From e965369c57e3dd43ed383062e30fc4ac9c763229 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Jan 08 2016 21:39:45 +0000 Subject: libselinux-2.5-0.99.rc1.1.fc24 Update to upstream rc1 release 2016-01-07 --- diff --git a/.gitignore b/.gitignore index bfada18..9e8c171 100644 --- a/.gitignore +++ b/.gitignore @@ -201,3 +201,4 @@ libselinux-2.0.96.tgz /libselinux-2.3.tgz /libselinux-2.3.tar.gz /libselinux-2.4.tar.gz +/libselinux-2.5-rc1.tar.gz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index afbed40..ad1c2de 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,18 +1,18 @@ -diff --git libselinux-2.4/Makefile libselinux-2.4/Makefile +diff --git libselinux-2.5-rc1/Makefile libselinux-2.5-rc1/Makefile index 6142b60..bdf9de8 100644 ---- libselinux-2.4/Makefile -+++ libselinux-2.4/Makefile +--- libselinux-2.5-rc1/Makefile ++++ libselinux-2.5-rc1/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = src include utils man +SUBDIRS = src include utils man golang DISABLE_AVC ?= n DISABLE_SETRANS ?= n -diff --git libselinux-2.4/golang/Makefile libselinux-2.4/golang/Makefile +diff --git libselinux-2.5-rc1/golang/Makefile libselinux-2.5-rc1/golang/Makefile new file mode 100644 index 0000000..b75677b --- /dev/null -+++ libselinux-2.4/golang/Makefile ++++ libselinux-2.5-rc1/golang/Makefile @@ -0,0 +1,22 @@ +# Installation directories. +PREFIX ?= $(DESTDIR)/usr @@ -36,11 +36,11 @@ index 0000000..b75677b +indent: + +relabel: -diff --git libselinux-2.4/golang/selinux.go libselinux-2.4/golang/selinux.go +diff --git libselinux-2.5-rc1/golang/selinux.go libselinux-2.5-rc1/golang/selinux.go new file mode 100644 index 0000000..34bf6bb --- /dev/null -+++ libselinux-2.4/golang/selinux.go ++++ libselinux-2.5-rc1/golang/selinux.go @@ -0,0 +1,412 @@ +package selinux + @@ -454,11 +454,11 @@ index 0000000..34bf6bb + fmt.Println(Getfscreatecon()) + fmt.Println(Getpidcon(1)) +} -diff --git libselinux-2.4/golang/test.go libselinux-2.4/golang/test.go +diff --git libselinux-2.5-rc1/golang/test.go libselinux-2.5-rc1/golang/test.go new file mode 100644 index 0000000..fed6de8 --- /dev/null -+++ libselinux-2.4/golang/test.go ++++ libselinux-2.5-rc1/golang/test.go @@ -0,0 +1,9 @@ +package main + @@ -469,170 +469,10 @@ index 0000000..fed6de8 +func main() { + selinux.Test() +} -diff --git libselinux-2.4/include/selinux/selinux.h libselinux-2.4/include/selinux/selinux.h -index d0eb5c6..4beb170 100644 ---- libselinux-2.4/include/selinux/selinux.h -+++ libselinux-2.4/include/selinux/selinux.h -@@ -543,6 +543,7 @@ extern const char *selinux_virtual_image_context_path(void); - extern const char *selinux_lxc_contexts_path(void); - extern const char *selinux_x_context_path(void); - extern const char *selinux_sepgsql_context_path(void); -+extern const char *selinux_openssh_contexts_path(void); - extern const char *selinux_systemd_contexts_path(void); - extern const char *selinux_contexts_path(void); - extern const char *selinux_securetty_types_path(void); -diff --git libselinux-2.4/man/man3/getfscreatecon.3 libselinux-2.4/man/man3/getfscreatecon.3 -index e348d3b..8cc4df5 100644 ---- libselinux-2.4/man/man3/getfscreatecon.3 -+++ libselinux-2.4/man/man3/getfscreatecon.3 -@@ -49,6 +49,11 @@ Signal handlers that perform a - must take care to - save, reset, and restore the fscreate context to avoid unexpected behavior. - . -+ -+.br -+.B Note: -+Contexts are thread specific. -+ - .SH "RETURN VALUE" - On error \-1 is returned. - On success 0 is returned. -diff --git libselinux-2.4/man/man3/getkeycreatecon.3 libselinux-2.4/man/man3/getkeycreatecon.3 -index 4d70f10..b51008d 100644 ---- libselinux-2.4/man/man3/getkeycreatecon.3 -+++ libselinux-2.4/man/man3/getkeycreatecon.3 -@@ -48,6 +48,10 @@ Signal handlers that perform a - .BR setkeycreatecon () - must take care to - save, reset, and restore the keycreate context to avoid unexpected behavior. -+ -+.br -+.B Note: -+Contexts are thread specific. - . - .SH "RETURN VALUE" - On error \-1 is returned. -diff --git libselinux-2.4/man/man3/getsockcreatecon.3 libselinux-2.4/man/man3/getsockcreatecon.3 -index 4dd8f30..26086d9 100644 ---- libselinux-2.4/man/man3/getsockcreatecon.3 -+++ libselinux-2.4/man/man3/getsockcreatecon.3 -@@ -49,6 +49,11 @@ Signal handlers that perform a - must take care to - save, reset, and restore the sockcreate context to avoid unexpected behavior. - . -+ -+.br -+.B Note: -+Contexts are thread specific. -+ - .SH "RETURN VALUE" - On error \-1 is returned. - On success 0 is returned. -diff --git libselinux-2.4/man/man3/matchpathcon.3 libselinux-2.4/man/man3/matchpathcon.3 -index 1bc7ba1..177f15d 100644 ---- libselinux-2.4/man/man3/matchpathcon.3 -+++ libselinux-2.4/man/man3/matchpathcon.3 -@@ -7,7 +7,7 @@ matchpathcon, matchpathcon_index \- get the default SELinux security context for - .sp - .BI "int matchpathcon_init(const char *" path ");" - .sp --.BI "int matchpathcon_init_prefix(const char *" path ", const char *" subset ");" -+.BI "int matchpathcon_init_prefix(const char *" path ", const char *" prefix ");" - .sp - .BI "int matchpathcon_fini(void);" - .sp -@@ -16,6 +16,24 @@ matchpathcon, matchpathcon_index \- get the default SELinux security context for - .BI "int matchpathcon_index(const char *" name ", mode_t " mode ", char **" con ");" - . - .SH "DESCRIPTION" -+ -+This family of functions is deprecated. For new code, please use -+.BR selabel_open (3) -+with the -+.B SELABEL_CTX_FILE -+backend in place of -+.BR matchpathcon_init (), -+use -+.BR selabel_close (3) -+in place of -+.BR matchpathcon_fini (), -+and use -+.BR selabel_lookup (3) -+in place of -+.BR matchpathcon (). -+ -+The remaining description below is for the legacy interface. -+ - .BR matchpathcon_init () - loads the file contexts configuration specified by - .I path -@@ -41,9 +59,16 @@ customizations. - .BR matchpathcon_init_prefix () - is the same as - .BR matchpathcon_init () --but only loads entries with regular expressions that have stems prefixed --by --.I \%prefix. -+but only loads entries with regular expressions whose first pathname -+component is a prefix of -+.I \%prefix -+, e.g. pass "/dev" if you only intend to call -+.BR matchpathcon () -+with pathnames beginning with /dev. -+However, this optimization is no longer necessary due to the use of -+.I file_contexts.bin -+files with precompiled regular expressions, so use of this interface -+is deprecated. - - .BR matchpathcon_fini () - frees the memory allocated by a prior call to -@@ -54,7 +79,17 @@ calls, or to free memory when finished using - .BR matchpathcon (). - - .BR matchpathcon () --matches the specified pathname and mode against the file contexts -+matches the specified -+.I pathname, -+after transformation via -+.BR realpath (3) -+excepting any final symbolic link component if S_IFLNK was -+specified as the -+.I mode, -+and -+.I mode -+against the -+.I file contexts - configuration and sets the security context - .I con - to refer to the -diff --git libselinux-2.4/man/man5/selabel_file.5 libselinux-2.4/man/man5/selabel_file.5 -index 79eca95..e738824 100644 ---- libselinux-2.4/man/man5/selabel_file.5 -+++ libselinux-2.4/man/man5/selabel_file.5 -@@ -55,7 +55,9 @@ A non-null value for this option specifies a path to a file that will be opened - A non-null value for this option indicates that any local customizations to the file contexts mapping should be ignored. - .TP - .B SELABEL_OPT_SUBSET --A non-null value for this option is interpreted as a path prefix, for example "/etc". Only file context specifications starting with the given prefix are loaded. This may increase lookup performance, however any attempt to look up a path not starting with the given prefix will fail. -+A non-null value for this option is interpreted as a path prefix, for example "/etc". Only file context specifications with starting with a first component that prefix matches the given prefix are loaded. This may increase lookup performance, however any attempt to look up a path not starting with the given prefix may fail. This optimization is no longer required due to the use of -+.I file_contexts.bin -+files and is deprecated. - .RE - . - .SH "FILES" -@@ -206,7 +208,7 @@ component with \fI/var/www\fR, therefore the path used is: - If contexts are to be validated, then the global option \fBSELABEL_OPT_VALIDATE\fR must be set before calling \fBselabel_open\fR(3). If this is not set, then it is possible for an invalid context to be returned. - .IP "2." 4 - If the size of file contexts series of files contain many entries, then \fBselabel_open\fR(3) may have a delay as it reads in the files, and if --requested validates the entries. If possible use the \fBSELABEL_OPT_SUBSET\fR option to reduce the number of entries processed. -+requested validates the entries. - .IP "3." 4 - Depending on the version of SELinux it is possible that a \fIfile_contexts.template\fR file may also be present, however this is now deprecated. - .br -diff --git libselinux-2.4/man/man8/selinux.8 libselinux-2.4/man/man8/selinux.8 -index 9e3bdc4..fd20363 100644 ---- libselinux-2.4/man/man8/selinux.8 -+++ libselinux-2.4/man/man8/selinux.8 +diff --git libselinux-2.5-rc1/man/man8/selinux.8 libselinux-2.5-rc1/man/man8/selinux.8 +index 6f1034b..c9f188c 100644 +--- libselinux-2.5-rc1/man/man8/selinux.8 ++++ libselinux-2.5-rc1/man/man8/selinux.8 @@ -91,11 +91,13 @@ This manual page was written by Dan Walsh . .BR sepolicy (8), .BR system-config-selinux (8), @@ -649,75 +489,10 @@ index 9e3bdc4..fd20363 100644 Every confined service on the system has a man page in the following format: .br -diff --git libselinux-2.4/src/Makefile libselinux-2.4/src/Makefile -index 82cb6ed..ac25c1f 100644 ---- libselinux-2.4/src/Makefile -+++ libselinux-2.4/src/Makefile -@@ -59,7 +59,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi - -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \ - -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \ - -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \ -- -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat \ -+ -Wdisabled-optimization -Wbuiltin-macro-redefined -Wpacked-bitfield-compat \ - -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \ - -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \ - -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \ -diff --git libselinux-2.4/src/avc.c libselinux-2.4/src/avc.c -index 2bd7d13..b1ec57f 100644 ---- libselinux-2.4/src/avc.c -+++ libselinux-2.4/src/avc.c -@@ -288,7 +288,7 @@ void avc_av_stats(void) - - avc_release_lock(avc_lock); - -- avc_log(SELINUX_INFO, "%s: %d AV entries and %d/%d buckets used, " -+ avc_log(SELINUX_INFO, "%s: %u AV entries and %d/%d buckets used, " - "longest chain length %d\n", avc_prefix, - avc_cache.active_nodes, - slots_used, AVC_CACHE_SLOTS, max_chain_len); -@@ -471,7 +471,7 @@ static int avc_insert(security_id_t ssid, security_id_t tsid, - - if (ae->avd.seqno < avc_cache.latest_notif) { - avc_log(SELINUX_WARNING, -- "%s: seqno %d < latest_notif %d\n", avc_prefix, -+ "%s: seqno %u < latest_notif %u\n", avc_prefix, - ae->avd.seqno, avc_cache.latest_notif); - errno = EAGAIN; - rc = -1; -diff --git libselinux-2.4/src/avc_internal.c libselinux-2.4/src/avc_internal.c -index f735e73..be94857 100644 ---- libselinux-2.4/src/avc_internal.c -+++ libselinux-2.4/src/avc_internal.c -@@ -125,14 +125,14 @@ static int avc_netlink_receive(char *buf, unsigned buflen, int blocking) - - if (nladdrlen != sizeof nladdr) { - avc_log(SELINUX_WARNING, -- "%s: warning: netlink address truncated, len %d?\n", -+ "%s: warning: netlink address truncated, len %u?\n", - avc_prefix, nladdrlen); - return -1; - } - - if (nladdr.nl_pid) { - avc_log(SELINUX_WARNING, -- "%s: warning: received spoofed netlink packet from: %d\n", -+ "%s: warning: received spoofed netlink packet from: %u\n", - avc_prefix, nladdr.nl_pid); - return -1; - } -@@ -197,7 +197,7 @@ static int avc_netlink_process(char *buf) - case SELNL_MSG_POLICYLOAD:{ - struct selnl_msg_policyload *msg = NLMSG_DATA(nlh); - avc_log(SELINUX_INFO, -- "%s: received policyload notice (seqno=%d)\n", -+ "%s: received policyload notice (seqno=%u)\n", - avc_prefix, msg->seqno); - rc = avc_ss_reset(msg->seqno); - if (rc < 0) { -diff --git libselinux-2.4/src/avc_sidtab.c libselinux-2.4/src/avc_sidtab.c -index 52f21df..c775430 100644 ---- libselinux-2.4/src/avc_sidtab.c -+++ libselinux-2.4/src/avc_sidtab.c +diff --git libselinux-2.5-rc1/src/avc_sidtab.c libselinux-2.5-rc1/src/avc_sidtab.c +index 9669264..c775430 100644 +--- libselinux-2.5-rc1/src/avc_sidtab.c ++++ libselinux-2.5-rc1/src/avc_sidtab.c @@ -81,6 +81,11 @@ sidtab_context_to_sid(struct sidtab *s, int hvalue, rc = 0; struct sidtab_node *cur; @@ -730,19 +505,10 @@ index 52f21df..c775430 100644 *sid = NULL; hvalue = sidtab_hash(ctx); -@@ -124,7 +129,7 @@ void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) - } - - snprintf(buf, buflen, -- "%s: %d SID entries and %d/%d buckets used, longest " -+ "%s: %u SID entries and %d/%d buckets used, longest " - "chain length %d\n", avc_prefix, h->nel, slots_used, - SIDTAB_SIZE, max_chain_len); - } -diff --git libselinux-2.4/src/canonicalize_context.c libselinux-2.4/src/canonicalize_context.c +diff --git libselinux-2.5-rc1/src/canonicalize_context.c libselinux-2.5-rc1/src/canonicalize_context.c index 7cf3139..364a746 100644 ---- libselinux-2.4/src/canonicalize_context.c -+++ libselinux-2.4/src/canonicalize_context.c +--- libselinux-2.5-rc1/src/canonicalize_context.c ++++ libselinux-2.5-rc1/src/canonicalize_context.c @@ -17,6 +17,11 @@ int security_canonicalize_context_raw(const char * con, size_t size; int fd, ret; @@ -755,71 +521,10 @@ index 7cf3139..364a746 100644 if (!selinux_mnt) { errno = ENOENT; return -1; -diff --git libselinux-2.4/src/checkAccess.c libselinux-2.4/src/checkAccess.c -index ee85ebc..8de5747 100644 ---- libselinux-2.4/src/checkAccess.c -+++ libselinux-2.4/src/checkAccess.c -@@ -8,10 +8,28 @@ - #include "avc_internal.h" - - static pthread_once_t once = PTHREAD_ONCE_INIT; -+static int selinux_enabled; -+ -+static int avc_reset_callback(uint32_t event __attribute__((unused)), -+ security_id_t ssid __attribute__((unused)), -+ security_id_t tsid __attribute__((unused)), -+ security_class_t tclass __attribute__((unused)), -+ access_vector_t perms __attribute__((unused)), -+ access_vector_t *out_retained __attribute__((unused))) -+{ -+ flush_class_cache(); -+ return 0; -+} - - static void avc_init_once(void) - { -- avc_open(NULL, 0); -+ selinux_enabled = is_selinux_enabled(); -+ if (selinux_enabled == 1) { -+ if (avc_open(NULL, 0)) -+ return; -+ avc_add_callback(avc_reset_callback, AVC_CALLBACK_RESET, -+ 0, 0, 0, 0); -+ } - } - - int selinux_check_access(const char *scon, const char *tcon, const char *class, const char *perm, void *aux) { -@@ -21,18 +39,20 @@ int selinux_check_access(const char *scon, const char *tcon, const char *class, - security_class_t sclass; - access_vector_t av; - -- if (is_selinux_enabled() == 0) -- return 0; -- - __selinux_once(once, avc_init_once); - -+ if (selinux_enabled != 1) -+ return 0; -+ - rc = avc_context_to_sid(scon, &scon_id); - if (rc < 0) - return rc; - -- rc = avc_context_to_sid(tcon, &tcon_id); -- if (rc < 0) -- return rc; -+ rc = avc_context_to_sid(tcon, &tcon_id); -+ if (rc < 0) -+ return rc; -+ -+ (void) avc_netlink_check_nb(); - - sclass = string_to_security_class(class); - if (sclass == 0) { -diff --git libselinux-2.4/src/check_context.c libselinux-2.4/src/check_context.c +diff --git libselinux-2.5-rc1/src/check_context.c libselinux-2.5-rc1/src/check_context.c index 52063fa..234749c 100644 ---- libselinux-2.4/src/check_context.c -+++ libselinux-2.4/src/check_context.c +--- libselinux-2.5-rc1/src/check_context.c ++++ libselinux-2.5-rc1/src/check_context.c @@ -14,6 +14,11 @@ int security_check_context_raw(const char * con) char path[PATH_MAX]; int fd, ret; @@ -832,10 +537,10 @@ index 52063fa..234749c 100644 if (!selinux_mnt) { errno = ENOENT; return -1; -diff --git libselinux-2.4/src/compute_av.c libselinux-2.4/src/compute_av.c +diff --git libselinux-2.5-rc1/src/compute_av.c libselinux-2.5-rc1/src/compute_av.c index 937e5c3..35ace7f 100644 ---- libselinux-2.4/src/compute_av.c -+++ libselinux-2.4/src/compute_av.c +--- libselinux-2.5-rc1/src/compute_av.c ++++ libselinux-2.5-rc1/src/compute_av.c @@ -26,6 +26,11 @@ int security_compute_av_flags_raw(const char * scon, return -1; } @@ -848,10 +553,10 @@ index 937e5c3..35ace7f 100644 snprintf(path, sizeof path, "%s/access", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) -diff --git libselinux-2.4/src/compute_create.c libselinux-2.4/src/compute_create.c +diff --git libselinux-2.5-rc1/src/compute_create.c libselinux-2.5-rc1/src/compute_create.c index 9559d42..14a65d1 100644 ---- libselinux-2.4/src/compute_create.c -+++ libselinux-2.4/src/compute_create.c +--- libselinux-2.5-rc1/src/compute_create.c ++++ libselinux-2.5-rc1/src/compute_create.c @@ -64,6 +64,11 @@ int security_compute_create_name_raw(const char * scon, return -1; } @@ -864,10 +569,10 @@ index 9559d42..14a65d1 100644 snprintf(path, sizeof path, "%s/create", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) -diff --git libselinux-2.4/src/compute_member.c libselinux-2.4/src/compute_member.c +diff --git libselinux-2.5-rc1/src/compute_member.c libselinux-2.5-rc1/src/compute_member.c index 1fc7e41..065d996 100644 ---- libselinux-2.4/src/compute_member.c -+++ libselinux-2.4/src/compute_member.c +--- libselinux-2.5-rc1/src/compute_member.c ++++ libselinux-2.5-rc1/src/compute_member.c @@ -25,6 +25,11 @@ int security_compute_member_raw(const char * scon, return -1; } @@ -880,10 +585,10 @@ index 1fc7e41..065d996 100644 snprintf(path, sizeof path, "%s/member", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) -diff --git libselinux-2.4/src/compute_relabel.c libselinux-2.4/src/compute_relabel.c +diff --git libselinux-2.5-rc1/src/compute_relabel.c libselinux-2.5-rc1/src/compute_relabel.c index 4615aee..cc77f36 100644 ---- libselinux-2.4/src/compute_relabel.c -+++ libselinux-2.4/src/compute_relabel.c +--- libselinux-2.5-rc1/src/compute_relabel.c ++++ libselinux-2.5-rc1/src/compute_relabel.c @@ -25,6 +25,11 @@ int security_compute_relabel_raw(const char * scon, return -1; } @@ -896,10 +601,10 @@ index 4615aee..cc77f36 100644 snprintf(path, sizeof path, "%s/relabel", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) -diff --git libselinux-2.4/src/compute_user.c libselinux-2.4/src/compute_user.c +diff --git libselinux-2.5-rc1/src/compute_user.c libselinux-2.5-rc1/src/compute_user.c index b37c5d3..7703c26 100644 ---- libselinux-2.4/src/compute_user.c -+++ libselinux-2.4/src/compute_user.c +--- libselinux-2.5-rc1/src/compute_user.c ++++ libselinux-2.5-rc1/src/compute_user.c @@ -24,6 +24,11 @@ int security_compute_user_raw(const char * scon, return -1; } @@ -912,58 +617,10 @@ index b37c5d3..7703c26 100644 snprintf(path, sizeof path, "%s/user", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) -diff --git libselinux-2.4/src/enabled.c libselinux-2.4/src/enabled.c -index 5c252dd..bb659a9 100644 ---- libselinux-2.4/src/enabled.c -+++ libselinux-2.4/src/enabled.c -@@ -11,26 +11,14 @@ - - int is_selinux_enabled(void) - { -- int enabled = 0; -- char * con; -- - /* init_selinuxmnt() gets called before this function. We - * will assume that if a selinux file system is mounted, then - * selinux is enabled. */ -- if (selinux_mnt) { -- -- /* Since a file system is mounted, we consider selinux -- * enabled. If getcon_raw fails, selinux is still enabled. -- * We only consider it disabled if no policy is loaded. */ -- enabled = 1; -- if (getcon_raw(&con) == 0) { -- if (!strcmp(con, "kernel")) -- enabled = 0; -- freecon(con); -- } -- } -- -- return enabled; -+#ifdef ANDROID -+ return (selinux_mnt ? 1 : 0); -+#else -+ return (selinux_mnt && has_selinux_config); -+#endif - } - - hidden_def(is_selinux_enabled) -diff --git libselinux-2.4/src/file_path_suffixes.h libselinux-2.4/src/file_path_suffixes.h -index 3c92424..d1f9b48 100644 ---- libselinux-2.4/src/file_path_suffixes.h -+++ libselinux-2.4/src/file_path_suffixes.h -@@ -23,6 +23,7 @@ S_(BINPOLICY, "/policy/policy") - S_(VIRTUAL_DOMAIN, "/contexts/virtual_domain_context") - S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context") - S_(LXC_CONTEXTS, "/contexts/lxc_contexts") -+ S_(OPENSSH_CONTEXTS, "/contexts/openssh_contexts") - S_(SYSTEMD_CONTEXTS, "/contexts/systemd_contexts") - S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs") - S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist") -diff --git libselinux-2.4/src/fsetfilecon.c libselinux-2.4/src/fsetfilecon.c +diff --git libselinux-2.5-rc1/src/fsetfilecon.c libselinux-2.5-rc1/src/fsetfilecon.c index 52707d0..0cbe12d 100644 ---- libselinux-2.4/src/fsetfilecon.c -+++ libselinux-2.4/src/fsetfilecon.c +--- libselinux-2.5-rc1/src/fsetfilecon.c ++++ libselinux-2.5-rc1/src/fsetfilecon.c @@ -9,8 +9,12 @@ int fsetfilecon_raw(int fd, const char * context) @@ -979,170 +636,10 @@ index 52707d0..0cbe12d 100644 if (rc < 0 && errno == ENOTSUP) { char * ccontext = NULL; int err = errno; -diff --git libselinux-2.4/src/init.c libselinux-2.4/src/init.c -index 6d1ef33..3c687a2 100644 ---- libselinux-2.4/src/init.c -+++ libselinux-2.4/src/init.c -@@ -21,6 +21,8 @@ char *selinux_mnt = NULL; - int selinux_page_size = 0; - int obj_class_compat = 1; - -+int has_selinux_config = 0; -+ - /* Verify the mount point for selinux file system has a selinuxfs. - If the file system: - * Exist, -@@ -151,6 +153,9 @@ static void init_lib(void) - { - selinux_page_size = sysconf(_SC_PAGE_SIZE); - init_selinuxmnt(); -+#ifndef ANDROID -+ has_selinux_config = (access(SELINUXCONFIG, F_OK) == 0); -+#endif - } - - static void fini_lib(void) __attribute__ ((destructor)); -diff --git libselinux-2.4/src/label_android_property.c libselinux-2.4/src/label_android_property.c -index b00eb07..5e1b76e 100644 ---- libselinux-2.4/src/label_android_property.c -+++ libselinux-2.4/src/label_android_property.c -@@ -101,7 +101,7 @@ static int process_line(struct selabel_handle *rec, - items = sscanf(line_buf, "%255s %255s", prop, context); - if (items != 2) { - selinux_log(SELINUX_WARNING, -- "%s: line %d is missing fields, skipping\n", path, -+ "%s: line %u is missing fields, skipping\n", path, - lineno); - return 0; - } -@@ -111,7 +111,7 @@ static int process_line(struct selabel_handle *rec, - spec_arr[nspec].property_key = strdup(prop); - if (!spec_arr[nspec].property_key) { - selinux_log(SELINUX_WARNING, -- "%s: out of memory at line %d on prop %s\n", -+ "%s: out of memory at line %u on prop %s\n", - path, lineno, prop); - return -1; - -@@ -120,7 +120,7 @@ static int process_line(struct selabel_handle *rec, - spec_arr[nspec].lr.ctx_raw = strdup(context); - if (!spec_arr[nspec].lr.ctx_raw) { - selinux_log(SELINUX_WARNING, -- "%s: out of memory at line %d on context %s\n", -+ "%s: out of memory at line %u on context %s\n", - path, lineno, context); - return -1; - } -diff --git libselinux-2.4/src/label_db.c libselinux-2.4/src/label_db.c -index 999dd46..1b48735 100644 ---- libselinux-2.4/src/label_db.c -+++ libselinux-2.4/src/label_db.c -@@ -105,12 +105,12 @@ process_line(const char *path, char *line_buf, unsigned int line_num, - * - */ - type = key = context = temp = NULL; -- items = sscanf(line_buf, "%as %as %as %as", -+ items = sscanf(line_buf, "%ms %ms %ms %ms", - &type, &key, &context, &temp); - if (items != 3) { - if (items > 0) - selinux_log(SELINUX_WARNING, -- "%s: line %d has invalid format, skipped", -+ "%s: line %u has invalid format, skipped", - path, line_num); - goto skip; - } -@@ -146,7 +146,7 @@ process_line(const char *path, char *line_buf, unsigned int line_num, - spec->type = SELABEL_DB_DATATYPE; - else { - selinux_log(SELINUX_WARNING, -- "%s: line %d has invalid object type %s\n", -+ "%s: line %u has invalid object type %s\n", - path, line_num, type); - goto skip; - } -diff --git libselinux-2.4/src/label_file.c libselinux-2.4/src/label_file.c -index 8e7b288..2a43310 100644 ---- libselinux-2.4/src/label_file.c -+++ libselinux-2.4/src/label_file.c -@@ -170,10 +170,10 @@ static int process_line(struct selabel_handle *rec, - /* Skip comment lines and empty lines. */ - if (*buf_p == '#' || *buf_p == 0) - return 0; -- items = sscanf(line_buf, "%as %as %as", ®ex, &type, &context); -+ items = sscanf(line_buf, "%ms %ms %ms", ®ex, &type, &context); - if (items < 2) { - COMPAT_LOG(SELINUX_WARNING, -- "%s: line %d is missing fields, skipping\n", path, -+ "%s: line %u is missing fields, skipping\n", path, - lineno); - if (items == 1) - free(regex); -@@ -204,7 +204,7 @@ static int process_line(struct selabel_handle *rec, - spec_arr[nspec].stem_id = find_stem_from_spec(data, regex); - spec_arr[nspec].regex_str = regex; - if (rec->validating && compile_regex(data, &spec_arr[nspec], &errbuf)) { -- COMPAT_LOG(SELINUX_WARNING, "%s: line %d has invalid regex %s: %s\n", -+ COMPAT_LOG(SELINUX_WARNING, "%s: line %u has invalid regex %s: %s\n", - path, lineno, regex, (errbuf ? errbuf : "out of memory")); - } - -@@ -214,7 +214,7 @@ static int process_line(struct selabel_handle *rec, - if (type) { - mode_t mode = string_to_mode(type); - if (mode == (mode_t)-1) { -- COMPAT_LOG(SELINUX_WARNING, "%s: line %d has invalid file type %s\n", -+ COMPAT_LOG(SELINUX_WARNING, "%s: line %u has invalid file type %s\n", - path, lineno, type); - mode = 0; - } -diff --git libselinux-2.4/src/label_media.c libselinux-2.4/src/label_media.c -index 227785f..a09486b 100644 ---- libselinux-2.4/src/label_media.c -+++ libselinux-2.4/src/label_media.c -@@ -44,10 +44,10 @@ static int process_line(const char *path, char *line_buf, int pass, - /* Skip comment lines and empty lines. */ - if (*buf_p == '#' || *buf_p == 0) - return 0; -- items = sscanf(line_buf, "%as %as ", &key, &context); -+ items = sscanf(line_buf, "%ms %ms ", &key, &context); - if (items < 2) { - selinux_log(SELINUX_WARNING, -- "%s: line %d is missing fields, skipping\n", path, -+ "%s: line %u is missing fields, skipping\n", path, - lineno); - if (items == 1) - free(key); -diff --git libselinux-2.4/src/label_x.c libselinux-2.4/src/label_x.c -index 896ef02..8435b76 100644 ---- libselinux-2.4/src/label_x.c -+++ libselinux-2.4/src/label_x.c -@@ -46,10 +46,10 @@ static int process_line(const char *path, char *line_buf, int pass, - /* Skip comment lines and empty lines. */ - if (*buf_p == '#' || *buf_p == 0) - return 0; -- items = sscanf(line_buf, "%as %as %as ", &type, &key, &context); -+ items = sscanf(line_buf, "%ms %ms %ms ", &type, &key, &context); - if (items < 3) { - selinux_log(SELINUX_WARNING, -- "%s: line %d is missing fields, skipping\n", path, -+ "%s: line %u is missing fields, skipping\n", path, - lineno); - if (items > 0) - free(type); -@@ -76,7 +76,7 @@ static int process_line(const char *path, char *line_buf, int pass, - data->spec_arr[data->nspec].type = SELABEL_X_POLYSELN; - else { - selinux_log(SELINUX_WARNING, -- "%s: line %d has invalid object type %s\n", -+ "%s: line %u has invalid object type %s\n", - path, lineno, type); - return 0; - } -diff --git libselinux-2.4/src/lsetfilecon.c libselinux-2.4/src/lsetfilecon.c +diff --git libselinux-2.5-rc1/src/lsetfilecon.c libselinux-2.5-rc1/src/lsetfilecon.c index 1d3b28a..ea6d70b 100644 ---- libselinux-2.4/src/lsetfilecon.c -+++ libselinux-2.4/src/lsetfilecon.c +--- libselinux-2.5-rc1/src/lsetfilecon.c ++++ libselinux-2.5-rc1/src/lsetfilecon.c @@ -9,8 +9,13 @@ int lsetfilecon_raw(const char *path, const char * context) @@ -1159,10 +656,10 @@ index 1d3b28a..ea6d70b 100644 if (rc < 0 && errno == ENOTSUP) { char * ccontext = NULL; int err = errno; -diff --git libselinux-2.4/src/matchpathcon.c libselinux-2.4/src/matchpathcon.c -index 3b96b1d..3868711 100644 ---- libselinux-2.4/src/matchpathcon.c -+++ libselinux-2.4/src/matchpathcon.c +diff --git libselinux-2.5-rc1/src/matchpathcon.c libselinux-2.5-rc1/src/matchpathcon.c +index 5b495a0..3868711 100644 +--- libselinux-2.5-rc1/src/matchpathcon.c ++++ libselinux-2.5-rc1/src/matchpathcon.c @@ -2,6 +2,7 @@ #include #include @@ -1180,229 +677,22 @@ index 3b96b1d..3868711 100644 va_end(ap); } -@@ -541,7 +542,7 @@ int compat_validate(struct selabel_handle *rec, - if (rc < 0) { - if (lineno) { - COMPAT_LOG(SELINUX_WARNING, -- "%s: line %d has invalid context %s\n", -+ "%s: line %u has invalid context %s\n", - path, lineno, *ctx); - } else { - COMPAT_LOG(SELINUX_WARNING, -diff --git libselinux-2.4/src/procattr.c libselinux-2.4/src/procattr.c -index f990350..527a0a5 100644 ---- libselinux-2.4/src/procattr.c -+++ libselinux-2.4/src/procattr.c -@@ -11,8 +11,6 @@ - - #define UNSET (char *) -1 - --static __thread pid_t cpid; --static __thread pid_t tid; - static __thread char *prev_current = UNSET; - static __thread char * prev_exec = UNSET; - static __thread char * prev_fscreate = UNSET; -@@ -24,15 +22,6 @@ static pthread_key_t destructor_key; - static int destructor_key_initialized = 0; - static __thread char destructor_initialized; - --extern void *__dso_handle __attribute__ ((__weak__, __visibility__ ("hidden"))); --extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *); -- --static int __selinux_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void)) --{ -- return __register_atfork (prepare, parent, child, -- &__dso_handle == NULL ? NULL : __dso_handle); --} -- - static pid_t gettid(void) - { - return syscall(__NR_gettid); -@@ -52,14 +41,6 @@ static void procattr_thread_destructor(void __attribute__((unused)) *unused) - free(prev_sockcreate); - } - --static void free_procattr(void) --{ -- procattr_thread_destructor(NULL); -- tid = 0; -- cpid = getpid(); -- prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = UNSET; --} -- - void __attribute__((destructor)) procattr_destructor(void); - - void hidden __attribute__((destructor)) procattr_destructor(void) -@@ -79,7 +60,6 @@ static inline void init_thread_destructor(void) - static void init_procattr(void) - { - if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0) { -- __selinux_atfork(NULL, NULL, free_procattr); - destructor_key_initialized = 1; - } - } -@@ -88,21 +68,26 @@ static int openattr(pid_t pid, const char *attr, int flags) - { - int fd, rc; - char *path; -- -- if (cpid != getpid()) -- free_procattr(); -+ pid_t tid; - - if (pid > 0) - rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); - else { -- if (!tid) -- tid = gettid(); -+ rc = asprintf(&path, "/proc/thread-self/attr/%s", attr); -+ if (rc < 0) -+ return -1; -+ fd = open(path, flags | O_CLOEXEC); -+ if (fd >= 0 || errno != ENOENT) -+ goto out; -+ free(path); -+ tid = gettid(); - rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); - } - if (rc < 0) - return -1; - - fd = open(path, flags | O_CLOEXEC); -+out: - free(path); - return fd; - } -@@ -120,9 +105,6 @@ static int getprocattrcon_raw(char ** context, - __selinux_once(once, init_procattr); - init_thread_destructor(); - -- if (cpid != getpid()) -- free_procattr(); -- - switch (attr[0]) { - case 'c': - prev_context = prev_current; -@@ -220,9 +202,6 @@ static int setprocattrcon_raw(const char * context, - __selinux_once(once, init_procattr); - init_thread_destructor(); - -- if (cpid != getpid()) -- free_procattr(); -- - switch (attr[0]) { - case 'c': - prev_context = &prev_current; -diff --git libselinux-2.4/src/selinux_config.c libselinux-2.4/src/selinux_config.c -index 30e9dc7..bec5f3b 100644 ---- libselinux-2.4/src/selinux_config.c -+++ libselinux-2.4/src/selinux_config.c -@@ -13,8 +13,6 @@ - #include "selinux_internal.h" - #include "get_default_type_internal.h" - --#define SELINUXDIR "/etc/selinux/" --#define SELINUXCONFIG SELINUXDIR "config" - #define SELINUXDEFAULT "targeted" - #define SELINUXTYPETAG "SELINUXTYPE=" - #define SELINUXTAG "SELINUX=" -@@ -50,8 +48,9 @@ - #define FILE_CONTEXT_SUBS_DIST 25 - #define LXC_CONTEXTS 26 - #define BOOLEAN_SUBS 27 --#define SYSTEMD_CONTEXTS 28 --#define NEL 29 -+#define OPENSSH_CONTEXTS 28 -+#define SYSTEMD_CONTEXTS 29 -+#define NEL 30 - - /* Part of one-time lazy init */ - static pthread_once_t once = PTHREAD_ONCE_INIT; -@@ -493,6 +492,13 @@ const char *selinux_lxc_contexts_path(void) - - hidden_def(selinux_lxc_contexts_path) - -+const char *selinux_openssh_contexts_path(void) -+{ -+ return get_path(OPENSSH_CONTEXTS); -+} -+ -+hidden_def(selinux_openssh_contexts_path) -+ - const char *selinux_systemd_contexts_path(void) - { - return get_path(SYSTEMD_CONTEXTS); -diff --git libselinux-2.4/src/selinux_internal.h libselinux-2.4/src/selinux_internal.h -index afb2170..16b5cdb 100644 ---- libselinux-2.4/src/selinux_internal.h -+++ libselinux-2.4/src/selinux_internal.h +diff --git libselinux-2.5-rc1/src/selinux_internal.h libselinux-2.5-rc1/src/selinux_internal.h +index 46566f6..3d3fecf 100644 +--- libselinux-2.5-rc1/src/selinux_internal.h ++++ libselinux-2.5-rc1/src/selinux_internal.h @@ -82,6 +82,7 @@ hidden_proto(selinux_mkload_policy) hidden_proto(selinux_customizable_types_path) hidden_proto(selinux_media_context_path) hidden_proto(selinux_x_context_path) + hidden_proto(selinux_openssh_contexts_path) hidden_proto(selinux_sepgsql_context_path) + hidden_proto(selinux_openssh_contexts_path) hidden_proto(selinux_systemd_contexts_path) - hidden_proto(selinux_path) -@@ -101,6 +102,8 @@ hidden_proto(security_get_initial_context); - hidden_proto(security_get_initial_context_raw); - hidden_proto(selinux_reset_config); - -+hidden void flush_class_cache(void); -+ - extern int load_setlocaldefs hidden; - extern int require_seusers hidden; - extern int selinux_page_size hidden; -@@ -137,3 +140,8 @@ extern int selinux_page_size hidden; - if (pthread_setspecific != NULL) \ - pthread_setspecific(KEY, VALUE); \ - } while (0) -+ -+#define SELINUXDIR "/etc/selinux/" -+#define SELINUXCONFIG SELINUXDIR "config" -+ -+extern int has_selinux_config hidden; -diff --git libselinux-2.4/src/selinuxswig_python.i libselinux-2.4/src/selinuxswig_python.i -index ae72246..8cea18d 100644 ---- libselinux-2.4/src/selinuxswig_python.i -+++ libselinux-2.4/src/selinuxswig_python.i -@@ -8,7 +8,7 @@ - - %pythoncode %{ - --import shutil, os, stat -+import shutil, os, errno, stat - - DISABLED = -1 - PERMISSIVE = 0 -@@ -26,14 +26,19 @@ def restorecon(path, recursive=False): - status, context = matchpathcon(path, mode) - - if status == 0: -- status, oldcontext = lgetfilecon(path) -+ try: -+ status, oldcontext = lgetfilecon(path) -+ except OSError as e: -+ if e.errno != errno.ENODATA: -+ raise -+ oldcontext = None - if context != oldcontext: - lsetfilecon(path, context) - - if recursive: -- os.path.walk(path, lambda arg, dirname, fnames: -- map(restorecon, [os.path.join(dirname, fname) -- for fname in fnames]), None) -+ for root, dirs, files in os.walk(path): -+ for name in files + dirs: -+ restorecon(os.path.join(root, name)) - - def chcon(path, context, recursive=False): - """ Set the SELinux context on a given path """ -diff --git libselinux-2.4/src/setfilecon.c libselinux-2.4/src/setfilecon.c +diff --git libselinux-2.5-rc1/src/setfilecon.c libselinux-2.5-rc1/src/setfilecon.c index d05969c..3f0200e 100644 ---- libselinux-2.4/src/setfilecon.c -+++ libselinux-2.4/src/setfilecon.c +--- libselinux-2.5-rc1/src/setfilecon.c ++++ libselinux-2.5-rc1/src/setfilecon.c @@ -9,8 +9,12 @@ int setfilecon_raw(const char *path, const char * context) @@ -1418,75 +708,3 @@ index d05969c..3f0200e 100644 if (rc < 0 && errno == ENOTSUP) { char * ccontext = NULL; int err = errno; -diff --git libselinux-2.4/src/stringrep.c libselinux-2.4/src/stringrep.c -index 9ae8248..2dbec2b 100644 ---- libselinux-2.4/src/stringrep.c -+++ libselinux-2.4/src/stringrep.c -@@ -158,6 +158,28 @@ err1: - return NULL; - } - -+hidden void flush_class_cache(void) -+{ -+ struct discover_class_node *cur = discover_class_cache, *prev = NULL; -+ size_t i; -+ -+ while (cur != NULL) { -+ free(cur->name); -+ -+ for (i = 0; i < MAXVECTORS; i++) -+ free(cur->perms[i]); -+ -+ free(cur->perms); -+ -+ prev = cur; -+ cur = cur->next; -+ -+ free(prev); -+ } -+ -+ discover_class_cache = NULL; -+} -+ - security_class_t string_to_security_class(const char *s) - { - struct discover_class_node *node; -diff --git libselinux-2.4/utils/Makefile libselinux-2.4/utils/Makefile -index f469924..5499538 100644 ---- libselinux-2.4/utils/Makefile -+++ libselinux-2.4/utils/Makefile -@@ -11,7 +11,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi - -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \ - -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \ - -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \ -- -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat \ -+ -Wdisabled-optimization -Wbuiltin-macro-redefined -Wpacked-bitfield-compat \ - -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \ - -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \ - -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \ -diff --git libselinux-2.4/utils/sefcontext_compile.c libselinux-2.4/utils/sefcontext_compile.c -index 504699d..adb2b0c 100644 ---- libselinux-2.4/utils/sefcontext_compile.c -+++ libselinux-2.4/utils/sefcontext_compile.c -@@ -73,7 +73,7 @@ static int process_file(struct saved_data *data, const char *filename) - spec->lr.ctx_raw = context; - spec->mode = string_to_mode(mode); - if (spec->mode == (mode_t)-1) { -- fprintf(stderr, "%s: line %d has invalid file type %s\n", -+ fprintf(stderr, "%s: line %u has invalid file type %s\n", - regex, line_num + 1, mode); - spec->mode = 0; - } -diff --git libselinux-2.4/utils/togglesebool.c libselinux-2.4/utils/togglesebool.c -index ad0d2a2..309f83b 100644 ---- libselinux-2.4/utils/togglesebool.c -+++ libselinux-2.4/utils/togglesebool.c -@@ -86,7 +86,7 @@ int main(int argc, char **argv) - argv[i], pwd->pw_name); - else - syslog(LOG_NOTICE, -- "The %s policy boolean was toggled by uid:%d", -+ "The %s policy boolean was toggled by uid:%u", - argv[i], getuid()); - - } diff --git a/libselinux.spec b/libselinux.spec index 62698c8..cd23138 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -3,25 +3,23 @@ %endif %define ruby_inc %(pkg-config --cflags ruby) -%define libsepolver 2.4-1 +%define libsepolver 2.5-0 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} Summary: SELinux library and simple utilities Name: libselinux -Version: 2.4 -Release: 6%{?dist} +Version: 2.5 +Release: 0.99.rc1.1%{?dist} License: Public Domain Group: System Environment/Libraries # https://github.com/SELinuxProject/selinux/wiki/Releases -Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/%{name}-%{version}.tar.gz +Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160107/libselinux-2.5-rc1.tar.gz Source1: selinuxconlist.8 Source2: selinuxdefcon.8 Url: https://github.com/SELinuxProject/selinux/wiki # use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/ # HEAD https://github.com/fedora-selinux/selinux/commit/8c09d34e464e79a602fb9c9408554279aede3b6b Patch1: libselinux-rhat.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1284019 -Patch10: libselinux-rpm_execcon.patch BuildRequires: pkgconfig python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel %if 0%{?with_python3} BuildRequires: python3-devel @@ -103,9 +101,8 @@ The libselinux-static package contains the static libraries needed for developing SELinux applications. %prep -%setup -q +%setup -q -n libselinux-2.5-rc1 %patch1 -p1 -b .rhat -%patch10 -p1 -b .rhat %build export LDFLAGS="%{?__global_ldflags}" @@ -214,6 +211,10 @@ rm -rf %{buildroot} %{_sbindir}/selinuxexeccon %{_sbindir}/selinuxenabled %{_sbindir}/setenforce +%{_sbindir}/selabel_digest +%{_sbindir}/selabel_lookup +%{_sbindir}/selabel_lookup_best_match +%{_sbindir}/selabel_partial_match %{_mandir}/man5/* %{_mandir}/man8/* @@ -251,6 +252,9 @@ rm -rf %{buildroot} %{ruby_vendorarchdir}/selinux.so %changelog +* Fri Jan 08 2016 Petr Lautrbach 2.5-0.99.rc1.1 +- Update to upstream rc1 release 2016-01-07 + * Thu Dec 10 2015 Petr Lautrbach - 2.4-6 - Build libselinux without rpm_execcon() (#1284019) diff --git a/make-rhat-patches.sh b/make-rhat-patches.sh index 9a47cda..9ab4513 100755 --- a/make-rhat-patches.sh +++ b/make-rhat-patches.sh @@ -1,12 +1,13 @@ #!/bin/bash -LIBSELINUX_VERSION=2.4 -BRANCH=master +LIBSELINUX_VERSION=2.5-rc1 +REPO=https://github.com/fedora-selinux/selinux +BRANCH=master-rc REBASEDIR=`mktemp -d rebase.XXXXXX` pushd $REBASEDIR -git clone https://github.com/fedora-selinux/selinux.git +git clone $REPO pushd selinux; git checkout $BRANCH; COMMIT=`git rev-parse --verify HEAD`; popd # prepare libselinux-rhat.patch @@ -24,4 +25,4 @@ popd popd # echo rm -rf $REBASEDIR -echo libselinux-rhat.patch created from https://github.com/fedora-selinux/selinux/commit/$COMMIT +echo libselinux-rhat.patch created from $REPO/commit/$COMMIT diff --git a/sources b/sources index 15159ba..edf2092 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d19af2a367a81fb00bedc1b381694995 libselinux-2.4.tar.gz +8cacc33d9b5ff7bd64a36302d88a9243 libselinux-2.5-rc1.tar.gz