From ed9898ef4c4e0cca0707ec508a3fc68918c985c6 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: May 06 2014 18:28:19 +0000 Subject: Update to upstream * Get rid of security_context_t and fix const declarations. * Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. --- diff --git a/.gitignore b/.gitignore index 84665d1..c5ea926 100644 --- a/.gitignore +++ b/.gitignore @@ -198,3 +198,4 @@ libselinux-2.0.96.tgz /libselinux-2.2.tgz /libselinux-2.2.1.tgz /libselinux-2.2.2.tgz +/libselinux-2.3.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 4b9b85c..87baefe 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,18 +1,6 @@ -diff --git a/libselinux/Makefile b/libselinux/Makefile -index fd4f0b1..51469bc 100644 ---- a/libselinux/Makefile -+++ b/libselinux/Makefile -@@ -1,4 +1,4 @@ --SUBDIRS = src include utils man -+SUBDIRS = src include utils man golang - - DISABLE_AVC ?= n - DISABLE_SETRANS ?= n -diff --git a/libselinux/golang/Makefile b/libselinux/golang/Makefile -new file mode 100644 -index 0000000..b75677b ---- /dev/null -+++ b/libselinux/golang/Makefile +diff -up libselinux-2.3/golang/Makefile.rhat libselinux-2.3/golang/Makefile +--- libselinux-2.3/golang/Makefile.rhat 2014-05-06 14:23:28.320639312 -0400 ++++ libselinux-2.3/golang/Makefile 2014-05-06 14:23:28.320639312 -0400 @@ -0,0 +1,22 @@ +# Installation directories. +PREFIX ?= $(DESTDIR)/usr @@ -36,11 +24,9 @@ index 0000000..b75677b +indent: + +relabel: -diff --git a/libselinux/golang/selinux.go b/libselinux/golang/selinux.go -new file mode 100644 -index 0000000..34bf6bb ---- /dev/null -+++ b/libselinux/golang/selinux.go +diff -up libselinux-2.3/golang/selinux.go.rhat libselinux-2.3/golang/selinux.go +--- libselinux-2.3/golang/selinux.go.rhat 2014-05-06 14:23:28.321639313 -0400 ++++ libselinux-2.3/golang/selinux.go 2014-05-06 14:23:28.321639313 -0400 @@ -0,0 +1,412 @@ +package selinux + @@ -454,11 +440,9 @@ index 0000000..34bf6bb + fmt.Println(Getfscreatecon()) + fmt.Println(Getpidcon(1)) +} -diff --git a/libselinux/golang/test.go b/libselinux/golang/test.go -new file mode 100644 -index 0000000..fed6de8 ---- /dev/null -+++ b/libselinux/golang/test.go +diff -up libselinux-2.3/golang/test.go.rhat libselinux-2.3/golang/test.go +--- libselinux-2.3/golang/test.go.rhat 2014-05-06 14:23:28.321639313 -0400 ++++ libselinux-2.3/golang/test.go 2014-05-06 14:23:28.321639313 -0400 @@ -0,0 +1,9 @@ +package main + @@ -469,10 +453,18 @@ index 0000000..fed6de8 +func main() { + selinux.Test() +} -diff --git a/libselinux/man/man3/getfscreatecon.3 b/libselinux/man/man3/getfscreatecon.3 -index c7675be..677ece4 100644 ---- a/libselinux/man/man3/getfscreatecon.3 -+++ b/libselinux/man/man3/getfscreatecon.3 +diff -up libselinux-2.3/Makefile.rhat libselinux-2.3/Makefile +--- libselinux-2.3/Makefile.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/Makefile 2014-05-06 14:23:28.319639311 -0400 +@@ -1,4 +1,4 @@ +-SUBDIRS = src include utils man ++SUBDIRS = src include utils man golang + + DISABLE_AVC ?= n + DISABLE_SETRANS ?= n +diff -up libselinux-2.3/man/man3/getfscreatecon.3.rhat libselinux-2.3/man/man3/getfscreatecon.3 +--- libselinux-2.3/man/man3/getfscreatecon.3.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/man/man3/getfscreatecon.3 2014-05-06 14:23:28.321639313 -0400 @@ -49,6 +49,11 @@ Signal handlers that perform a must take care to save, reset, and restore the fscreate context to avoid unexpected behavior. @@ -485,10 +477,9 @@ index c7675be..677ece4 100644 .SH "RETURN VALUE" On error \-1 is returned. On success 0 is returned. -diff --git a/libselinux/man/man3/getkeycreatecon.3 b/libselinux/man/man3/getkeycreatecon.3 -index d6a118c..b503535 100644 ---- a/libselinux/man/man3/getkeycreatecon.3 -+++ b/libselinux/man/man3/getkeycreatecon.3 +diff -up libselinux-2.3/man/man3/getkeycreatecon.3.rhat libselinux-2.3/man/man3/getkeycreatecon.3 +--- libselinux-2.3/man/man3/getkeycreatecon.3.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/man/man3/getkeycreatecon.3 2014-05-06 14:23:28.322639314 -0400 @@ -48,6 +48,10 @@ Signal handlers that perform a .BR setkeycreatecon () must take care to @@ -500,10 +491,9 @@ index d6a118c..b503535 100644 . .SH "RETURN VALUE" On error \-1 is returned. -diff --git a/libselinux/man/man3/getsockcreatecon.3 b/libselinux/man/man3/getsockcreatecon.3 -index 99e9436..673738c 100644 ---- a/libselinux/man/man3/getsockcreatecon.3 -+++ b/libselinux/man/man3/getsockcreatecon.3 +diff -up libselinux-2.3/man/man3/getsockcreatecon.3.rhat libselinux-2.3/man/man3/getsockcreatecon.3 +--- libselinux-2.3/man/man3/getsockcreatecon.3.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/man/man3/getsockcreatecon.3 2014-05-06 14:23:28.322639314 -0400 @@ -49,6 +49,11 @@ Signal handlers that perform a must take care to save, reset, and restore the sockcreate context to avoid unexpected behavior. @@ -516,11 +506,10 @@ index 99e9436..673738c 100644 .SH "RETURN VALUE" On error \-1 is returned. On success 0 is returned. -diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 -index e89b1ef..9e3bdc4 100644 ---- a/libselinux/man/man8/selinux.8 -+++ b/libselinux/man/man8/selinux.8 -@@ -74,7 +74,7 @@ The best way to relabel the file system is to create the flag file +diff -up libselinux-2.3/man/man8/selinux.8.rhat libselinux-2.3/man/man8/selinux.8 +--- libselinux-2.3/man/man8/selinux.8.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/man/man8/selinux.8 2014-05-06 14:23:28.322639314 -0400 +@@ -74,7 +74,7 @@ The best way to relabel the file system and reboot. .BR system\-config\-selinux , also has this capability. The @@ -529,23 +518,9 @@ index e89b1ef..9e3bdc4 100644 commands are also available for relabeling files. . .SH AUTHOR -diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile -index 02dd829..6dfdb46 100644 ---- a/libselinux/src/Makefile -+++ b/libselinux/src/Makefile -@@ -114,7 +114,7 @@ $(LIBA): $(OBJS) - $(RANLIB) $@ - - $(LIBSO): $(LOBJS) -- $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro -+ $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro - ln -sf $@ $(TARGET) - - $(LIBPC): $(LIBPC).in ../VERSION -diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c -index 0b696bb..506e236 100644 ---- a/libselinux/src/avc_sidtab.c -+++ b/libselinux/src/avc_sidtab.c +diff -up libselinux-2.3/src/avc_sidtab.c.rhat libselinux-2.3/src/avc_sidtab.c +--- libselinux-2.3/src/avc_sidtab.c.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/avc_sidtab.c 2014-05-06 14:23:28.323639315 -0400 @@ -81,6 +81,11 @@ sidtab_context_to_sid(struct sidtab *s, int hvalue, rc = 0; struct sidtab_node *cur; @@ -558,11 +533,10 @@ index 0b696bb..506e236 100644 *sid = NULL; hvalue = sidtab_hash(ctx); -diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c -index 176c45a..6075025 100644 ---- a/libselinux/src/canonicalize_context.c -+++ b/libselinux/src/canonicalize_context.c -@@ -17,6 +17,11 @@ int security_canonicalize_context_raw(const security_context_t con, +diff -up libselinux-2.3/src/canonicalize_context.c.rhat libselinux-2.3/src/canonicalize_context.c +--- libselinux-2.3/src/canonicalize_context.c.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/canonicalize_context.c 2014-05-06 14:23:28.323639315 -0400 +@@ -17,6 +17,11 @@ int security_canonicalize_context_raw(co size_t size; int fd, ret; @@ -574,11 +548,10 @@ index 176c45a..6075025 100644 if (!selinux_mnt) { errno = ENOENT; return -1; -diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c -index 33ab5e3..1277bdd 100644 ---- a/libselinux/src/check_context.c -+++ b/libselinux/src/check_context.c -@@ -14,6 +14,11 @@ int security_check_context_raw(const security_context_t con) +diff -up libselinux-2.3/src/check_context.c.rhat libselinux-2.3/src/check_context.c +--- libselinux-2.3/src/check_context.c.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/check_context.c 2014-05-06 14:23:28.324639316 -0400 +@@ -14,6 +14,11 @@ int security_check_context_raw(const cha char path[PATH_MAX]; int fd, ret; @@ -590,11 +563,10 @@ index 33ab5e3..1277bdd 100644 if (!selinux_mnt) { errno = ENOENT; return -1; -diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c -index 5962c0b..61ea454 100644 ---- a/libselinux/src/compute_av.c -+++ b/libselinux/src/compute_av.c -@@ -26,6 +26,11 @@ int security_compute_av_flags_raw(const security_context_t scon, +diff -up libselinux-2.3/src/compute_av.c.rhat libselinux-2.3/src/compute_av.c +--- libselinux-2.3/src/compute_av.c.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/compute_av.c 2014-05-06 14:23:28.324639316 -0400 +@@ -26,6 +26,11 @@ int security_compute_av_flags_raw(const return -1; } @@ -606,11 +578,10 @@ index 5962c0b..61ea454 100644 snprintf(path, sizeof path, "%s/access", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) -diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c -index 3c05be3..34a1ccd 100644 ---- a/libselinux/src/compute_create.c -+++ b/libselinux/src/compute_create.c -@@ -64,6 +64,11 @@ int security_compute_create_name_raw(const security_context_t scon, +diff -up libselinux-2.3/src/compute_create.c.rhat libselinux-2.3/src/compute_create.c +--- libselinux-2.3/src/compute_create.c.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/compute_create.c 2014-05-06 14:23:28.324639316 -0400 +@@ -64,6 +64,11 @@ int security_compute_create_name_raw(con return -1; } @@ -622,11 +593,10 @@ index 3c05be3..34a1ccd 100644 snprintf(path, sizeof path, "%s/create", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) -diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c -index dad0a77..7850986 100644 ---- a/libselinux/src/compute_member.c -+++ b/libselinux/src/compute_member.c -@@ -25,6 +25,11 @@ int security_compute_member_raw(const security_context_t scon, +diff -up libselinux-2.3/src/compute_member.c.rhat libselinux-2.3/src/compute_member.c +--- libselinux-2.3/src/compute_member.c.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/compute_member.c 2014-05-06 14:23:28.325639317 -0400 +@@ -25,6 +25,11 @@ int security_compute_member_raw(const ch return -1; } @@ -638,11 +608,10 @@ index dad0a77..7850986 100644 snprintf(path, sizeof path, "%s/member", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) -diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c -index 656f00a..2560e78 100644 ---- a/libselinux/src/compute_relabel.c -+++ b/libselinux/src/compute_relabel.c -@@ -25,6 +25,11 @@ int security_compute_relabel_raw(const security_context_t scon, +diff -up libselinux-2.3/src/compute_relabel.c.rhat libselinux-2.3/src/compute_relabel.c +--- libselinux-2.3/src/compute_relabel.c.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/compute_relabel.c 2014-05-06 14:23:28.325639317 -0400 +@@ -25,6 +25,11 @@ int security_compute_relabel_raw(const c return -1; } @@ -654,11 +623,10 @@ index 656f00a..2560e78 100644 snprintf(path, sizeof path, "%s/relabel", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) -diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c -index 3b39ddd..af20735 100644 ---- a/libselinux/src/compute_user.c -+++ b/libselinux/src/compute_user.c -@@ -24,6 +24,11 @@ int security_compute_user_raw(const security_context_t scon, +diff -up libselinux-2.3/src/compute_user.c.rhat libselinux-2.3/src/compute_user.c +--- libselinux-2.3/src/compute_user.c.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/compute_user.c 2014-05-06 14:23:28.325639317 -0400 +@@ -24,6 +24,11 @@ int security_compute_user_raw(const char return -1; } @@ -670,13 +638,12 @@ index 3b39ddd..af20735 100644 snprintf(path, sizeof path, "%s/user", selinux_mnt); fd = open(path, O_RDWR); if (fd < 0) -diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c -index 9963f7a..37f9d74 100644 ---- a/libselinux/src/fsetfilecon.c -+++ b/libselinux/src/fsetfilecon.c +diff -up libselinux-2.3/src/fsetfilecon.c.rhat libselinux-2.3/src/fsetfilecon.c +--- libselinux-2.3/src/fsetfilecon.c.rhat 2014-05-06 14:23:28.326639318 -0400 ++++ libselinux-2.3/src/fsetfilecon.c 2014-05-06 14:26:40.740860532 -0400 @@ -9,8 +9,12 @@ - int fsetfilecon_raw(int fd, const security_context_t context) + int fsetfilecon_raw(int fd, const char * context) { - int rc = fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1, - 0); @@ -687,12 +654,11 @@ index 9963f7a..37f9d74 100644 + } + rc = fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0); if (rc < 0 && errno == ENOTSUP) { - security_context_t ccontext = NULL; + char * ccontext = NULL; int err = errno; -diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c -index e419f1a..275672d 100644 ---- a/libselinux/src/load_policy.c -+++ b/libselinux/src/load_policy.c +diff -up libselinux-2.3/src/load_policy.c.rhat libselinux-2.3/src/load_policy.c +--- libselinux-2.3/src/load_policy.c.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/load_policy.c 2014-05-06 14:23:28.327639319 -0400 @@ -16,6 +16,82 @@ #include #include "policy.h" @@ -776,7 +742,7 @@ index e419f1a..275672d 100644 int security_load_policy(void *data, size_t len) { -@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebools) +@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebo struct stat sb; struct utsname uts; size_t size; @@ -868,13 +834,12 @@ index e419f1a..275672d 100644 close: close(fd); dlclose: -diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c -index fd9bb26..af2d88c 100644 ---- a/libselinux/src/lsetfilecon.c -+++ b/libselinux/src/lsetfilecon.c -@@ -9,8 +9,13 @@ +diff -up libselinux-2.3/src/lsetfilecon.c.rhat libselinux-2.3/src/lsetfilecon.c +--- libselinux-2.3/src/lsetfilecon.c.rhat 2014-05-06 14:23:28.327639319 -0400 ++++ libselinux-2.3/src/lsetfilecon.c 2014-05-06 14:26:36.094854847 -0400 +@@ -9,8 +9,12 @@ - int lsetfilecon_raw(const char *path, const security_context_t context) + int lsetfilecon_raw(const char *path, const char * context) { - int rc = lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, - 0); @@ -883,15 +848,25 @@ index fd9bb26..af2d88c 100644 + errno=EINVAL; + return -1; + } -+ + rc = lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0); if (rc < 0 && errno == ENOTSUP) { - security_context_t ccontext = NULL; + char * ccontext = NULL; int err = errno; -diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c -index 2d7369e..2a00807 100644 ---- a/libselinux/src/matchpathcon.c -+++ b/libselinux/src/matchpathcon.c +diff -up libselinux-2.3/src/Makefile.rhat libselinux-2.3/src/Makefile +--- libselinux-2.3/src/Makefile.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/Makefile 2014-05-06 14:23:28.323639315 -0400 +@@ -111,7 +111,7 @@ $(LIBA): $(OBJS) + $(RANLIB) $@ + + $(LIBSO): $(LOBJS) +- $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro ++ $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro + ln -sf $@ $(TARGET) + + $(LIBPC): $(LIBPC).in ../VERSION +diff -up libselinux-2.3/src/matchpathcon.c.rhat libselinux-2.3/src/matchpathcon.c +--- libselinux-2.3/src/matchpathcon.c.rhat 2014-05-06 14:21:26.000000000 -0400 ++++ libselinux-2.3/src/matchpathcon.c 2014-05-06 14:23:28.328639320 -0400 @@ -2,6 +2,7 @@ #include #include @@ -909,13 +884,12 @@ index 2d7369e..2a00807 100644 va_end(ap); } -diff --git a/libselinux/src/setfilecon.c b/libselinux/src/setfilecon.c -index 50cb228..e617039 100644 ---- a/libselinux/src/setfilecon.c -+++ b/libselinux/src/setfilecon.c +diff -up libselinux-2.3/src/setfilecon.c.rhat libselinux-2.3/src/setfilecon.c +--- libselinux-2.3/src/setfilecon.c.rhat 2014-05-06 14:23:28.328639320 -0400 ++++ libselinux-2.3/src/setfilecon.c 2014-05-06 14:26:47.670869020 -0400 @@ -9,8 +9,12 @@ - int setfilecon_raw(const char *path, const security_context_t context) + int setfilecon_raw(const char *path, const char * context) { - int rc = setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, - 0); @@ -926,5 +900,5 @@ index 50cb228..e617039 100644 + } + rc = setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0); if (rc < 0 && errno == ENOTSUP) { - security_context_t ccontext = NULL; + char * ccontext = NULL; int err = errno; diff --git a/libselinux.spec b/libselinux.spec index d8cfd5c..a8d6eab 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -9,8 +9,8 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 2.2.2 -Release: 6%{?dist} +Version: 2.3 +Release: 1%{?dist} License: Public Domain Group: System Environment/Libraries Source: %{name}-%{version}.tgz @@ -243,6 +243,11 @@ rm -rf %{buildroot} %{ruby_sitearch}/selinux.so %changelog +* Tue May 6 2014 Dan Walsh - 2.3-1 +- Update to upstream + * Get rid of security_context_t and fix const declarations. + * Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. + * Mon Feb 24 2014 Dan Walsh - 2.2.2-6 - Fix spelling mistake in man page diff --git a/sources b/sources index a598d56..fc1eb85 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -323a0d0b3cb0ec4e67c4f161207a90d1 libselinux-2.2.2.tgz +e3383194da6a923f40d3a75178b86a7a libselinux-2.3.tgz