int ret;
avtab_ptr_t cur;
if (!h)
return 0;
- for (i = 0; i < AVTAB_SIZE; i++) {
+ for (i = 0; i < h->nslot; i++) {
cur = h->htable[i];
while (cur != NULL) {
ret = apply(&cur->key, &cur->datum, args);
@@ -285,25 +293,50 @@
int avtab_init(avtab_t * h)
{
- int i;
+ h->htable = NULL;
+ h->nel = 0;
+ return 0;
+}
- h->htable = malloc(sizeof(avtab_ptr_t) * AVTAB_SIZE);
+int avtab_alloc(avtab_t *h, uint32_t nrules)
+{
+ uint16_t mask = 0;
+ uint32_t shift = 0;
+ uint32_t work = nrules;
+ uint32_t nslot = 0;
+
+ if (nrules == 0)
+ goto out;
+
+ while (work) {
+ work = work >> 1;
+ shift++;
+ }
+ if (shift > 2)
+ shift = shift - 2;
+ nslot = 1 << shift;
+ if (nslot > MAX_AVTAB_SIZE)
+ nslot = MAX_AVTAB_SIZE;
+ mask = nslot - 1;
+
+ h->htable = calloc(nslot, sizeof(avtab_ptr_t));
if (!h->htable)
return -1;
- for (i = 0; i < AVTAB_SIZE; i++)
- h->htable[i] = (avtab_ptr_t) NULL;
+out:
h->nel = 0;
+ h->nslot = nslot;
+ h->mask = mask;
return 0;
}
void avtab_hash_eval(avtab_t * h, char *tag)
{
- int i, chain_len, slots_used, max_chain_len;
+ unsigned int i, chain_len, slots_used, max_chain_len;
avtab_ptr_t cur;
slots_used = 0;
max_chain_len = 0;
- for (i = 0; i < AVTAB_SIZE; i++) {
+ for (i = 0; i < h->nslot; i++) {
cur = h->htable[i];
if (cur) {
slots_used++;
@@ -320,7 +353,7 @@
printf
("%s: %d entries and %d/%d buckets used, longest chain length %d\n",
- tag, h->nel, slots_used, AVTAB_SIZE, max_chain_len);
+ tag, h->nel, slots_used, h->nslot, max_chain_len);
}
/* Ordering of datums in the original avtab format in the policy file. */
@@ -471,6 +504,13 @@
ERR(fp->handle, "table is empty");
goto bad;
}
+
+ rc = avtab_alloc(a, nel);
+ if (rc) {
+ ERR(fp->handle, "out of memory");
+ goto bad;
+ }
+
for (i = 0; i < nel; i++) {
rc = avtab_read_item(fp, vers, a, avtab_insertf, NULL);
if (rc) {
Modified: trunk/libsepol/src/conditional.c
===================================================================
--- trunk/libsepol/src/conditional.c 2008-02-02 15:40:55 UTC (rev 2776)
+++ trunk/libsepol/src/conditional.c 2008-02-04 15:24:49 UTC (rev 2777)
@@ -829,6 +829,10 @@
len = le32_to_cpu(buf[0]);
+ rc = avtab_alloc(&p->te_cond_avtab, p->te_avtab.nel);
+ if (rc)
+ goto err;
+
for (i = 0; i < len; i++) {
node = malloc(sizeof(cond_node_t));
if (!node)
Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c 2008-02-02 15:40:55 UTC (rev 2776)
+++ trunk/libsepol/src/expand.c 2008-02-04 15:24:49 UTC (rev 2777)
@@ -2138,6 +2138,16 @@
avrule_block_t *prevblock;
int retval = -1;
+ if (avtab_alloc(&state->out->te_avtab, MAX_AVTAB_SIZE)) {
+ ERR(state->handle, "Out of Memory!");
+ return -1;
+ }
+
+ if (avtab_alloc(&state->out->te_cond_avtab, MAX_AVTAB_SIZE)) {
+ ERR(state->handle, "Out of Memory!");
+ return -1;
+ }
+
while (curblock) {
avrule_decl_t *decl = curblock->enabled;
avrule_t *cur_avrule;
@@ -2560,6 +2570,11 @@
{
struct expand_avtab_data data;
+ if (avtab_alloc(expa, MAX_AVTAB_SIZE)) {
+ ERR(NULL, "Out of memory!");
+ return -1;
+ }
+
data.expa = expa;
data.p = p;
return avtab_map(a, expand_avtab_node, &data);
@@ -2688,6 +2703,11 @@
avtab_ptr_t node;
int rc;
+ if (avtab_alloc(expa, MAX_AVTAB_SIZE)) {
+ ERR(NULL, "Out of memory!");
+ return -1;
+ }
+
*newl = NULL;
for (cur = l; cur; cur = cur->next) {
node = cur->node;
Modified: trunk/libsepol/src/policydb.c
===================================================================
--- trunk/libsepol/src/policydb.c 2008-02-02 15:40:55 UTC (rev 2776)
+++ trunk/libsepol/src/policydb.c 2008-02-04 15:24:49 UTC (rev 2777)
@@ -492,17 +492,14 @@
rc = roles_init(p);
if (rc)
- goto out_free_avtab;
+ goto out_free_symtab;
rc = cond_policydb_init(p);
if (rc)
- goto out_free_avtab;
+ goto out_free_symtab;
out:
return rc;
- out_free_avtab:
- avtab_destroy(&p->te_avtab);
-
out_free_symtab:
for (i = 0; i < SYM_NUM; i++) {
hashtab_destroy(p->symtab[i].table);
Modified: trunk/libsepol/src/write.c
===================================================================
--- trunk/libsepol/src/write.c 2008-02-02 15:40:55 UTC (rev 2776)
+++ trunk/libsepol/src/write.c 2008-02-04 15:24:49 UTC (rev 2777)
@@ -229,9 +229,9 @@
static inline void avtab_reset_merged(avtab_t * a)
{
- int i;
+ unsigned int i;
avtab_ptr_t cur;
- for (i = 0; i < AVTAB_SIZE; i++) {
+ for (i = 0; i < a->nslot; i++) {
for (cur = a->htable[i]; cur; cur = cur->next)
cur->merged = 0;
}
@@ -239,7 +239,8 @@
static int avtab_write(struct policydb *p, avtab_t * a, struct policy_file *fp)
{
- int i, rc;
+ unsigned int i;
+ int rc;
avtab_t expa;
avtab_ptr_t cur;
uint32_t nel;
@@ -269,7 +270,7 @@
return POLICYDB_ERROR;
}
- for (i = 0; i < AVTAB_SIZE; i++) {
+ for (i = 0; i < a->nslot; i++) {
for (cur = a->htable[i]; cur; cur = cur->next) {
/* If old format, compute final nel.
If new format, write out the items. */
@@ -290,7 +291,7 @@
goto out;
}
avtab_reset_merged(a);
- for (i = 0; i < AVTAB_SIZE; i++) {
+ for (i = 0; i < a->nslot; i++) {
for (cur = a->htable[i]; cur; cur = cur->next) {
if (avtab_write_item(p, cur, fp, 1, 1, NULL)) {
rc = -1;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-04 16:33:59
|
Revision: 2782
http://selinux.svn.sourceforge.net/selinux/?rev=2782&view=rev
Author: ssmalley
Date: 2008-02-04 08:33:54 -0800 (Mon, 04 Feb 2008)
Log Message:
-----------
Author: Joshua Brindle
Email: me...@ma...
Subject: libsemanage: free policydb before fork
Date: Sat, 02 Feb 2008 22:12:31 -0500
While testing the recent memory-related patches on a low memory machine
(512m total) I found that semodule still failed. It turns out that
fork() requires enough free ram for the amount of private dirty memory
in the parent process to succeed (even if it is never written to in the
child process). This patch moves the genhomedircon call to outside of
semanage_sandbox_install so that the policydb can be freed before any
forks happen. With this patch and the prior ones semodule runs fine on a
512m machine.
Signed-off-By: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/libsemanage/src/direct_api.c
trunk/libsemanage/src/semanage_store.c
trunk/libsemanage/src/semanage_store.h
trunk/scripts/selinux-maint
Modified: trunk/libsemanage/src/direct_api.c
===================================================================
--- trunk/libsemanage/src/direct_api.c 2008-02-04 15:42:17 UTC (rev 2781)
+++ trunk/libsemanage/src/direct_api.c 2008-02-04 16:33:54 UTC (rev 2782)
@@ -41,6 +41,7 @@
#include "boolean_internal.h"
#include "fcontext_internal.h"
#include "node_internal.h"
+#include "genhomedircon.h"
#include "debug.h"
#include "handle.h"
@@ -704,8 +705,27 @@
if (retval < 0)
goto cleanup;
+ /* run genhomedircon if its enabled, this should be the last operation
+ * which requires the out policydb */
+ if (!sh->conf->disable_genhomedircon) {
+ if ((retval =
+ semanage_genhomedircon(sh, out, 1)) != 0) {
+ ERR(sh, "semanage_genhomedircon returned error code %d.",
+ retval);
+ goto cleanup;
+ }
+ } else {
+ WARN(sh, "WARNING: genhomedircon is disabled. \
+ See /etc/selinux/semanage.conf if you need to enable it.");
+ }
+
+ /* free out, if we don't free it before calling semanage_install_sandbox
+ * then fork() may fail on low memory machines */
+ sepol_policydb_free(out);
+ out = NULL;
+
if (sh->do_rebuild || modified) {
- retval = semanage_install_sandbox(sh, out);
+ retval = semanage_install_sandbox(sh);
}
cleanup:
Modified: trunk/libsemanage/src/semanage_store.c
===================================================================
--- trunk/libsemanage/src/semanage_store.c 2008-02-04 15:42:17 UTC (rev 2781)
+++ trunk/libsemanage/src/semanage_store.c 2008-02-04 16:33:54 UTC (rev 2782)
@@ -34,7 +34,6 @@
#include "semanage_store.h"
#include "database_policydb.h"
#include "handle.h"
-#include "genhomedircon.h"
#include <selinux/selinux.h>
#include <sepol/policydb.h>
@@ -1279,8 +1278,7 @@
* should be placed within a mutex lock to ensure that it runs
* atomically. Returns commit number on success, -1 on error.
*/
-int semanage_install_sandbox(semanage_handle_t * sh,
- sepol_policydb_t * policydb)
+int semanage_install_sandbox(semanage_handle_t * sh)
{
int retval = -1, commit_num = -1;
@@ -1293,17 +1291,6 @@
ERR(sh, "No setfiles program specified in configuration file.");
goto cleanup;
}
- if (!sh->conf->disable_genhomedircon) {
- if ((retval =
- semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
- ERR(sh, "semanage_genhomedircon returned error code %d.",
- retval);
- goto cleanup;
- }
- } else {
- WARN(sh, "WARNING: genhomedircon is disabled. \
-See /etc/selinux/semanage.conf if you need to enable it.");
- }
if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
retval = commit_num;
Modified: trunk/libsemanage/src/semanage_store.h
===================================================================
--- trunk/libsemanage/src/semanage_store.h 2008-02-04 15:42:17 UTC (rev 2781)
+++ trunk/libsemanage/src/semanage_store.h 2008-02-04 16:33:54 UTC (rev 2782)
@@ -100,8 +100,7 @@
int semanage_write_policydb(semanage_handle_t * sh,
sepol_policydb_t * policydb);
-int semanage_install_sandbox(semanage_handle_t * sh,
- sepol_policydb_t * policydb);
+int semanage_install_sandbox(semanage_handle_t * sh);
int semanage_verify_modules(semanage_handle_t * sh,
char **module_filenames, int num_modules);
Modified: trunk/scripts/selinux-maint
===================================================================
--- trunk/scripts/selinux-maint 2008-02-04 15:42:17 UTC (rev 2781)
+++ trunk/scripts/selinux-maint 2008-02-04 16:33:54 UTC (rev 2782)
@@ -104,13 +104,13 @@
os.chdir(patch_dir)
patchfd = open(patch_name)
- retcode = subprocess.call(["patch", patch_level, "--dry-run"], stdin=patchfd)
+ retcode = subprocess.call(["patch", patch_level, "--dry-run", "-l"], stdin=patchfd)
resp = raw_input("apply [y/n]: ")
if resp != "y":
sys.exit(0)
patchfd = open(patch_name)
- patch_output = subprocess.Popen(["patch", patch_level], stdin=patchfd,
+ patch_output = subprocess.Popen(["patch", patch_level, "-l"], stdin=patchfd,
stdout=subprocess.PIPE).communicate()[0]
status_output = subprocess.Popen(["svn", "status"], stdout=subprocess.PIPE).communicate()[0]
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-02-04 20:34:42
|
Revision: 2784
http://selinux.svn.sourceforge.net/selinux/?rev=2784&view=rev
Author: millertc
Date: 2008-02-04 12:34:39 -0800 (Mon, 04 Feb 2008)
Log Message:
-----------
Prevent flex from generating an input() function that we never use.
Avoids a gcc warning.
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/checkpolicy/policy_scan.l
trunk/libsemanage/src/conf-scan.l
Modified: trunk/checkpolicy/policy_scan.l
===================================================================
--- trunk/checkpolicy/policy_scan.l 2008-02-04 16:34:48 UTC (rev 2783)
+++ trunk/checkpolicy/policy_scan.l 2008-02-04 20:34:39 UTC (rev 2784)
@@ -43,7 +43,7 @@
unsigned int policydb_errors = 0;
%}
-%option nounput
+%option noinput nounput
%array
letter [A-Za-z]
Modified: trunk/libsemanage/src/conf-scan.l
===================================================================
--- trunk/libsemanage/src/conf-scan.l 2008-02-04 16:34:48 UTC (rev 2783)
+++ trunk/libsemanage/src/conf-scan.l 2008-02-04 20:34:39 UTC (rev 2784)
@@ -32,7 +32,7 @@
%}
%option stack prefix="semanage_"
-%option nounput noyy_push_state noyy_pop_state noyy_top_state
+%option noinput nounput noyy_push_state noyy_pop_state noyy_top_state
%x arg
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-26 12:18:04
|
Revision: 2816
http://selinux.svn.sourceforge.net/selinux/?rev=2816&view=rev
Author: ssmalley
Date: 2008-02-26 04:17:53 -0800 (Tue, 26 Feb 2008)
Log Message:
-----------
make swigify
Modified Paths:
--------------
trunk/Makefile
trunk/libsemanage/src/semanage.py
trunk/libsemanage/src/semanageswig_wrap.c
Modified: trunk/Makefile
===================================================================
--- trunk/Makefile 2008-02-25 20:55:08 UTC (rev 2815)
+++ trunk/Makefile 2008-02-26 12:17:53 UTC (rev 2816)
@@ -11,7 +11,7 @@
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
-install-pywrap:
+install-pywrap swigify:
@for subdir in $(PYSUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
Modified: trunk/libsemanage/src/semanage.py
===================================================================
--- trunk/libsemanage/src/semanage.py 2008-02-25 20:55:08 UTC (rev 2815)
+++ trunk/libsemanage/src/semanage.py 2008-02-26 12:17:53 UTC (rev 2816)
@@ -1,5 +1,5 @@
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.31
+# Version 1.3.33
#
# Don't modify this file, modify the SWIG interface instead.
# This file is compatible with both classic and new-style classes.
Modified: trunk/libsemanage/src/semanageswig_wrap.c
===================================================================
--- trunk/libsemanage/src/semanageswig_wrap.c 2008-02-25 20:55:08 UTC (rev 2815)
+++ trunk/libsemanage/src/semanageswig_wrap.c 2008-02-26 12:17:53 UTC (rev 2816)
@@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
- * Version 1.3.31
+ * Version 1.3.33
*
* This file is not intended to be easily readable and contains a number of
* coding conventions designed to improve portability and efficiency. Do not make
@@ -17,14 +17,14 @@
/* template workaround for compilers that cannot correctly implement the C++ standard */
#ifndef SWIGTEMPLATEDISAMBIGUATOR
-# if defined(__SUNPRO_CC)
-# if (__SUNPRO_CC <= 0x560)
-# define SWIGTEMPLATEDISAMBIGUATOR template
-# else
-# define SWIGTEMPLATEDISAMBIGUATOR
-# endif
+# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560)
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# elif defined(__HP_aCC)
+/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */
+/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */
+# define SWIGTEMPLATEDISAMBIGUATOR template
# else
-# define SWIGTEMPLATEDISAMBIGUATOR
+# define SWIGTEMPLATEDISAMBIGUATOR
# endif
#endif
@@ -107,7 +107,13 @@
# define _CRT_SECURE_NO_DEPRECATE
#endif
+/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */
+#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE)
+# define _SCL_SECURE_NO_DEPRECATE
+#endif
+
+
/* Python.h has to appear first */
#include <Python.h>
@@ -343,7 +349,7 @@
while ((*f2 == ' ') && (f2 != l2)) ++f2;
if (*f1 != *f2) return (*f1 > *f2) ? 1 : -1;
}
- return (l1 - f1) - (l2 - f2);
+ return (int)((l1 - f1) - (l2 - f2));
}
/*
@@ -1090,14 +1096,14 @@
/* Unpack the argument tuple */
SWIGINTERN int
-SWIG_Python_UnpackTuple(PyObject *args, const char *name, int min, int max, PyObject **objs)
+SWIG_Python_UnpackTuple(PyObject *args, const char *name, Py_ssize_t min, Py_ssize_t max, PyObject **objs)
{
if (!args) {
if (!min && !max) {
return 1;
} else {
PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got none",
- name, (min == max ? "" : "at least "), min);
+ name, (min == max ? "" : "at least "), (int)min);
return 0;
}
}
@@ -1105,14 +1111,14 @@
PyErr_SetString(PyExc_SystemError, "UnpackTuple() argument list is not a tuple");
return 0;
} else {
- register int l = PyTuple_GET_SIZE(args);
+ register Py_ssize_t l = PyTuple_GET_SIZE(args);
if (l < min) {
PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
- name, (min == max ? "" : "at least "), min, l);
+ name, (min == max ? "" : "at least "), (int)min, (int)l);
return 0;
} else if (l > max) {
PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
- name, (min == max ? "" : "at most "), max, l);
+ name, (min == max ? "" : "at most "), (int)max, (int)l);
return 0;
} else {
register int i;
@@ -1591,9 +1597,11 @@
(unaryfunc)0, /*nb_float*/
(unaryfunc)PySwigObject_oct, /*nb_oct*/
(unaryfunc)PySwigObject_hex, /*nb_hex*/
-#if PY_VERSION_HEX >= 0x02020000
- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
-#elif PY_VERSION_HEX >= 0x02000000
+#if PY_VERSION_HEX >= 0x02050000 /* 2.5.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_index */
+#elif PY_VERSION_HEX >= 0x02020000 /* 2.2.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
+#elif PY_VERSION_HEX >= 0x02000000 /* 2.0.0 */
0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_or */
#endif
};
@@ -2522,7 +2530,7 @@
#define SWIG_name "_semanage"
-#define SWIGVERSION 0x010331
+#define SWIGVERSION 0x010333
#define SWIG_VERSION SWIGVERSION
@@ -2640,15 +2648,13 @@
#include <limits.h>
-#ifndef LLONG_MIN
-# define LLONG_MIN LONG_LONG_MIN
+#if !defined(SWIG_NO_LLONG_MAX)
+# if !defined(LLONG_MAX) && defined(__GNUC__) && defined (__LONG_LONG_MAX__)
+# define LLONG_MAX __LONG_LONG_MAX__
+# define LLONG_MIN (-LLONG_MAX - 1LL)
+# define ULLONG_MAX (LLONG_MAX * 2ULL + 1ULL)
+# endif
#endif
-#ifndef LLONG_MAX
-# define LLONG_MAX LONG_LONG_MAX
-#endif
-#ifndef ULLONG_MAX
-# define ULLONG_MAX ULONG_LONG_MAX
-#endif
SWIGINTERN int
@@ -11626,7 +11632,7 @@
static swig_type_info _swigt__p_f_p_q_const__struct_semanage_port_p_void__int = {"_p_f_p_q_const__struct_semanage_port_p_void__int", "int (*)(struct semanage_port const *,void *)|int (*)(semanage_port_t const *,void *)", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_f_p_q_const__struct_semanage_seuser_p_void__int = {"_p_f_p_q_const__struct_semanage_seuser_p_void__int", "int (*)(struct semanage_seuser const *,void *)|int (*)(semanage_seuser_t const *,void *)", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_f_p_q_const__struct_semanage_user_p_void__int = {"_p_f_p_q_const__struct_semanage_user_p_void__int", "int (*)(struct semanage_user const *,void *)|int (*)(semanage_user_t const *,void *)", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void = {"_p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void", "void (*)(void *,struct semanage_handle *,char const *,...)|void (*)(void *,semanage_handle_t *,char const *,...)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void = {"_p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void", "void (*)(void *,semanage_handle_t *,char const *,...)|void (*)(void *,struct semanage_handle *,char const *,...)", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_int = {"_p_int", "int *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_char = {"_p_p_char", "char **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_p_char = {"_p_p_p_char", "char ***", 0, 0, (void*)0, 0};
@@ -11638,33 +11644,33 @@
static swig_type_info _swigt__p_p_p_semanage_seuser = {"_p_p_p_semanage_seuser", "struct semanage_seuser ***|semanage_seuser_t ***", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_p_semanage_user = {"_p_p_p_semanage_user", "struct semanage_user ***|semanage_user_t ***", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_bool = {"_p_p_semanage_bool", "struct semanage_bool **|semanage_bool_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_bool_key = {"_p_p_semanage_bool_key", "struct semanage_bool_key **|semanage_bool_key_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_bool_key = {"_p_p_semanage_bool_key", "semanage_bool_key_t **|struct semanage_bool_key **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_context = {"_p_p_semanage_context", "struct semanage_context **|semanage_context_t **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_fcontext = {"_p_p_semanage_fcontext", "struct semanage_fcontext **|semanage_fcontext_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_fcontext_key = {"_p_p_semanage_fcontext_key", "struct semanage_fcontext_key **|semanage_fcontext_key_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_iface = {"_p_p_semanage_iface", "struct semanage_iface **|semanage_iface_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_iface_key = {"_p_p_semanage_iface_key", "struct semanage_iface_key **|semanage_iface_key_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_fcontext_key = {"_p_p_semanage_fcontext_key", "semanage_fcontext_key_t **|struct semanage_fcontext_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_iface = {"_p_p_semanage_iface", "semanage_iface_t **|struct semanage_iface **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_iface_key = {"_p_p_semanage_iface_key", "semanage_iface_key_t **|struct semanage_iface_key **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_module_info = {"_p_p_semanage_module_info", "struct semanage_module_info **|semanage_module_info_t **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_node = {"_p_p_semanage_node", "struct semanage_node **|semanage_node_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_node_key = {"_p_p_semanage_node_key", "struct semanage_node_key **|semanage_node_key_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_node_key = {"_p_p_semanage_node_key", "semanage_node_key_t **|struct semanage_node_key **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_semanage_port = {"_p_p_semanage_port", "struct semanage_port **|semanage_port_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_port_key = {"_p_p_semanage_port_key", "struct semanage_port_key **|semanage_port_key_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_seuser = {"_p_p_semanage_seuser", "struct semanage_seuser **|semanage_seuser_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_seuser_key = {"_p_p_semanage_seuser_key", "struct semanage_seuser_key **|semanage_seuser_key_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_user = {"_p_p_semanage_user", "struct semanage_user **|semanage_user_t **", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_p_semanage_user_key = {"_p_p_semanage_user_key", "struct semanage_user_key **|semanage_user_key_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_port_key = {"_p_p_semanage_port_key", "semanage_port_key_t **|struct semanage_port_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_seuser = {"_p_p_semanage_seuser", "semanage_seuser_t **|struct semanage_seuser **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_seuser_key = {"_p_p_semanage_seuser_key", "semanage_seuser_key_t **|struct semanage_seuser_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_user = {"_p_p_semanage_user", "semanage_user_t **|struct semanage_user **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_user_key = {"_p_p_semanage_user_key", "semanage_user_key_t **|struct semanage_user_key **", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_bool = {"_p_semanage_bool", "struct semanage_bool *|semanage_bool_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_bool_key = {"_p_semanage_bool_key", "struct semanage_bool_key *|semanage_bool_key_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_context = {"_p_semanage_context", "struct semanage_context *|semanage_context_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_fcontext = {"_p_semanage_fcontext", "struct semanage_fcontext *|semanage_fcontext_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_fcontext_key = {"_p_semanage_fcontext_key", "struct semanage_fcontext_key *|semanage_fcontext_key_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_semanage_handle = {"_p_semanage_handle", "struct semanage_handle *|semanage_handle_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_handle = {"_p_semanage_handle", "semanage_handle_t *|struct semanage_handle *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_iface = {"_p_semanage_iface", "struct semanage_iface *|semanage_iface_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_iface_key = {"_p_semanage_iface_key", "struct semanage_iface_key *|semanage_iface_key_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_module_info = {"_p_semanage_module_info", "struct semanage_module_info *|semanage_module_info_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_node = {"_p_semanage_node", "struct semanage_node *|semanage_node_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_node_key = {"_p_semanage_node_key", "struct semanage_node_key *|semanage_node_key_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_semanage_port = {"_p_semanage_port", "struct semanage_port *|semanage_port_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_port = {"_p_semanage_port", "semanage_port_t *|struct semanage_port *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_port_key = {"_p_semanage_port_key", "struct semanage_port_key *|semanage_port_key_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_seuser = {"_p_semanage_seuser", "struct semanage_seuser *|semanage_seuser_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_semanage_seuser_key = {"_p_semanage_seuser_key", "struct semanage_seuser_key *|semanage_seuser_key_t *", 0, 0, (void*)0, 0};
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-02-27 20:28:24
|
Revision: 2818
http://selinux.svn.sourceforge.net/selinux/?rev=2818&view=rev
Author: millertc
Date: 2008-02-27 12:28:20 -0800 (Wed, 27 Feb 2008)
Log Message:
-----------
Author: Todd C. Miller <tm...@tr...>
Date: Wednesday, February 27, 2008 1:44 PM
Subject: PATCH: avoid -Werror for parser-generated sources
We've been bitten repeatedly by changes in lex and yacc resulting in
new compiler warnings. Now that we build with -Werror this can result
in broken builds. Since we have little control over what lex and yacc
generate, just filter out -Werror when compiling their .c files.
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/checkpolicy/Makefile
trunk/libsemanage/src/Makefile
Modified: trunk/checkpolicy/Makefile
===================================================================
--- trunk/checkpolicy/Makefile 2008-02-26 12:18:28 UTC (rev 2817)
+++ trunk/checkpolicy/Makefile 2008-02-27 20:28:20 UTC (rev 2818)
@@ -33,10 +33,10 @@
$(CC) $(CFLAGS) -o $@ -c $<
y.tab.o: y.tab.c
- $(CC) $(CFLAGS) -o $@ -c $<
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -o $@ -c $<
lex.yy.o: lex.yy.c
- $(CC) $(CFLAGS) -o $@ -c $<
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -o $@ -c $<
y.tab.c: policy_parse.y
$(YACC) -d policy_parse.y
Modified: trunk/libsemanage/src/Makefile
===================================================================
--- trunk/libsemanage/src/Makefile 2008-02-26 12:18:28 UTC (rev 2817)
+++ trunk/libsemanage/src/Makefile 2008-02-27 20:28:20 UTC (rev 2818)
@@ -71,6 +71,18 @@
%.lo: %.c
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+conf-parse.o: conf-parse.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -c -o $@ $<
+
+conf-parse.lo: conf-parse.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -fPIC -DSHARED -c -o $@ $<
+
+conf-scan.o: conf-scan.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -c -o $@ $<
+
+conf-scan.lo: conf-scan.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -fPIC -DSHARED -c -o $@ $<
+
$(SWIGCOUT): $(SWIGIF)
$(SWIG) $^
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-03-04 17:29:44
|
Revision: 2831
http://selinux.svn.sourceforge.net/selinux/?rev=2831&view=rev
Author: millertc
Date: 2008-03-04 09:29:33 -0800 (Tue, 04 Mar 2008)
Log Message:
-----------
Author: Todd C. Miller <tm...@tr...>
Subject: PATCH: fix uninitialized use of handle in struct policy_file
Date: Tuesday, March 04, 2008 9:37 AM
Add policy_file_init() function and use it to initialize struct
policy_file (aka policy_file_t) before using. Fixes several instances
of the "handle" element being uses unitialized.
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
checkpolicy/checkmodule.c | 2 ++
checkpolicy/checkpolicy.c | 2 ++
checkpolicy/test/dismod.c | 1 +
checkpolicy/test/dispol.c | 1 +
libsepol/include/sepol/policydb/policydb.h | 2 ++
libsepol/src/genbools.c | 2 ++
libsepol/src/module.c | 3 +--
libsepol/src/policydb.c | 5 +++++
libsepol/src/policydb_convert.c | 4 ++--
libsepol/src/services.c | 15 +++++++++------
10 files changed, 27 insertions(+), 10 deletions(-)
Modified Paths:
--------------
trunk/checkpolicy/checkmodule.c
trunk/checkpolicy/checkpolicy.c
trunk/checkpolicy/test/dismod.c
trunk/checkpolicy/test/dispol.c
trunk/libsepol/include/sepol/policydb/policydb.h
trunk/libsepol/src/genbools.c
trunk/libsepol/src/module.c
trunk/libsepol/src/policydb.c
trunk/libsepol/src/policydb_convert.c
trunk/libsepol/src/services.c
Modified: trunk/checkpolicy/checkmodule.c
===================================================================
--- trunk/checkpolicy/checkmodule.c 2008-03-03 21:08:14 UTC (rev 2830)
+++ trunk/checkpolicy/checkmodule.c 2008-03-04 17:29:33 UTC (rev 2831)
@@ -71,6 +71,7 @@
fprintf(stderr, "Can't map '%s': %s\n", file, strerror(errno));
return -1;
}
+ policy_file_init(&f);
f.type = PF_USE_MEMORY;
f.data = map;
f.len = sb.st_size;
@@ -124,6 +125,7 @@
p->policyvers = policyvers;
p->handle_unknown = handle_unknown;
+ policy_file_init(&pf);
pf.type = PF_USE_STDIO;
pf.fp = outfp;
ret = policydb_write(p, &pf);
Modified: trunk/checkpolicy/checkpolicy.c
===================================================================
--- trunk/checkpolicy/checkpolicy.c 2008-03-03 21:08:14 UTC (rev 2830)
+++ trunk/checkpolicy/checkpolicy.c 2008-03-04 17:29:33 UTC (rev 2831)
@@ -489,6 +489,7 @@
file, strerror(errno));
exit(1);
}
+ policy_file_init(&pf);
pf.type = PF_USE_MEMORY;
pf.data = map;
pf.len = sb.st_size;
@@ -577,6 +578,7 @@
policydb.policy_type = POLICY_KERN;
policydb.policyvers = policyvers;
+ policy_file_init(&pf);
pf.type = PF_USE_STDIO;
pf.fp = outfp;
ret = policydb_write(&policydb, &pf);
Modified: trunk/checkpolicy/test/dismod.c
===================================================================
--- trunk/checkpolicy/test/dismod.c 2008-03-03 21:08:14 UTC (rev 2830)
+++ trunk/checkpolicy/test/dismod.c 2008-03-04 17:29:33 UTC (rev 2831)
@@ -689,6 +689,7 @@
filename, strerror(errno));
exit(1);
}
+ policy_file_init(&f);
f.type = PF_USE_STDIO;
f.fp = in_fp;
Modified: trunk/checkpolicy/test/dispol.c
===================================================================
--- trunk/checkpolicy/test/dispol.c 2008-03-03 21:08:14 UTC (rev 2830)
+++ trunk/checkpolicy/test/dispol.c 2008-03-04 17:29:33 UTC (rev 2831)
@@ -373,6 +373,7 @@
/* read the binary policy */
fprintf(out_fp, "Reading policy...\n");
+ policy_file_init(&pf);
pf.type = PF_USE_MEMORY;
pf.data = map;
pf.len = sb.st_size;
Modified: trunk/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/policydb.h 2008-03-03 21:08:14 UTC (rev 2830)
+++ trunk/libsepol/include/sepol/policydb/policydb.h 2008-03-04 17:29:33 UTC (rev 2831)
@@ -568,6 +568,8 @@
struct policy_file pf;
};
+extern void policy_file_init(policy_file_t * x);
+
extern int policydb_read(policydb_t * p, struct policy_file *fp,
unsigned int verbose);
extern int avrule_read_list(policydb_t * p, avrule_t ** avrules,
Modified: trunk/libsepol/src/genbools.c
===================================================================
--- trunk/libsepol/src/genbools.c 2008-03-03 21:08:14 UTC (rev 2830)
+++ trunk/libsepol/src/genbools.c 2008-03-04 17:29:33 UTC (rev 2831)
@@ -154,6 +154,7 @@
goto err_destroy;
}
+ policy_file_init(&pf);
pf.type = PF_USE_MEMORY;
pf.data = data;
pf.len = len;
@@ -225,6 +226,7 @@
goto err_destroy;
}
+ policy_file_init(&pf);
pf.type = PF_USE_MEMORY;
pf.data = data;
pf.len = len;
Modified: trunk/libsepol/src/module.c
===================================================================
--- trunk/libsepol/src/module.c 2008-03-03 21:08:14 UTC (rev 2830)
+++ trunk/libsepol/src/module.c 2008-03-04 17:29:33 UTC (rev 2831)
@@ -851,9 +851,8 @@
if (p->policy) {
/* compute policy length */
+ policy_file_init(&polfile);
polfile.type = PF_LEN;
- polfile.data = NULL;
- polfile.len = 0;
polfile.handle = file->handle;
if (policydb_write(&p->policy->p, &polfile))
return -1;
Modified: trunk/libsepol/src/policydb.c
===================================================================
--- trunk/libsepol/src/policydb.c 2008-03-03 21:08:14 UTC (rev 2830)
+++ trunk/libsepol/src/policydb.c 2008-03-04 17:29:33 UTC (rev 2831)
@@ -3290,3 +3290,8 @@
return 0;
}
+
+void policy_file_init(policy_file_t *pf)
+{
+ memset(pf, 0, sizeof(policy_file_t));
+}
Modified: trunk/libsepol/src/policydb_convert.c
===================================================================
--- trunk/libsepol/src/policydb_convert.c 2008-03-03 21:08:14 UTC (rev 2830)
+++ trunk/libsepol/src/policydb_convert.c 2008-03-04 17:29:33 UTC (rev 2831)
@@ -13,6 +13,7 @@
policy_file_t pf;
+ policy_file_init(&pf);
pf.type = PF_USE_MEMORY;
pf.data = data;
pf.len = len;
@@ -39,9 +40,8 @@
struct policydb tmp_policydb;
/* Compute the length for the new policy image. */
+ policy_file_init(&pf);
pf.type = PF_LEN;
- pf.data = NULL;
- pf.len = 0;
pf.handle = handle;
if (policydb_write(policydb, &pf)) {
ERR(handle, "could not compute policy length");
Modified: trunk/libsepol/src/services.c
===================================================================
--- trunk/libsepol/src/services.c 2008-03-03 21:08:14 UTC (rev 2830)
+++ trunk/libsepol/src/services.c 2008-03-04 17:29:33 UTC (rev 2831)
@@ -85,6 +85,8 @@
int sepol_set_policydb_from_file(FILE * fp)
{
struct policy_file pf;
+
+ policy_file_init(&pf);
pf.fp = fp;
pf.type = PF_USE_STDIO;
if (mypolicydb.policy_type)
@@ -1003,13 +1005,14 @@
convert_context_args_t args;
uint32_t seqno;
int rc = 0;
- struct policy_file file = {
- .type = PF_USE_MEMORY,
- .data = data,
- .len = len,
- .fp = NULL
- }, *fp = &file;
+ struct policy_file file, *fp;
+ policy_file_init(&file);
+ file.type = PF_USE_MEMORY;
+ file.data = data;
+ file.len = len;
+ fp = &file;
+
if (policydb_init(&newpolicydb))
return -ENOMEM;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X