[libselinux] Update to upstream 2.1.4 2011-0817 * mapping fix for invalid class/perms after selinux_set_mapping
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Aug 18 11:10:16 UTC 2011
commit 00e063e5f5fef6f6658b22cbf2a2b42fdfeae278
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Aug 18 07:09:51 2011 -0400
Update to upstream
2.1.4 2011-0817
* mapping fix for invalid class/perms after selinux_set_mapping
* audit2why: work around python bug not defining
* resolv symlinks and dot directories before matching
.gitignore | 1 +
libselinux-rhat.patch | 2174 +++++++++---------------------------------------
libselinux.spec | 31 +-
sources | 3 +-
4 files changed, 439 insertions(+), 1770 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index bd63dec..2f655e6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -185,3 +185,4 @@ libselinux-2.0.96.tgz
/libselinux-2.0.101.tgz
/libselinux-2.0.102.tgz
/libselinux-2.1.0.tgz
+/libselinux-2.1.4.tgz
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index c4a846e..842423b 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -1,197 +1,212 @@
-diff --git a/libselinux/man/man8/selinuxexeccon.8 b/libselinux/man/man8/selinuxexeccon.8
-new file mode 100644
-index 0000000..6482d74
---- /dev/null
-+++ b/libselinux/man/man8/selinuxexeccon.8
-@@ -0,0 +1,24 @@
-+.TH "selinuxexeccon" "1" "14 May 2011" "dwalsh at redhat.com" "SELinux Command Line documentation"
+diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
+index f110dcf..d29b0c1 100644
+--- a/libselinux/include/selinux/selinux.h
++++ b/libselinux/include/selinux/selinux.h
+@@ -566,7 +566,7 @@ extern int selinux_file_context_cmp(const security_context_t a,
+
+ /*
+ * Verify the context of the file 'path' against policy.
+- * Return 0 if correct.
++ * Return 1 if match, 0 if not and -1 on error.
+ */
+ extern int selinux_file_context_verify(const char *path, mode_t mode);
+
+diff --git a/libselinux/man/man3/selinux_file_context_cmp.3 b/libselinux/man/man3/selinux_file_context_cmp.3
+index 51e8c20..cd67188 100644
+--- a/libselinux/man/man3/selinux_file_context_cmp.3
++++ b/libselinux/man/man3/selinux_file_context_cmp.3
+@@ -1,25 +1,75 @@
+-.TH "selinux_file_context_cmp" "3" "21 November 2009" "sds at tycho.nsa.gov" "SELinux API documentation"
++.TH "selinux_file_context_cmp" "3" "08 March 2011" "SELinux API documentation"
++
+ .SH "NAME"
+-selinux_file_context_cmp, selinux_file_context_verify \- comparison of two file contexts.
++selinux_file_context_cmp \- Compare two SELinux security contexts excluding the 'user' component.
+
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+ .sp
+-
+-.BI "int selinux_file_context_cmp(const security_context_t " a ", const security_context_t " b ");"
+-
+-.BI "int selinux_file_context_verify(const char *" path ", mode_t " mode ");"
++.BI "int selinux_file_context_cmp(const security_context_t " a ", "
++.RS
++.BI "const security_context_t " b ");"
++.RE
+
+ .SH "DESCRIPTION"
+ .B selinux_file_context_cmp
+-compares two file contexts to see if their differences are "significant", the function runs the strcmp function ignoring the user componant of the file context.
+-.sp
+-.B selinux_file_context_verify
+-compares the file context on disk to the system default.
++compares two context strings excluding the user component with
++.B strcmp(3)
++as shown in the
++.B EXAMPLE
++section.
+ .sp
++This is useful as for most object contexts, the user component is not relevant.
+
+ .SH "RETURN VALUE"
+-Returns zero on success or \-1 otherwise.
++The return values follow the
++.B strcmp(3)
++function, where:
++.RS
++0 if they are equal.
++.RE
++.RS
++1 if
++.I a
++is greater than
++.I b
++.RE
++.RS
++\-1 if
++.I a
++is less than
++.I b
++.RE
++
++.SH "ERRORS"
++None.
++
++.SH "NOTES"
++The contexts being compared do not specifically need to be file contexts.
++
++.SH "EXAMPLE"
++If context
++.I a
++is:
++.RS
++user_u:user_r:user_t:s0
++.RE
++.sp
++and context
++.I b
++is:
++.RS
++root:user_r:user_t:s0
++.RE
++.sp
++then the actual strings compared are:
++.RS
++:user_r:user_t:s0 and :user_r:user_t:s0
++.RE
++.sp
++Therefore they will match and
++.B selinux_file_context_cmp
++will return zero.
+
+ .SH "SEE ALSO"
+-.BR selinux "(8), " selinux_lsetfilecon "(3), " matchpathcon "(3), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
++.BR selinux "(8)"
+diff --git a/libselinux/man/man3/selinux_file_context_verify.3 b/libselinux/man/man3/selinux_file_context_verify.3
+index d777547..e22be70 100644
+--- a/libselinux/man/man3/selinux_file_context_verify.3
++++ b/libselinux/man/man3/selinux_file_context_verify.3
+@@ -1 +1,98 @@
+-.so man3/selinux_file_context_cmp.3
++.TH "selinux_file_context_verify" "3" "08 March 2011" "SELinux API documentation"
++
+.SH "NAME"
-+selinuxexeccon \- report SELinux context used for this executable
++selinux_file_context_verify \- Compare the SELinux security context on disk to the default security context required by the policy file contexts file.
+
+.SH "SYNOPSIS"
-+.B selinuxexeccon command [ fromcon] o
++.B #include <selinux/selinux.h>
++.sp
++.BI "int selinux_file_context_verify(const char *" path ", mode_t " mode ");"
+
+.SH "DESCRIPTION"
-+.B selinuxexeccon
-+reports the SELinux process context for the specified command from the specified context or the current context.
-+
-+.SH EXAMPLE
-+# selinuxexeccon /usr/bin/passwd
-+staff_u:staff_r:passwd_t:s0-s0:c0.c1023
-+
-+.br
-+# selinuxexeccon /usr/sbin/sendmail system_u:system_r:httpd_t:s0
-+system_u:system_r:system_mail_t:s0
-+
-+.SH AUTHOR
-+This manual page was written by Dan Walsh <dwalsh at redhat.com>.
++.B selinux_file_context_verify
++compares the context of the specified
++.I path
++that is held on disk (in the extended attribute), to the system default entry held in the file contexts series of files.
++.sp
++The
++.I mode
++may be zero.
++.sp
++Note that the two contexts are compared for "significant" differences (i.e. the user component of the contexts are ignored) as shown in the
++.B EXAMPLE
++section.
++
++.SH "RETURN VALUE"
++If the contexts significantly match, 1 (one) is returned.
++.sp
++If the contexts do not match 0 (zero) is returned and
++.I errno
++is set to either
++.B ENOENT
++or
++.B EINVAL
++for the reasons listed in the
++.B ERRORS
++section, or if
++.I errno
++= 0 then the contexts did not match.
++.sp
++On failure \-1 is returned and
++.I errno
++set appropriately.
++
++.SH "ERRORS"
++.TP
++.B ENOTSUP
++if extended attributes are not supported by the file system.
++.TP
++.B ENOENT
++if there is no entry in the file contexts series of files or
++.I path
++does not exist.
++.TP
++.B EINVAL
++if the entry in the file contexts series of files or
++.I path
++are invalid, or the returned context fails validation.
++.TP
++.B ENOMEM
++if attempt to allocate memory failed.
++
++.SH "FILES"
++The following configuration files (the file contexts series of files) supporting the active policy will be used (should they exist) to determine the
++.I path
++default context:
++.sp
++.RS
++contexts/files/file_contexts - This file must exist.
++.sp
++contexts/files/file_contexts.local - If exists has local customizations.
++.sp
++contexts/files/file_contexts.homedirs - If exists has users home directory customizations.
++.sp
++contexts/files/file_contexts.subs - If exists has substitutions that are then applied to the 'in memory' version of the file contexts files.
++.RE
++
++.SH "EXAMPLE"
++If the files context is:
++.RS
++unconfined_u:object_r:admin_home_t:s0
++.RE
++.sp
++and the default context defined in the file contexts file is:
++.RS
++system_u:object_r:admin_home_t:s0
++.RE
++.sp
++then the actual strings compared are:
++.RS
++:object_r:admin_home_t:s0 and :object_r:admin_home_t:s0
++.RE
++.sp
++Therefore they will match and
++.B selinux_file_context_verify
++will return 1.
+
+.SH "SEE ALSO"
-+secon(8)
-diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index bf665ab..ccd08ae 100644
---- a/libselinux/src/Makefile
-+++ b/libselinux/src/Makefile
-@@ -1,10 +1,11 @@
- # Installation directories.
-+PYTHON ?= python
- PREFIX ?= $(DESTDIR)/usr
- LIBDIR ?= $(PREFIX)/lib
- SHLIBDIR ?= $(DESTDIR)/lib
- INCLUDEDIR ?= $(PREFIX)/include
--PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
--PYINC ?= /usr/include/$(PYLIBVER)
-+PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
-+PYINC ?= $(shell pkg-config --cflags `basename $(PYTHON)`)
- PYLIB ?= /usr/lib/$(PYLIBVER)
- PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
- RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
-@@ -23,13 +24,13 @@ SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
- SWIGRUBYIF= selinuxswig_ruby.i
- SWIGCOUT= selinuxswig_wrap.c
- SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
--SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
-+SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
- SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT))
--SWIGSO=_selinux.so
-+SWIGSO=$(PYPREFIX)_selinux.so
- SWIGFILES=$(SWIGSO) selinux.py selinuxswig_python_exception.i
- SWIGRUBYSO=_rubyselinux.so
- LIBSO=$(TARGET).$(LIBVERSION)
--AUDIT2WHYSO=audit2why.so
-+AUDIT2WHYSO=$(PYPREFIX)audit2why.so
-
- ifeq ($(DISABLE_AVC),y)
- UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c
-@@ -70,7 +71,7 @@ $(LIBA): $(OBJS)
- $(RANLIB) $@
-
- $(SWIGLOBJ): $(SWIGCOUT)
-- $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
-+ $(CC) $(filter-out -Werror,$(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
-
- $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
- $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $<
-@@ -91,10 +92,10 @@ $(LIBPC): $(LIBPC).in
- selinuxswig_python_exception.i: ../include/selinux/selinux.h
- bash exception.sh > $@
-
--audit2why.lo: audit2why.c
-- $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
-+$(PYPREFIX)audit2why.lo: audit2why.c
-+ $(CC) $(CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
-
--$(AUDIT2WHYSO): audit2why.lo
-+$(AUDIT2WHYSO): $(PYPREFIX)audit2why.lo
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
-
- %.o: %.c policy.h
-@@ -123,8 +124,8 @@ install: all
-
- install-pywrap: pywrap
- test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux
-- install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux
-- install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
-+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux/_selinux.so
-+ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux/audit2why.so
- install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
-
- install-rubywrap: rubywrap
-diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
-index 691bc67..12e8614 100644
---- a/libselinux/src/audit2why.c
-+++ b/libselinux/src/audit2why.c
-@@ -1,3 +1,6 @@
-+/* Workaround for http://bugs.python.org/issue4835 */
-+#define SIZEOF_SOCKET_T SIZEOF_INT
-+
- #include <Python.h>
- #include <unistd.h>
- #include <stdlib.h>
-@@ -255,6 +258,8 @@ static int __policy_init(const char *init_path)
- fclose(fp);
- sepol_set_policydb(&avc->policydb->p);
- avc->handle = sepol_handle_create();
-+ /* Turn off messages */
-+ sepol_msg_set_callback(avc->handle, NULL, NULL);
-
- rc = sepol_bool_count(avc->handle,
- avc->policydb, &cnt);
-@@ -287,8 +292,10 @@ static int __policy_init(const char *init_path)
- static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
- int result;
- char *init_path=NULL;
-- if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
-- result = __policy_init(init_path);
-+ if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) {
-+ return NULL;
-+ }
-+ result = __policy_init(init_path);
- return Py_BuildValue("i", result);
- }
-
-@@ -353,7 +360,11 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
- strObj = PyList_GetItem(listObj, i); /* Can't fail */
-
- /* make it a string */
-+#if PY_MAJOR_VERSION >= 3
-+ permstr = _PyUnicode_AsString( strObj );
-+#else
- permstr = PyString_AsString( strObj );
-+#endif
-
- perm = string_to_av_perm(tclass, permstr);
- if (!perm) {
-@@ -423,10 +434,39 @@ static PyMethodDef audit2whyMethods[] = {
- {NULL, NULL, 0, NULL} /* Sentinel */
- };
-
-+#if PY_MAJOR_VERSION >= 3
-+/* Module-initialization logic specific to Python 3 */
-+struct module_state {
-+ /* empty for now */
-+};
-+static struct PyModuleDef moduledef = {
-+ PyModuleDef_HEAD_INIT,
-+ "audit2why",
-+ NULL,
-+ sizeof(struct module_state),
-+ audit2whyMethods,
-+ NULL,
-+ NULL,
-+ NULL,
-+ NULL
-+};
-+
-+PyMODINIT_FUNC
-+PyInit_audit2why(void)
-+#else
- PyMODINIT_FUNC
- initaudit2why(void)
-+#endif
- {
-- PyObject *m = Py_InitModule("audit2why", audit2whyMethods);
-+ PyObject *m;
-+#if PY_MAJOR_VERSION >= 3
-+ m = PyModule_Create(&moduledef);
-+ if (m == NULL) {
-+ return NULL;
-+ }
-+#else
-+ m = Py_InitModule("audit2why", audit2whyMethods);
-+#endif
- PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN);
- PyModule_AddIntConstant(m,"BADSCON", BADSCON);
- PyModule_AddIntConstant(m,"BADTCON", BADTCON);
-@@ -440,4 +480,8 @@ initaudit2why(void)
- PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN);
- PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT);
- PyModule_AddIntConstant(m,"RBAC", RBAC);
-+
-+#if PY_MAJOR_VERSION >= 3
-+ return m;
-+#endif
- }
++.BR selinux "(8)"
diff --git a/libselinux/src/callbacks.c b/libselinux/src/callbacks.c
index b245364..7c47222 100644
--- a/libselinux/src/callbacks.c
@@ -204,222 +219,11 @@ index b245364..7c47222 100644
va_start(ap, fmt);
rc = vfprintf(stderr, fmt, ap);
va_end(ap);
-diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c
-index b3c8c47..018c787 100644
---- a/libselinux/src/enabled.c
-+++ b/libselinux/src/enabled.c
-@@ -11,10 +11,6 @@
-
- int is_selinux_enabled(void)
- {
-- char *buf=NULL;
-- FILE *fp;
-- ssize_t num;
-- size_t len;
- int enabled = 0;
- security_context_t con;
-
-@@ -32,37 +28,8 @@ int is_selinux_enabled(void)
- enabled = 0;
- freecon(con);
- }
-- return enabled;
- }
-
-- /* Drop back to detecting it the long way. */
-- fp = fopen("/proc/filesystems", "r");
-- if (!fp)
-- return -1;
--
-- __fsetlocking(fp, FSETLOCKING_BYCALLER);
-- while ((num = getline(&buf, &len, fp)) != -1) {
-- if (strstr(buf, "selinuxfs")) {
-- enabled = 1;
-- break;
-- }
-- }
--
-- if (num < 0)
-- goto out;
--
-- /* Since an selinux file system is available, we consider
-- * selinux enabled. If getcon_raw fails, selinux is still
-- * enabled. We only consider it disabled if no policy is loaded. */
-- if (getcon_raw(&con) == 0) {
-- if (!strcmp(con, "kernel"))
-- enabled = 0;
-- freecon(con);
-- }
--
-- out:
-- free(buf);
-- fclose(fp);
- return enabled;
- }
-
-diff --git a/libselinux/src/init.c b/libselinux/src/init.c
-index a948920..dd03559 100644
---- a/libselinux/src/init.c
-+++ b/libselinux/src/init.c
-@@ -7,6 +7,7 @@
- #include <stdio.h>
- #include <stdio_ext.h>
- #include <dlfcn.h>
-+#include <sys/statvfs.h>
- #include <sys/vfs.h>
- #include <stdint.h>
- #include <limits.h>
-@@ -20,12 +21,41 @@ char *selinux_mnt = NULL;
- int selinux_page_size = 0;
- int obj_class_compat = 1;
-
-+/* Verify the mount point for selinux file system has a selinuxfs.
-+ If the file system:
-+ * Exist,
-+ * Is mounted with an selinux file system,
-+ * The file system is read/write
-+ * then set this as the default file system.
-+*/
-+static int verify_selinuxmnt(char *mnt)
-+{
-+ struct statfs sfbuf;
-+ int rc;
-+
-+ do {
-+ rc = statfs(mnt, &sfbuf);
-+ } while (rc < 0 && errno == EINTR);
-+ if (rc == 0) {
-+ if ((uint32_t)sfbuf.f_type == (uint32_t)SELINUX_MAGIC) {
-+ struct statvfs vfsbuf;
-+ rc = statvfs(mnt, &vfsbuf);
-+ if (rc == 0) {
-+ if (!(vfsbuf.f_flag & ST_RDONLY)) {
-+ set_selinuxmnt(mnt);
-+ }
-+ return 0;
-+ }
-+ }
-+ }
-+
-+ return -1;
-+}
-+
- static void init_selinuxmnt(void)
- {
- char *buf=NULL, *p;
- FILE *fp=NULL;
-- struct statfs sfbuf;
-- int rc;
- size_t len;
- ssize_t num;
- int exists = 0;
-@@ -33,17 +63,9 @@ static void init_selinuxmnt(void)
- if (selinux_mnt)
- return;
-
-- /* We check to see if the preferred mount point for selinux file
-- * system has a selinuxfs. */
-- do {
-- rc = statfs(SELINUXMNT, &sfbuf);
-- } while (rc < 0 && errno == EINTR);
-- if (rc == 0) {
-- if ((uint32_t)sfbuf.f_type == (uint32_t)SELINUX_MAGIC) {
-- selinux_mnt = strdup(SELINUXMNT);
-- return;
-- }
-- }
-+ if (verify_selinuxmnt(SELINUXMNT) == 0) return;
-+
-+ if (verify_selinuxmnt(OLDSELINUXMNT) == 0) return;
-
- /* Drop back to detecting it the long way. */
- fp = fopen("/proc/filesystems", "r");
-@@ -52,7 +74,7 @@ static void init_selinuxmnt(void)
-
- __fsetlocking(fp, FSETLOCKING_BYCALLER);
- while ((num = getline(&buf, &len, fp)) != -1) {
-- if (strstr(buf, "selinuxfs")) {
-+ if (strstr(buf, SELINUXFS)) {
- exists = 1;
- break;
- }
-@@ -79,7 +101,7 @@ static void init_selinuxmnt(void)
- tmp = strchr(p, ' ');
- if (!tmp)
- goto out;
-- if (!strncmp(tmp + 1, "selinuxfs ", 10)) {
-+ if (!strncmp(tmp + 1, SELINUXFS" ", strlen(SELINUXFS)+1)) {
- *tmp = '\0';
- break;
- }
-@@ -87,7 +109,7 @@ static void init_selinuxmnt(void)
-
- /* If we found something, dup it */
- if (num > 0)
-- selinux_mnt = strdup(p);
-+ verify_selinuxmnt(p);
-
- out:
- free(buf);
-diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
-index 937e509..112af1f 100644
---- a/libselinux/src/label_file.c
-+++ b/libselinux/src/label_file.c
-@@ -473,7 +473,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
- pass, ++lineno) != 0)
- goto finish;
- }
-- if (pass == 1) {
-+ if (pass == 1 && rec->validating) {
- status = nodups_specs(data, path);
- if (status)
- goto finish;
-diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
-index 83d2143..0961912 100644
---- a/libselinux/src/load_policy.c
-+++ b/libselinux/src/load_policy.c
-@@ -369,7 +369,17 @@ int selinux_init_load_policy(int *enforce)
- * Check for the existence of SELinux via selinuxfs, and
- * mount it if present for use in the calls below.
- */
-- if (mount("selinuxfs", SELINUXMNT, "selinuxfs", 0, 0) < 0 && errno != EBUSY) {
-+ char *mntpoint = NULL;
-+ if (mount(SELINUXFS, SELINUXMNT, SELINUXFS, 0, 0) == 0 || errno == EBUSY) {
-+ mntpoint = SELINUXMNT;
-+ } else {
-+ /* check old mountpoint */
-+ if (mount(SELINUXFS, OLDSELINUXMNT, SELINUXFS, 0, 0) == 0 || errno == EBUSY) {
-+ mntpoint = OLDSELINUXMNT;
-+ }
-+ }
-+
-+ if (! mntpoint ) {
- if (errno == ENODEV) {
- /*
- * SELinux was disabled in the kernel, either
-@@ -385,7 +395,7 @@ int selinux_init_load_policy(int *enforce)
-
- goto noload;
- }
-- set_selinuxmnt(SELINUXMNT);
-+ set_selinuxmnt(mntpoint);
-
- /*
- * Note: The following code depends on having selinuxfs
-@@ -397,7 +407,7 @@ int selinux_init_load_policy(int *enforce)
- rc = security_disable();
- if (rc == 0) {
- /* Successfully disabled, so umount selinuxfs too. */
-- umount(SELINUXMNT);
-+ umount(selinux_mnt);
- fini_selinuxmnt();
- }
- /*
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
-index 5fd8fe4..da5cab9 100644
+index 5fd8fe4..410dd9d 100644
--- a/libselinux/src/matchpathcon.c
+++ b/libselinux/src/matchpathcon.c
-@@ -2,6 +2,7 @@
+@@ -2,9 +2,11 @@
#include <string.h>
#include <errno.h>
#include <stdio.h>
@@ -427,7 +231,11 @@ index 5fd8fe4..da5cab9 100644
#include "selinux_internal.h"
#include "label_internal.h"
#include "callbacks.h"
-@@ -61,7 +62,7 @@ static void
++#include <limits.h>
+
+ static __thread struct selabel_handle *hnd;
+
+@@ -61,7 +63,7 @@ static void
{
va_list ap;
va_start(ap, fmt);
@@ -436,1400 +244,234 @@ index 5fd8fe4..da5cab9 100644
va_end(ap);
}
-diff --git a/libselinux/src/policy.h b/libselinux/src/policy.h
-index 10e8712..bf270b5 100644
---- a/libselinux/src/policy.h
-+++ b/libselinux/src/policy.h
-@@ -9,11 +9,15 @@
- /* Initial length guess for getting contexts. */
- #define INITCONTEXTLEN 255
-
-+/* selinux file system type */
-+#define SELINUXFS "selinuxfs"
-+
- /* selinuxfs magic number */
- #define SELINUX_MAGIC 0xf97cff8c
-
- /* Preferred selinux mount location */
--#define SELINUXMNT "/selinux"
-+#define SELINUXMNT "/sys/fs/selinux"
-+#define OLDSELINUXMNT "/selinux"
-
- /* selinuxfs mount point */
- extern char *selinux_mnt;
-diff --git a/libselinux/src/selinux.py b/libselinux/src/selinux.py
-index fd63a4f..248048a 100644
---- a/libselinux/src/selinux.py
-+++ b/libselinux/src/selinux.py
-@@ -1,5 +1,5 @@
- # This file was automatically generated by SWIG (http://www.swig.org).
--# Version 1.3.40
-+# Version 2.0.1
- #
- # Do not make changes to this file unless you know what you are doing--modify
- # the SWIG interface file instead.
-@@ -70,8 +70,14 @@ import shutil, os, stat
-
- def restorecon(path, recursive=False):
- """ Restore SELinux context on a given path """
-- mode = os.lstat(path)[stat.ST_MODE]
-- status, context = matchpathcon(path, mode)
-+ try:
-+ mode = os.lstat(path)[stat.ST_MODE]
-+ status, context = matchpathcon(path, mode)
-+ except OSError:
-+ path = os.path.realpath(os.path.expanduser(path))
-+ mode = os.lstat(path)[stat.ST_MODE]
-+ status, context = matchpathcon(path, mode)
-+
- if status == 0:
- lsetfilecon(path, context)
- if recursive:
-@@ -79,6 +85,14 @@ def restorecon(path, recursive=False):
- map(restorecon, [os.path.join(dirname, fname)
- for fname in fnames]), None)
-
-+def chcon(path, context, recursive=False):
-+ """ Set the SELinux context on a given path """
-+ lsetfilecon(path, context)
-+ if recursive:
-+ for root, dirs, files in os.walk(path):
-+ for name in files + dirs:
-+ lsetfilecon(os.path.join(root,name), context)
-+
- def copytree(src, dest):
- """ An SELinux-friendly shutil.copytree method """
- shutil.copytree(src, dest)
-@@ -1588,6 +1602,7 @@ get_default_type = _selinux.get_default_type
- SELABEL_CTX_FILE = _selinux.SELABEL_CTX_FILE
- SELABEL_CTX_MEDIA = _selinux.SELABEL_CTX_MEDIA
- SELABEL_CTX_X = _selinux.SELABEL_CTX_X
-+SELABEL_CTX_DB = _selinux.SELABEL_CTX_DB
- SELABEL_OPT_UNUSED = _selinux.SELABEL_OPT_UNUSED
- SELABEL_OPT_VALIDATE = _selinux.SELABEL_OPT_VALIDATE
- SELABEL_OPT_BASEONLY = _selinux.SELABEL_OPT_BASEONLY
-@@ -1621,6 +1636,15 @@ SELABEL_X_EVENT = _selinux.SELABEL_X_EVENT
- SELABEL_X_SELN = _selinux.SELABEL_X_SELN
- SELABEL_X_POLYPROP = _selinux.SELABEL_X_POLYPROP
- SELABEL_X_POLYSELN = _selinux.SELABEL_X_POLYSELN
-+SELABEL_DB_DATABASE = _selinux.SELABEL_DB_DATABASE
-+SELABEL_DB_SCHEMA = _selinux.SELABEL_DB_SCHEMA
-+SELABEL_DB_TABLE = _selinux.SELABEL_DB_TABLE
-+SELABEL_DB_COLUMN = _selinux.SELABEL_DB_COLUMN
-+SELABEL_DB_SEQUENCE = _selinux.SELABEL_DB_SEQUENCE
-+SELABEL_DB_VIEW = _selinux.SELABEL_DB_VIEW
-+SELABEL_DB_PROCEDURE = _selinux.SELABEL_DB_PROCEDURE
-+SELABEL_DB_BLOB = _selinux.SELABEL_DB_BLOB
-+SELABEL_DB_TUPLE = _selinux.SELABEL_DB_TUPLE
-
- def is_selinux_enabled():
- return _selinux.is_selinux_enabled()
-@@ -2201,6 +2225,10 @@ def selinux_x_context_path():
- return _selinux.selinux_x_context_path()
- selinux_x_context_path = _selinux.selinux_x_context_path
-
-+def selinux_sepgsql_context_path():
-+ return _selinux.selinux_sepgsql_context_path()
-+selinux_sepgsql_context_path = _selinux.selinux_sepgsql_context_path
-+
- def selinux_contexts_path():
- return _selinux.selinux_contexts_path()
- selinux_contexts_path = _selinux.selinux_contexts_path
-diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
-index dea0e80..12fba6d 100644
---- a/libselinux/src/selinuxswig_python.i
-+++ b/libselinux/src/selinuxswig_python.i
-@@ -12,8 +12,15 @@ import shutil, os, stat
-
- def restorecon(path, recursive=False):
- """ Restore SELinux context on a given path """
-- mode = os.lstat(path)[stat.ST_MODE]
-- status, context = matchpathcon(path, mode)
-+
-+ try:
-+ mode = os.lstat(path)[stat.ST_MODE]
-+ status, context = matchpathcon(path, mode)
-+ except OSError:
-+ path = os.path.realpath(os.path.expanduser(path))
-+ mode = os.lstat(path)[stat.ST_MODE]
-+ status, context = matchpathcon(path, mode)
-+
- if status == 0:
- lsetfilecon(path, context)
- if recursive:
-@@ -45,7 +52,7 @@ def install(src, dest):
- PyObject* list = PyList_New(*$2);
- int i;
- for (i = 0; i < *$2; i++) {
-- PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
-+ PyList_SetItem(list, i, PyBytes_FromString((*$1)[i]));
+@@ -337,14 +339,82 @@ void matchpathcon_fini(void)
}
- $result = SWIG_Python_AppendOutput($result, list);
}
-@@ -74,7 +81,9 @@ def install(src, dest):
- len++;
- plist = PyList_New(len);
- for (i = 0; i < len; i++) {
-- PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
-+ PyList_SetItem(plist, i,
-+ PyBytes_FromString((*$1)[i])
-+ );
- }
- } else {
- plist = PyList_New(0);
-@@ -91,7 +100,9 @@ def install(src, dest):
- if (*$1) {
- plist = PyList_New(result);
- for (i = 0; i < result; i++) {
-- PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
-+ PyList_SetItem(plist, i,
-+ PyBytes_FromString((*$1)[i])
-+ );
- }
- } else {
- plist = PyList_New(0);
-@@ -144,16 +155,20 @@ def install(src, dest):
- $1 = (char**) malloc(size + 1);
- for(i = 0; i < size; i++) {
-- if (!PyString_Check(PySequence_GetItem($input, i))) {
-- PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
-+ if (!PyBytes_Check(PySequence_GetItem($input, i))) {
-+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only bytes");
+-int matchpathcon(const char *name, mode_t mode, security_context_t * con)
++/*
++ * We do not want to resolve a symlink to a real path if it is the final
++ * component of the name. Thus we split the pathname on the last "/" and
++ * determine a real path component of the first portion. We then have to
++ * copy the last part back on to get the final real path. Wheww.
++ */
++static int symlink_realpath(const char *name, char *resolved_path)
++{
++ char *last_component;
++ char *tmp_path, *p;
++ size_t len = 0;
++ int rc = 0;
+
- return NULL;
- }
++ tmp_path = strdup(name);
++ if (!tmp_path) {
++ fprintf(stderr, "symlink_realpath(%s) strdup() failed: %s\n",
++ name, strerror(errno));
++ rc = -1;
++ goto out;
++ }
+
- }
-
- for(i = 0; i < size; i++) {
- s = PySequence_GetItem($input, i);
-- $1[i] = (char*) malloc(PyString_Size(s) + 1);
-- strcpy($1[i], PyString_AsString(s));
++ last_component = strrchr(tmp_path, '/');
+
-+ $1[i] = (char*) malloc(PyBytes_Size(s) + 1);
-+ strcpy($1[i], PyBytes_AsString(s));
++ if (last_component == tmp_path) {
++ last_component++;
++ p = strcpy(resolved_path, "/");
++ } else if (last_component) {
++ *last_component = '\0';
++ last_component++;
++ p = realpath(tmp_path, resolved_path);
++ } else {
++ last_component = tmp_path;
++ p = realpath("./", resolved_path);
++ }
+
- }
- $1[size] = NULL;
- }
-diff --git a/libselinux/src/selinuxswig_wrap.c b/libselinux/src/selinuxswig_wrap.c
-index e0884f6..b131d2e 100644
---- a/libselinux/src/selinuxswig_wrap.c
-+++ b/libselinux/src/selinuxswig_wrap.c
-@@ -1,6 +1,6 @@
- /* ----------------------------------------------------------------------------
- * This file was automatically generated by SWIG (http://www.swig.org).
-- * Version 1.3.40
-+ * Version 2.0.1
- *
- * This file is not intended to be easily readable and contains a number of
- * coding conventions designed to improve portability and efficiency. Do not make
-@@ -177,7 +177,7 @@
- /*
- Flags/methods for returning states.
-
-- The SWIG conversion methods, as ConvertPtr, return and integer
-+ The SWIG conversion methods, as ConvertPtr, return an integer
- that tells if the conversion was successful or not. And if not,
- an error code can be returned (see swigerrors.swg for the codes).
-
-@@ -1064,9 +1064,6 @@ SWIGRUNTIME PyObject* SWIG_PyInstanceMethod_New(PyObject *self, PyObject *func)
-
-
- /* -----------------------------------------------------------------------------
-- * See the LICENSE file for information on copyright, usage and redistribution
-- * of SWIG, and the README file for authors - http://www.swig.org/release.html.
-- *
- * pyrun.swg
- *
- * This file contains the runtime support for Python modules
-@@ -1113,8 +1110,18 @@ SWIGRUNTIME PyObject* SWIG_PyInstanceMethod_New(PyObject *self, PyObject *func)
- #define SWIG_SetErrorMsg SWIG_Python_SetErrorMsg
- #define SWIG_ErrorType(code) SWIG_Python_ErrorType(code)
- #define SWIG_Error(code, msg) SWIG_Python_SetErrorMsg(SWIG_ErrorType(code), msg)
--#define SWIG_fail goto fail
-+#define SWIG_fail goto fail
-
-+/*
-+ * Python 2.7 and newer and Python 3.1 and newer should use Capsules API instead of
-+ * CObjects API.
-+ */
-+#if ((PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION > 6) || \
-+ (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION > 0))
-+#define USE_CAPSULES
-+#define TYPE_POINTER_NAME \
-+ ((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION ".type_pointer_capsule" SWIG_TYPE_TABLE_NAME)
-+#endif
-
- /* Runtime API implementation */
-
-@@ -2047,10 +2054,13 @@ _SWIG_This(void)
- return SWIG_Python_str_FromChar("this");
- }
-
-+static PyObject *swig_this = NULL;
++ if (!p) {
++ fprintf(stderr, "symlink_realpath(%s) realpath() failed: %s\n",
++ name, strerror(errno));
++ rc = -1;
++ goto out;
++ }
+
- SWIGRUNTIME PyObject *
- SWIG_This(void)
- {
-- static PyObject *SWIG_STATIC_POINTER(swig_this) = _SWIG_This();
-+ if (swig_this == NULL)
-+ swig_this = _SWIG_This();
- return swig_this;
- }
-
-@@ -2154,7 +2164,7 @@ SWIG_Python_ConvertPtrAndOwn(PyObject *obj, void **ptr, swig_type_info *ty, int
- int newmemory = 0;
- *ptr = SWIG_TypeCast(tc,vptr,&newmemory);
- if (newmemory == SWIG_CAST_NEW_MEMORY) {
-- assert(own);
-+ assert(own); /* badly formed typemap which will lead to a memory leak - it must set and use own to delete *ptr */
- if (own)
- *own = *own | SWIG_CAST_NEW_MEMORY;
- }
-@@ -2424,8 +2434,12 @@ SWIG_Python_GetModule(void) {
- #ifdef SWIG_LINK_RUNTIME
- type_pointer = SWIG_ReturnGlobalTypeList((void *)0);
- #else
-+#ifdef USE_CAPSULES
-+ type_pointer = PyCapsule_Import(TYPE_POINTER_NAME, 0);
-+#else
- type_pointer = PyCObject_Import((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION,
- (char*)"type_pointer" SWIG_TYPE_TABLE_NAME);
-+#endif
- if (PyErr_Occurred()) {
- PyErr_Clear();
- type_pointer = (void *)0;
-@@ -2470,9 +2484,14 @@ PyModule_AddObject(PyObject *m, char *name, PyObject *o)
- SWIGRUNTIME void
- SWIG_Python_DestroyModule(void *vptr)
- {
-+ size_t i;
-+#ifdef USE_CAPSULES
-+ swig_module_info *swig_module =
-+ (swig_module_info *) PyCapsule_GetPointer((PyObject *)vptr, TYPE_POINTER_NAME);
-+#else
- swig_module_info *swig_module = (swig_module_info *) vptr;
-+#endif
- swig_type_info **types = swig_module->types;
-- size_t i;
- for (i =0; i < swig_module->size; ++i) {
- swig_type_info *ty = types[i];
- if (ty->owndata) {
-@@ -2481,6 +2500,7 @@ SWIG_Python_DestroyModule(void *vptr)
- }
- }
- Py_DECREF(SWIG_This());
-+ swig_this = NULL;
- }
-
- SWIGRUNTIME void
-@@ -2494,9 +2514,18 @@ SWIG_Python_SetModule(swig_module_info *swig_module) {
- PyObject *module = Py_InitModule((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION,
- swig_empty_runtime_method_table);
- #endif
-+#ifdef USE_CAPSULES
-+ PyObject *pointer = PyCapsule_New((void *)swig_module, TYPE_POINTER_NAME,
-+ (PyCapsule_Destructor)SWIG_Python_DestroyModule);
-+#else
- PyObject *pointer = PyCObject_FromVoidPtr((void *) swig_module, SWIG_Python_DestroyModule);
-+#endif
- if (pointer && module) {
-+#ifdef USE_CAPSULES
-+ PyModule_AddObject(module, (char*)"type_pointer_capsule" SWIG_TYPE_TABLE_NAME, pointer);
-+#else
- PyModule_AddObject(module, (char*)"type_pointer" SWIG_TYPE_TABLE_NAME, pointer);
-+#endif
- } else {
- Py_XDECREF(pointer);
- }
-@@ -2517,12 +2546,20 @@ SWIG_Python_TypeQuery(const char *type)
- PyObject *obj = PyDict_GetItem(cache, key);
- swig_type_info *descriptor;
- if (obj) {
-+#ifdef USE_CAPSULES
-+ descriptor = (swig_type_info *) PyCapsule_GetPointer(obj, type);
-+#else
- descriptor = (swig_type_info *) PyCObject_AsVoidPtr(obj);
-+#endif
- } else {
- swig_module_info *swig_module = SWIG_Python_GetModule();
- descriptor = SWIG_TypeQueryModule(swig_module, swig_module, type);
- if (descriptor) {
-+#ifdef USE_CAPSULES
-+ obj = PyCapsule_New(descriptor, type, NULL);
-+#else
- obj = PyCObject_FromVoidPtr(descriptor, NULL);
-+#endif
- PyDict_SetItem(cache, key, obj);
- Py_DECREF(obj);
- }
-@@ -2717,7 +2754,7 @@ static swig_module_info swig_module = {swig_types, 34, 0, 0, 0, 0};
- #endif
- #define SWIG_name "_selinux"
-
--#define SWIGVERSION 0x010340
-+#define SWIGVERSION 0x020001
- #define SWIG_VERSION SWIGVERSION
-
-
-@@ -3345,7 +3382,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_avc_context_to_sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- security_id_t *arg2 = (security_id_t *) 0 ;
- int res1 ;
- char *buf1 = 0 ;
-@@ -3360,7 +3397,7 @@ SWIGINTERN PyObject *_wrap_avc_context_to_sid(PyObject *SWIGUNUSEDPARM(self), Py
- if (!PyArg_ParseTuple(args,(char *)"O:avc_context_to_sid",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- result = (int)avc_context_to_sid(arg1,arg2);
-@@ -3383,7 +3420,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_avc_context_to_sid_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- security_id_t *arg2 = (security_id_t *) 0 ;
- int res1 ;
- char *buf1 = 0 ;
-@@ -3398,7 +3435,7 @@ SWIGINTERN PyObject *_wrap_avc_context_to_sid_raw(PyObject *SWIGUNUSEDPARM(self)
- if (!PyArg_ParseTuple(args,(char *)"O:avc_context_to_sid_raw",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- result = (int)avc_context_to_sid_raw(arg1,arg2);
-@@ -5641,7 +5678,9 @@ SWIGINTERN PyObject *_wrap_get_ordered_context_list(PyObject *SWIGUNUSEDPARM(sel
- if (*arg3) {
- plist = PyList_New(result);
- for (i = 0; i < result; i++) {
-- PyList_SetItem(plist, i, PyString_FromString((*arg3)[i]));
-+ PyList_SetItem(plist, i,
-+ PyBytes_FromString((*arg3)[i])
-+ );
- }
- } else {
- plist = PyList_New(0);
-@@ -5714,7 +5753,9 @@ SWIGINTERN PyObject *_wrap_get_ordered_context_list_with_level(PyObject *SWIGUNU
- if (*arg4) {
- plist = PyList_New(result);
- for (i = 0; i < result; i++) {
-- PyList_SetItem(plist, i, PyString_FromString((*arg4)[i]));
-+ PyList_SetItem(plist, i,
-+ PyBytes_FromString((*arg4)[i])
-+ );
- }
- } else {
- plist = PyList_New(0);
-@@ -6390,7 +6431,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_setcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -6400,7 +6441,7 @@ SWIGINTERN PyObject *_wrap_setcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args
- if (!PyArg_ParseTuple(args,(char *)"O:setcon",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setcon" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setcon" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -6421,7 +6462,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_setcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -6431,7 +6472,7 @@ SWIGINTERN PyObject *_wrap_setcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *
- if (!PyArg_ParseTuple(args,(char *)"O:setcon_raw",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setcon_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setcon_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -6650,7 +6691,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_setexeccon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -6660,7 +6701,7 @@ SWIGINTERN PyObject *_wrap_setexeccon(PyObject *SWIGUNUSEDPARM(self), PyObject *
- if (!PyArg_ParseTuple(args,(char *)"O:setexeccon",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setexeccon" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setexeccon" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -6681,7 +6722,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_setexeccon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -6691,7 +6732,7 @@ SWIGINTERN PyObject *_wrap_setexeccon_raw(PyObject *SWIGUNUSEDPARM(self), PyObje
- if (!PyArg_ParseTuple(args,(char *)"O:setexeccon_raw",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setexeccon_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setexeccon_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -6772,7 +6813,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_setfscreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -6782,7 +6823,7 @@ SWIGINTERN PyObject *_wrap_setfscreatecon(PyObject *SWIGUNUSEDPARM(self), PyObje
- if (!PyArg_ParseTuple(args,(char *)"O:setfscreatecon",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfscreatecon" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfscreatecon" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -6803,7 +6844,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_setfscreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -6813,7 +6854,7 @@ SWIGINTERN PyObject *_wrap_setfscreatecon_raw(PyObject *SWIGUNUSEDPARM(self), Py
- if (!PyArg_ParseTuple(args,(char *)"O:setfscreatecon_raw",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfscreatecon_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfscreatecon_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -6894,7 +6935,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_setkeycreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -6904,7 +6945,7 @@ SWIGINTERN PyObject *_wrap_setkeycreatecon(PyObject *SWIGUNUSEDPARM(self), PyObj
- if (!PyArg_ParseTuple(args,(char *)"O:setkeycreatecon",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setkeycreatecon" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setkeycreatecon" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -6925,7 +6966,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_setkeycreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -6935,7 +6976,7 @@ SWIGINTERN PyObject *_wrap_setkeycreatecon_raw(PyObject *SWIGUNUSEDPARM(self), P
- if (!PyArg_ParseTuple(args,(char *)"O:setkeycreatecon_raw",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setkeycreatecon_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setkeycreatecon_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -7016,7 +7057,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_setsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -7026,7 +7067,7 @@ SWIGINTERN PyObject *_wrap_setsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyOb
- if (!PyArg_ParseTuple(args,(char *)"O:setsockcreatecon",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setsockcreatecon" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setsockcreatecon" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -7047,7 +7088,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_setsockcreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -7057,7 +7098,7 @@ SWIGINTERN PyObject *_wrap_setsockcreatecon_raw(PyObject *SWIGUNUSEDPARM(self),
- if (!PyArg_ParseTuple(args,(char *)"O:setsockcreatecon_raw",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setsockcreatecon_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setsockcreatecon_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -8514,8 +8555,8 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_av(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-- security_context_t arg2 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
-+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
- security_class_t arg3 ;
- access_vector_t arg4 ;
- struct av_decision *arg5 = (struct av_decision *) 0 ;
-@@ -8541,12 +8582,12 @@ SWIGINTERN PyObject *_wrap_security_compute_av(PyObject *SWIGUNUSEDPARM(self), P
- if (!PyArg_ParseTuple(args,(char *)"OOOOO:security_compute_av",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
- if (!SWIG_IsOK(res2)) {
-- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av" "', argument " "2"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av" "', argument " "2"" of type '" "security_context_t const""'");
- }
- arg2 = (security_context_t)(buf2);
- ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
-@@ -8584,8 +8625,8 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_av_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-- security_context_t arg2 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
-+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
- security_class_t arg3 ;
- access_vector_t arg4 ;
- struct av_decision *arg5 = (struct av_decision *) 0 ;
-@@ -8611,12 +8652,12 @@ SWIGINTERN PyObject *_wrap_security_compute_av_raw(PyObject *SWIGUNUSEDPARM(self
- if (!PyArg_ParseTuple(args,(char *)"OOOOO:security_compute_av_raw",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
- if (!SWIG_IsOK(res2)) {
-- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av_raw" "', argument " "2"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av_raw" "', argument " "2"" of type '" "security_context_t const""'");
- }
- arg2 = (security_context_t)(buf2);
- ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
-@@ -8654,8 +8695,8 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_av_flags(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-- security_context_t arg2 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
-+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
- security_class_t arg3 ;
- access_vector_t arg4 ;
- struct av_decision *arg5 = (struct av_decision *) 0 ;
-@@ -8681,12 +8722,12 @@ SWIGINTERN PyObject *_wrap_security_compute_av_flags(PyObject *SWIGUNUSEDPARM(se
- if (!PyArg_ParseTuple(args,(char *)"OOOOO:security_compute_av_flags",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av_flags" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av_flags" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
- if (!SWIG_IsOK(res2)) {
-- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av_flags" "', argument " "2"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av_flags" "', argument " "2"" of type '" "security_context_t const""'");
- }
- arg2 = (security_context_t)(buf2);
- ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
-@@ -8724,8 +8765,8 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_av_flags_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-- security_context_t arg2 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
-+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
- security_class_t arg3 ;
- access_vector_t arg4 ;
- struct av_decision *arg5 = (struct av_decision *) 0 ;
-@@ -8751,12 +8792,12 @@ SWIGINTERN PyObject *_wrap_security_compute_av_flags_raw(PyObject *SWIGUNUSEDPAR
- if (!PyArg_ParseTuple(args,(char *)"OOOOO:security_compute_av_flags_raw",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av_flags_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av_flags_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
- if (!SWIG_IsOK(res2)) {
-- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av_flags_raw" "', argument " "2"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av_flags_raw" "', argument " "2"" of type '" "security_context_t const""'");
- }
- arg2 = (security_context_t)(buf2);
- ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
-@@ -8794,8 +8835,8 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-- security_context_t arg2 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
-+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
- security_class_t arg3 ;
- security_context_t *arg4 = (security_context_t *) 0 ;
- int res1 ;
-@@ -8816,12 +8857,12 @@ SWIGINTERN PyObject *_wrap_security_compute_create(PyObject *SWIGUNUSEDPARM(self
- if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_create",&obj0,&obj1,&obj2)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_create" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_create" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
- if (!SWIG_IsOK(res2)) {
-- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_create" "', argument " "2"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_create" "', argument " "2"" of type '" "security_context_t const""'");
- }
- arg2 = (security_context_t)(buf2);
- ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
-@@ -8857,8 +8898,8 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_create_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-- security_context_t arg2 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
-+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
- security_class_t arg3 ;
- security_context_t *arg4 = (security_context_t *) 0 ;
- int res1 ;
-@@ -8879,12 +8920,12 @@ SWIGINTERN PyObject *_wrap_security_compute_create_raw(PyObject *SWIGUNUSEDPARM(
- if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_create_raw",&obj0,&obj1,&obj2)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_create_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_create_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
- if (!SWIG_IsOK(res2)) {
-- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_create_raw" "', argument " "2"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_create_raw" "', argument " "2"" of type '" "security_context_t const""'");
- }
- arg2 = (security_context_t)(buf2);
- ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
-@@ -8920,8 +8961,8 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_relabel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-- security_context_t arg2 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
-+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
- security_class_t arg3 ;
- security_context_t *arg4 = (security_context_t *) 0 ;
- int res1 ;
-@@ -8942,12 +8983,12 @@ SWIGINTERN PyObject *_wrap_security_compute_relabel(PyObject *SWIGUNUSEDPARM(sel
- if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_relabel",&obj0,&obj1,&obj2)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_relabel" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_relabel" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
- if (!SWIG_IsOK(res2)) {
-- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_relabel" "', argument " "2"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_relabel" "', argument " "2"" of type '" "security_context_t const""'");
- }
- arg2 = (security_context_t)(buf2);
- ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
-@@ -8983,8 +9024,8 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_relabel_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-- security_context_t arg2 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
-+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
- security_class_t arg3 ;
- security_context_t *arg4 = (security_context_t *) 0 ;
- int res1 ;
-@@ -9005,12 +9046,12 @@ SWIGINTERN PyObject *_wrap_security_compute_relabel_raw(PyObject *SWIGUNUSEDPARM
- if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_relabel_raw",&obj0,&obj1,&obj2)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_relabel_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_relabel_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
- if (!SWIG_IsOK(res2)) {
-- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_relabel_raw" "', argument " "2"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_relabel_raw" "', argument " "2"" of type '" "security_context_t const""'");
- }
- arg2 = (security_context_t)(buf2);
- ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
-@@ -9046,8 +9087,8 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_member(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-- security_context_t arg2 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
-+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
- security_class_t arg3 ;
- security_context_t *arg4 = (security_context_t *) 0 ;
- int res1 ;
-@@ -9068,12 +9109,12 @@ SWIGINTERN PyObject *_wrap_security_compute_member(PyObject *SWIGUNUSEDPARM(self
- if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_member",&obj0,&obj1,&obj2)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_member" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_member" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
- if (!SWIG_IsOK(res2)) {
-- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_member" "', argument " "2"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_member" "', argument " "2"" of type '" "security_context_t const""'");
- }
- arg2 = (security_context_t)(buf2);
- ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
-@@ -9109,8 +9150,8 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_member_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-- security_context_t arg2 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
-+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
- security_class_t arg3 ;
- security_context_t *arg4 = (security_context_t *) 0 ;
- int res1 ;
-@@ -9131,12 +9172,12 @@ SWIGINTERN PyObject *_wrap_security_compute_member_raw(PyObject *SWIGUNUSEDPARM(
- if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_member_raw",&obj0,&obj1,&obj2)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_member_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_member_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
- if (!SWIG_IsOK(res2)) {
-- SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_member_raw" "', argument " "2"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_member_raw" "', argument " "2"" of type '" "security_context_t const""'");
- }
- arg2 = (security_context_t)(buf2);
- ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
-@@ -9172,7 +9213,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_user(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- char *arg2 = (char *) 0 ;
- security_context_t **arg3 = (security_context_t **) 0 ;
- int res1 ;
-@@ -9192,7 +9233,7 @@ SWIGINTERN PyObject *_wrap_security_compute_user(PyObject *SWIGUNUSEDPARM(self),
- if (!PyArg_ParseTuple(args,(char *)"OO:security_compute_user",&obj0,&obj1)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_user" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_user" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
-@@ -9217,7 +9258,9 @@ SWIGINTERN PyObject *_wrap_security_compute_user(PyObject *SWIGUNUSEDPARM(self),
- len++;
- plist = PyList_New(len);
- for (i = 0; i < len; i++) {
-- PyList_SetItem(plist, i, PyString_FromString((*arg3)[i]));
-+ PyList_SetItem(plist, i,
-+ PyBytes_FromString((*arg3)[i])
-+ );
- }
- } else {
- plist = PyList_New(0);
-@@ -9243,7 +9286,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_compute_user_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- char *arg2 = (char *) 0 ;
- security_context_t **arg3 = (security_context_t **) 0 ;
- int res1 ;
-@@ -9263,7 +9306,7 @@ SWIGINTERN PyObject *_wrap_security_compute_user_raw(PyObject *SWIGUNUSEDPARM(se
- if (!PyArg_ParseTuple(args,(char *)"OO:security_compute_user_raw",&obj0,&obj1)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_user_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_user_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
-@@ -9288,7 +9331,9 @@ SWIGINTERN PyObject *_wrap_security_compute_user_raw(PyObject *SWIGUNUSEDPARM(se
- len++;
- plist = PyList_New(len);
- for (i = 0; i < len; i++) {
-- PyList_SetItem(plist, i, PyString_FromString((*arg3)[i]));
-+ PyList_SetItem(plist, i,
-+ PyBytes_FromString((*arg3)[i])
-+ );
- }
- } else {
- plist = PyList_New(0);
-@@ -9721,7 +9766,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_check_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -9731,7 +9776,7 @@ SWIGINTERN PyObject *_wrap_security_check_context(PyObject *SWIGUNUSEDPARM(self)
- if (!PyArg_ParseTuple(args,(char *)"O:security_check_context",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_check_context" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_check_context" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -9752,7 +9797,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_check_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -9762,7 +9807,7 @@ SWIGINTERN PyObject *_wrap_security_check_context_raw(PyObject *SWIGUNUSEDPARM(s
- if (!PyArg_ParseTuple(args,(char *)"O:security_check_context_raw",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_check_context_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_check_context_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -9783,7 +9828,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_canonicalize_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- security_context_t *arg2 = (security_context_t *) 0 ;
- int res1 ;
- char *buf1 = 0 ;
-@@ -9796,7 +9841,7 @@ SWIGINTERN PyObject *_wrap_security_canonicalize_context(PyObject *SWIGUNUSEDPAR
- if (!PyArg_ParseTuple(args,(char *)"O:security_canonicalize_context",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_canonicalize_context" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_canonicalize_context" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -9825,7 +9870,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_security_canonicalize_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- security_context_t *arg2 = (security_context_t *) 0 ;
- int res1 ;
- char *buf1 = 0 ;
-@@ -9838,7 +9883,7 @@ SWIGINTERN PyObject *_wrap_security_canonicalize_context_raw(PyObject *SWIGUNUSE
- if (!PyArg_ParseTuple(args,(char *)"O:security_canonicalize_context_raw",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_canonicalize_context_raw" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_canonicalize_context_raw" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -9994,7 +10039,7 @@ SWIGINTERN PyObject *_wrap_security_get_boolean_names(PyObject *SWIGUNUSEDPARM(s
- PyObject* list = PyList_New(*arg2);
- int i;
- for (i = 0; i < *arg2; i++) {
-- PyList_SetItem(list, i, PyString_FromString((*arg1)[i]));
-+ PyList_SetItem(list, i, PyBytes_FromString((*arg1)[i]));
- }
- resultobj = SWIG_Python_AppendOutput(resultobj, list);
- }
-@@ -11129,6 +11174,19 @@ fail:
- }
-
-
-+SWIGINTERN PyObject *_wrap_selinux_sepgsql_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
-+ PyObject *resultobj = 0;
-+ char *result = 0 ;
-+
-+ if (!PyArg_ParseTuple(args,(char *)":selinux_sepgsql_context_path")) SWIG_fail;
-+ result = (char *)selinux_sepgsql_context_path();
-+ resultobj = SWIG_FromCharPtr((const char *)result);
-+ return resultobj;
-+fail:
-+ return NULL;
++ len = strlen(p);
++ if (len + strlen(last_component) + 1 > PATH_MAX) {
++ fprintf(stderr, "symlink_realpath(%s) failed: Filename too long \n",
++ name);
++ rc = -1;
++ goto out;
++ }
++
++ resolved_path += len;
++ strcpy(resolved_path, last_component);
++out:
++ free(tmp_path);
++ return rc;
+}
+
++int matchpathcon(const char *path, mode_t mode, security_context_t * con)
+ {
++ char stackpath[PATH_MAX + 1];
++ char *p = NULL;
+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
+ return -1;
+
++ if (S_ISLNK(mode)) {
++ if (!symlink_realpath(path, stackpath))
++ path = stackpath;
++ } else {
++ p = realpath(path, stackpath);
++ if (p)
++ path = p;
++ }
+
- SWIGINTERN PyObject *_wrap_selinux_contexts_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
- char *result = 0 ;
-@@ -11317,7 +11375,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_selinux_check_securetty_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -11327,7 +11385,7 @@ SWIGINTERN PyObject *_wrap_selinux_check_securetty_context(PyObject *SWIGUNUSEDP
- if (!PyArg_ParseTuple(args,(char *)"O:selinux_check_securetty_context",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_check_securetty_context" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_check_securetty_context" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -11412,16 +11470,20 @@ SWIGINTERN PyObject *_wrap_rpm_execcon(PyObject *SWIGUNUSEDPARM(self), PyObject
- arg3 = (char**) malloc(size + 1);
-
- for(i = 0; i < size; i++) {
-- if (!PyString_Check(PySequence_GetItem(obj2, i))) {
-- PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
-+ if (!PyBytes_Check(PySequence_GetItem(obj2, i))) {
-+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only bytes");
-+
- return NULL;
- }
-+
- }
-
- for(i = 0; i < size; i++) {
- s = PySequence_GetItem(obj2, i);
-- arg3[i] = (char*) malloc(PyString_Size(s) + 1);
-- strcpy(arg3[i], PyString_AsString(s));
-+
-+ arg3[i] = (char*) malloc(PyBytes_Size(s) + 1);
-+ strcpy(arg3[i], PyBytes_AsString(s));
-+
- }
- arg3[size] = NULL;
- }
-@@ -11439,16 +11501,20 @@ SWIGINTERN PyObject *_wrap_rpm_execcon(PyObject *SWIGUNUSEDPARM(self), PyObject
- arg4 = (char**) malloc(size + 1);
-
- for(i = 0; i < size; i++) {
-- if (!PyString_Check(PySequence_GetItem(obj3, i))) {
-- PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
-+ if (!PyBytes_Check(PySequence_GetItem(obj3, i))) {
-+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only bytes");
-+
- return NULL;
- }
-+
- }
-
- for(i = 0; i < size; i++) {
- s = PySequence_GetItem(obj3, i);
-- arg4[i] = (char*) malloc(PyString_Size(s) + 1);
-- strcpy(arg4[i], PyString_AsString(s));
-+
-+ arg4[i] = (char*) malloc(PyBytes_Size(s) + 1);
-+ strcpy(arg4[i], PyBytes_AsString(s));
-+
- }
- arg4[size] = NULL;
- }
-@@ -11502,7 +11568,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_is_context_customizable(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- int res1 ;
- char *buf1 = 0 ;
- int alloc1 = 0 ;
-@@ -11512,7 +11578,7 @@ SWIGINTERN PyObject *_wrap_is_context_customizable(PyObject *SWIGUNUSEDPARM(self
- if (!PyArg_ParseTuple(args,(char *)"O:is_context_customizable",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "is_context_customizable" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "is_context_customizable" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -11533,7 +11599,7 @@ fail:
-
- SWIGINTERN PyObject *_wrap_selinux_trans_to_raw_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- security_context_t *arg2 = (security_context_t *) 0 ;
- int res1 ;
- char *buf1 = 0 ;
-@@ -11546,7 +11612,7 @@ SWIGINTERN PyObject *_wrap_selinux_trans_to_raw_context(PyObject *SWIGUNUSEDPARM
- if (!PyArg_ParseTuple(args,(char *)"O:selinux_trans_to_raw_context",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_trans_to_raw_context" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_trans_to_raw_context" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -11575,7 +11641,7 @@ fail:
+ return notrans ?
+- selabel_lookup_raw(hnd, con, name, mode) :
+- selabel_lookup(hnd, con, name, mode);
++ selabel_lookup_raw(hnd, con, path, mode) :
++ selabel_lookup(hnd, con, path, mode);
+ }
- SWIGINTERN PyObject *_wrap_selinux_raw_to_trans_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- security_context_t *arg2 = (security_context_t *) 0 ;
- int res1 ;
- char *buf1 = 0 ;
-@@ -11588,7 +11654,7 @@ SWIGINTERN PyObject *_wrap_selinux_raw_to_trans_context(PyObject *SWIGUNUSEDPARM
- if (!PyArg_ParseTuple(args,(char *)"O:selinux_raw_to_trans_context",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_raw_to_trans_context" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_raw_to_trans_context" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -11617,7 +11683,7 @@ fail:
+ int matchpathcon_index(const char *name, mode_t mode, security_context_t * con)
+@@ -394,7 +464,7 @@ int selinux_file_context_verify(const char *path, mode_t mode)
+ rc = lgetfilecon_raw(path, &con);
+ if (rc == -1) {
+ if (errno != ENOTSUP)
+- return 1;
++ return -1;
+ else
+ return 0;
+ }
+@@ -404,11 +474,18 @@ int selinux_file_context_verify(const char *path, mode_t mode)
+
+ if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {
+ if (errno != ENOENT)
+- rc = 1;
++ rc = -1;
+ else
+ rc = 0;
+- } else
++ } else {
++ /*
++ * Need to set errno to 0 as it can be set to ENOENT if the
++ * file_contexts.subs file does not exist (see selabel_open in
++ * label.c), thus causing confusion if errno is checked on return.
++ */
++ errno = 0;
+ rc = (selinux_file_context_cmp(fcontext, con) == 0);
++ }
- SWIGINTERN PyObject *_wrap_selinux_raw_context_to_color(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
- PyObject *resultobj = 0;
-- security_context_t arg1 = (security_context_t) 0 ;
-+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
- char **arg2 = (char **) 0 ;
- int res1 ;
- char *buf1 = 0 ;
-@@ -11630,7 +11696,7 @@ SWIGINTERN PyObject *_wrap_selinux_raw_context_to_color(PyObject *SWIGUNUSEDPARM
- if (!PyArg_ParseTuple(args,(char *)"O:selinux_raw_context_to_color",&obj0)) SWIG_fail;
- res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
- if (!SWIG_IsOK(res1)) {
-- SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_raw_context_to_color" "', argument " "1"" of type '" "security_context_t""'");
-+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_raw_context_to_color" "', argument " "1"" of type '" "security_context_t const""'");
- }
- arg1 = (security_context_t)(buf1);
- {
-@@ -12172,6 +12238,7 @@ static PyMethodDef SwigMethods[] = {
- { (char *)"selinux_virtual_domain_context_path", _wrap_selinux_virtual_domain_context_path, METH_VARARGS, NULL},
- { (char *)"selinux_virtual_image_context_path", _wrap_selinux_virtual_image_context_path, METH_VARARGS, NULL},
- { (char *)"selinux_x_context_path", _wrap_selinux_x_context_path, METH_VARARGS, NULL},
-+ { (char *)"selinux_sepgsql_context_path", _wrap_selinux_sepgsql_context_path, METH_VARARGS, NULL},
- { (char *)"selinux_contexts_path", _wrap_selinux_contexts_path, METH_VARARGS, NULL},
- { (char *)"selinux_securetty_types_path", _wrap_selinux_securetty_types_path, METH_VARARGS, NULL},
- { (char *)"selinux_booleans_path", _wrap_selinux_booleans_path, METH_VARARGS, NULL},
-@@ -12185,7 +12252,7 @@ static PyMethodDef SwigMethods[] = {
- { (char *)"selinux_check_passwd_access", _wrap_selinux_check_passwd_access, METH_VARARGS, NULL},
- { (char *)"checkPasswdAccess", _wrap_checkPasswdAccess, METH_VARARGS, NULL},
- { (char *)"selinux_check_securetty_context", _wrap_selinux_check_securetty_context, METH_VARARGS, NULL},
-- { (char *)"set_selinuxmnt", _wrap_set_selinuxmnt, METH_VARARGS, NULL},
-+ { (char *)"set_selinuxmnto", _wrap_set_selinuxmnt, METH_VARARGS, NULL},
- { (char *)"rpm_execcon", _wrap_rpm_execcon, METH_VARARGS, NULL},
- { (char *)"is_context_customizable", _wrap_is_context_customizable, METH_VARARGS, NULL},
- { (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL},
-@@ -12868,15 +12935,15 @@ extern "C" {
- }
- }
- if (ci) {
-- size_t shift = (ci->ptype) - types;
-- swig_type_info *ty = types_initial[shift];
-- size_t ldoc = (c - methods[i].ml_doc);
-- size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
-- char *ndoc = (char*)malloc(ldoc + lptr + 10);
-- if (ndoc) {
-- char *buff = ndoc;
-- void *ptr = (ci->type == SWIG_PY_POINTER) ? ci->pvalue : 0;
-- if (ptr) {
-+ void *ptr = (ci->type == SWIG_PY_POINTER) ? ci->pvalue : 0;
-+ if (ptr) {
-+ size_t shift = (ci->ptype) - types;
-+ swig_type_info *ty = types_initial[shift];
-+ size_t ldoc = (c - methods[i].ml_doc);
-+ size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
-+ char *ndoc = (char*)malloc(ldoc + lptr + 10);
-+ if (ndoc) {
-+ char *buff = ndoc;
- strncpy(buff, methods[i].ml_doc, ldoc);
- buff += ldoc;
- strncpy(buff, "swig_ptr: ", 10);
-@@ -14079,6 +14146,7 @@ SWIG_init(void) {
- SWIG_Python_SetConstant(d, "SELABEL_CTX_FILE",SWIG_From_int((int)(0)));
- SWIG_Python_SetConstant(d, "SELABEL_CTX_MEDIA",SWIG_From_int((int)(1)));
- SWIG_Python_SetConstant(d, "SELABEL_CTX_X",SWIG_From_int((int)(2)));
-+ SWIG_Python_SetConstant(d, "SELABEL_CTX_DB",SWIG_From_int((int)(3)));
- SWIG_Python_SetConstant(d, "SELABEL_OPT_UNUSED",SWIG_From_int((int)(0)));
- SWIG_Python_SetConstant(d, "SELABEL_OPT_VALIDATE",SWIG_From_int((int)(1)));
- SWIG_Python_SetConstant(d, "SELABEL_OPT_BASEONLY",SWIG_From_int((int)(2)));
-@@ -14092,6 +14160,15 @@ SWIG_init(void) {
- SWIG_Python_SetConstant(d, "SELABEL_X_SELN",SWIG_From_int((int)(5)));
- SWIG_Python_SetConstant(d, "SELABEL_X_POLYPROP",SWIG_From_int((int)(6)));
- SWIG_Python_SetConstant(d, "SELABEL_X_POLYSELN",SWIG_From_int((int)(7)));
-+ SWIG_Python_SetConstant(d, "SELABEL_DB_DATABASE",SWIG_From_int((int)(1)));
-+ SWIG_Python_SetConstant(d, "SELABEL_DB_SCHEMA",SWIG_From_int((int)(2)));
-+ SWIG_Python_SetConstant(d, "SELABEL_DB_TABLE",SWIG_From_int((int)(3)));
-+ SWIG_Python_SetConstant(d, "SELABEL_DB_COLUMN",SWIG_From_int((int)(4)));
-+ SWIG_Python_SetConstant(d, "SELABEL_DB_SEQUENCE",SWIG_From_int((int)(5)));
-+ SWIG_Python_SetConstant(d, "SELABEL_DB_VIEW",SWIG_From_int((int)(6)));
-+ SWIG_Python_SetConstant(d, "SELABEL_DB_PROCEDURE",SWIG_From_int((int)(7)));
-+ SWIG_Python_SetConstant(d, "SELABEL_DB_BLOB",SWIG_From_int((int)(8)));
-+ SWIG_Python_SetConstant(d, "SELABEL_DB_TUPLE",SWIG_From_int((int)(9)));
- SWIG_Python_SetConstant(d, "SELINUX_AVD_FLAGS_PERMISSIVE",SWIG_From_int((int)(0x0001)));
- SWIG_Python_SetConstant(d, "SELINUX_CB_LOG",SWIG_From_int((int)(0)));
- SWIG_Python_SetConstant(d, "SELINUX_CB_AUDIT",SWIG_From_int((int)(1)));
+ freecon(con);
+ freecon(fcontext);
diff --git a/libselinux/utils/matchpathcon.c b/libselinux/utils/matchpathcon.c
-index 4453a88..f1fe506 100644
+index 3ecd52f..5f0a4c2 100644
--- a/libselinux/utils/matchpathcon.c
+++ b/libselinux/utils/matchpathcon.c
-@@ -8,6 +8,49 @@
- #include <sys/stat.h>
- #include <sys/errno.h>
- #include <selinux/selinux.h>
-+#include <limits.h>
-+#include <stdlib.h>
-+
-+
-+static int symlink_realpath(char *name, char *path)
-+{
-+ char *p = NULL, *file_sep;
-+ char *tmp_path = strdupa(name);
-+ size_t len = 0;
-+
-+ if (!tmp_path) {
-+ fprintf(stderr, "strdupa on %s failed: %s\n", name,
-+ strerror(errno));
-+ return -1;
-+ }
-+ file_sep = strrchr(tmp_path, '/');
-+ if (file_sep == tmp_path) {
-+ file_sep++;
-+ p = strcpy(path, "");
-+ } else if (file_sep) {
-+ *file_sep = 0;
-+ file_sep++;
-+ p = realpath(tmp_path, path);
-+ } else {
-+ file_sep = tmp_path;
-+ p = realpath("./", path);
-+ }
-+ if (p)
-+ len = strlen(p);
-+ if (!p || len + strlen(file_sep) + 2 > PATH_MAX) {
-+ fprintf(stderr, "symlink_realpath(%s) failed %s\n", name,
-+ strerror(errno));
-+ return -1;
-+ }
-+ p += len;
-+ /* ensure trailing slash of directory name */
-+ if (len == 0 || *(p - 1) != '/') {
-+ *p = '/';
-+ p++;
-+ }
-+ strcpy(p, file_sep);
-+ return 0;
-+}
+@@ -43,63 +43,6 @@ int printmatchpathcon(char *path, int header, int mode)
+ return 0;
+ }
- void usage(const char *progname)
+-/*
+- * We do not want to resolve a symlink to a real path if it is the final
+- * component of the name. Thus we split the pathname on the last "/" and
+- * determine a real path component of the first portion. We then have to
+- * copy the last part back on to get the final real path. Wheww.
+- */
+-static int symlink_realpath(char *name, char *resolved_path)
+-{
+- char *last_component;
+- char *tmp_path, *p;
+- size_t len = 0;
+- int rc = 0;
+-
+- tmp_path = strdup(name);
+- if (!tmp_path) {
+- fprintf(stderr, "symlink_realpath(%s) strdup() failed: %s\n",
+- name, strerror(errno));
+- rc = -1;
+- goto out;
+- }
+-
+- last_component = strrchr(tmp_path, '/');
+-
+- if (last_component == tmp_path) {
+- last_component++;
+- p = strcpy(resolved_path, "/");
+- } else if (last_component) {
+- *last_component = '\0';
+- last_component++;
+- p = realpath(tmp_path, resolved_path);
+- } else {
+- last_component = tmp_path;
+- p = realpath("./", resolved_path);
+- }
+-
+- if (!p) {
+- fprintf(stderr, "symlink_realpath(%s) realpath() failed: %s\n",
+- name, strerror(errno));
+- rc = -1;
+- goto out;
+- }
+-
+- len = strlen(p);
+- if (len + strlen(last_component) + 1 > PATH_MAX) {
+- fprintf(stderr, "symlink_realpath(%s) failed: Filename too long \n",
+- name);
+- rc = -1;
+- goto out;
+- }
+-
+- resolved_path += len;
+- strcpy(resolved_path, last_component);
+-out:
+- free(tmp_path);
+- return rc;
+-}
+-
+ int main(int argc, char **argv)
{
-@@ -103,49 +146,66 @@ int main(int argc, char **argv)
- }
- }
+ int i, init = 0;
+@@ -166,8 +109,7 @@ int main(int argc, char **argv)
for (i = optind; i < argc; i++) {
-+ char lnkpath[PATH_MAX + 1];
- int mode = 0;
+ int rc, mode = 0;
struct stat buf;
-+ char *newpath = NULL;
-+ char *path;
- int len = strlen(argv[i]);
- if (len > 1 && argv[i][len - 1 ] == '/') {
- argv[i][len - 1 ] = '\0';
- }
-
-- if (lstat(argv[i], &buf) == 0)
-+ if (lstat(argv[i], &buf) == 0) {
+- char *p, *path = argv[i];
+- char stackpath[PATH_MAX + 1];
++ char *path = argv[i];
+ int len = strlen(path);
+ if (len > 1 && path[len - 1 ] == '/')
+ path[len - 1 ] = '\0';
+@@ -175,31 +117,23 @@ int main(int argc, char **argv)
+ if (lstat(path, &buf) == 0)
mode = buf.st_mode;
-+ }
-+
-+ path = argv[i];
-+ if (S_ISLNK(mode)) {
-+ int rc = symlink_realpath(argv[i], lnkpath);
-+ if (rc >= 0) {
-+ path = lnkpath;
-+ }
-+ } else {
-+ if ((newpath = realpath(argv[i], NULL))) {
-+ path = newpath;
-+ }
-+ }
+- if (S_ISLNK(mode)) {
+- rc = symlink_realpath(path, stackpath);
+- if (!rc)
+- path = stackpath;
+- } else {
+- p = realpath(path, stackpath);
+- if (p)
+- path = p;
+- }
+-
if (verify) {
+ rc = selinux_file_context_verify(path, mode);
+
if (quiet) {
-- if (selinux_file_context_verify(argv[i], mode))
-+ if (selinux_file_context_verify(path, mode))
+- if (rc)
++ if (rc == 1)
continue;
else
exit(1);
}
-- if (selinux_file_context_verify(argv[i], mode)) {
-- printf("%s verified.\n", argv[i]);
-+ if (selinux_file_context_verify(path, mode)) {
-+ printf("%s verified.\n", path);
+
+- if (rc) {
++ if (rc == -1) {
++ printf("%s error: %s\n", path, strerror(errno));
++ exit(1);
++ } else if (rc == 1) {
+ printf("%s verified.\n", path);
} else {
security_context_t con;
- int rc;
+- int rc;
error = 1;
if (notrans)
-- rc = lgetfilecon_raw(argv[i], &con);
-+ rc = lgetfilecon_raw(path, &con);
- else
-- rc = lgetfilecon(argv[i], &con);
-+ rc = lgetfilecon(path, &con);
-
- if (rc >= 0) {
- printf("%s has context %s, should be ",
- argv[i], con);
-- printmatchpathcon(argv[i], 0, mode);
-+ printmatchpathcon(path, 0, mode);
- freecon(con);
- } else {
- printf
- ("actual context unknown: %s, should be ",
- strerror(errno));
-- printmatchpathcon(argv[i], 0, mode);
-+ printmatchpathcon(path, 0, mode);
- }
- }
- } else {
-- error |= printmatchpathcon(argv[i], header, mode);
-+ error |= printmatchpathcon(path, header, mode);
- }
-+ free(newpath); newpath = NULL;
- }
- matchpathcon_fini();
- return error;
-diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c
-new file mode 100644
-index 0000000..c55fde9
---- /dev/null
-+++ b/libselinux/utils/selinuxexeccon.c
-@@ -0,0 +1,60 @@
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <fcntl.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <errno.h>
-+#include <string.h>
-+#include <ctype.h>
-+#include <selinux/flask.h>
-+#include <selinux/selinux.h>
-+
-+void usage(char *name, char *detail, int rc)
-+{
-+ fprintf(stderr, "usage: %s command [ fromcon ]\n", name);
-+ if (detail)
-+ fprintf(stderr, "%s: %s\n", name, detail);
-+ exit(rc);
-+}
-+
-+static security_context_t get_selinux_proc_context(const char *command, security_context_t execcon) {
-+ security_context_t fcon = NULL, newcon = NULL;
-+
-+ int ret = getfilecon(command, &fcon);
-+ if (ret < 0) goto err;
-+ ret = security_compute_create(execcon, fcon, SECCLASS_PROCESS, &newcon);
-+ if (ret < 0) goto err;
-+
-+err:
-+ freecon(fcon);
-+ return newcon;
-+}
-+
-+int main(int argc, char **argv)
-+{
-+ int ret = -1;
-+ security_context_t proccon = NULL, con = NULL;
-+ if (argc < 2 || argc > 3)
-+ usage(argv[0], "Invalid number of arguments", -1);
-+
-+ if (argc == 2) {
-+ if (getcon(&con) < 0) {
-+ perror(argv[0]);
-+ return -1;
-+ }
-+ } else {
-+ con = strdup(argv[2]);
-+ }
-+
-+ proccon = get_selinux_proc_context(argv[1], con);
-+ if (proccon) {
-+ printf("%s\n", proccon);
-+ ret = 0;
-+ } else {
-+ perror(argv[0]);
-+ }
-+
-+ free(proccon);
-+ free(con);
-+ return ret;
-+}
+ rc = lgetfilecon_raw(path, &con);
diff --git a/libselinux.spec b/libselinux.spec
index a958e0d..3a0215e 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -1,12 +1,12 @@
%global with_python3 1
%define ruby_sitearch %(ruby -rrbconfig -e "puts Config::CONFIG['sitearchdir']")
-%define libsepolver 2.0.44-2
+%define libsepolver 2.1.0-1
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Summary: SELinux library and simple utilities
Name: libselinux
-Version: 2.1.0
+Version: 2.1.4
Release: 1%{?dist}
License: Public Domain
Group: System Environment/Libraries
@@ -235,6 +235,33 @@ exit 0
%{ruby_sitearch}/selinux.so
%changelog
+* Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-1
+-Update to upstream
+2.1.4 2011-0817
+ * mapping fix for invalid class/perms after selinux_set_mapping
+ * audit2why: work around python bug not defining
+ * resolv symlinks and dot directories before matching
+
+2.1.2 2011-0803
+ * audit2allow: do not print statistics
+ * make python bindings for restorecon work on relative path
+ * fix python audit2why binding error
+ * support new python3 functions
+ * do not check fcontext duplicates on use
+ * Patch for python3 for libselinux
+
+2.1.1 2011-08-02
+ * move .gitignore into utils
+ * new setexecon utility
+ * selabel_open fix processing of substitution files
+ * mountpoint changing patch.
+ * simplify SRCS in Makefile
+
+2.1.1 2011-08-01
+ * Remove generated files, introduce more .gitignore
+
+
+
* Thu Jul 28 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.0-1
-Update to upstream
* Release, minor version bump
diff --git a/sources b/sources
index 9df4551..1197224 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-148de887b85cbe1e1da46af360a911f0 libselinux-2.0.102.tgz
-44e3f59aab9cd1009fa2bfd5d4045b63 libselinux-2.1.0.tgz
+d908f2816d00111c222ccd081e7de80d libselinux-2.1.4.tgz
More information about the scm-commits
mailing list