Blob Blame Raw
diff -up libselinux-2.0.96/man/man3/security_setenforce.3.rhat libselinux-2.0.96/man/man3/security_setenforce.3
--- libselinux-2.0.96/man/man3/security_setenforce.3.rhat	2010-09-22 17:14:11.000000000 -0400
+++ libselinux-2.0.96/man/man3/security_setenforce.3	2010-09-22 17:11:58.000000000 -0400
@@ -1 +1 @@
-.so security_getenforce.3
+.so man3/security_getenforce.3
diff -up libselinux-2.0.96/man/man8/selinuxconlist.8.rhat libselinux-2.0.96/man/man8/selinuxconlist.8
--- libselinux-2.0.96/man/man8/selinuxconlist.8.rhat	2010-08-04 15:21:39.000000000 -0400
+++ libselinux-2.0.96/man/man8/selinuxconlist.8	2010-08-04 15:21:39.000000000 -0400
@@ -0,0 +1,18 @@
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+selinuxconlist \- list all SELinux context reachable for user
+.SH "SYNOPSIS"
+.B selinuxconlist [-l level] user [context]
+
+.SH "DESCRIPTION"
+.B selinuxconlist
+reports the list of context reachable for user from the current context or specified context
+
+.B \-l level
+mcs/mls level
+
+.SH AUTHOR	
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+secon(8), selinuxdefcon(8)
diff -up libselinux-2.0.96/man/man8/selinuxdefcon.8.rhat libselinux-2.0.96/man/man8/selinuxdefcon.8
--- libselinux-2.0.96/man/man8/selinuxdefcon.8.rhat	2010-08-04 15:21:39.000000000 -0400
+++ libselinux-2.0.96/man/man8/selinuxdefcon.8	2010-08-04 15:21:39.000000000 -0400
@@ -0,0 +1,24 @@
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+selinuxdefcon \- report default SELinux context for user 
+
+.SH "SYNOPSIS"
+.B selinuxdefcon [-l level] user fromcon
+
+.SH "DESCRIPTION"
+.B selinuxdefcon
+reports the default context for the specified user from the specified context
+
+.B \-l level
+mcs/mls level
+
+.SH EXAMPLE
+# selinuxdefcon jsmith system_u:system_r:sshd_t:s0
+.br
+unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
+
+.SH AUTHOR	
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+secon(8), selinuxconlist(8)
diff -up libselinux-2.0.96/src/audit2why.c.rhat libselinux-2.0.96/src/audit2why.c
--- libselinux-2.0.96/src/audit2why.c.rhat	2010-06-16 08:03:39.000000000 -0400
+++ libselinux-2.0.96/src/audit2why.c	2010-08-04 15:21:39.000000000 -0400
@@ -1,3 +1,6 @@
+/* Workaround for http://bugs.python.org/issue4835 */
+#define SIZEOF_SOCKET_T SIZEOF_INT
+
 #include <Python.h>
 #include <unistd.h>
 #include <stdlib.h>
@@ -255,6 +258,8 @@ static int __policy_init(const char *ini
 	fclose(fp);
 	sepol_set_policydb(&avc->policydb->p);
 	avc->handle = sepol_handle_create();
+	/* Turn off messages */
+	sepol_msg_set_callback(avc->handle, NULL, NULL);
 
 	rc = sepol_bool_count(avc->handle,
 			      avc->policydb, &cnt);
@@ -287,8 +292,10 @@ static int __policy_init(const char *ini
 static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
   int result;
   char *init_path=NULL;
-  if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) 
-	  result = __policy_init(init_path);
+  if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) {
+    return NULL;
+  }
+  result = __policy_init(init_path);
   return Py_BuildValue("i", result);
 }
 
@@ -353,7 +360,11 @@ static PyObject *analyze(PyObject *self 
 		strObj = PyList_GetItem(listObj, i); /* Can't fail */
 		
 		/* make it a string */
+#if PY_MAJOR_VERSION >= 3
+		permstr = _PyUnicode_AsString( strObj );
+#else
 		permstr = PyString_AsString( strObj );
+#endif
 		
 		perm = string_to_av_perm(tclass, permstr);
 		if (!perm) {
@@ -423,10 +434,39 @@ static PyMethodDef audit2whyMethods[] = 
     {NULL, NULL, 0, NULL}        /* Sentinel */
 };
 
+#if PY_MAJOR_VERSION >= 3
+/* Module-initialization logic specific to Python 3 */
+struct module_state {
+	/* empty for now */
+};
+static struct PyModuleDef moduledef = {
+	PyModuleDef_HEAD_INIT,
+	"audit2why",
+	NULL,
+	sizeof(struct module_state),
+	audit2whyMethods,
+	NULL,
+	NULL,
+	NULL,
+	NULL
+};
+
+PyMODINIT_FUNC
+PyInit_audit2why(void)
+#else
 PyMODINIT_FUNC
 initaudit2why(void)
+#endif
 {
-	PyObject *m = Py_InitModule("audit2why", audit2whyMethods);
+	PyObject *m;
+#if PY_MAJOR_VERSION >= 3
+	m = PyModule_Create(&moduledef);
+	if (m == NULL) {
+		return NULL;
+	}
+#else
+	m  = Py_InitModule("audit2why", audit2whyMethods);
+#endif
 	PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN);
 	PyModule_AddIntConstant(m,"BADSCON", BADSCON);
 	PyModule_AddIntConstant(m,"BADTCON", BADTCON);
@@ -440,4 +480,8 @@ initaudit2why(void)
 	PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN);
 	PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT);
 	PyModule_AddIntConstant(m,"RBAC", RBAC);
+
+#if PY_MAJOR_VERSION >= 3
+	return m;
+#endif
 }
diff -up libselinux-2.0.96/src/callbacks.c.rhat libselinux-2.0.96/src/callbacks.c
--- libselinux-2.0.96/src/callbacks.c.rhat	2010-06-16 08:03:39.000000000 -0400
+++ libselinux-2.0.96/src/callbacks.c	2010-08-04 15:21:39.000000000 -0400
@@ -16,6 +16,7 @@ default_selinux_log(int type __attribute
 {
 	int rc;
 	va_list ap;
+	if (is_selinux_enabled() == 0) return 0;
 	va_start(ap, fmt);
 	rc = vfprintf(stderr, fmt, ap);
 	va_end(ap);
diff -up libselinux-2.0.96/src/get_context_list.c.rhat libselinux-2.0.96/src/get_context_list.c
--- libselinux-2.0.96/src/get_context_list.c.rhat	2010-06-16 08:03:39.000000000 -0400
+++ libselinux-2.0.96/src/get_context_list.c	2010-08-04 15:21:39.000000000 -0400
@@ -286,7 +286,6 @@ static int get_failsafe_context(const ch
 	if (buf[plen - 1] == '\n')
 		buf[plen - 1] = 0;
 
-      retry:
 	nlen = strlen(user) + 1 + plen + 1;
 	*newcon = malloc(nlen);
 	if (!(*newcon))
@@ -306,10 +305,6 @@ static int get_failsafe_context(const ch
 	if (security_check_context(*newcon) && errno != ENOENT) {
 		free(*newcon);
 		*newcon = 0;
-		if (strcmp(user, SELINUX_DEFAULTUSER)) {
-			user = SELINUX_DEFAULTUSER;
-			goto retry;
-		}
 		return -1;
 	}
 
@@ -418,13 +413,8 @@ int get_ordered_context_list(const char 
 
 	/* Determine the set of reachable contexts for the user. */
 	rc = security_compute_user(fromcon, user, &reachable);
-	if (rc < 0) {
-		/* Retry with the default SELinux user identity. */
-		user = SELINUX_DEFAULTUSER;
-		rc = security_compute_user(fromcon, user, &reachable);
-		if (rc < 0)
-			goto failsafe;
-	}
+	if (rc < 0)
+		goto failsafe;
 	nreach = 0;
 	for (ptr = reachable; *ptr; ptr++)
 		nreach++;
diff -up libselinux-2.0.96/src/Makefile.rhat libselinux-2.0.96/src/Makefile
--- libselinux-2.0.96/src/Makefile.rhat	2010-06-16 08:03:39.000000000 -0400
+++ libselinux-2.0.96/src/Makefile	2010-08-04 15:21:39.000000000 -0400
@@ -1,9 +1,10 @@
 # Installation directories.
+PYTHON ?= python
 PREFIX ?= $(DESTDIR)/usr
 LIBDIR ?= $(PREFIX)/lib
 SHLIBDIR ?= $(DESTDIR)/lib
 INCLUDEDIR ?= $(PREFIX)/include
-PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
 PYINC ?= /usr/include/$(PYLIBVER)
 PYLIB ?= /usr/lib/$(PYLIBVER)
 PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
@@ -23,13 +24,13 @@ SWIGIF= selinuxswig_python.i selinuxswig
 SWIGRUBYIF= selinuxswig_ruby.i
 SWIGCOUT= selinuxswig_wrap.c
 SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
-SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) 
+SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT)) 
 SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) 
-SWIGSO=_selinux.so
+SWIGSO=$(PYPREFIX)_selinux.so
 SWIGFILES=$(SWIGSO) selinux.py selinuxswig_python_exception.i
 SWIGRUBYSO=_rubyselinux.so
 LIBSO=$(TARGET).$(LIBVERSION)
-AUDIT2WHYSO=audit2why.so
+AUDIT2WHYSO=$(PYPREFIX)audit2why.so
 
 ifeq ($(DISABLE_AVC),y)
 	UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c
@@ -91,10 +92,10 @@ $(LIBPC): $(LIBPC).in
 selinuxswig_python_exception.i: ../include/selinux/selinux.h
 	bash exception.sh > $@ 
 
-audit2why.lo: audit2why.c
+$(PYPREFIX)audit2why.lo: audit2why.c
 	$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
 
-$(AUDIT2WHYSO): audit2why.lo
+$(AUDIT2WHYSO): $(PYPREFIX)audit2why.lo
 	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
 
 %.o:  %.c policy.h
@@ -123,8 +124,8 @@ install: all 
 
 install-pywrap: pywrap
 	test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux
-	install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux
-	install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
+	install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux/_selinux.so
+	install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux/audit2why.so
 	install -m 644  selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
 
 install-rubywrap: rubywrap
diff -up libselinux-2.0.96/src/matchpathcon.c.rhat libselinux-2.0.96/src/matchpathcon.c
--- libselinux-2.0.96/src/matchpathcon.c.rhat	2010-06-16 08:03:39.000000000 -0400
+++ libselinux-2.0.96/src/matchpathcon.c	2010-08-04 15:21:39.000000000 -0400
@@ -2,6 +2,7 @@
 #include <string.h>
 #include <errno.h>
 #include <stdio.h>
+#include <syslog.h>
 #include "selinux_internal.h"
 #include "label_internal.h"
 #include "callbacks.h"
@@ -57,7 +58,7 @@ static void
 {
 	va_list ap;
 	va_start(ap, fmt);
-	vfprintf(stderr, fmt, ap);
+	vsyslog(LOG_ERR, fmt, ap);
 	va_end(ap);
 }
 
diff -up libselinux-2.0.96/src/selinuxswig_python.i.rhat libselinux-2.0.96/src/selinuxswig_python.i
--- libselinux-2.0.96/src/selinuxswig_python.i.rhat	2010-06-16 08:03:39.000000000 -0400
+++ libselinux-2.0.96/src/selinuxswig_python.i	2010-08-23 10:27:44.000000000 -0400
@@ -45,7 +45,7 @@ def install(src, dest):
 	PyObject* list = PyList_New(*$2);
 	int i;
 	for (i = 0; i < *$2; i++) {
-		PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
+		PyList_SetItem(list, i, PyBytes_FromString((*$1)[i]));
 	}
 	$result = SWIG_Python_AppendOutput($result, list);
 }
@@ -74,7 +74,9 @@ def install(src, dest):
 			len++;
 		plist = PyList_New(len);
 		for (i = 0; i < len; i++) {
-			PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+			PyList_SetItem(plist, i, 
+                                       PyBytes_FromString((*$1)[i])
+                                       );
 		}
 	} else {
 		plist = PyList_New(0);
@@ -91,7 +93,9 @@ def install(src, dest):
 	if (*$1) {
 		plist = PyList_New(result);
 		for (i = 0; i < result; i++) {
-			PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+			PyList_SetItem(plist, i, 
+                                       PyBytes_FromString((*$1)[i])
+                                       );
 		}
 	} else {
 		plist = PyList_New(0);
@@ -144,16 +148,20 @@ def install(src, dest):
 	$1 = (char**) malloc(size + 1);
 
 	for(i = 0; i < size; i++) {
-		if (!PyString_Check(PySequence_GetItem($input, i))) {
-			PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+		if (!PyBytes_Check(PySequence_GetItem($input, i))) {
+			PyErr_SetString(PyExc_ValueError, "Sequence must contain only bytes");
+
 			return NULL;
 		}
+
 	}
 		
 	for(i = 0; i < size; i++) {
 		s = PySequence_GetItem($input, i);
-		$1[i] = (char*) malloc(PyString_Size(s) + 1);
-		strcpy($1[i], PyString_AsString(s));
+
+		$1[i] = (char*) malloc(PyBytes_Size(s) + 1);
+		strcpy($1[i], PyBytes_AsString(s));
+
 	}
 	$1[size] = NULL;
 }