From 70810f17e4fb870fe858822fdc20f64453992ea6 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Nov 08 2005 19:18:13 +0000 Subject: - Patch to not translate mls when calling setfiles --- diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index a4e6c43..441f819 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,12 +1,75 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.27.19/src/matchpathcon.c ---- nsalibselinux/src/matchpathcon.c 2005-10-06 09:20:38.000000000 -0400 -+++ libselinux-1.27.19/src/matchpathcon.c 2005-11-08 14:04:09.000000000 -0500 -@@ -605,7 +605,7 @@ - unsigned int lineno, pass, i, j, maxnspec; - spec_t *spec_copy=NULL; - int status=-1; -- int mls_enabled=is_selinux_mls_enabled(); -+ int mls_enabled=is_selinux_mls_enabled() && ( is_selinux_enabled() > 0 ); - - /* Open the specification file. */ - if (!path) +Index: libselinux/include/selinux/selinux.h +=================================================================== +RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/include/selinux/selinux.h,v +retrieving revision 1.50 +diff -u -p -r1.50 selinux.h +--- libselinux/include/selinux/selinux.h 7 Nov 2005 19:30:36 -0000 1.50 ++++ libselinux/include/selinux/selinux.h 8 Nov 2005 19:04:31 -0000 +@@ -292,6 +292,7 @@ extern void set_matchpathcon_canoncon(in + + /* Set flags controlling operation of matchpathcon_init or matchpathcon. */ + #define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ ++#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ + extern void set_matchpathcon_flags(unsigned int flags); + + /* Load the file contexts configuration specified by 'path' +Index: libselinux/src/matchpathcon.c +=================================================================== +RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/matchpathcon.c,v +retrieving revision 1.32 +diff -u -p -r1.32 matchpathcon.c +--- libselinux/src/matchpathcon.c 7 Nov 2005 19:30:37 -0000 1.32 ++++ libselinux/src/matchpathcon.c 8 Nov 2005 19:08:05 -0000 +@@ -570,6 +570,10 @@ static int process_line( const char *pat + skip_type: + if (strcmp(context, "<>")) { + char *tmpcon = NULL; ++ ++ if (myflags & MATCHPATHCON_NOTRANS) ++ goto skip_trans; ++ + if (context_translations) { + if (raw_to_trans_context(context, &tmpcon)) { + myprintf("%s: line %u has invalid " +@@ -584,6 +588,7 @@ static int process_line( const char *pat + return -1; + } + ++skip_trans: + if (myinvalidcon) { + /* Old-style validation of context. */ + if (myinvalidcon(path, lineno, context)) +Index: policycoreutils/setfiles/setfiles.c +=================================================================== +RCS file: /nfshome/pal/CVS/selinux-usr/policycoreutils/setfiles/setfiles.c,v +retrieving revision 1.38 +diff -u -p -r1.38 setfiles.c +--- policycoreutils/setfiles/setfiles.c 7 Nov 2005 19:31:55 -0000 1.38 ++++ policycoreutils/setfiles/setfiles.c 8 Nov 2005 19:12:31 -0000 +@@ -388,13 +388,7 @@ int canoncon(const char *path, unsigned + int valid = 1; + + if (policyfile) { +- char *raw; +- if (selinux_trans_to_raw_context(context, &raw)) +- valid = 0; +- if (valid) { +- valid = (sepol_check_context (raw) >= 0); +- freecon(raw); +- } ++ valid = (sepol_check_context (context) >= 0); + } else if (security_canonicalize_context(context, &tmpcon) < 0) { + if (errno != ENOENT) { + valid = 0; +@@ -447,8 +441,9 @@ int main(int argc, char **argv) + fclose(policystream); + + /* Only process the specified file_contexts file, not +- any .homedirs or .local files. */ +- set_matchpathcon_flags(MATCHPATHCON_BASEONLY); ++ any .homedirs or .local files, and do not perform ++ context translations. */ ++ set_matchpathcon_flags(MATCHPATHCON_BASEONLY|MATCHPATHCON_NOTRANS); + + break; + } diff --git a/libselinux.spec b/libselinux.spec index d64ed4a..1b46501 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -2,7 +2,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 1.27.19 -Release: 1 +Release: 2 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -92,6 +92,9 @@ exit 0 %{_mandir}/man8/* %changelog +* Tue Nov 8 2005 Dan Walsh 1.27.19-2 +- Patch to not translate mls when calling setfiles + * Mon Nov 7 2005 Dan Walsh 1.27.19-1 - Update to latest from NSA * Merged seusers parser changes from Ivan Gyurdiev.