[setools: 2/3] Rebuild to get latest libsepol which fixes the file_name transition problems
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Apr 24 11:37:59 UTC 2012
commit 3d2416abb2778076f8d574caa06cfe9f2de6acc7
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Apr 24 07:36:11 2012 -0400
Rebuild to get latest libsepol which fixes the file_name transition problems
- Use selinux_current_policy_path to read by default policy
0009-selinux_current_policy_path.patch | 84 ++++++++++++++++++++++++++++++++
1 files changed, 84 insertions(+), 0 deletions(-)
---
diff --git a/0009-selinux_current_policy_path.patch b/0009-selinux_current_policy_path.patch
new file mode 100644
index 0000000..e9cc81d
--- /dev/null
+++ b/0009-selinux_current_policy_path.patch
@@ -0,0 +1,84 @@
+diff -up setools-3.3.7/libqpol/src/util.c.current setools-3.3.7/libqpol/src/util.c
+--- setools-3.3.7/libqpol/src/util.c.current 2010-04-23 12:22:08.000000000 -0400
++++ setools-3.3.7/libqpol/src/util.c 2012-02-16 12:01:33.030434514 -0500
+@@ -84,75 +84,12 @@ static int get_binpol_version(const char
+
+ static int search_policy_binary_file(char **path)
+ {
+- const char *binary_path;
+- if ((binary_path = selinux_binary_policy_path()) == NULL) {
+- return -1;
++ const char *binary_path = selinux_current_policy_path();
++ if (binary_path) {
++ *path = strdup(binary_path);
++ if (*path) return 0;
+ }
+-
+- int expected_version = -1, latest_version = -1;
+-#ifdef LIBSELINUX
+- /* if the system has SELinux enabled, prefer the policy whose
+- name matches the current policy version */
+- if ((expected_version = security_policyvers()) < 0) {
+- return -1;
+- }
+-#endif
+-
+- glob_t glob_buf;
+- struct stat fs;
+- int rt, error = 0, retval = -1;
+- size_t i;
+- char *pattern = NULL;
+- if (asprintf(&pattern, "%s.*", binary_path) < 0) {
+- return -1;
+- }
+- glob_buf.gl_offs = 1;
+- glob_buf.gl_pathc = 0;
+- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf);
+- if (rt != 0 && rt != GLOB_NOMATCH) {
+- errno = EIO;
+- return -1;
+- }
+-
+- for (i = 0; i < glob_buf.gl_pathc; i++) {
+- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs];
+- if (stat(p, &fs) != 0) {
+- error = errno;
+- goto cleanup;
+- }
+- if (S_ISDIR(fs.st_mode))
+- continue;
+-
+- if ((rt = get_binpol_version(p)) < 0) {
+- error = errno;
+- goto cleanup;
+- }
+-
+- if (rt > latest_version || rt == expected_version) {
+- free(*path);
+- if ((*path = strdup(p)) == NULL) {
+- error = errno;
+- goto cleanup;
+- }
+- if (rt == expected_version) {
+- break;
+- }
+- latest_version = rt;
+- }
+- }
+-
+- if (*path == NULL) {
+- retval = 1;
+- } else {
+- retval = 0;
+- }
+- cleanup:
+- free(pattern);
+- globfree(&glob_buf);
+- if (retval == -1) {
+- errno = error;
+- }
+- return retval;
++ return -1;
+ }
+
+ int qpol_default_policy_find(char **path)
More information about the scm-commits
mailing list