From 3898d8da394c10c5d05a9997b33bbe07a98719dc Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sep 30 2008 13:30:18 +0000 Subject: - Update to Upstream New man pages from Dan Walsh. Update flask headers from refpolicy trunk from Dan Walsh. --- diff --git a/.cvsignore b/.cvsignore index 334847d..41c168e 100644 --- a/.cvsignore +++ b/.cvsignore @@ -156,3 +156,4 @@ libselinux-2.0.67.tgz libselinux-2.0.69.tgz libselinux-2.0.70.tgz libselinux-2.0.71.tgz +libselinux-2.0.73.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index fa37891..94d8da7 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,433 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.71/include/selinux/av_permissions.h ---- nsalibselinux/include/selinux/av_permissions.h 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.71/include/selinux/av_permissions.h 2008-09-24 07:41:57.000000000 -0400 -@@ -85,6 +85,7 @@ - #define DIR__REPARENT 0x00080000UL - #define DIR__SEARCH 0x00100000UL - #define DIR__RMDIR 0x00200000UL -+#define DIR__OPEN 0x00400000UL - #define FILE__IOCTL 0x00000001UL - #define FILE__READ 0x00000002UL - #define FILE__WRITE 0x00000004UL -@@ -105,6 +106,7 @@ - #define FILE__EXECUTE_NO_TRANS 0x00020000UL - #define FILE__ENTRYPOINT 0x00040000UL - #define FILE__EXECMOD 0x00080000UL -+#define FILE__OPEN 0x00100000UL - #define LNK_FILE__IOCTL 0x00000001UL - #define LNK_FILE__READ 0x00000002UL - #define LNK_FILE__WRITE 0x00000004UL -@@ -142,6 +144,7 @@ - #define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL - #define CHR_FILE__ENTRYPOINT 0x00040000UL - #define CHR_FILE__EXECMOD 0x00080000UL -+#define CHR_FILE__OPEN 0x00100000UL - #define BLK_FILE__IOCTL 0x00000001UL - #define BLK_FILE__READ 0x00000002UL - #define BLK_FILE__WRITE 0x00000004UL -@@ -159,6 +162,7 @@ - #define BLK_FILE__SWAPON 0x00004000UL - #define BLK_FILE__QUOTAON 0x00008000UL - #define BLK_FILE__MOUNTON 0x00010000UL -+#define BLK_FILE__OPEN 0x00020000UL - #define SOCK_FILE__IOCTL 0x00000001UL - #define SOCK_FILE__READ 0x00000002UL - #define SOCK_FILE__WRITE 0x00000004UL -@@ -193,6 +197,7 @@ - #define FIFO_FILE__SWAPON 0x00004000UL - #define FIFO_FILE__QUOTAON 0x00008000UL - #define FIFO_FILE__MOUNTON 0x00010000UL -+#define FIFO_FILE__OPEN 0x00020000UL - #define FD__USE 0x00000001UL - #define SOCKET__IOCTL 0x00000001UL - #define SOCKET__READ 0x00000002UL -@@ -547,91 +552,102 @@ - #define PASSWD__CHSH 0x00000004UL - #define PASSWD__ROOTOK 0x00000008UL - #define PASSWD__CRONTAB 0x00000010UL --#define DRAWABLE__CREATE 0x00000001UL --#define DRAWABLE__DESTROY 0x00000002UL --#define DRAWABLE__DRAW 0x00000004UL --#define DRAWABLE__COPY 0x00000008UL --#define DRAWABLE__GETATTR 0x00000010UL --#define GC__CREATE 0x00000001UL --#define GC__FREE 0x00000002UL --#define GC__GETATTR 0x00000004UL --#define GC__SETATTR 0x00000008UL --#define WINDOW__ADDCHILD 0x00000001UL --#define WINDOW__CREATE 0x00000002UL --#define WINDOW__DESTROY 0x00000004UL --#define WINDOW__MAP 0x00000008UL --#define WINDOW__UNMAP 0x00000010UL --#define WINDOW__CHSTACK 0x00000020UL --#define WINDOW__CHPROPLIST 0x00000040UL --#define WINDOW__CHPROP 0x00000080UL --#define WINDOW__LISTPROP 0x00000100UL --#define WINDOW__GETATTR 0x00000200UL --#define WINDOW__SETATTR 0x00000400UL --#define WINDOW__SETFOCUS 0x00000800UL --#define WINDOW__MOVE 0x00001000UL --#define WINDOW__CHSELECTION 0x00002000UL --#define WINDOW__CHPARENT 0x00004000UL --#define WINDOW__CTRLLIFE 0x00008000UL --#define WINDOW__ENUMERATE 0x00010000UL --#define WINDOW__TRANSPARENT 0x00020000UL --#define WINDOW__MOUSEMOTION 0x00040000UL --#define WINDOW__CLIENTCOMEVENT 0x00080000UL --#define WINDOW__INPUTEVENT 0x00100000UL --#define WINDOW__DRAWEVENT 0x00200000UL --#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL --#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL --#define WINDOW__SERVERCHANGEEVENT 0x01000000UL --#define WINDOW__EXTENSIONEVENT 0x02000000UL --#define FONT__LOAD 0x00000001UL --#define FONT__FREE 0x00000002UL --#define FONT__GETATTR 0x00000004UL --#define FONT__USE 0x00000008UL --#define COLORMAP__CREATE 0x00000001UL --#define COLORMAP__FREE 0x00000002UL --#define COLORMAP__INSTALL 0x00000004UL --#define COLORMAP__UNINSTALL 0x00000008UL --#define COLORMAP__LIST 0x00000010UL --#define COLORMAP__READ 0x00000020UL --#define COLORMAP__STORE 0x00000040UL --#define COLORMAP__GETATTR 0x00000080UL --#define COLORMAP__SETATTR 0x00000100UL --#define PROPERTY__CREATE 0x00000001UL --#define PROPERTY__FREE 0x00000002UL --#define PROPERTY__READ 0x00000004UL --#define PROPERTY__WRITE 0x00000008UL --#define CURSOR__CREATE 0x00000001UL --#define CURSOR__CREATEGLYPH 0x00000002UL --#define CURSOR__FREE 0x00000004UL --#define CURSOR__ASSIGN 0x00000008UL --#define CURSOR__SETATTR 0x00000010UL --#define XCLIENT__KILL 0x00000001UL --#define XINPUT__LOOKUP 0x00000001UL --#define XINPUT__GETATTR 0x00000002UL --#define XINPUT__SETATTR 0x00000004UL --#define XINPUT__SETFOCUS 0x00000008UL --#define XINPUT__WARPPOINTER 0x00000010UL --#define XINPUT__ACTIVEGRAB 0x00000020UL --#define XINPUT__PASSIVEGRAB 0x00000040UL --#define XINPUT__UNGRAB 0x00000080UL --#define XINPUT__BELL 0x00000100UL --#define XINPUT__MOUSEMOTION 0x00000200UL --#define XINPUT__RELABELINPUT 0x00000400UL --#define XSERVER__SCREENSAVER 0x00000001UL --#define XSERVER__GETHOSTLIST 0x00000002UL --#define XSERVER__SETHOSTLIST 0x00000004UL --#define XSERVER__GETFONTPATH 0x00000008UL --#define XSERVER__SETFONTPATH 0x00000010UL --#define XSERVER__GETATTR 0x00000020UL --#define XSERVER__GRAB 0x00000040UL --#define XSERVER__UNGRAB 0x00000080UL --#define XEXTENSION__QUERY 0x00000001UL --#define XEXTENSION__USE 0x00000002UL --#define PAX__PAGEEXEC 0x00000001UL --#define PAX__EMUTRAMP 0x00000002UL --#define PAX__MPROTECT 0x00000004UL --#define PAX__RANDMMAP 0x00000008UL --#define PAX__RANDEXEC 0x00000010UL --#define PAX__SEGMEXEC 0x00000020UL -+#define X_DRAWABLE__CREATE 0x00000001UL -+#define X_DRAWABLE__DESTROY 0x00000002UL -+#define X_DRAWABLE__READ 0x00000004UL -+#define X_DRAWABLE__WRITE 0x00000008UL -+#define X_DRAWABLE__BLEND 0x00000010UL -+#define X_DRAWABLE__GETATTR 0x00000020UL -+#define X_DRAWABLE__SETATTR 0x00000040UL -+#define X_DRAWABLE__LIST_CHILD 0x00000080UL -+#define X_DRAWABLE__ADD_CHILD 0x00000100UL -+#define X_DRAWABLE__REMOVE_CHILD 0x00000200UL -+#define X_DRAWABLE__LIST_PROPERTY 0x00000400UL -+#define X_DRAWABLE__GET_PROPERTY 0x00000800UL -+#define X_DRAWABLE__SET_PROPERTY 0x00001000UL -+#define X_DRAWABLE__MANAGE 0x00002000UL -+#define X_DRAWABLE__OVERRIDE 0x00004000UL -+#define X_DRAWABLE__SHOW 0x00008000UL -+#define X_DRAWABLE__HIDE 0x00010000UL -+#define X_DRAWABLE__SEND 0x00020000UL -+#define X_DRAWABLE__RECEIVE 0x00040000UL -+#define X_SCREEN__GETATTR 0x00000001UL -+#define X_SCREEN__SETATTR 0x00000002UL -+#define X_SCREEN__HIDE_CURSOR 0x00000004UL -+#define X_SCREEN__SHOW_CURSOR 0x00000008UL -+#define X_SCREEN__SAVER_GETATTR 0x00000010UL -+#define X_SCREEN__SAVER_SETATTR 0x00000020UL -+#define X_SCREEN__SAVER_HIDE 0x00000040UL -+#define X_SCREEN__SAVER_SHOW 0x00000080UL -+#define X_GC__CREATE 0x00000001UL -+#define X_GC__DESTROY 0x00000002UL -+#define X_GC__GETATTR 0x00000004UL -+#define X_GC__SETATTR 0x00000008UL -+#define X_GC__USE 0x00000010UL -+#define X_FONT__CREATE 0x00000001UL -+#define X_FONT__DESTROY 0x00000002UL -+#define X_FONT__GETATTR 0x00000004UL -+#define X_FONT__ADD_GLYPH 0x00000008UL -+#define X_FONT__REMOVE_GLYPH 0x00000010UL -+#define X_FONT__USE 0x00000020UL -+#define X_COLORMAP__CREATE 0x00000001UL -+#define X_COLORMAP__DESTROY 0x00000002UL -+#define X_COLORMAP__READ 0x00000004UL -+#define X_COLORMAP__WRITE 0x00000008UL -+#define X_COLORMAP__GETATTR 0x00000010UL -+#define X_COLORMAP__ADD_COLOR 0x00000020UL -+#define X_COLORMAP__REMOVE_COLOR 0x00000040UL -+#define X_COLORMAP__INSTALL 0x00000080UL -+#define X_COLORMAP__UNINSTALL 0x00000100UL -+#define X_COLORMAP__USE 0x00000200UL -+#define X_PROPERTY__CREATE 0x00000001UL -+#define X_PROPERTY__DESTROY 0x00000002UL -+#define X_PROPERTY__READ 0x00000004UL -+#define X_PROPERTY__WRITE 0x00000008UL -+#define X_PROPERTY__APPEND 0x00000010UL -+#define X_PROPERTY__GETATTR 0x00000020UL -+#define X_PROPERTY__SETATTR 0x00000040UL -+#define X_SELECTION__READ 0x00000001UL -+#define X_SELECTION__WRITE 0x00000002UL -+#define X_SELECTION__GETATTR 0x00000004UL -+#define X_SELECTION__SETATTR 0x00000008UL -+#define X_CURSOR__CREATE 0x00000001UL -+#define X_CURSOR__DESTROY 0x00000002UL -+#define X_CURSOR__READ 0x00000004UL -+#define X_CURSOR__WRITE 0x00000008UL -+#define X_CURSOR__GETATTR 0x00000010UL -+#define X_CURSOR__SETATTR 0x00000020UL -+#define X_CURSOR__USE 0x00000040UL -+#define X_CLIENT__DESTROY 0x00000001UL -+#define X_CLIENT__GETATTR 0x00000002UL -+#define X_CLIENT__SETATTR 0x00000004UL -+#define X_CLIENT__MANAGE 0x00000008UL -+#define X_DEVICE__GETATTR 0x00000001UL -+#define X_DEVICE__SETATTR 0x00000002UL -+#define X_DEVICE__USE 0x00000004UL -+#define X_DEVICE__READ 0x00000008UL -+#define X_DEVICE__WRITE 0x00000010UL -+#define X_DEVICE__GETFOCUS 0x00000020UL -+#define X_DEVICE__SETFOCUS 0x00000040UL -+#define X_DEVICE__BELL 0x00000080UL -+#define X_DEVICE__FORCE_CURSOR 0x00000100UL -+#define X_DEVICE__FREEZE 0x00000200UL -+#define X_DEVICE__GRAB 0x00000400UL -+#define X_DEVICE__MANAGE 0x00000800UL -+#define X_SERVER__GETATTR 0x00000001UL -+#define X_SERVER__SETATTR 0x00000002UL -+#define X_SERVER__RECORD 0x00000004UL -+#define X_SERVER__DEBUG 0x00000008UL -+#define X_SERVER__GRAB 0x00000010UL -+#define X_SERVER__MANAGE 0x00000020UL -+#define X_EXTENSION__QUERY 0x00000001UL -+#define X_EXTENSION__USE 0x00000002UL -+#define X_RESOURCE__READ 0x00000001UL -+#define X_RESOURCE__WRITE 0x00000002UL -+#define X_EVENT__SEND 0x00000001UL -+#define X_EVENT__RECEIVE 0x00000002UL -+#define X_SYNTHETIC_EVENT__SEND 0x00000001UL -+#define X_SYNTHETIC_EVENT__RECEIVE 0x00000002UL - #define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL - #define NETLINK_ROUTE_SOCKET__READ 0x00000002UL - #define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL -@@ -798,6 +814,7 @@ - #define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL - #define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL - #define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL -+#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT 0x04000000UL - #define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL - #define NETLINK_IP6FW_SOCKET__READ 0x00000002UL - #define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL -@@ -1004,3 +1021,6 @@ - #define DB_BLOB__IMPORT 0x00000100UL - #define DB_BLOB__EXPORT 0x00000200UL - #define PEER__RECV 0x00000001UL -+#define X_APPLICATION_DATA__PASTE 0x00000001UL -+#define X_APPLICATION_DATA__PASTE_AFTER_CONFIRM 0x00000002UL -+#define X_APPLICATION_DATA__COPY 0x00000004UL -diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libselinux-2.0.71/include/selinux/flask.h ---- nsalibselinux/include/selinux/flask.h 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.71/include/selinux/flask.h 2008-09-24 07:41:57.000000000 -0400 -@@ -35,18 +35,18 @@ - #define SECCLASS_SHM 28 - #define SECCLASS_IPC 29 - #define SECCLASS_PASSWD 30 --#define SECCLASS_DRAWABLE 31 --#define SECCLASS_WINDOW 32 --#define SECCLASS_GC 33 --#define SECCLASS_FONT 34 --#define SECCLASS_COLORMAP 35 --#define SECCLASS_PROPERTY 36 --#define SECCLASS_CURSOR 37 --#define SECCLASS_XCLIENT 38 --#define SECCLASS_XINPUT 39 --#define SECCLASS_XSERVER 40 --#define SECCLASS_XEXTENSION 41 --#define SECCLASS_PAX 42 -+#define SECCLASS_X_DRAWABLE 31 -+#define SECCLASS_X_SCREEN 32 -+#define SECCLASS_X_GC 33 -+#define SECCLASS_X_FONT 34 -+#define SECCLASS_X_COLORMAP 35 -+#define SECCLASS_X_PROPERTY 36 -+#define SECCLASS_X_SELECTION 37 -+#define SECCLASS_X_CURSOR 38 -+#define SECCLASS_X_CLIENT 39 -+#define SECCLASS_X_DEVICE 40 -+#define SECCLASS_X_SERVER 41 -+#define SECCLASS_X_EXTENSION 42 - #define SECCLASS_NETLINK_ROUTE_SOCKET 43 - #define SECCLASS_NETLINK_FIREWALL_SOCKET 44 - #define SECCLASS_NETLINK_TCPDIAG_SOCKET 45 -@@ -74,6 +74,10 @@ - #define SECCLASS_DB_BLOB 67 - #define SECCLASS_PEER 68 - #define SECCLASS_CAPABILITY2 69 -+#define SECCLASS_X_RESOURCE 70 -+#define SECCLASS_X_EVENT 71 -+#define SECCLASS_X_SYNTHETIC_EVENT 72 -+#define SECCLASS_X_APPLICATION_DATA 73 - - /* - * Security identifier indices for initial entities -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_get_initial_sid.3 libselinux-2.0.71/man/man3/avc_get_initial_sid.3 ---- nsalibselinux/man/man3/avc_get_initial_sid.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/avc_get_initial_sid.3 2008-09-24 08:44:16.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/avc_context_to_sid.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/fgetfilecon.3 libselinux-2.0.71/man/man3/fgetfilecon.3 ---- nsalibselinux/man/man3/fgetfilecon.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/fgetfilecon.3 2008-09-24 07:41:57.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/getfilecon.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_default_type.3 libselinux-2.0.71/man/man3/get_default_type.3 ---- nsalibselinux/man/man3/get_default_type.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/get_default_type.3 2008-09-24 08:40:51.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/get_ordered_context_list.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getkeycreatecon.3 libselinux-2.0.71/man/man3/getkeycreatecon.3 ---- nsalibselinux/man/man3/getkeycreatecon.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/getkeycreatecon.3 2008-09-24 07:41:57.000000000 -0400 -@@ -0,0 +1,38 @@ -+.TH "getkeycreatecon" "3" "9 September 2008" "dwalsh@redhat.com from russell@coker.com.au" "SELinux API documentation" -+.SH "NAME" -+getkeycreatecon, setkeycreatecon \- get or set the SELinux security context used for creating a new kernel keyrings. -+ -+.SH "SYNOPSIS" -+.B #include -+.sp -+.BI "int getkeycreatecon(security_context_t *" con ); -+ -+.BI "int setkeycreatecon(security_context_t "context ); -+ -+.SH "DESCRIPTION" -+.B getkeycreatecon -+retrieves the context used for creating a new kernel keyring. -+This returned context should be freed with freecon if non-NULL. -+getkeycreatecon sets *con to NULL if no keycreate context has been explicitly -+set by the program (i.e. using the default policy behavior). -+ -+.B setkeycreatecon -+sets the context used for creating a new kernel keyring. -+NULL can be passed to -+setkeycreatecon to reset to the default policy behavior. -+The keycreate context is automatically reset after the next execve, so a -+program doesn't need to explicitly sanitize it upon startup. -+ -+setkeycreatecon can be applied prior to library -+functions that internally perform an file creation, -+in order to set an file context on the objects. -+ -+ -+Note: Signal handlers that perform an setkeycreate must take care to -+save, reset, and restore the keycreate context to avoid unexpected behavior. -+.SH "RETURN VALUE" -+On error -1 is returned. -+On success 0 is returned. -+ -+.SH "SEE ALSO" -+.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getsockcreatecon.3 libselinux-2.0.71/man/man3/getsockcreatecon.3 ---- nsalibselinux/man/man3/getsockcreatecon.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/getsockcreatecon.3 2008-09-24 08:49:48.000000000 -0400 -@@ -0,0 +1,38 @@ -+.TH "getsockcreatecon" "3" "24 September 2008" "dwalsh@redhat.com from russell@coker.com.au" "SELinux API documentation" -+.SH "NAME" -+getsockcreatecon, setsockcreatecon \- get or set the SELinux security context used for creating a new labeled sockets. -+ -+.SH "SYNOPSIS" -+.B #include -+.sp -+.BI "int getsockcreatecon(security_context_t *" con ); -+ -+.BI "int setsockcreatecon(security_context_t "context ); -+ -+.SH "DESCRIPTION" -+.B getsockcreatecon -+retrieves the context used for creating a new labeled network socket. -+This returned context should be freed with freecon if non-NULL. -+getsockcreatecon sets *con to NULL if no sockcreate context has been explicitly -+set by the program (i.e. using the default policy behavior). -+ -+.B setsockcreatecon -+sets the context used for creating a new labeled network sockets -+NULL can be passed to -+setsockcreatecon to reset to the default policy behavior. -+The sockcreate context is automatically reset after the next execve, so a -+program doesn't need to explicitly sanitize it upon startup. -+ -+setsockcreatecon can be applied prior to library -+functions that internally perform an file creation, -+in order to set an file context on the objects. -+ -+ -+Note: Signal handlers that perform an setsockcreate must take care to -+save, reset, and restore the sockcreate context to avoid unexpected behavior. -+.SH "RETURN VALUE" -+On error -1 is returned. -+On success 0 is returned. -+ -+.SH "SEE ALSO" -+.BR selinux "(8), " freecon "(3), " getcon "(3) -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_selinux_enabled.3 libselinux-2.0.71/man/man3/is_selinux_enabled.3 ---- nsalibselinux/man/man3/is_selinux_enabled.3 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.71/man/man3/is_selinux_enabled.3 2008-09-24 07:48:20.000000000 -0400 -@@ -1,14 +1,22 @@ - .TH "is_selinux_enabled" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation" - .SH "NAME" - is_selinux_enabled \- check whether SELinux is enabled -+ -+.SH "NAME" -+is_selinux_mls_enabled \- check whether SELinux is enabled for (Multi Level Securty) MLS - .SH "SYNOPSIS" - .B #include - .sp - .B int is_selinux_enabled(); - -+.B int is_selinux_mls_enabled(); -+ - .SH "DESCRIPTION" - .B is_selinux_enabled --returns 1 if SELinux is running or 0 if it is not. May change soon. -+returns 1 if SELinux is running or 0 if it is not. -+ -+.B is_selinux_mls_enabled -+returns 1 if SELinux is running in MLS mode or 0 if it is not. - - .SH "SEE ALSO" - .BR selinux "(8)" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_selinux_mls_enabled.3 libselinux-2.0.71/man/man3/is_selinux_mls_enabled.3 ---- nsalibselinux/man/man3/is_selinux_mls_enabled.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/is_selinux_mls_enabled.3 2008-09-24 07:47:56.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/is_selinux_enabled.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/lgetfilecon.3 libselinux-2.0.71/man/man3/lgetfilecon.3 ---- nsalibselinux/man/man3/lgetfilecon.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/lgetfilecon.3 2008-09-24 07:41:57.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/getfilecon.3 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.71/man/man3/matchpathcon.3 --- nsalibselinux/man/man3/matchpathcon.3 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.71/man/man3/matchpathcon.3 2008-09-26 09:56:50.000000000 -0400 ++++ libselinux-2.0.71/man/man3/matchpathcon.3 2008-09-26 10:21:43.000000000 -0400 @@ -18,6 +18,11 @@ .BI "void set_matchpathcon_flags(unsigned int " flags ");" @@ -453,179 +26,19 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libse .sp .SH "RETURN VALUE" -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon_fini.3 libselinux-2.0.71/man/man3/matchpathcon_fini.3 ---- nsalibselinux/man/man3/matchpathcon_fini.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/matchpathcon_fini.3 2008-09-24 08:38:17.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/matchpathcon.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon_init.3 libselinux-2.0.71/man/man3/matchpathcon_init.3 ---- nsalibselinux/man/man3/matchpathcon_init.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/matchpathcon_init.3 2008-09-24 08:38:00.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/matchpathcon.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-2.0.71/man/man3/selinux_binary_policy_path.3 ---- nsalibselinux/man/man3/selinux_binary_policy_path.3 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.71/man/man3/selinux_binary_policy_path.3 2008-09-24 08:18:47.000000000 -0400 -@@ -1,6 +1,6 @@ - .TH "selinux_binary_policy_path" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation" - .SH "NAME" --selinux_policy_root, selinux_binary_policy_path, -+selinux_path, selinux_policy_root, selinux_binary_policy_path, - selinux_failsafe_context_path, selinux_removable_context_path, - selinux_default_context_path, selinux_user_contexts_path, - selinux_file_context_path, selinux_media_context_path, -@@ -11,6 +11,8 @@ - .B #include - .sp - -+extern const char *selinux_path(void); -+ - extern const char *selinux_policy_root(void); - - extern const char *selinux_binary_policy_path(void); -@@ -23,6 +25,10 @@ - - extern const char *selinux_user_contexts_path(void); - -+extern const char *selinux_usersconf_path(void); -+ -+extern const char *selinux_x_context_path(void); -+ - extern const char *selinux_file_context_path(void); - - extern const char *selinux_media_context_path(void); -@@ -40,10 +46,14 @@ - directories and files based on the settings in /etc/selinux/config. - - .sp -+selinux_path() - top-level SELinux configuration directory -+.sp - selinux_policy_root() - top-level policy directory - .sp - selinux_binary_policy_path() - binary policy file loaded into kernel - .sp -+selinux_default_type_path - context file mapping roles to default types. -+.sp - selinux_failsafe_context_path() - failsafe context for emergency logins - .sp - selinux_removable_context_path() - filesystem context for removable media -@@ -52,7 +62,17 @@ - .sp - selinux_user_contexts_path() - directory containing per-user default contexts - .sp --selinux_file_context_path() - file contexts configuration -+selinux_usersconf_path() - file containing mapping between Linux Users and SELinux users -+.sp -+selinux_x_context_path() - file containing configuration for XSELinux extension -+.sp -+selinux_netfilter_context_path - default netfilter context -+.sp -+selinux_file_context_path() - default sysstem file contexts configuration -+.sp -+selinux_file_context_local_path() - local customization file contexts configuration -+.sp -+selinux_file_context_homedir_path() - home directory file contexts configuration - .sp - selinux_media_context_path() - file contexts for media device nodes - .sp -@@ -67,4 +87,3 @@ - - .SH "SEE ALSO" - .BR selinux "(8)" -- -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_default_type_path.3 libselinux-2.0.71/man/man3/selinux_default_type_path.3 ---- nsalibselinux/man/man3/selinux_default_type_path.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_default_type_path.3 2008-09-24 08:19:09.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/selinux_binary_policy_path.3 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_cmp.3 libselinux-2.0.71/man/man3/selinux_file_context_cmp.3 --- nsalibselinux/man/man3/selinux_file_context_cmp.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_file_context_cmp.3 2008-09-26 09:57:51.000000000 -0400 ++++ libselinux-2.0.71/man/man3/selinux_file_context_cmp.3 2008-09-26 10:21:43.000000000 -0400 @@ -0,0 +1 @@ +.so man3/matchpathcon.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_homedir_path.3 libselinux-2.0.71/man/man3/selinux_file_context_homedir_path.3 ---- nsalibselinux/man/man3/selinux_file_context_homedir_path.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_file_context_homedir_path.3 2008-09-24 08:17:07.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/selinux_binary_policy_path.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_local_path.3 libselinux-2.0.71/man/man3/selinux_file_context_local_path.3 ---- nsalibselinux/man/man3/selinux_file_context_local_path.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_file_context_local_path.3 2008-09-24 08:17:14.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/selinux_binary_policy_path.3 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_verify.3 libselinux-2.0.71/man/man3/selinux_file_context_verify.3 --- nsalibselinux/man/man3/selinux_file_context_verify.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_file_context_verify.3 2008-09-26 09:57:30.000000000 -0400 ++++ libselinux-2.0.71/man/man3/selinux_file_context_verify.3 2008-09-26 10:21:43.000000000 -0400 @@ -0,0 +1 @@ +.so man3/matchpathcon.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getpolicytype.3 libselinux-2.0.71/man/man3/selinux_getpolicytype.3 ---- nsalibselinux/man/man3/selinux_getpolicytype.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_getpolicytype.3 2008-09-24 07:42:23.000000000 -0400 -@@ -0,0 +1,21 @@ -+.TH "selinux_getpolicytype" "3" "24 Sep 2008" "dwalsh@redhat.com" "SELinux API documentation" -+.SH "NAME" -+selinux_getpolicytype \- get the type of SELinux policy running on the system -+.SH "SYNOPSIS" -+.B #include -+.sp -+.B int selinux_getpolicytype(); -+ -+ -+.SH "DESCRIPTION" -+.B selinux_getpolicytype -+Reads the contents of the /etc/selinux/config file to determine the SELinux policy used on the system. -+ -+.SH "RETURN VALUE" -+On success, zero is returned. -+On failure, -1 is returned. -+ -+.SH "SEE ALSO" -+.BR selinux "(8)" -+ -+ -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_homedir_context_path.3 libselinux-2.0.71/man/man3/selinux_homedir_context_path.3 ---- nsalibselinux/man/man3/selinux_homedir_context_path.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_homedir_context_path.3 2008-09-24 08:36:35.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/selinux_binary_policy_path.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_netfilter_context_path.3 libselinux-2.0.71/man/man3/selinux_netfilter_context_path.3 ---- nsalibselinux/man/man3/selinux_netfilter_context_path.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_netfilter_context_path.3 2008-09-24 08:36:44.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/selinux_binary_policy_path.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_path.3 libselinux-2.0.71/man/man3/selinux_path.3 ---- nsalibselinux/man/man3/selinux_path.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_path.3 2008-09-24 08:02:28.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/selinux_binary_policy_path.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_usersconf_path.3 libselinux-2.0.71/man/man3/selinux_usersconf_path.3 ---- nsalibselinux/man/man3/selinux_usersconf_path.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_usersconf_path.3 2008-09-24 08:36:00.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/selinux_binary_policy_path.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_x_context_path.3 libselinux-2.0.71/man/man3/selinux_x_context_path.3 ---- nsalibselinux/man/man3/selinux_x_context_path.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/selinux_x_context_path.3 2008-09-24 08:36:08.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/selinux_binary_policy_path.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/set_matchpathcon_flags.3 libselinux-2.0.71/man/man3/set_matchpathcon_flags.3 ---- nsalibselinux/man/man3/set_matchpathcon_flags.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/set_matchpathcon_flags.3 2008-09-24 08:42:03.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/matchpathcon.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setkeycreatecon.3 libselinux-2.0.71/man/man3/setkeycreatecon.3 ---- nsalibselinux/man/man3/setkeycreatecon.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/setkeycreatecon.3 2008-09-24 07:41:57.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/getkeycreatecon.3 -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setsockcreatecon.3 libselinux-2.0.71/man/man3/setsockcreatecon.3 ---- nsalibselinux/man/man3/setsockcreatecon.3 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man3/setsockcreatecon.3 2008-09-24 08:46:55.000000000 -0400 -@@ -0,0 +1 @@ -+.so man3/getsockcreatecon.3 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.71/man/man8/selinuxconlist.8 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man8/selinuxconlist.8 2008-09-24 07:41:57.000000000 -0400 ++++ libselinux-2.0.71/man/man8/selinuxconlist.8 2008-09-26 10:21:43.000000000 -0400 @@ -0,0 +1,18 @@ +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -647,7 +60,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib +secon(8), selinuxdefcon(8) diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.71/man/man8/selinuxdefcon.8 --- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.71/man/man8/selinuxdefcon.8 2008-09-24 07:41:57.000000000 -0400 ++++ libselinux-2.0.71/man/man8/selinuxdefcon.8 2008-09-26 10:21:43.000000000 -0400 @@ -0,0 +1,19 @@ +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -668,233 +81,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs + +.SH "SEE ALSO" +secon(8), selinuxconlist(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/av_perm_to_string.h libselinux-2.0.71/src/av_perm_to_string.h ---- nsalibselinux/src/av_perm_to_string.h 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.71/src/av_perm_to_string.h 2008-09-24 07:41:57.000000000 -0400 -@@ -14,12 +14,17 @@ - S_(SECCLASS_DIR, DIR__REPARENT, "reparent") - S_(SECCLASS_DIR, DIR__SEARCH, "search") - S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") -+ S_(SECCLASS_DIR, DIR__OPEN, "open") - S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") - S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") - S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") -+ S_(SECCLASS_FILE, FILE__OPEN, "open") - S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") - S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") - S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") -+ S_(SECCLASS_CHR_FILE, CHR_FILE__OPEN, "open") -+ S_(SECCLASS_BLK_FILE, BLK_FILE__OPEN, "open") -+ S_(SECCLASS_FIFO_FILE, FIFO_FILE__OPEN, "open") - S_(SECCLASS_FD, FD__USE, "use") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") -@@ -140,91 +145,102 @@ - S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") - S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok") - S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab") -- S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create") -- S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy") -- S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw") -- S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy") -- S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr") -- S_(SECCLASS_GC, GC__CREATE, "create") -- S_(SECCLASS_GC, GC__FREE, "free") -- S_(SECCLASS_GC, GC__GETATTR, "getattr") -- S_(SECCLASS_GC, GC__SETATTR, "setattr") -- S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild") -- S_(SECCLASS_WINDOW, WINDOW__CREATE, "create") -- S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy") -- S_(SECCLASS_WINDOW, WINDOW__MAP, "map") -- S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap") -- S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack") -- S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist") -- S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop") -- S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop") -- S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr") -- S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr") -- S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus") -- S_(SECCLASS_WINDOW, WINDOW__MOVE, "move") -- S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection") -- S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent") -- S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife") -- S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate") -- S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent") -- S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion") -- S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent") -- S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent") -- S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent") -- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent") -- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest") -- S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent") -- S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent") -- S_(SECCLASS_FONT, FONT__LOAD, "load") -- S_(SECCLASS_FONT, FONT__FREE, "free") -- S_(SECCLASS_FONT, FONT__GETATTR, "getattr") -- S_(SECCLASS_FONT, FONT__USE, "use") -- S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create") -- S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free") -- S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install") -- S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall") -- S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list") -- S_(SECCLASS_COLORMAP, COLORMAP__READ, "read") -- S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store") -- S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr") -- S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr") -- S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create") -- S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free") -- S_(SECCLASS_PROPERTY, PROPERTY__READ, "read") -- S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write") -- S_(SECCLASS_CURSOR, CURSOR__CREATE, "create") -- S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph") -- S_(SECCLASS_CURSOR, CURSOR__FREE, "free") -- S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign") -- S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr") -- S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill") -- S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup") -- S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr") -- S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr") -- S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus") -- S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer") -- S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab") -- S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab") -- S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab") -- S_(SECCLASS_XINPUT, XINPUT__BELL, "bell") -- S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion") -- S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput") -- S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver") -- S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist") -- S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist") -- S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath") -- S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath") -- S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr") -- S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab") -- S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab") -- S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query") -- S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use") -- S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec") -- S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp") -- S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect") -- S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap") -- S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec") -- S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__CREATE, "create") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__DESTROY, "destroy") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__READ, "read") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__WRITE, "write") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__BLEND, "blend") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__GETATTR, "getattr") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__SETATTR, "setattr") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__LIST_CHILD, "list_child") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__ADD_CHILD, "add_child") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__REMOVE_CHILD, "remove_child") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__LIST_PROPERTY, "list_property") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__GET_PROPERTY, "get_property") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__SET_PROPERTY, "set_property") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__MANAGE, "manage") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__OVERRIDE, "override") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__SHOW, "show") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__HIDE, "hide") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__SEND, "send") -+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__RECEIVE, "receive") -+ S_(SECCLASS_X_SCREEN, X_SCREEN__GETATTR, "getattr") -+ S_(SECCLASS_X_SCREEN, X_SCREEN__SETATTR, "setattr") -+ S_(SECCLASS_X_SCREEN, X_SCREEN__HIDE_CURSOR, "hide_cursor") -+ S_(SECCLASS_X_SCREEN, X_SCREEN__SHOW_CURSOR, "show_cursor") -+ S_(SECCLASS_X_SCREEN, X_SCREEN__SAVER_GETATTR, "saver_getattr") -+ S_(SECCLASS_X_SCREEN, X_SCREEN__SAVER_SETATTR, "saver_setattr") -+ S_(SECCLASS_X_SCREEN, X_SCREEN__SAVER_HIDE, "saver_hide") -+ S_(SECCLASS_X_SCREEN, X_SCREEN__SAVER_SHOW, "saver_show") -+ S_(SECCLASS_X_GC, X_GC__CREATE, "create") -+ S_(SECCLASS_X_GC, X_GC__DESTROY, "destroy") -+ S_(SECCLASS_X_GC, X_GC__GETATTR, "getattr") -+ S_(SECCLASS_X_GC, X_GC__SETATTR, "setattr") -+ S_(SECCLASS_X_GC, X_GC__USE, "use") -+ S_(SECCLASS_X_FONT, X_FONT__CREATE, "create") -+ S_(SECCLASS_X_FONT, X_FONT__DESTROY, "destroy") -+ S_(SECCLASS_X_FONT, X_FONT__GETATTR, "getattr") -+ S_(SECCLASS_X_FONT, X_FONT__ADD_GLYPH, "add_glyph") -+ S_(SECCLASS_X_FONT, X_FONT__REMOVE_GLYPH, "remove_glyph") -+ S_(SECCLASS_X_FONT, X_FONT__USE, "use") -+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__CREATE, "create") -+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__DESTROY, "destroy") -+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__READ, "read") -+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__WRITE, "write") -+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__GETATTR, "getattr") -+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__ADD_COLOR, "add_color") -+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__REMOVE_COLOR, "remove_color") -+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__INSTALL, "install") -+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__UNINSTALL, "uninstall") -+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__USE, "use") -+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__CREATE, "create") -+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__DESTROY, "destroy") -+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__READ, "read") -+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__WRITE, "write") -+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__APPEND, "append") -+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__GETATTR, "getattr") -+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__SETATTR, "setattr") -+ S_(SECCLASS_X_SELECTION, X_SELECTION__READ, "read") -+ S_(SECCLASS_X_SELECTION, X_SELECTION__WRITE, "write") -+ S_(SECCLASS_X_SELECTION, X_SELECTION__GETATTR, "getattr") -+ S_(SECCLASS_X_SELECTION, X_SELECTION__SETATTR, "setattr") -+ S_(SECCLASS_X_CURSOR, X_CURSOR__CREATE, "create") -+ S_(SECCLASS_X_CURSOR, X_CURSOR__DESTROY, "destroy") -+ S_(SECCLASS_X_CURSOR, X_CURSOR__READ, "read") -+ S_(SECCLASS_X_CURSOR, X_CURSOR__WRITE, "write") -+ S_(SECCLASS_X_CURSOR, X_CURSOR__GETATTR, "getattr") -+ S_(SECCLASS_X_CURSOR, X_CURSOR__SETATTR, "setattr") -+ S_(SECCLASS_X_CURSOR, X_CURSOR__USE, "use") -+ S_(SECCLASS_X_CLIENT, X_CLIENT__DESTROY, "destroy") -+ S_(SECCLASS_X_CLIENT, X_CLIENT__GETATTR, "getattr") -+ S_(SECCLASS_X_CLIENT, X_CLIENT__SETATTR, "setattr") -+ S_(SECCLASS_X_CLIENT, X_CLIENT__MANAGE, "manage") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__GETATTR, "getattr") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__SETATTR, "setattr") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__USE, "use") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__READ, "read") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__WRITE, "write") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__GETFOCUS, "getfocus") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__SETFOCUS, "setfocus") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__BELL, "bell") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__FORCE_CURSOR, "force_cursor") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__FREEZE, "freeze") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__GRAB, "grab") -+ S_(SECCLASS_X_DEVICE, X_DEVICE__MANAGE, "manage") -+ S_(SECCLASS_X_SERVER, X_SERVER__GETATTR, "getattr") -+ S_(SECCLASS_X_SERVER, X_SERVER__SETATTR, "setattr") -+ S_(SECCLASS_X_SERVER, X_SERVER__RECORD, "record") -+ S_(SECCLASS_X_SERVER, X_SERVER__DEBUG, "debug") -+ S_(SECCLASS_X_SERVER, X_SERVER__GRAB, "grab") -+ S_(SECCLASS_X_SERVER, X_SERVER__MANAGE, "manage") -+ S_(SECCLASS_X_EXTENSION, X_EXTENSION__QUERY, "query") -+ S_(SECCLASS_X_EXTENSION, X_EXTENSION__USE, "use") -+ S_(SECCLASS_X_RESOURCE, X_RESOURCE__READ, "read") -+ S_(SECCLASS_X_RESOURCE, X_RESOURCE__WRITE, "write") -+ S_(SECCLASS_X_EVENT, X_EVENT__SEND, "send") -+ S_(SECCLASS_X_EVENT, X_EVENT__RECEIVE, "receive") -+ S_(SECCLASS_X_SYNTHETIC_EVENT, X_SYNTHETIC_EVENT__SEND, "send") -+ S_(SECCLASS_X_SYNTHETIC_EVENT, X_SYNTHETIC_EVENT__RECEIVE, "receive") - S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") - S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") - S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") -@@ -237,6 +253,7 @@ - S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write") - S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay") - S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv") -+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT, "nlmsg_tty_audit") - S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read") - S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write") - S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc") -@@ -303,3 +320,6 @@ - S_(SECCLASS_DB_BLOB, DB_BLOB__IMPORT, "import") - S_(SECCLASS_DB_BLOB, DB_BLOB__EXPORT, "export") - S_(SECCLASS_PEER, PEER__RECV, "recv") -+ S_(SECCLASS_X_APPLICATION_DATA, X_APPLICATION_DATA__PASTE, "paste") -+ S_(SECCLASS_X_APPLICATION_DATA, X_APPLICATION_DATA__PASTE_AFTER_CONFIRM, "paste_after_confirm") -+ S_(SECCLASS_X_APPLICATION_DATA, X_APPLICATION_DATA__COPY, "copy") diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.71/src/callbacks.c --- nsalibselinux/src/callbacks.c 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.71/src/callbacks.c 2008-09-24 07:41:57.000000000 -0400 ++++ libselinux-2.0.71/src/callbacks.c 2008-09-26 10:21:43.000000000 -0400 @@ -16,6 +16,7 @@ { int rc; @@ -903,51 +92,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2. va_start(ap, fmt); rc = vfprintf(stderr, fmt, ap); va_end(ap); -diff --exclude-from=exclude -N -u -r nsalibselinux/src/class_to_string.h libselinux-2.0.71/src/class_to_string.h ---- nsalibselinux/src/class_to_string.h 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.71/src/class_to_string.h 2008-09-24 07:41:57.000000000 -0400 -@@ -33,18 +33,18 @@ - S_("shm") - S_("ipc") - S_("passwd") -- S_("drawable") -- S_("window") -- S_("gc") -- S_("font") -- S_("colormap") -- S_("property") -- S_("cursor") -- S_("xclient") -- S_("xinput") -- S_("xserver") -- S_("xextension") -- S_("pax") -+ S_("x_drawable") -+ S_("x_screen") -+ S_("x_gc") -+ S_("x_font") -+ S_("x_colormap") -+ S_("x_property") -+ S_("x_selection") -+ S_("x_cursor") -+ S_("x_client") -+ S_("x_device") -+ S_("x_server") -+ S_("x_extension") - S_("netlink_route_socket") - S_("netlink_firewall_socket") - S_("netlink_tcpdiag_socket") -@@ -72,3 +72,7 @@ - S_("db_blob") - S_("peer") - S_("capability2") -+ S_("x_resource") -+ S_("x_event") -+ S_("x_synthetic_event") -+ S_("x_application_data") diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.71/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.71/src/matchpathcon.c 2008-09-24 07:41:57.000000000 -0400 ++++ libselinux-2.0.71/src/matchpathcon.c 2008-09-26 10:21:43.000000000 -0400 @@ -2,6 +2,7 @@ #include #include @@ -967,7 +114,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.71/utils/matchpathcon.c --- nsalibselinux/utils/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.71/utils/matchpathcon.c 2008-09-26 09:42:51.000000000 -0400 ++++ libselinux-2.0.71/utils/matchpathcon.c 2008-09-26 10:21:43.000000000 -0400 @@ -106,12 +106,12 @@ if (verify) { diff --git a/libselinux.spec b/libselinux.spec index 75191c1..2c1ffd5 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -4,8 +4,8 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.71 -Release: 6%{?dist} +Version: 2.0.73 +Release: 1%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -163,6 +163,11 @@ exit 0 %{ruby_sitearch}/selinux.so %changelog +* Tue Sep 30 2008 Dan Walsh - 2.0.73-1 +- Update to Upstream + * New man pages from Dan Walsh. + * Update flask headers from refpolicy trunk from Dan Walsh. + * Fri Sep 26 2008 Dan Walsh - 2.0.71-6 - Fix matchpathcon -V call diff --git a/sources b/sources index 0c94398..b64c7d8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5d59c1105c777f8520978ee00ab46656 libselinux-2.0.71.tgz +3fb779dd1d9e06190f37dc26f31c7ff7 libselinux-2.0.73.tgz