[libsemanage] Update to upstream * add ignoredirs config for genhomedircon * Fallback_user_level can be NULL if

Daniel J Walsh dwalsh at fedoraproject.org
Wed Dec 21 18:09:43 UTC 2011 

commit 99d9fa911ace397b51d1212400706d2e85e69262
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Wed Dec 21 18:09:42 2011 +0000

    Update to upstream
    	* add ignoredirs config for genhomedircon
    	* Fallback_user_level can be NULL if you are not using MLS

 libsemanage-rhat.patch |  240 ------------------------------------------------
 libsemanage.spec       |    2 +
 2 files changed, 2 insertions(+), 240 deletions(-)
---
diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch
index a6a6be1..e69de29 100644
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@@ -1,240 +0,0 @@
-diff --git a/libsemanage/man/man5/semanage.conf.5 b/libsemanage/man/man5/semanage.conf.5
-index c60bdc6..6a8b4e8 100644
---- a/libsemanage/man/man5/semanage.conf.5
-+++ b/libsemanage/man/man5/semanage.conf.5
-@@ -56,6 +56,11 @@ It controls whether the previously linked module is saved (with name "base.linke
- It can be set to either "true" or "false" and by default it is set to "false" (the previous module is deleted).
- 
- .TP
-+.B ignoredirs
-+List, separated by ";",  of directories to ignore when setting up users homedirs. 
-+Some distributions use this to stop labeling /root as a homedir. 
-+
-+.TP
- .B usepasswd 
- Whether or not to enable the use getpwent() to obtain a list of home directories to label. It can be set to either "true" or "false".
- By default it is set to "true".
-diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
-index 77c00b2..bbdac1d 100644
---- a/libsemanage/src/conf-parse.y
-+++ b/libsemanage/src/conf-parse.y
-@@ -58,7 +58,7 @@ static int parse_errors;
- }
- 
- %token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
--%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD
-+%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD IGNOREDIRS
- %token BZIP_BLOCKSIZE BZIP_SMALL
- %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
- %token PROG_PATH PROG_ARGS
-@@ -84,6 +84,7 @@ single_opt:     module_store
-         |       save_linked
-         |       disable_genhomedircon
-         |       usepasswd
-+        |       ignoredirs
-         |       handle_unknown
- 	|	bzip_blocksize
- 	|	bzip_small
-@@ -166,6 +167,10 @@ usepasswd: USEPASSWD '=' ARG {
- 	free($3);
-  }
- 
-+ignoredirs: IGNOREDIRS '=' ARG {
-+	current_conf->ignoredirs = strdup($3);
-+ }
-+
- handle_unknown: HANDLE_UNKNOWN '=' ARG {
- 	if (strcasecmp($3, "deny") == 0) {
- 		current_conf->handle_unknown = SEPOL_DENY_UNKNOWN;
-@@ -262,6 +267,7 @@ static int semanage_conf_init(semanage_conf_t * conf)
- {
- 	conf->store_type = SEMANAGE_CON_DIRECT;
- 	conf->store_path = strdup(basename(semanage_policy_root()));
-+	conf->ignoredirs = NULL;
- 	conf->policyvers = sepol_policy_kern_vers_max();
- 	conf->expand_check = 1;
- 	conf->handle_unknown = -1;
-@@ -354,6 +360,7 @@ void semanage_conf_destroy(semanage_conf_t * conf)
- {
- 	if (conf != NULL) {
- 		free(conf->store_path);
-+		free(conf->ignoredirs);
- 		semanage_conf_external_prog_destroy(conf->load_policy);
- 		semanage_conf_external_prog_destroy(conf->setfiles);
- 		semanage_conf_external_prog_destroy(conf->mod_prog);
-diff --git a/libsemanage/src/conf-scan.l b/libsemanage/src/conf-scan.l
-index e57119d..7ef4154 100644
---- a/libsemanage/src/conf-scan.l
-+++ b/libsemanage/src/conf-scan.l
-@@ -47,6 +47,7 @@ save-previous     return SAVE_PREVIOUS;
- save-linked       return SAVE_LINKED;
- disable-genhomedircon return DISABLE_GENHOMEDIRCON;
- usepasswd return USEPASSWD;
-+ignoredirs        return IGNOREDIRS;
- handle-unknown    return HANDLE_UNKNOWN;
- bzip-blocksize	return BZIP_BLOCKSIZE;
- bzip-small	return BZIP_SMALL;
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
-index 8fcfb88..4f919a6 100644
---- a/libsemanage/src/direct_api.c
-+++ b/libsemanage/src/direct_api.c
-@@ -992,7 +992,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- 	 * which requires the out policydb */
- 	if (!sh->conf->disable_genhomedircon) {
- 		if (out && (retval =
--		     semanage_genhomedircon(sh, out, sh->conf->usepasswd)) != 0) {
-+			semanage_genhomedircon(sh, out, sh->conf->usepasswd, sh->conf->ignoredirs)) != 0) {
- 			ERR(sh, "semanage_genhomedircon returned error code %d.",
- 			    retval);
- 			goto cleanup;
-diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
-index 847d87e..d2646ae 100644
---- a/libsemanage/src/genhomedircon.c
-+++ b/libsemanage/src/genhomedircon.c
-@@ -113,6 +113,61 @@ typedef struct {
- 	int matched;
- } fc_match_handle_t;
- 
-+typedef struct IgnoreDir {
-+	struct IgnoreDir *next;
-+	char *dir;
-+} ignoredir_t;
-+
-+ignoredir_t *ignore_head = NULL;
-+
-+static void ignore_free(void) {
-+	ignoredir_t *next;
-+
-+	while (ignore_head) {
-+		next = ignore_head->next;
-+		free(ignore_head->dir);
-+		free(ignore_head);
-+		ignore_head = next;
-+	}
-+}
-+
-+static int ignore_setup(char *ignoredirs) {
-+	char *tok;
-+	ignoredir_t *ptr = NULL; 
-+
-+	tok = strtok(ignoredirs, ";");
-+	while(tok) {
-+		ptr = calloc(sizeof(ignoredir_t),1);
-+		if (!ptr)
-+			goto err;
-+		ptr->dir = strdup(tok);
-+		if (!ptr->dir)
-+			goto err;
-+
-+		ptr->next = ignore_head;
-+		ignore_head = ptr;
-+
-+		tok = strtok(NULL, ";");
-+	}
-+
-+	return 0;
-+err:
-+	free(ptr);
-+	ignore_free();
-+	return -1;
-+}
-+
-+static int ignore(const char *homedir) {
-+	ignoredir_t *ptr = ignore_head;
-+	while (ptr) {
-+		if (strcmp(ptr->dir, homedir) == 0) {
-+			return 1;
-+		}
-+		ptr = ptr->next;
-+	}
-+	return 0;
-+}
-+
- static semanage_list_t *default_shell_list(void)
- {
- 	semanage_list_t *list = NULL;
-@@ -314,6 +369,8 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
- 		}
- 		if (strcmp(pwbuf->pw_dir, "/") == 0)
- 			continue;
-+		if (ignore(pwbuf->pw_dir))
-+			continue;
- 		if (semanage_str_count(pwbuf->pw_dir, '/') <= 1)
- 			continue;
- 		if (!(path = strdup(pwbuf->pw_dir))) {
-@@ -660,9 +717,12 @@ static int set_fallback_user(genhomedircon_settings_t *s, const char *user,
- {
- 	char *fallback_user = strdup(user);
- 	char *fallback_user_prefix = strdup(prefix);
--	char *fallback_user_level = strdup(level);
-+	char *fallback_user_level = NULL;
-+	if (level) 
-+		fallback_user_level = strdup(level);
- 
--	if (fallback_user == NULL || fallback_user_prefix == NULL || fallback_user_level == NULL) {
-+	if (fallback_user == NULL || fallback_user_prefix == NULL ||
-+	    (fallback_user_level == NULL && level != NULL)) {
- 		free(fallback_user);
- 		free(fallback_user_prefix);
- 		free(fallback_user_level);
-@@ -829,6 +889,8 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
- 			 * /root */
- 			continue;
- 		}
-+		if (ignore(pwent->pw_dir))
-+			continue;
- 		if (push_user_entry(&head, name, seuname,
- 				    prefix, pwent->pw_dir, level) != STATUS_SUCCESS) {
- 			*errors = STATUS_ERR;
-@@ -980,7 +1042,8 @@ done:
- 
- int semanage_genhomedircon(semanage_handle_t * sh,
- 			   sepol_policydb_t * policydb,
--			   int usepasswd)
-+			   int usepasswd, 
-+			   char *ignoredirs)
- {
- 	genhomedircon_settings_t s;
- 	FILE *out = NULL;
-@@ -998,6 +1061,8 @@ int semanage_genhomedircon(semanage_handle_t * sh,
- 	if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL)
- 		return STATUS_ERR;
- 
-+	if (ignoredirs) ignore_setup(ignoredirs);
-+
- 	s.usepasswd = usepasswd;
- 	s.h_semanage = sh;
- 	s.policydb = policydb;
-@@ -1014,6 +1079,7 @@ int semanage_genhomedircon(semanage_handle_t * sh,
- 
- 	free(s.fallback_user);
- 	free(s.fallback_user_prefix);
-+	ignore_free();
- 
- 	return retval;
- }
-diff --git a/libsemanage/src/genhomedircon.h b/libsemanage/src/genhomedircon.h
-index 443e345..3f9ef8f 100644
---- a/libsemanage/src/genhomedircon.h
-+++ b/libsemanage/src/genhomedircon.h
-@@ -23,6 +23,7 @@
- #include "utilities.h"
- 
- int semanage_genhomedircon(semanage_handle_t * sh,
--			   sepol_policydb_t * policydb, int usepasswd);
-+			   sepol_policydb_t * policydb, int usepasswd,
-+			   char *ignoredirs);
- 
- #endif
-diff --git a/libsemanage/src/semanage_conf.h b/libsemanage/src/semanage_conf.h
-index f58d9ac..95f8ec3 100644
---- a/libsemanage/src/semanage_conf.h
-+++ b/libsemanage/src/semanage_conf.h
-@@ -43,6 +43,7 @@ typedef struct semanage_conf {
- 	mode_t file_mode;
- 	int bzip_blocksize;
- 	int bzip_small;
-+	char *ignoredirs;	/* ";" separated of list for genhomedircon to ignore */
- 	struct external_prog *load_policy;
- 	struct external_prog *setfiles;
- 	struct external_prog *mod_prog, *linked_prog, *kernel_prog;
diff --git a/libsemanage.spec b/libsemanage.spec
index bb293b0..e5ec7d2 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -182,6 +182,8 @@ rm -rf ${RPM_BUILD_ROOT}
 %changelog
 * Wed Dec 21 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.6-1
 -Update to upstream
+	* add ignoredirs config for genhomedircon
+	* Fallback_user_level can be NULL if you are not using MLS
 
 * Thu Dec 15 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-4
 - Rebuild with latest libsepol

More information about the scm-commits mailing list