diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 8fc6bc2..16f78df 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,202 +1,169 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.7/src/init.c ---- nsalibselinux/src/init.c 2006-05-15 09:43:24.000000000 -0400 -+++ libselinux-1.30.7/src/init.c 2006-05-17 13:57:29.000000000 -0400 -@@ -78,21 +78,17 @@ - } - hidden_def(set_selinuxmnt) - --static void init_translations(void) --{ -- init_context_translations(); --} -- - static void init_lib(void) __attribute__ ((constructor)); - static void init_lib(void) - { - selinux_page_size = sysconf(_SC_PAGE_SIZE); - init_selinuxmnt(); -- init_translations(); -+ init_context_translations(); - } +diff -Nurp libselinux-1.29.7.orig/src/canonicalize_context.c libselinux-1.29.7/src/canonicalize_context.c +--- libselinux-1.29.7.orig/src/canonicalize_context.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/canonicalize_context.c 2006-05-31 20:42:47.000000000 +0800 +@@ -18,6 +18,9 @@ int security_canonicalize_context_raw(se + size_t size; + int fd, ret; - static void fini_lib(void) __attribute__ ((destructor)); - static void fini_lib(void) - { - fini_selinuxmnt(); -+ fini_context_translations(); - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.30.7/src/selinux_config.c ---- nsalibselinux/src/selinux_config.c 2006-05-15 09:43:24.000000000 -0400 -+++ libselinux-1.30.7/src/selinux_config.c 2006-05-17 14:31:07.000000000 -0400 -@@ -17,6 +17,7 @@ - #define SELINUXTAG "SELINUX=" - #define SETLOCALDEFS "SETLOCALDEFS=" - #define REQUIRESEUSERS "REQUIRESEUSERS=" -+#define CACHETRANSTAG "CACHETRANS=" - - /* Indices for file paths arrays. */ - #define BINPOLICY 0 -@@ -175,6 +176,10 @@ - sizeof(REQUIRESEUSERS)-1)) { - value = buf_p + sizeof(REQUIRESEUSERS)-1; - intptr = &require_seusers; -+ } else if (!strncmp(buf_p, CACHETRANSTAG, -+ sizeof(CACHETRANSTAG)-1)) { -+ value = buf_p + sizeof(CACHETRANSTAG)-1; -+ intptr = &cache_trans; - } else { - continue; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.30.7/src/selinux_internal.h ---- nsalibselinux/src/selinux_internal.h 2006-05-15 09:43:24.000000000 -0400 -+++ libselinux-1.30.7/src/selinux_internal.h 2006-05-17 14:05:25.000000000 -0400 -@@ -70,3 +70,4 @@ - extern int load_setlocaldefs hidden; - extern int require_seusers hidden; - extern int selinux_page_size hidden; -+extern int cache_trans hidden; -diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_client.c libselinux-1.30.7/src/setrans_client.c ---- nsalibselinux/src/setrans_client.c 2006-05-16 20:43:27.000000000 -0400 -+++ libselinux-1.30.7/src/setrans_client.c 2006-05-17 18:17:41.000000000 -0400 -@@ -16,6 +16,13 @@ - #include "selinux_internal.h" - #include "setrans_internal.h" ++ if (!selinux_mnt) ++ return -1; ++ + snprintf(path, sizeof path, "%s/context", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/check_context.c libselinux-1.29.7/src/check_context.c +--- libselinux-1.29.7.orig/src/check_context.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/check_context.c 2006-05-31 20:43:24.000000000 +0800 +@@ -14,6 +14,9 @@ int security_check_context_raw(security_ + char path[PATH_MAX]; + int fd, ret; -+// Simple cache -+static __thread security_context_t prev_t2r_trans=NULL; -+static __thread security_context_t prev_t2r_raw=NULL; -+static __thread security_context_t prev_r2t_trans=NULL; -+static __thread security_context_t prev_r2t_raw=NULL; ++ if (!selinux_mnt) ++ return -1; + -+int cache_trans hidden = 1; + snprintf(path, sizeof path, "%s/context", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/compute_av.c libselinux-1.29.7/src/compute_av.c +--- libselinux-1.29.7.orig/src/compute_av.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/compute_av.c 2006-05-31 20:44:00.000000000 +0800 +@@ -21,6 +21,9 @@ int security_compute_av_raw(security_con + size_t len; + int fd, ret; - /* - * setransd_open -@@ -193,6 +200,17 @@ - } ++ if (!selinux_mnt) ++ return -1; ++ + snprintf(path, sizeof path, "%s/access", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/compute_create.c libselinux-1.29.7/src/compute_create.c +--- libselinux-1.29.7.orig/src/compute_create.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/compute_create.c 2006-05-31 20:44:53.000000000 +0800 +@@ -20,6 +20,9 @@ int security_compute_create_raw(security + size_t size; + int fd, ret; ++ if (!selinux_mnt) ++ return -1; ++ + snprintf(path, sizeof path, "%s/create", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/compute_member.c libselinux-1.29.7/src/compute_member.c +--- libselinux-1.29.7.orig/src/compute_member.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/compute_member.c 2006-05-31 20:45:36.000000000 +0800 +@@ -20,6 +20,9 @@ int security_compute_member_raw(security + size_t size; + int fd, ret; -+hidden void -+fini_context_translations(void) -+{ -+ if (cache_trans) { -+ free(prev_r2t_trans); -+ free(prev_r2t_raw); -+ free(prev_t2r_trans); -+ free(prev_t2r_raw); -+ } -+} ++ if (!selinux_mnt) ++ return -1; + - hidden int - init_context_translations(void) - { -@@ -225,9 +243,24 @@ - *rawp = NULL; - return 0; - } -+ if (cache_trans) { -+ if (prev_t2r_trans && strcmp(prev_t2r_trans, trans) == 0) { -+ *rawp=strdup(prev_t2r_raw); -+ } else { -+ free(prev_t2r_trans); prev_t2r_trans = NULL; -+ free(prev_t2r_raw); prev_t2r_raw = NULL; -+ if (trans_to_raw_context(trans, rawp)) -+ *rawp = strdup(trans); -+ if (*rawp) { -+ prev_t2r_trans=strdup(trans); -+ prev_t2r_raw=strdup(*rawp); -+ } -+ } -+ } -+ else -+ if (trans_to_raw_context(trans, rawp)) -+ *rawp = strdup(trans); + snprintf(path, sizeof path, "%s/member", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/compute_relabel.c libselinux-1.29.7/src/compute_relabel.c +--- libselinux-1.29.7.orig/src/compute_relabel.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/compute_relabel.c 2006-05-31 20:46:04.000000000 +0800 +@@ -20,6 +20,9 @@ int security_compute_relabel_raw(securit + size_t size; + int fd, ret; -- if (trans_to_raw_context(trans, rawp)) -- *rawp = strdup(trans); - return *rawp ? 0 : -1; - } - hidden_def(selinux_trans_to_raw_context) -@@ -240,8 +273,23 @@ - return 0; - } ++ if (!selinux_mnt) ++ return -1; ++ + snprintf(path, sizeof path, "%s/relabel", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/compute_user.c libselinux-1.29.7/src/compute_user.c +--- libselinux-1.29.7.orig/src/compute_user.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/compute_user.c 2006-05-31 20:46:32.000000000 +0800 +@@ -21,6 +21,9 @@ int security_compute_user_raw(security_c + int fd, ret; + unsigned int i, nel; -- if (raw_to_trans_context(raw, transp)) -- *transp = strdup(raw); -+ if (cache_trans) { -+ if (prev_r2t_raw && strcmp(prev_r2t_raw, raw) == 0) { -+ *transp=strdup(prev_r2t_trans); -+ } else { -+ free(prev_r2t_raw); prev_r2t_raw = NULL; -+ free(prev_r2t_trans); prev_r2t_trans = NULL; -+ if (raw_to_trans_context(raw, transp)) -+ *transp = strdup(raw); -+ if (*transp) { -+ prev_r2t_raw=strdup(raw); -+ prev_r2t_trans=strdup(*transp); -+ } -+ } -+ } -+ else -+ if (raw_to_trans_context(raw, transp)) -+ *transp = strdup(raw); ++ if (!selinux_mnt) ++ return -1; ++ + snprintf(path, sizeof path, "%s/user", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/disable.c libselinux-1.29.7/src/disable.c +--- libselinux-1.29.7.orig/src/disable.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/disable.c 2006-05-31 20:47:27.000000000 +0800 +@@ -15,6 +15,9 @@ int security_disable(void) + char path[PATH_MAX]; + char buf[20]; - return *transp ? 0 : -1; - } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_internal.h libselinux-1.30.7/src/setrans_internal.h ---- nsalibselinux/src/setrans_internal.h 2006-05-16 20:43:27.000000000 -0400 -+++ libselinux-1.30.7/src/setrans_internal.h 2006-05-17 14:07:34.000000000 -0400 -@@ -8,3 +8,4 @@ - #define MAX_DATA_BUF 8192 ++ if (!selinux_mnt) ++ return -1; ++ + snprintf(path, sizeof path, "%s/disable", selinux_mnt); + fd = open(path, O_WRONLY); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/enabled.c libselinux-1.29.7/src/enabled.c +--- libselinux-1.29.7.orig/src/enabled.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/enabled.c 2006-05-31 20:48:30.000000000 +0800 +@@ -65,6 +65,9 @@ int is_selinux_mls_enabled(void) + char buf[20], path[PATH_MAX]; + int fd, ret, enabled = 0; - extern int init_context_translations(void); -+extern void fini_context_translations(void); -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/avcstat.c libselinux-1.30.7/utils/avcstat.c ---- nsalibselinux/utils/avcstat.c 2006-05-15 09:43:20.000000000 -0400 -+++ libselinux-1.30.7/utils/avcstat.c 2006-05-17 06:18:39.000000000 -0400 -@@ -27,12 +27,12 @@ - #define HEADERS "lookups hits misses allocations reclaims frees" ++ if (!selinux_mnt) ++ return enabled; ++ + snprintf(path, sizeof path, "%s/mls", selinux_mnt); + fd = open(path, O_RDONLY); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/getenforce.c libselinux-1.29.7/src/getenforce.c +--- libselinux-1.29.7.orig/src/getenforce.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/getenforce.c 2006-05-31 20:48:56.000000000 +0800 +@@ -15,6 +15,9 @@ int security_getenforce(void) + char path[PATH_MAX]; + char buf[20]; - struct avc_cache_stats { -- unsigned int lookups; -- unsigned int hits; -- unsigned int misses; -- unsigned int allocations; -- unsigned int reclaims; -- unsigned int frees; -+ unsigned long long lookups; -+ unsigned long long hits; -+ unsigned long long misses; -+ unsigned long long allocations; -+ unsigned long long reclaims; -+ unsigned long long frees; - }; ++ if (!selinux_mnt) ++ return -1; ++ + snprintf(path, sizeof path, "%s/enforce", selinux_mnt); + fd = open(path, O_RDONLY); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/load_policy.c libselinux-1.29.7/src/load_policy.c +--- libselinux-1.29.7.orig/src/load_policy.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/load_policy.c 2006-05-31 20:49:33.000000000 +0800 +@@ -20,6 +20,9 @@ int security_load_policy(void *data, siz + char path[PATH_MAX]; + int fd, ret; + ++ if (!selinux_mnt) ++ return -1; ++ + snprintf(path, sizeof path, "%s/load", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) +diff -Nurp libselinux-1.29.7.orig/src/policyvers.c libselinux-1.29.7/src/policyvers.c +--- libselinux-1.29.7.orig/src/policyvers.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/policyvers.c 2006-05-31 20:50:22.000000000 +0800 +@@ -19,6 +19,9 @@ int security_policyvers(void) + char buf[20]; + unsigned vers = DEFAULT_POLICY_VERSION; - static int interval; -@@ -172,7 +172,7 @@ - while ((line = strtok(NULL, "\n"))) { - struct avc_cache_stats tmp; - -- ret = sscanf(line, "%u %u %u %u %u %u", -+ ret = sscanf(line, "%Lu %Lu %Lu %Lu %Lu %Lu", - &tmp.lookups, - &tmp.hits, - &tmp.misses, -@@ -195,7 +195,7 @@ - die("unable to parse \'%s\': no data", avcstatfile); ++ if (!selinux_mnt) ++ return -1; ++ + snprintf(path, sizeof path, "%s/policyvers", selinux_mnt); + fd = open(path, O_RDONLY); + if (fd < 0) { +diff -Nurp libselinux-1.29.7.orig/src/setenforce.c libselinux-1.29.7/src/setenforce.c +--- libselinux-1.29.7.orig/src/setenforce.c 2006-01-20 23:37:52.000000000 +0800 ++++ libselinux-1.29.7/src/setenforce.c 2006-05-31 20:50:51.000000000 +0800 +@@ -15,6 +15,9 @@ int security_setenforce(int value) + char path[PATH_MAX]; + char buf[20]; - if (cumulative || (!cumulative && !i)) -- printf("%10u %10u %10u %10u %10u %10u\n", -+ printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", - tot.lookups, tot.hits, tot.misses, - tot.allocations, tot.reclaims, tot.frees); - else { -@@ -205,7 +205,7 @@ - rel.allocations = tot.allocations - last.allocations; - rel.reclaims = tot.reclaims - last.reclaims; - rel.frees = tot.frees - last.frees; -- printf("%10u %10u %10u %10u %10u %10u\n", -+ printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", - rel.lookups, rel.hits, rel.misses, - rel.allocations, rel.reclaims, rel.frees); - } ++ if (!selinux_mnt) ++ return -1; ++ + snprintf(path, sizeof path, "%s/enforce", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) diff --git a/libselinux.spec b/libselinux.spec index 93a1828..a4c4030 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -2,10 +2,11 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 1.30.11 -Release: 1 +Release: 2 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: libselinux-rhat.patch BuildRequires: libsepol-devel >= %{libsepolver} swig Requires: libsepol >= %{libsepolver} setransd @@ -47,6 +48,7 @@ needed for developing SELinux applications. %prep %setup -q +%patch -p1 -b .rhat %build make clean @@ -115,6 +117,9 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Thu Jun 1 2006 Dan Walsh 1.30.11-2 +- Check for selinux_mnt == NULL + * Tue May 30 2006 Dan Walsh 1.30.11-1 * Merged matchmediacon and trans_to_raw_context fixes from Serge Hallyn.