[libsemanage] Upgrade to upstream * regenerate .pc on VERSION change * maintain mode even if umask is tighter *
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Nov 4 13:37:35 UTC 2011
commit a29afa3a349e98922e315979830c4c6e39dcb28a
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Nov 4 09:37:32 2011 -0400
Upgrade to upstream
* regenerate .pc on VERSION change
* maintain mode even if umask is tighter
* semanage.conf man page
* create man5dir if not exist
.gitignore | 1 +
libsemanage-rhat.patch | 146 ------------------------------------------------
libsemanage.spec | 13 +++-
sources | 2 +-
4 files changed, 12 insertions(+), 150 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 56fe43d..73fe96c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -123,3 +123,4 @@ libsemanage-2.0.45.tgz
/libsemanage-2.1.2.tgz
/libsemanage-2.1.3.tgz
/libsemanage-2.1.4.tgz
+/libsemanage-2.1.5.tgz
diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch
index 0728ced..9af62d8 100644
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@@ -1,119 +1,3 @@
-diff --git a/libsemanage/man/Makefile b/libsemanage/man/Makefile
-index 8b2a2b9..852043d 100644
---- a/libsemanage/man/Makefile
-+++ b/libsemanage/man/Makefile
-@@ -1,9 +1,12 @@
- # Installation directories.
- MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
-+MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
-
- all:
-
- install: all
- mkdir -p $(MAN3DIR)
-+ mkdir -p $(MAN5DIR)
- install -m 644 man3/*.3 $(MAN3DIR)
-+ install -m 644 man5/*.5 $(MAN5DIR)
-
-diff --git a/libsemanage/man/man5/semanage.conf.5 b/libsemanage/man/man5/semanage.conf.5
-new file mode 100644
-index 0000000..c60bdc6
---- /dev/null
-+++ b/libsemanage/man/man5/semanage.conf.5
-@@ -0,0 +1,93 @@
-+.TH semanage.conf "5" "September 2011" "semanage.conf" "Linux System Administration"
-+.SH NAME
-+semanage.conf \- global configuration file for the SELinux Management library
-+.SH DESCRIPTION
-+.PP
-+The
-+.BR semanage.conf
-+file is usually located under the directory /etc/selinux and it is used for run-time configuration of the
-+behavior of the SELinux Management library.
-+
-+.PP
-+Each line should contain a configuration parameter followed by the equal sign ("=") and then followed by the configuration value for that
-+parameter. Anything after the "#" symbol is ignored similarly to empty lines.
-+
-+.PP
-+The following parameters are allowed:
-+
-+.RS
-+.TP
-+.B module-store
-+Specify how the SELinux Management library should interact with the SELinux policy store. When set to "direct", the SELinux
-+Management library writes to the SELinux policy module store directly (this is the default setting).
-+Otherwise a socket path or a server name can be used for the argument.
-+If the argument begins with "/" (as in "/foo/bar"), it represents the path to a named socket that should be used to connect the policy management
-+server.
-+If the argument does not begin with a "/" (as in "foo.com:4242"), it should be interpreted as the name of a remote policy management server
-+to be used through a TCP connection (default port is 4242 unless a different one is specified after the server name using the colon to separate
-+the two fields).
-+
-+.TP
-+.B policy-version
-+When generating the policy, by default
-+.BR semanage
-+will set the policy version to POLICYDB_VERSION_MAX, as defined in <sepol/policydb/policydb.h>. Change this setting if a different
-+version needs to be set for the policy.
-+
-+.TP
-+.B expand-check
-+Whether or not to check "neverallow" rules when executing all
-+.BR semanage
-+command. It can be set to either "0" (disabled) or "1" (enabled) and by default it is enabled. There might be a large
-+penalty in execution time if this option is enabled.
-+
-+.TP
-+.B file-mode
-+By default the permission mode for the run-time policy files is set to 0644.
-+
-+.TP
-+.B save-previous
-+It controls whether the previous module directory is saved after a successful commit to the policy store and it can be set to
-+either "true" or "false". By default it is set to "false" (the previous version is deleted).
-+
-+.TP
-+.B save-linked
-+It controls whether the previously linked module is saved (with name "base.linked") after a successful commit to the policy store.
-+It can be set to either "true" or "false" and by default it is set to "false" (the previous module is deleted).
-+
-+.TP
-+.B usepasswd
-+Whether or not to enable the use getpwent() to obtain a list of home directories to label. It can be set to either "true" or "false".
-+By default it is set to "true".
-+
-+.TP
-+.B disable-genhomedircon
-+It controls whether or not the genhomedircon function is executed when using the
-+.BR semanage
-+command and it can be set to either "false" or "true". By default the genhomedircon functionality is enabled (equivalent
-+to this option set to "false").
-+
-+.TP
-+.B handle-unknown
-+This option controls the kernel behavior for handling permissions defined in the kernel but missing from the actual policy.
-+It can be set to "deny", "reject" or "allow".
-+
-+.TP
-+.B bzip-blocksize
-+It should be in the range 0-9. A value of 0 means no compression. By default the bzip block size is set to 9 (actual block
-+size value is obtained after multiplication by 100000).
-+
-+.TP
-+.B bzip-small
-+When set to "true", the bzip algorithm shall try to reduce its system memory usage. It can be set to either "true" or "false" and
-+by default it is set to "false".
-+
-+.SH "SEE ALSO"
-+.TP
-+semanage(8)
-+.PP
-+
-+.SH AUTHOR
-+This manual page was written by Guido Trentalancia <guido at trentalancia.com>.
-+
-+The SELinux management library was written by Tresys Technology LLC and Red Hat Inc.
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index 847d87e..2870fa8 100644
--- a/libsemanage/src/genhomedircon.c
@@ -136,33 +20,3 @@ index 847d87e..2870fa8 100644
if (push_user_entry(&head, name, seuname,
prefix, pwent->pw_dir, level) != STATUS_SUCCESS) {
*errors = STATUS_ERR;
-diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
-index e322992..a223aa7 100644
---- a/libsemanage/src/semanage_store.c
-+++ b/libsemanage/src/semanage_store.c
-@@ -495,6 +495,7 @@ static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
- int in, out, retval = 0, amount_read, n, errsv = errno;
- char tmp[PATH_MAX];
- char buf[4192];
-+ mode_t mask;
-
- n = snprintf(tmp, PATH_MAX, "%s.tmp", dst);
- if (n < 0 || n >= PATH_MAX)
-@@ -506,13 +507,16 @@ static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
-
- if (!mode)
- mode = S_IRUSR | S_IWUSR;
--
-+
-+ mask = umask(0);
- if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) {
-+ umask(mask);
- errsv = errno;
- close(in);
- retval = -1;
- goto out;
- }
-+ umask(mask);
- while (retval == 0 && (amount_read = read(in, buf, sizeof(buf))) > 0) {
- if (write(out, buf, amount_read) < 0) {
- errsv = errno;
diff --git a/libsemanage.spec b/libsemanage.spec
index a2e3a78..c6d7f74 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -5,12 +5,12 @@
%endif
%define libsepolver 2.1.2-3
-%define libselinuxver 2.1.5-1
+%define libselinuxver 2.1.6-4
Summary: SELinux binary policy manipulation library
Name: libsemanage
-Version: 2.1.4
-Release: 3%{?dist}
+Version: 2.1.5
+Release: 1%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
Source: libsemanage-%{version}.tgz
@@ -180,6 +180,13 @@ rm -rf ${RPM_BUILD_ROOT}
%endif # if with_python3
%changelog
+* Fri Nov 4 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-1
+- Upgrade to upstream
+ * regenerate .pc on VERSION change
+ * maintain mode even if umask is tighter
+ * semanage.conf man page
+ * create man5dir if not exist
+
* Wed Oct 19 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-2
- Fix handling of umask, so files get created with the correct label.
diff --git a/sources b/sources
index 095c305..acebf38 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3810c7b51fc43ea03d34faef934442a0 libsemanage-2.1.4.tgz
+d6b87d0f0afd19cbb8f017ed663e37bd libsemanage-2.1.5.tgz
More information about the scm-commits
mailing list