diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 3b459f6..c18d0ae 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,8 +1,90 @@ +diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h +index a4079aa..82954c2 100644 +--- a/libselinux/include/selinux/selinux.h ++++ b/libselinux/include/selinux/selinux.h +@@ -498,6 +498,7 @@ extern const char *selinux_policy_root(void); + + /* These functions return the paths to specific files under the + policy root directory. */ ++extern const char *selinux_current_policy_path(void); + extern const char *selinux_binary_policy_path(void); + extern const char *selinux_failsafe_context_path(void); + extern const char *selinux_removable_context_path(void); +diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3 +index ec97dcf..503c52c 100644 +--- a/libselinux/man/man3/selinux_binary_policy_path.3 ++++ b/libselinux/man/man3/selinux_binary_policy_path.3 +@@ -1,6 +1,6 @@ + .TH "selinux_binary_policy_path" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation" + .SH "NAME" +-selinux_path, selinux_policy_root, selinux_binary_policy_path, ++selinux_path, selinux_policy_root, selinux_binary_policy_path, selinux_current_policy_path, + selinux_failsafe_context_path, selinux_removable_context_path, + selinux_default_context_path, selinux_user_contexts_path, + selinux_file_context_path, selinux_media_context_path, +@@ -17,6 +17,8 @@ directories and files + .sp + .B const char *selinux_binary_policy_path(void); + .sp ++.B const char *selinux_current_policy_path(void); ++.sp + .B const char *selinux_failsafe_context_path(void); + .sp + .B const char *selinux_removable_context_path(void); +@@ -55,6 +57,9 @@ returns the top-level policy directory. + .BR selinux_binary_policy_path () + returns the binary policy file loaded into kernel. + .sp ++.BR selinux_current_policy_path () ++returns the currently loaded policy file from the kernel. ++.sp + .BR selinux_default_type_path () + returns the context file mapping roles to default types. + .sp +diff --git a/libselinux/man/man3/selinux_current_policy_path.3 b/libselinux/man/man3/selinux_current_policy_path.3 +new file mode 100644 +index 0000000..175a611 +--- /dev/null ++++ b/libselinux/man/man3/selinux_current_policy_path.3 +@@ -0,0 +1 @@ ++.so man3/selinux_binary_policy_path.3 diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c -index ffe381b..2d68482 100644 +index ffe381b..560bc25 100644 --- a/libselinux/src/audit2why.c +++ b/libselinux/src/audit2why.c -@@ -310,10 +310,12 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) { +@@ -210,27 +210,12 @@ static int __policy_init(const char *init_path) + return 1; + } + } else { +- vers = sepol_policy_kern_vers_max(); +- if (vers < 0) { +- snprintf(errormsg, sizeof(errormsg), +- "Could not get policy version: %s\n", +- strerror(errno)); +- PyErr_SetString( PyExc_ValueError, errormsg); +- return 1; +- } +- snprintf(path, PATH_MAX, "%s.%d", +- selinux_binary_policy_path(), vers); +- fp = fopen(path, "r"); +- while (!fp && errno == ENOENT && --vers) { +- snprintf(path, PATH_MAX, "%s.%d", +- selinux_binary_policy_path(), vers); +- fp = fopen(path, "r"); +- } ++ fp = fopen(selinux_current_policy_path(), "r"); + if (!fp) { + snprintf(errormsg, sizeof(errormsg), +- "unable to open %s.%d: %s\n", +- selinux_binary_policy_path(), +- security_policyvers(), strerror(errno)); ++ "unable to open %s: %s\n", ++ selinux_current_policy_path(), ++ strerror(errno)); + PyErr_SetString( PyExc_ValueError, errormsg); + return 1; + } +@@ -310,10 +295,12 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) { } #define RETURN(X) \ @@ -17,7 +99,7 @@ index ffe381b..2d68482 100644 security_context_t scon; security_context_t tcon; char *tclassstr; -@@ -328,10 +330,6 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args +@@ -328,10 +315,6 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args struct sepol_av_decision avd; int rc; int i=0; @@ -28,7 +110,7 @@ index ffe381b..2d68482 100644 if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj)) return NULL; -@@ -342,22 +340,21 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args +@@ -342,22 +325,21 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args /* should raise an error here. */ if (numlines < 0) return NULL; /* Not a list */ @@ -58,7 +140,7 @@ index ffe381b..2d68482 100644 /* Convert the permission list to an AV. */ av = 0; -@@ -377,21 +374,20 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args +@@ -377,21 +359,20 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args #endif perm = string_to_av_perm(tclass, permstr); @@ -86,7 +168,7 @@ index ffe381b..2d68482 100644 if (reason & SEPOL_COMPUTEAV_TE) { avc->ssid = ssid; avc->tsid = tsid; -@@ -404,28 +400,34 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args +@@ -404,28 +385,34 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args RETURN(TERULE) } } else { @@ -245,3 +327,57 @@ index 2d7369e..2a00807 100644 va_end(ap); } +diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c +index 296f357..4913c55 100644 +--- a/libselinux/src/selinux_config.c ++++ b/libselinux/src/selinux_config.c +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include "policy.h" + #include "selinux_internal.h" + #include "get_default_type_internal.h" + +@@ -303,6 +304,29 @@ const char *selinux_binary_policy_path(void) + + hidden_def(selinux_binary_policy_path) + ++const char *selinux_current_policy_path(void) ++{ ++ int rc = 0; ++ int vers = 0; ++ static char policy_path[PATH_MAX]; ++ ++ snprintf(policy_path, sizeof(policy_path), "%s/policy", selinux_mnt); ++ if (access(policy_path, F_OK) != 0 ) { ++ vers = security_policyvers(); ++ do { ++ /* Check prior versions to see if old policy is available */ ++ snprintf(policy_path, sizeof(policy_path), "%s.%d", ++ selinux_binary_policy_path(), vers); ++ } while ((rc = access(policy_path, F_OK)) && --vers > 0); ++ ++ if (rc) return NULL; ++ } ++ ++ return policy_path; ++} ++ ++hidden_def(selinux_current_policy_path) ++ + const char *selinux_file_context_path(void) + { + return get_path(FILE_CONTEXTS); +diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h +index 2c7c85c..4a4aebc 100644 +--- a/libselinux/src/selinux_internal.h ++++ b/libselinux/src/selinux_internal.h +@@ -60,6 +60,7 @@ hidden_proto(selinux_mkload_policy) + hidden_proto(security_setenforce) + hidden_proto(security_deny_unknown) + hidden_proto(selinux_boolean_sub) ++ hidden_proto(selinux_current_policy_path) + hidden_proto(selinux_binary_policy_path) + hidden_proto(selinux_booleans_subs_path) + hidden_proto(selinux_default_context_path) diff --git a/libselinux.spec b/libselinux.spec index ada1688..89f3124 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -10,7 +10,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.1.13 -Release: 2%{?dist} +Release: 3%{?dist} License: Public Domain Group: System Environment/Libraries Source: %{name}-%{version}.tgz @@ -241,6 +241,9 @@ rm -rf %{buildroot} %{ruby_sitearch}/selinux.so %changelog +* Fri Feb 15 2013 Dan Walsh - 2.1.13-3 +- Bring back selinux_current_policy_path + * Thu Feb 14 2013 Dan Walsh - 2.1.13-2 - Revert some changes which are causing the wrong policy version file to be created