From 200265d77f8a366a14748c37a26b1d0e81becbedff7190efb6eda1ce8b643260 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Tue, 9 Mar 2010 14:46:15 +0000 Subject: [PATCH] Accepting request 34370 from security:SELinux Copy from security:SELinux/libsemanage based on submit request 34370 from user prusnak OBS-URL: https://build.opensuse.org/request/show/34370 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsemanage?expand=0&rev=9 --- libsemanage-2.0.31-rhat.patch | 59 ----- libsemanage-2.0.31.tar.bz2 | 3 - libsemanage-2.0.43.tar.bz2 | 3 + libsemanage-rhat.patch | 471 ++++++++++++++++++++++++++++++++++ libsemanage.changes | 6 + libsemanage.spec | 112 ++++---- 6 files changed, 527 insertions(+), 127 deletions(-) delete mode 100644 libsemanage-2.0.31-rhat.patch delete mode 100644 libsemanage-2.0.31.tar.bz2 create mode 100644 libsemanage-2.0.43.tar.bz2 create mode 100644 libsemanage-rhat.patch diff --git a/libsemanage-2.0.31-rhat.patch b/libsemanage-2.0.31-rhat.patch deleted file mode 100644 index 307f1d8..0000000 --- a/libsemanage-2.0.31-rhat.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.31/src/genhomedircon.c ---- nsalibsemanage/src/genhomedircon.c 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.31/src/genhomedircon.c 2009-03-11 15:36:08.000000000 -0400 -@@ -794,6 +794,12 @@ - * /root */ - continue; - } -+ if (strcmp(pwent->pw_dir, "/root") == 0) { -+ /* don't relabel / genhomdircon checked to see if root -+ * was the user and if so, set his home directory to -+ * /root */ -+ continue; -+ } - if (push_user_entry(&head, name, seuname, - prefix, pwent->pw_dir) != STATUS_SUCCESS) { - *errors = STATUS_ERR; -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/handle.c libsemanage-2.0.31/src/handle.c ---- nsalibsemanage/src/handle.c 2008-11-14 17:10:15.000000000 -0500 -+++ libsemanage-2.0.31/src/handle.c 2009-03-11 15:36:26.000000000 -0400 -@@ -264,7 +264,7 @@ - assert(sh != NULL && sh->funcs != NULL && sh->funcs->commit != NULL); - if (!sh->is_in_transaction) { - ERR(sh, -- "Will not commit because caller does not have a tranaction lock yet."); -+ "Will not commit because caller does not have a transaction lock yet."); - return -1; - } - retval = sh->funcs->commit(sh); -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage.conf libsemanage-2.0.31/src/semanage.conf ---- nsalibsemanage/src/semanage.conf 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.31/src/semanage.conf 2009-03-11 15:36:08.000000000 -0400 -@@ -35,4 +35,4 @@ - # given in . Change this setting if a different - # version is necessary. - #policy-version = 19 -- -+expand-check=0 -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.31/src/semanage_store.c ---- nsalibsemanage/src/semanage_store.c 2009-01-13 08:45:35.000000000 -0500 -+++ libsemanage-2.0.31/src/semanage_store.c 2009-03-11 15:36:08.000000000 -0400 -@@ -440,8 +440,6 @@ - char tmp[PATH_MAX]; - char buf[4192]; - -- if (link(src,dst) == 0) return 0; -- - n = snprintf(tmp, PATH_MAX, "%s.tmp", dst); - if (n < 0 || n >= PATH_MAX) - return -1; -@@ -509,7 +507,8 @@ - goto cleanup; - } - } else if (S_ISREG(sb.st_mode)) { -- if (semanage_copy_file(path, path2, sb.st_mode) == -1) { -+ if ((link(path,path2) == -1) && -+ (semanage_copy_file(path, path2, sb.st_mode) == -1)) { - goto cleanup; - } - } diff --git a/libsemanage-2.0.31.tar.bz2 b/libsemanage-2.0.31.tar.bz2 deleted file mode 100644 index 87e2134..0000000 --- a/libsemanage-2.0.31.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6e0ca56b18132a9554b3dfa2035a2a704ae26ab0a03ec45af2d35f9a2a2872a3 -size 136880 diff --git a/libsemanage-2.0.43.tar.bz2 b/libsemanage-2.0.43.tar.bz2 new file mode 100644 index 0000000..87a5db3 --- /dev/null +++ b/libsemanage-2.0.43.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e84050279e47a1b31b6b69735ca081d417073ab6063c951a37511b9fdf5dc7e5 +size 142398 diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch new file mode 100644 index 0000000..aeaf0f4 --- /dev/null +++ b/libsemanage-rhat.patch @@ -0,0 +1,471 @@ +diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/modules.h libsemanage-2.0.43/include/semanage/modules.h +--- nsalibsemanage/include/semanage/modules.h 2009-01-13 08:45:35.000000000 -0500 ++++ libsemanage-2.0.43/include/semanage/modules.h 2009-12-16 16:07:43.000000000 -0500 +@@ -40,10 +40,12 @@ + char *module_data, size_t data_len); + int semanage_module_install_base_file(semanage_handle_t *, + const char *module_name); ++int semanage_module_enable(semanage_handle_t *, char *module_name); ++int semanage_module_disable(semanage_handle_t *, char *module_name); + int semanage_module_remove(semanage_handle_t *, char *module_name); + + /* semanage_module_info is for getting information on installed +- modules, only name and version at this time */ ++ modules, only name and version, and enabled/disabled flag at this time */ + typedef struct semanage_module_info semanage_module_info_t; + + int semanage_module_list(semanage_handle_t *, +@@ -53,5 +55,6 @@ + int n); + const char *semanage_module_get_name(semanage_module_info_t *); + const char *semanage_module_get_version(semanage_module_info_t *); ++int semanage_module_get_enabled(semanage_module_info_t *); + + #endif +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.43/src/direct_api.c +--- nsalibsemanage/src/direct_api.c 2009-09-17 08:59:43.000000000 -0400 ++++ libsemanage-2.0.43/src/direct_api.c 2009-12-16 16:07:43.000000000 -0500 +@@ -66,6 +66,8 @@ + static int semanage_direct_install_base(semanage_handle_t * sh, char *base_data, + size_t data_len); + static int semanage_direct_install_base_file(semanage_handle_t * sh, const char *module_name); ++static int semanage_direct_enable(semanage_handle_t * sh, char *module_name); ++static int semanage_direct_disable(semanage_handle_t * sh, char *module_name); + static int semanage_direct_remove(semanage_handle_t * sh, char *module_name); + static int semanage_direct_list(semanage_handle_t * sh, + semanage_module_info_t ** modinfo, +@@ -83,6 +85,8 @@ + .upgrade_file = semanage_direct_upgrade_file, + .install_base = semanage_direct_install_base, + .install_base_file = semanage_direct_install_base_file, ++ .enable = semanage_direct_enable, ++ .disable = semanage_direct_disable, + .remove = semanage_direct_remove, + .list = semanage_direct_list + }; +@@ -348,10 +352,17 @@ + semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES)) == NULL) { + return -1; + } +- if (asprintf(filename, "%s/%s.pp", module_path, *module_name) == -1) { ++ if (asprintf(filename, "%s/%s.pp%s", module_path, *module_name, DISABLESTR) == -1) { + ERR(sh, "Out of memory!"); + return -1; + } ++ ++ if (access(*filename, F_OK) == -1) { ++ char *ptr = *filename; ++ int len = strlen(ptr) - strlen(DISABLESTR); ++ if (len > 0) ptr[len]='\0'; ++ } ++ + return 0; + } + +@@ -1273,6 +1284,107 @@ + return retval; + } + ++/* Enables a module from the sandbox. Returns 0 on success, -1 if out ++ * of memory, -2 if module not found or could not be enabled. */ ++static int semanage_direct_enable(semanage_handle_t * sh, char *module_name) ++{ ++ int i, retval = -1; ++ char **module_filenames = NULL; ++ int num_mod_files; ++ size_t name_len = strlen(module_name); ++ if (semanage_get_modules_names(sh, &module_filenames, &num_mod_files) == ++ -1) { ++ return -1; ++ } ++ for (i = 0; i < num_mod_files; i++) { ++ char *base = strrchr(module_filenames[i], '/'); ++ if (base == NULL) { ++ ERR(sh, "Could not read module names."); ++ retval = -2; ++ goto cleanup; ++ } ++ base++; ++ if (memcmp(module_name, base, name_len) == 0 && ++ strcmp(base + name_len + 3, DISABLESTR) == 0) { ++ int len = strlen(module_filenames[i]) - strlen(DISABLESTR); ++ char *enabled_name = calloc(1, len+1); ++ if (!enabled_name) { ++ ERR(sh, "Could not allocate memory"); ++ retval = -1; ++ goto cleanup; ++ } ++ ++ strncpy(enabled_name, module_filenames[i],len); ++ ++ if (rename(module_filenames[i], enabled_name) == -1) { ++ ERR(sh, "Could not enable module file %s.", ++ enabled_name); ++ retval = -2; ++ } ++ retval = 0; ++ free(enabled_name); ++ goto cleanup; ++ } ++ } ++ ERR(sh, "Module %s was not found.", module_name); ++ retval = -2; /* module not found */ ++ cleanup: ++ for (i = 0; module_filenames != NULL && i < num_mod_files; i++) { ++ free(module_filenames[i]); ++ } ++ free(module_filenames); ++ return retval; ++} ++ ++/* Enables a module from the sandbox. Returns 0 on success, -1 if out ++ * of memory, -2 if module not found or could not be enabled. */ ++static int semanage_direct_disable(semanage_handle_t * sh, char *module_name) ++{ ++ int i, retval = -1; ++ char **module_filenames = NULL; ++ int num_mod_files; ++ size_t name_len = strlen(module_name); ++ if (semanage_get_modules_names(sh, &module_filenames, &num_mod_files) == ++ -1) { ++ return -1; ++ } ++ for (i = 0; i < num_mod_files; i++) { ++ char *base = strrchr(module_filenames[i], '/'); ++ if (base == NULL) { ++ ERR(sh, "Could not read module names."); ++ retval = -2; ++ goto cleanup; ++ } ++ base++; ++ if (memcmp(module_name, base, name_len) == 0 && ++ strcmp(base + name_len, ".pp") == 0) { ++ char disabled_name[PATH_MAX]; ++ if (snprintf(disabled_name, PATH_MAX, "%s%s", ++ module_filenames[i], DISABLESTR) == PATH_MAX) { ++ ERR(sh, "Could not disable module file %s.", ++ module_filenames[i]); ++ retval = -2; ++ goto cleanup; ++ } ++ if (rename(module_filenames[i], disabled_name) == -1) { ++ ERR(sh, "Could not disable module file %s.", ++ module_filenames[i]); ++ retval = -2; ++ } ++ retval = 0; ++ goto cleanup; ++ } ++ } ++ ERR(sh, "Module %s was not found.", module_name); ++ retval = -2; /* module not found */ ++ cleanup: ++ for (i = 0; module_filenames != NULL && i < num_mod_files; i++) { ++ free(module_filenames[i]); ++ } ++ free(module_filenames); ++ return retval; ++} ++ + /* Removes a module from the sandbox. Returns 0 on success, -1 if out + * of memory, -2 if module not found or could not be removed. */ + static int semanage_direct_remove(semanage_handle_t * sh, char *module_name) +@@ -1293,8 +1405,7 @@ + goto cleanup; + } + base++; +- if (memcmp(module_name, base, name_len) == 0 && +- strcmp(base + name_len, ".pp") == 0) { ++ if (memcmp(module_name, base, name_len) == 0) { + if (unlink(module_filenames[i]) == -1) { + ERR(sh, "Could not remove module file %s.", + module_filenames[i]); +@@ -1369,6 +1480,7 @@ + } + ssize_t size; + char *data = NULL; ++ int enabled = semanage_module_enabled(module_filenames[i]); + + if ((size = bunzip(sh, fp, &data)) > 0) { + fclose(fp); +@@ -1393,6 +1505,7 @@ + if (type == SEPOL_POLICY_MOD) { + (*modinfo)[*num_modules].name = name; + (*modinfo)[*num_modules].version = version; ++ (*modinfo)[*num_modules].enabled = enabled; + (*num_modules)++; + } else { + /* file was not a module, so don't report it */ +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.43/src/genhomedircon.c +--- nsalibsemanage/src/genhomedircon.c 2009-09-17 08:59:43.000000000 -0400 ++++ libsemanage-2.0.43/src/genhomedircon.c 2009-12-16 16:07:43.000000000 -0500 +@@ -310,6 +310,10 @@ + } + if (strcmp(pwbuf->pw_dir, "/") == 0) + continue; ++ if (strcmp(pwbuf->pw_dir, "/root") == 0) { ++ continue; ++ } ++ + if (semanage_str_count(pwbuf->pw_dir, '/') <= 1) + continue; + if (!(path = strdup(pwbuf->pw_dir))) { +@@ -803,6 +807,9 @@ + * /root */ + continue; + } ++ if (strcmp(pwent->pw_dir, "/root") == 0) { ++ continue; ++ } + if (push_user_entry(&head, name, seuname, + prefix, pwent->pw_dir) != STATUS_SUCCESS) { + *errors = STATUS_ERR; +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.43/src/libsemanage.map +--- nsalibsemanage/src/libsemanage.map 2009-10-29 15:21:39.000000000 -0400 ++++ libsemanage-2.0.43/src/libsemanage.map 2009-12-16 16:07:43.000000000 -0500 +@@ -6,10 +6,13 @@ + semanage_module_install; semanage_module_install_file; + semanage_module_upgrade; semanage_module_upgrade_file; + semanage_module_install_base; semanage_module_install_base_file; ++ semanage_module_enable; ++ semanage_module_disable; + semanage_module_remove; + semanage_module_list; semanage_module_info_datum_destroy; + semanage_module_list_nth; semanage_module_get_name; + semanage_module_get_version; semanage_select_store; ++ semanage_module_get_enabled; + semanage_reload_policy; semanage_set_reload; semanage_set_rebuild; + semanage_user_*; semanage_bool_*; semanage_seuser_*; + semanage_iface_*; semanage_port_*; semanage_context_*; +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile libsemanage-2.0.43/src/Makefile +--- nsalibsemanage/src/Makefile 2009-12-01 15:46:50.000000000 -0500 ++++ libsemanage-2.0.43/src/Makefile 2009-12-16 16:07:47.000000000 -0500 +@@ -47,7 +47,7 @@ + LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo + CFLAGS ?= -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter + +-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE ++override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -fPIC + + SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ + +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/module_internal.h libsemanage-2.0.43/src/module_internal.h +--- nsalibsemanage/src/module_internal.h 2008-08-28 09:34:24.000000000 -0400 ++++ libsemanage-2.0.43/src/module_internal.h 2009-12-16 16:07:43.000000000 -0500 +@@ -6,6 +6,7 @@ + + hidden_proto(semanage_module_get_name) + hidden_proto(semanage_module_get_version) ++ hidden_proto(semanage_module_get_enabled) + hidden_proto(semanage_module_info_datum_destroy) + hidden_proto(semanage_module_list_nth) + #endif +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.c libsemanage-2.0.43/src/modules.c +--- nsalibsemanage/src/modules.c 2009-09-17 08:59:43.000000000 -0400 ++++ libsemanage-2.0.43/src/modules.c 2009-12-16 16:07:43.000000000 -0500 +@@ -154,6 +154,40 @@ + return sh->funcs->install_base_file(sh, module_name); + } + ++int semanage_module_enable(semanage_handle_t * sh, char *module_name) ++{ ++ if (sh->funcs->enable == NULL) { ++ ERR(sh, "No enable function defined for this connection type."); ++ return -1; ++ } else if (!sh->is_connected) { ++ ERR(sh, "Not connected."); ++ return -1; ++ } else if (!sh->is_in_transaction) { ++ if (semanage_begin_transaction(sh) < 0) { ++ return -1; ++ } ++ } ++ sh->modules_modified = 1; ++ return sh->funcs->enable(sh, module_name); ++} ++ ++int semanage_module_disable(semanage_handle_t * sh, char *module_name) ++{ ++ if (sh->funcs->disable == NULL) { ++ ERR(sh, "No disable function defined for this connection type."); ++ return -1; ++ } else if (!sh->is_connected) { ++ ERR(sh, "Not connected."); ++ return -1; ++ } else if (!sh->is_in_transaction) { ++ if (semanage_begin_transaction(sh) < 0) { ++ return -1; ++ } ++ } ++ sh->modules_modified = 1; ++ return sh->funcs->disable(sh, module_name); ++} ++ + int semanage_module_remove(semanage_handle_t * sh, char *module_name) + { + if (sh->funcs->remove == NULL) { +@@ -209,6 +243,13 @@ + + hidden_def(semanage_module_get_name) + ++int semanage_module_get_enabled(semanage_module_info_t * modinfo) ++{ ++ return modinfo->enabled; ++} ++ ++hidden_def(semanage_module_get_enabled) ++ + const char *semanage_module_get_version(semanage_module_info_t * modinfo) + { + return modinfo->version; +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.h libsemanage-2.0.43/src/modules.h +--- nsalibsemanage/src/modules.h 2008-08-28 09:34:24.000000000 -0400 ++++ libsemanage-2.0.43/src/modules.h 2009-12-16 16:07:43.000000000 -0500 +@@ -26,6 +26,7 @@ + struct semanage_module_info { + char *name; /* Key */ + char *version; ++ int enabled; + }; + + #endif +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/policy.h libsemanage-2.0.43/src/policy.h +--- nsalibsemanage/src/policy.h 2009-01-13 08:45:35.000000000 -0500 ++++ libsemanage-2.0.43/src/policy.h 2009-12-16 16:07:43.000000000 -0500 +@@ -58,6 +58,12 @@ + /* Upgrade a policy module */ + int (*upgrade_file) (struct semanage_handle *, const char *); + ++ /* Enable a policy module */ ++ int (*enable) (struct semanage_handle *, char *); ++ ++ /* Disable a policy module */ ++ int (*disable) (struct semanage_handle *, char *); ++ + /* Remove a policy module */ + int (*remove) (struct semanage_handle *, char *); + +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage.conf libsemanage-2.0.43/src/semanage.conf +--- nsalibsemanage/src/semanage.conf 2008-08-28 09:34:24.000000000 -0400 ++++ libsemanage-2.0.43/src/semanage.conf 2009-12-16 16:07:43.000000000 -0500 +@@ -35,4 +35,4 @@ + # given in . Change this setting if a different + # version is necessary. + #policy-version = 19 +- ++expand-check=0 +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.43/src/semanage_store.c +--- nsalibsemanage/src/semanage_store.c 2009-10-29 15:21:39.000000000 -0400 ++++ libsemanage-2.0.43/src/semanage_store.c 2009-12-16 16:07:43.000000000 -0500 +@@ -57,6 +57,8 @@ + + #include "debug.h" + ++const char *DISABLESTR=".disabled"; ++ + #define SEMANAGE_CONF_FILE "semanage.conf" + /* relative path names to enum semanage_paths to special files and + * directories for the module store */ +@@ -433,6 +435,21 @@ + return 1; + } + ++int semanage_module_enabled(const char *file) { ++ int len = strlen(file) - strlen(DISABLESTR); ++ return (len < 0 || strcmp(&file[len], DISABLESTR) != 0); ++} ++ ++static int semanage_modulename_select(const struct dirent *d) ++{ ++ if (d->d_name[0] == '.' ++ && (d->d_name[1] == '\0' ++ || (d->d_name[1] == '.' && d->d_name[2] == '\0'))) ++ return 0; ++ ++ return semanage_module_enabled(d->d_name); ++} ++ + /* Copies a file from src to dst. If dst already exists then + * overwrite it. Returns 0 on success, -1 on error. */ + static int semanage_copy_file(const char *src, const char *dst, mode_t mode) +@@ -599,15 +616,8 @@ + return -1; + } + +-/* Scans the modules directory for the current semanage handler. This +- * might be the active directory or sandbox, depending upon if the +- * handler has a transaction lock. Allocates and fills in *filenames +- * with an array of module filenames; length of array is stored in +- * *len. The caller is responsible for free()ing *filenames and its +- * individual elements. Upon success returns 0, -1 on error. +- */ +-int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames, +- int *len) ++static int semanage_get_modules_names_filter(semanage_handle_t * sh, char ***filenames, ++ int *len, int (*filter)(const struct dirent *)) + { + const char *modules_path; + struct dirent **namelist = NULL; +@@ -622,7 +632,7 @@ + *filenames = NULL; + *len = 0; + if ((num_files = scandir(modules_path, &namelist, +- semanage_filename_select, alphasort)) == -1) { ++ filter, alphasort)) == -1) { + ERR(sh, "Error while scanning directory %s.", modules_path); + goto cleanup; + } +@@ -663,6 +673,34 @@ + return retval; + } + ++/* Scans the modules directory for the current semanage handler. This ++ * might be the active directory or sandbox, depending upon if the ++ * handler has a transaction lock. Allocates and fills in *filenames ++ * with an array of module filenames; length of array is stored in ++ * *len. The caller is responsible for free()ing *filenames and its ++ * individual elements. Upon success returns 0, -1 on error. ++ */ ++int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames, ++ int *len) ++{ ++ return semanage_get_modules_names_filter(sh, filenames, ++ len, semanage_filename_select); ++} ++ ++/* Scans the modules directory for the current semanage handler. This ++ * might be the active directory or sandbox, depending upon if the ++ * handler has a transaction lock. Allocates and fills in *filenames ++ * with an array of module filenames; length of array is stored in ++ * *len. The caller is responsible for free()ing *filenames and its ++ * individual elements. Upon success returns 0, -1 on error. ++ */ ++int semanage_get_active_modules_names(semanage_handle_t * sh, char ***filenames, ++ int *len) ++{ ++ return semanage_get_modules_names_filter(sh, filenames, ++ len, semanage_modulename_select); ++} ++ + /******************* routines that run external programs *******************/ + + /* Appends a single character to a string. Returns a pointer to the +@@ -1589,7 +1627,7 @@ + } + + /* get list of modules and load them */ +- if (semanage_get_modules_names(sh, &module_filenames, &num_modules) == ++ if (semanage_get_active_modules_names(sh, &module_filenames, &num_modules) == + -1 || semanage_load_module(sh, base_filename, base) == -1) { + goto cleanup; + } +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.43/src/semanage_store.h +--- nsalibsemanage/src/semanage_store.h 2009-07-07 15:32:32.000000000 -0400 ++++ libsemanage-2.0.43/src/semanage_store.h 2009-12-16 16:07:43.000000000 -0500 +@@ -128,4 +128,6 @@ + size_t buf_len, + char **sorted_buf, size_t * sorted_buf_len); + ++extern const char *DISABLESTR; ++ + #endif diff --git a/libsemanage.changes b/libsemanage.changes index 92be80a..37a500d 100644 --- a/libsemanage.changes +++ b/libsemanage.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz + +- updated to 2.0.43 + * changes too numerous to list + ------------------------------------------------------------------- Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz diff --git a/libsemanage.spec b/libsemanage.spec index 5a836b1..f3167d5 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,7 +1,7 @@ # -# spec file for package libsemanage (Version 2.0.31) +# spec file for package libsemanage (Version 2.0.43) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,57 +17,54 @@ # norootforbuild -%define libsepol_ver 2.0.20 +%define libsepol_ver 2.0.37 %define libselinux_ver 2.0.0 BuildRequires: bison flex libustr-devel python-devel swig BuildRequires: libselinux-devel >= %{libselinux_ver} BuildRequires: libsepol-devel >= %{libsepol_ver} Name: libsemanage -Version: 2.0.31 -Release: 3 +Version: 2.0.43 +Release: 1 Url: http://www.nsa.gov/selinux/ -License: LGPL v2.1 only +License: LGPLv2.1 Group: System/Libraries Summary: SELinux binary policy manipulation library Source: %{name}-%{version}.tar.bz2 -Patch0: %{name}-%{version}-rhat.patch +Patch0: %{name}-rhat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires libsemanage1 = %{version}-%{release} %description -Security-enhanced Linux is a feature of the Linux(R) kernel and a -number of utilities with enhanced security functionality designed to -add mandatory access controls to Linux. The Security-enhanced Linux +Security-enhanced Linux is a feature of the Linux kernel and a number +of utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to -improve the security of the Flask operating system. These architectural -components provide general support for the enforcement of many kinds of -mandatory access control policies, including those based on the -concepts of Type Enforcement(R), Role-based Access Control, and -Multi-level Security. - -libsemanage provides an API for the manipulation of SELinux binary -policies. It is used by checkpolicy (the policy compiler) and similar -tools, as well as by programs like load_policy that need to perform -specific transformations on binary policies such as customizing policy -boolean settings. - +improve the security of the Flask operating system. These +architectural components provide general support for the enforcement +of many kinds of mandatory access control policies, including those +based on the concepts of Type Enforcement, Role-based Access +Control, and Multi-level Security. +libsemanage provides an API for the manipulation of SELinux binary policies. +It is used by checkpolicy (the policy compiler) and similar tools, as well +as by programs like load_policy that need to perform specific transformations +on binary policies such as customizing policy boolean settings. %package -n libsemanage1 -License: LGPL v2.1 only +License: LGPLv2.1 Group: System/Libraries Summary: SELinux binary policy manipulation library %description -n libsemanage1 -Security-enhanced Linux is a feature of the Linux(R) kernel and a +Security-enhanced Linux is a feature of the Linux kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the -concepts of Type Enforcement(R), Role-based Access Control, and +concepts of Type Enforcement, Role-based Access Control, and Multi-level Security. libsemanage provides an API for the manipulation of SELinux binary @@ -76,63 +73,43 @@ tools, as well as by programs like load_policy that need to perform specific transformations on binary policies such as customizing policy boolean settings. - - %package devel -License: LGPL v2.1 only -Summary: SELinux binary policy manipulation library -Group: System/Libraries +License: LGPLv2.1 +Summary: Header files and libraries used to build policy manipulation tools +Group: Development/Libraries Requires: libsemanage1 = %{version} libustr-devel %description devel -Security-enhanced Linux is a feature of the Linux(R) kernel and a -number of utilities with enhanced security functionality designed to -add mandatory access controls to Linux. The Security-enhanced Linux -kernel contains new architectural components originally developed to -improve the security of the Flask operating system. These architectural -components provide general support for the enforcement of many kinds of -mandatory access control policies, including those based on the -concepts of Type Enforcement(R), Role-based Access Control, and -Multi-level Security. +The semanage-devel package contains the libraries and header files +needed for developing applications that manipulate binary policies. -libsemanage provides an API for the manipulation of SELinux binary -policies. It is used by checkpolicy (the policy compiler) and similar -tools, as well as by programs like load_policy that need to perform -specific transformations on binary policies such as customizing policy -boolean settings. +%package devel-static +License: LGPLv2.1 +Summary: SELinux binary policy manipulation library +Group: System/Libraries +Requires: libsemanage-devel +%description devel-static +The semanage-static package contains the static libraries +needed for developing applications that manipulate binary policies. %package -n python-semanage -License: LGPL v2.1 only -Summary: SELinux binary policy manipulation library -Group: System/Libraries +License: LGPLv2.1 +Summary: semanage python bindings for libsemanage +Group: Development/Libraries Requires: libsemanage1 = %{version} %description -n python-semanage -Security-enhanced Linux is a feature of the Linux® kernel and a number -of utilities with enhanced security functionality designed to add -mandatory access controls to Linux. The Security-enhanced Linux kernel -contains new architectural components originally developed to improve -the security of the Flask operating system. These architectural -components provide general support for the enforcement of many kinds of -mandatory access control policies, including those based on the -concepts of Type Enforcement®, Role-based Access Control, and -Multi-level Security. - -libsemanage provides an API for the manipulation of SELinux binary -policies. It is used by checkpolicy (the policy compiler) and similar -tools, as well as by programs like load_policy that need to perform -specific transformations on binary policies such as customizing policy -boolean settings. - - +The libsemanage-python package contains the python bindings for developing +SELinux management applications. %prep %setup -q %patch0 -p1 %build +make clean make %{?jobs:-j%jobs} CFLAGS="$RPM_OPT_FLAGS" swigify make %{?jobs:-j%jobs} CFLAGS="$RPM_OPT_FLAGS" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all pywrap @@ -141,6 +118,7 @@ mkdir -p $RPM_BUILD_ROOT/%{_lib} mkdir -p $RPM_BUILD_ROOT%{_libdir} mkdir -p $RPM_BUILD_ROOT%{_includedir} make DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" SHLIBDIR="$RPM_BUILD_ROOT/%{_lib}" install install-pywrap +ln -sf /%{_lib}/libsemanage.so.1 ${RPM_BUILD_ROOT}/%{_libdir}/libsemanage.so %clean rm -rf $RPM_BUILD_ROOT @@ -157,12 +135,16 @@ rm -rf $RPM_BUILD_ROOT %files devel %defattr(-,root,root) -%{_libdir}/libsemanage.a %{_libdir}/libsemanage.so +%{_libdir}/pkgconfig/libsemanage.pc %dir %{_includedir}/semanage %{_includedir}/semanage/*.h %{_mandir}/man3/* +%files devel-static +%defattr(-,root,root) +%{_libdir}/libsemanage.a + %files -n python-semanage %defattr(-,root,root) %{_libdir}/python*/site-packages/*