[libsemanage] More fixes for disabled modules
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Jun 8 18:46:55 UTC 2011
commit c00e96cc0c7a2d6d2d96c83f4034dfb21d9a2fa0
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Jun 8 14:46:29 2011 -0400
More fixes for disabled modules
libsemanage-rhat.patch | 101 +++++++++++++++++++++++++++++++----------------
libsemanage.spec | 5 ++-
2 files changed, 70 insertions(+), 36 deletions(-)
---
diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch
index 93e7521..00432d7 100644
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@@ -175,7 +175,7 @@ index 9b261b9..77c00b2 100644
free(arg);
} else if (*arg == '/') {
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
-index bceb6a7..bfdcdbe 100644
+index bceb6a7..dbdcdae 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -2,7 +2,7 @@
@@ -290,7 +290,15 @@ index bceb6a7..bfdcdbe 100644
}
}
ERR(sh, "Module %s was not found.", module_name);
-@@ -1539,7 +1502,7 @@ int semanage_direct_access_check(semanage_handle_t * sh)
+@@ -1418,6 +1381,7 @@ static int semanage_direct_remove(semanage_handle_t * sh, char *module_name)
+ }
+ base++;
+ if (memcmp(module_name, base, name_len) == 0) {
++ semanage_enable_module(module_filenames[i]);
+ if (unlink(module_filenames[i]) == -1) {
+ ERR(sh, "Could not remove module file %s.",
+ module_filenames[i]);
+@@ -1539,7 +1503,7 @@ int semanage_direct_access_check(semanage_handle_t * sh)
{
char polpath[PATH_MAX];
@@ -549,7 +557,7 @@ index 3cffef7..da0ad71 100644
return _semanage.semanage_module_install(*args)
semanage_module_install = _semanage.semanage_module_install
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
-index 339bbd0..90af360 100644
+index 339bbd0..602a937 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -57,7 +57,7 @@ typedef struct dbase_policydb dbase_t;
@@ -598,7 +606,7 @@ index 339bbd0..90af360 100644
/* Callback used by scandir() to select files. */
static int semanage_filename_select(const struct dirent *d)
{
-@@ -435,9 +442,38 @@ static int semanage_filename_select(const struct dirent *d)
+@@ -435,11 +442,41 @@ static int semanage_filename_select(const struct dirent *d)
return 1;
}
@@ -638,8 +646,57 @@ index 339bbd0..90af360 100644
+ return (access(path, F_OK ) != 0);
}
++/* Callback used by scandir() to select module files. */
static int semanage_modulename_select(const struct dirent *d)
-@@ -1071,14 +1107,14 @@ static int semanage_install_active(semanage_handle_t * sh)
+ {
+ if (d->d_name[0] == '.'
+@@ -447,7 +484,7 @@ static int semanage_modulename_select(const struct dirent *d)
+ || (d->d_name[1] == '.' && d->d_name[2] == '\0')))
+ return 0;
+
+- return semanage_module_enabled(d->d_name);
++ return (! is_disabled_file(d->d_name));
+ }
+
+ /* Copies a file from src to dst. If dst already exists then
+@@ -684,7 +721,7 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
+ int *len)
+ {
+ return semanage_get_modules_names_filter(sh, filenames,
+- len, semanage_filename_select);
++ len, semanage_modulename_select);
+ }
+
+ /* Scans the modules directory for the current semanage handler. This
+@@ -697,8 +734,25 @@ int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
+ int semanage_get_active_modules_names(semanage_handle_t * sh, char ***filenames,
+ int *len)
+ {
+- return semanage_get_modules_names_filter(sh, filenames,
+- len, semanage_modulename_select);
++
++ int rc = semanage_get_modules_names_filter(sh, filenames,
++ len, semanage_modulename_select);
++ if ( rc != 0 ) return rc;
++
++ int i = 0, num_modules = *len;
++ char **names=*filenames;
++
++ while ( i < num_modules ) {
++ if (! semanage_module_enabled(names[i])) {
++ free(names[i]);
++ names[i]=names[num_modules-1];
++ names[num_modules-1] = NULL;
++ num_modules--;
++ }
++ i++;
++ }
++ *len = num_modules;
++ return 0;
+ }
+
+ /******************* routines that run external programs *******************/
+@@ -1071,14 +1125,14 @@ static int semanage_install_active(semanage_handle_t * sh)
const char *active_fc_hd =
semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_HOMEDIRS);
@@ -662,7 +719,7 @@ index 339bbd0..90af360 100644
/* This is very unelegant, the right thing to do is export the path
* building code in libselinux so that you can get paths for a given
-@@ -1099,11 +1135,11 @@ static int semanage_install_active(semanage_handle_t * sh)
+@@ -1099,11 +1153,11 @@ static int semanage_install_active(semanage_handle_t * sh)
running_seusers += len;
running_nc += len;
@@ -676,42 +733,16 @@ index 339bbd0..90af360 100644
sh->conf->store_path);
snprintf(store_pol, PATH_MAX, "%s%s.%d", storepath,
-@@ -1632,18 +1668,21 @@ int semanage_link_sandbox(semanage_handle_t * sh,
- num_modules = 0;
+@@ -1633,8 +1687,7 @@ int semanage_link_sandbox(semanage_handle_t * sh,
goto cleanup;
}
-+ int disabled = 0;
for (i = 0; i < num_modules; i++) {
- if (semanage_load_module(sh, module_filenames[i], mods + i) ==
- -1) {
-- goto cleanup;
-+ if (semanage_module_enabled(module_filenames[i])) {
-+ if (semanage_load_module(sh, module_filenames[i], mods + (i - disabled)) == -1) {
-+ goto cleanup;
-+ }
-+ } else {
-+ disabled++;
++ if (semanage_load_module(sh, module_filenames[i], mods + i) == -1) {
+ goto cleanup;
}
}
-
-- if (sepol_link_packages(sh->sepolh, *base, mods, num_modules, 0) != 0) {
-+ if (sepol_link_packages(sh->sepolh, *base, mods, num_modules - disabled, 0) != 0) {
- ERR(sh, "Link packages failed");
- goto cleanup;
- }
--
- retval = 0;
-
- cleanup:
-@@ -1651,7 +1690,7 @@ int semanage_link_sandbox(semanage_handle_t * sh,
- free(module_filenames[i]);
- }
- free(module_filenames);
-- for (i = 0; mods != NULL && i < num_modules; i++) {
-+ for (i = 0; mods != NULL && i < num_modules -disabled; i++) {
- sepol_module_package_free(mods[i]);
- }
- free(mods);
diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
index 6abb2ee..8470191 100644
--- a/libsemanage/src/semanage_store.h
diff --git a/libsemanage.spec b/libsemanage.spec
index d771331..3d3aece 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -10,7 +10,7 @@
Summary: SELinux binary policy manipulation library
Name: libsemanage
Version: 2.0.46
-Release: 5%{?dist}
+Release: 6%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
@@ -208,6 +208,9 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
+* Wed Jun 8 2011 Dan Walsh <dwalsh at redhat.com> - 2.0.46-6
+- More fixes for disabled modules
+
* Tue Jun 7 2011 Dan Walsh <dwalsh at redhat.com> - 2.0.46-5
- Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module
indicating the module is disabled. MODULE.pp.disabled, it will no longer rename the module. This way we can
More information about the scm-commits
mailing list