diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index f1d4d54..8f75dc5 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,27 +1,92 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/avcstat.c libselinux-1.21.1/utils/avcstat.c ---- nsalibselinux/utils/avcstat.c 2005-01-20 16:05:24.000000000 -0500 -+++ libselinux-1.21.1/utils/avcstat.c 2005-01-21 15:52:50.111732000 -0500 -@@ -68,7 +68,7 @@ - printf("program will loop, displaying updated statistics every \'interval\' seconds.\n"); - printf("Relative values are displayed by default. Use the -c option to specify the\n"); - printf("display of cumulative values. The -f option specifies the location of the\n"); -- printf("AVC statistics file, defaulting to \'%s\%s\'.\n\n", selinux_mnt, DEF_STAT_FILE); -+ printf("AVC statistics file, defaulting to \'%s%s\'.\n\n", selinux_mnt, DEF_STAT_FILE); +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.21.9/src/matchpathcon.c +--- nsalibselinux/src/matchpathcon.c 2005-01-31 13:50:18.000000000 -0500 ++++ libselinux-1.21.9/src/matchpathcon.c 2005-02-10 16:51:59.000000000 -0500 +@@ -519,10 +519,13 @@ + { + FILE *fp; + FILE *localfp; ++ FILE *homedirfp; + char local_path[PATH_MAX + 1]; ++ char homedir_path[PATH_MAX + 1]; + char line_buf[BUFSIZ + 1]; + unsigned int lineno, pass, i, j, maxnspec; + spec_t *spec_copy; ++ int status=-1; + + /* Open the specification file. */ + if (!path) +@@ -530,6 +533,9 @@ + if ((fp = fopen(path, "r")) == NULL) + return -1; + ++ snprintf(homedir_path, sizeof(homedir_path), "%s.homedirs", path); ++ homedirfp = fopen(homedir_path, "r"); ++ + snprintf(local_path, sizeof(local_path), "%s.local", path); + localfp = fopen(local_path, "r"); + +@@ -547,33 +553,41 @@ + nspec = 0; + while (fgets_unlocked(line_buf, sizeof line_buf, fp) && nspec < maxnspec) { + if (process_line(path, line_buf, pass, ++lineno) != 0) +- return -1; ++ goto finish; + } ++ if (homedirfp) ++ while (fgets_unlocked(line_buf, sizeof line_buf, homedirfp) && nspec < maxnspec) { ++ if (process_line(homedir_path, line_buf, pass, ++lineno) != 0) ++ goto finish; ++ } ++ ++ + if (localfp) + while (fgets_unlocked(line_buf, sizeof line_buf, localfp) && nspec < maxnspec) { + if (process_line(local_path, line_buf, pass, ++lineno) != 0) +- return -1; ++ goto finish; + } + + if (pass == 0) { +- if (nspec == 0) +- return 0; ++ if (nspec == 0) { ++ status = 0; ++ goto finish; ++ } + if ((spec_arr = malloc(sizeof(spec_t) * nspec)) == + NULL) +- return -1; ++ goto finish; + memset(spec_arr, '\0', sizeof(spec_t) * nspec); + maxnspec = nspec; + rewind(fp); ++ if (homedirfp) rewind(homedirfp); + if (localfp) rewind(localfp); + } + } +- fclose(fp); +- if (localfp) fclose(localfp); + + /* Move exact pathname specifications to the end. */ + spec_copy = malloc(sizeof(spec_t) * nspec); + if (!spec_copy) +- return -1; ++ goto finish; + j = 0; + for (i = 0; i < nspec; i++) { + if (spec_arr[i].hasMetaChars) +@@ -588,7 +602,13 @@ + + nodups_specs(path); + +- return 0; ++ status = 0; ++ finish: ++ fclose(fp); ++ if (spec_arr != spec_copy) free(spec_arr); ++ if (homedirfp) fclose(homedirfp); ++ if (localfp) fclose(localfp); ++ return status; } + hidden_def(matchpathcon_init) - static void set_window_rows(void) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/rpm.c libselinux-1.21.1/src/rpm.c ---- nsalibselinux/src/rpm.c 2004-11-09 09:13:54.000000000 -0500 -+++ libselinux-1.21.1/src/rpm.c 2005-01-24 15:24:33.000000000 -0500 -@@ -41,8 +41,10 @@ - rc = setexeccon(newcon); - if (rc < 0) - goto out; -- rc = execve(filename, argv, envp); - out: -+ if ( ( rc == 0 ) || -+ (security_getenforce() == 0 )) -+ rc = execve(filename, argv, envp); - context_free(con); - freecon(newcon); - freecon(fcon); diff --git a/libselinux.spec b/libselinux.spec index 4441fbb..9f69ff7 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,10 +1,11 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 1.21.9 -Release: 1 +Release: 2 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: libselinux-rhat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot @@ -34,7 +35,7 @@ needed for developing SELinux applications. %prep %setup -q - +%patch -p1 -b .rhat %build make CFLAGS="-g %{optflags}" @@ -84,6 +85,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man8/* %changelog +* Thu Feb 10 2005 Dan Walsh 1.21.9-2 +- Process file_context.homedir + * Thu Feb 10 2005 Dan Walsh 1.21.9-1 - Update from NSA * Changed relabel Makefile target to use restorecon.