From fa621852dc361aaa55cdfdc4eee8976984c23dd4 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jul 14 2009 15:29:55 +0000 Subject: - Update to upstream Reverted Tomas Mraz's fix for freeing thread local storage to avoid pthread dependency. Removed fini_context_translations() altogether. Merged lazy init patch from Stephen Smalley based on original patch by Steve Grubb. --- diff --git a/.cvsignore b/.cvsignore index de70f03..6bfc2ea 100644 --- a/.cvsignore +++ b/.cvsignore @@ -168,3 +168,4 @@ libselinux-2.0.81.tgz libselinux-2.0.82.tgz libselinux-2.0.83.tgz libselinux-2.0.84.tgz +libselinux-2.0.85.tgz diff --git a/libselinux-2.0.77-nlfd.patch b/libselinux-2.0.77-nlfd.patch deleted file mode 100644 index e8d6c28..0000000 --- a/libselinux-2.0.77-nlfd.patch +++ /dev/null @@ -1,106 +0,0 @@ -diff -up libselinux-2.0.77/include/selinux/avc.h.jx libselinux-2.0.77/include/selinux/avc.h ---- libselinux-2.0.77/include/selinux/avc.h.jx 2009-01-27 14:47:32.000000000 -0500 -+++ libselinux-2.0.77/include/selinux/avc.h 2009-03-02 13:58:11.000000000 -0500 -@@ -427,6 +427,29 @@ void avc_av_stats(void); - */ - void avc_sid_stats(void); - -+/** -+ * avc_netlink_acquire_fd - Acquire netlink socket fd. -+ * -+ * Allows the application to manage messages from the netlink socket in -+ * its own main loop. -+ */ -+int avc_netlink_acquire_fd(void); -+ -+/** -+ * avc_netlink_release_fd - Release netlink socket fd. -+ * -+ * Returns ownership of the netlink socket to the library. -+ */ -+void avc_netlink_release_fd(void); -+ -+/** -+ * avc_netlink_check_nb - Check netlink socket for new messages. -+ * -+ * Called by the application when using avc_netlink_acquire_fd() to -+ * process kernel netlink events. -+ */ -+int avc_netlink_check_nb(void); -+ - #ifdef __cplusplus - } - #endif -diff -up libselinux-2.0.77/src/avc.c.jx libselinux-2.0.77/src/avc.c ---- libselinux-2.0.77/src/avc.c.jx 2009-01-27 14:47:32.000000000 -0500 -+++ libselinux-2.0.77/src/avc.c 2009-03-02 13:58:11.000000000 -0500 -@@ -812,7 +812,7 @@ int avc_has_perm_noaudit(security_id_t s - access_vector_t denied; - struct avc_entry_ref ref; - -- if (!avc_using_threads) { -+ if (!avc_using_threads && !avc_app_main_loop) { - (void)avc_netlink_check_nb(); - } - -diff -up libselinux-2.0.77/src/avc_internal.c.jx libselinux-2.0.77/src/avc_internal.c ---- libselinux-2.0.77/src/avc_internal.c.jx 2009-01-27 14:47:32.000000000 -0500 -+++ libselinux-2.0.77/src/avc_internal.c 2009-03-02 13:58:11.000000000 -0500 -@@ -34,6 +34,7 @@ void (*avc_func_log) (const char *, ...) - void (*avc_func_audit) (void *, security_class_t, char *, size_t) = NULL; - - int avc_using_threads = 0; -+int avc_app_main_loop = 0; - void *(*avc_func_create_thread) (void (*)(void)) = NULL; - void (*avc_func_stop_thread) (void *) = NULL; - -@@ -250,3 +251,15 @@ void avc_netlink_loop(void) - "%s: netlink thread: errors encountered, terminating\n", - avc_prefix); - } -+ -+int avc_netlink_acquire_fd(void) -+{ -+ avc_app_main_loop = 1; -+ -+ return fd; -+} -+ -+void avc_netlink_release_fd(void) -+{ -+ avc_app_main_loop = 0; -+} -diff -up libselinux-2.0.77/src/avc_internal.h.jx libselinux-2.0.77/src/avc_internal.h ---- libselinux-2.0.77/src/avc_internal.h.jx 2009-01-27 14:47:32.000000000 -0500 -+++ libselinux-2.0.77/src/avc_internal.h 2009-03-02 13:58:11.000000000 -0500 -@@ -35,6 +35,7 @@ extern void (*avc_func_log) (const char - extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden; - - extern int avc_using_threads hidden; -+extern int avc_app_main_loop hidden; - extern void *(*avc_func_create_thread) (void (*)(void))hidden; - extern void (*avc_func_stop_thread) (void *)hidden; - -@@ -184,7 +185,6 @@ int avc_ss_set_auditdeny(security_id_t s - /* netlink kernel message code */ - extern int avc_netlink_trouble hidden; - int avc_netlink_open(int blocking) hidden; --int avc_netlink_check_nb(void) hidden; - void avc_netlink_loop(void) hidden; - void avc_netlink_close(void) hidden; - -diff -up libselinux-2.0.77/src/selinuxswig.i.jx libselinux-2.0.77/src/selinuxswig.i ---- libselinux-2.0.77/src/selinuxswig.i.jx 2009-03-02 13:58:11.000000000 -0500 -+++ libselinux-2.0.77/src/selinuxswig.i 2009-03-02 14:07:42.000000000 -0500 -@@ -78,6 +78,11 @@ - %ignore selinux_set_mapping; - %ignore security_id; - -+/* Ignore netlink stuff for now */ -+%ignore avc_netlink_acquire_fd; -+%ignore avc_netlink_release_fd; -+%ignore avc_netlink_check_nb; -+ - %include "../include/selinux/selinux.h" - %include "../include/selinux/avc.h" - %include "../include/selinux/get_default_type.h" diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 2561b7d..16e618f 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,6 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.83/man/man8/selinuxconlist.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.82/man/man8/selinuxconlist.8 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.83/man/man8/selinuxconlist.8 2009-07-07 12:22:39.298209000 -0400 ++++ libselinux-2.0.82/man/man8/selinuxconlist.8 2009-06-23 15:49:12.000000000 -0400 @@ -0,0 +1,18 @@ +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -20,9 +20,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib + +.SH "SEE ALSO" +secon(8), selinuxdefcon(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.83/man/man8/selinuxdefcon.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.82/man/man8/selinuxdefcon.8 --- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.83/man/man8/selinuxdefcon.8 2009-07-07 12:22:39.309211000 -0400 ++++ libselinux-2.0.82/man/man8/selinuxdefcon.8 2009-06-23 15:49:12.000000000 -0400 @@ -0,0 +1,19 @@ +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -43,9 +43,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs + +.SH "SEE ALSO" +secon(8), selinuxconlist(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.83/src/callbacks.c ---- nsalibselinux/src/callbacks.c 2009-07-07 11:10:42.003951000 -0400 -+++ libselinux-2.0.83/src/callbacks.c 2009-07-07 12:22:39.312210000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.82/src/callbacks.c +--- nsalibselinux/src/callbacks.c 2009-04-08 09:06:23.000000000 -0400 ++++ libselinux-2.0.82/src/callbacks.c 2009-06-23 15:49:12.000000000 -0400 @@ -16,6 +16,7 @@ { int rc; @@ -54,9 +54,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2. va_start(ap, fmt); rc = vfprintf(stderr, fmt, ap); va_end(ap); -diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2.0.83/src/exception.sh +diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2.0.82/src/exception.sh --- nsalibselinux/src/exception.sh 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.83/src/exception.sh 2009-07-07 12:22:39.318209000 -0400 ++++ libselinux-2.0.82/src/exception.sh 2009-06-23 15:49:12.000000000 -0400 @@ -0,0 +1,12 @@ +function except() { +echo " @@ -70,11 +70,15 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/exception.sh libselinux-2 +" +} +for i in `grep "extern *int" ../include/selinux/selinux.h | awk '{ print $3 }' | cut -d '(' -f 1`; do except $i ; done -diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.83/src/Makefile ---- nsalibselinux/src/Makefile 2009-07-07 11:10:41.995958000 -0400 -+++ libselinux-2.0.83/src/Makefile 2009-07-07 12:22:39.322212000 -0400 -@@ -82,6 +82,9 @@ - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -lpthread -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro +diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.82/src/Makefile +--- nsalibselinux/src/Makefile 2009-07-14 11:16:03.000000000 -0400 ++++ libselinux-2.0.82/src/Makefile 2009-06-23 15:50:58.000000000 -0400 +@@ -79,9 +79,12 @@ + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ + + $(LIBSO): $(LOBJS) +- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -lpthread -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro ln -sf $@ $(TARGET) +selinuxswig_exception.i: ../include/selinux/selinux.h @@ -103,9 +107,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.8 distclean: clean rm -f $(GENERATED) $(SWIGFILES) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.83/src/matchpathcon.c ---- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400 -+++ libselinux-2.0.83/src/matchpathcon.c 2009-07-07 12:22:39.328209000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.82/src/matchpathcon.c +--- nsalibselinux/src/matchpathcon.c 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.82/src/matchpathcon.c 2009-06-23 15:49:12.000000000 -0400 @@ -2,6 +2,7 @@ #include #include @@ -123,9 +127,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux va_end(ap); } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.83/src/selinux.py ---- nsalibselinux/src/selinux.py 2009-01-13 08:09:54.000000000 -0500 -+++ libselinux-2.0.83/src/selinux.py 2009-07-07 12:22:39.337212000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.82/src/selinux.py +--- nsalibselinux/src/selinux.py 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.82/src/selinux.py 2009-06-23 15:49:12.000000000 -0400 @@ -1,12 +1,26 @@ # This file was automatically generated by SWIG (http://www.swig.org). -# Version 1.3.35 @@ -2337,9 +2341,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0 +selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.83/src/selinuxswig.i ---- nsalibselinux/src/selinuxswig.i 2009-07-07 11:10:42.024956000 -0400 -+++ libselinux-2.0.83/src/selinuxswig.i 2009-07-07 12:22:39.343210000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.82/src/selinuxswig.i +--- nsalibselinux/src/selinuxswig.i 2009-03-12 08:48:48.000000000 -0400 ++++ libselinux-2.0.82/src/selinuxswig.i 2009-06-23 15:49:12.000000000 -0400 @@ -4,11 +4,14 @@ %module selinux @@ -2373,9 +2377,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux- +%include "../include/selinux/get_default_type.h" +%include "../include/selinux/label.h" +%include "../include/selinux/selinux.h" -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.83/src/selinuxswig_python.i ---- nsalibselinux/src/selinuxswig_python.i 2009-01-13 08:09:54.000000000 -0500 -+++ libselinux-2.0.83/src/selinuxswig_python.i 2009-07-07 12:22:39.355211000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.82/src/selinuxswig_python.i +--- nsalibselinux/src/selinuxswig_python.i 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.82/src/selinuxswig_python.i 2009-06-23 15:49:12.000000000 -0400 @@ -21,6 +21,15 @@ map(restorecon, [os.path.join(dirname, fname) for fname in fnames]), None) @@ -2398,9 +2402,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libs +%include "selinuxswig_exception.i" %include "selinuxswig.i" -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.83/src/selinuxswig_wrap.c ---- nsalibselinux/src/selinuxswig_wrap.c 2009-01-13 08:09:54.000000000 -0500 -+++ libselinux-2.0.83/src/selinuxswig_wrap.c 2009-07-07 12:22:39.385216000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.82/src/selinuxswig_wrap.c +--- nsalibselinux/src/selinuxswig_wrap.c 2009-03-06 14:41:45.000000000 -0500 ++++ libselinux-2.0.82/src/selinuxswig_wrap.c 2009-06-23 15:49:12.000000000 -0400 @@ -1,6 +1,6 @@ /* ---------------------------------------------------------------------------- * This file was automatically generated by SWIG (http://www.swig.org). @@ -16786,9 +16790,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel +#endif } -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.83/utils/matchpathcon.c ---- nsalibselinux/utils/matchpathcon.c 2009-07-07 11:10:42.033956000 -0400 -+++ libselinux-2.0.83/utils/matchpathcon.c 2009-07-07 12:22:39.395209000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.82/utils/matchpathcon.c +--- nsalibselinux/utils/matchpathcon.c 2009-05-18 13:53:14.000000000 -0400 ++++ libselinux-2.0.82/utils/matchpathcon.c 2009-06-23 15:49:12.000000000 -0400 @@ -22,9 +22,13 @@ char *buf; int rc = matchpathcon(path, mode, &buf); diff --git a/libselinux.spec b/libselinux.spec index 7216455..28aa75e 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -4,7 +4,7 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.84 +Version: 2.0.85 Release: 1%{?dist} License: Public Domain Group: System Environment/Libraries @@ -165,6 +165,14 @@ exit 0 %{ruby_sitearch}/selinux.so %changelog +* Tue Jul 7 2009 Dan Walsh - 2.0.85-1 +- Update to upstream + * Reverted Tomas Mraz's fix for freeing thread local storage to avoid + pthread dependency. + * Removed fini_context_translations() altogether. + * Merged lazy init patch from Stephen Smalley based on original patch + by Steve Grubb. + * Tue Jul 7 2009 Dan Walsh - 2.0.84-1 - Update to upstream * Add per-service seuser support from Dan Walsh. diff --git a/sources b/sources index 62acbb3..ebe31bf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -952674efe604477d00b787c262da17e2 libselinux-2.0.84.tgz +c014e9527a14fbd38c784b01124cee7d libselinux-2.0.85.tgz