[setools/f17: 1/2] Rebuild to get latest libsepol which fixes the file_name transition problems
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Apr 23 21:05:24 UTC 2012
commit b150c9d13a2c573b09f3b65dc89d5acc8c720484
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Apr 23 17:03:59 2012 -0400
Rebuild to get latest libsepol which fixes the file_name transition problems
0009-selinux_current_policy_path.patch | 84 ++++++++++++++++++++++++++++++++
setools.spec | 14 ++++-
2 files changed, 95 insertions(+), 3 deletions(-)
---
diff --git a/0009-selinux_current_policy_path.patch b/0009-selinux_current_policy_path.patch
new file mode 100644
index 0000000..e9cc81d
--- /dev/null
+++ b/0009-selinux_current_policy_path.patch
@@ -0,0 +1,84 @@
+diff -up setools-3.3.7/libqpol/src/util.c.current setools-3.3.7/libqpol/src/util.c
+--- setools-3.3.7/libqpol/src/util.c.current 2010-04-23 12:22:08.000000000 -0400
++++ setools-3.3.7/libqpol/src/util.c 2012-02-16 12:01:33.030434514 -0500
+@@ -84,75 +84,12 @@ static int get_binpol_version(const char
+
+ static int search_policy_binary_file(char **path)
+ {
+- const char *binary_path;
+- if ((binary_path = selinux_binary_policy_path()) == NULL) {
+- return -1;
++ const char *binary_path = selinux_current_policy_path();
++ if (binary_path) {
++ *path = strdup(binary_path);
++ if (*path) return 0;
+ }
+-
+- int expected_version = -1, latest_version = -1;
+-#ifdef LIBSELINUX
+- /* if the system has SELinux enabled, prefer the policy whose
+- name matches the current policy version */
+- if ((expected_version = security_policyvers()) < 0) {
+- return -1;
+- }
+-#endif
+-
+- glob_t glob_buf;
+- struct stat fs;
+- int rt, error = 0, retval = -1;
+- size_t i;
+- char *pattern = NULL;
+- if (asprintf(&pattern, "%s.*", binary_path) < 0) {
+- return -1;
+- }
+- glob_buf.gl_offs = 1;
+- glob_buf.gl_pathc = 0;
+- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf);
+- if (rt != 0 && rt != GLOB_NOMATCH) {
+- errno = EIO;
+- return -1;
+- }
+-
+- for (i = 0; i < glob_buf.gl_pathc; i++) {
+- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs];
+- if (stat(p, &fs) != 0) {
+- error = errno;
+- goto cleanup;
+- }
+- if (S_ISDIR(fs.st_mode))
+- continue;
+-
+- if ((rt = get_binpol_version(p)) < 0) {
+- error = errno;
+- goto cleanup;
+- }
+-
+- if (rt > latest_version || rt == expected_version) {
+- free(*path);
+- if ((*path = strdup(p)) == NULL) {
+- error = errno;
+- goto cleanup;
+- }
+- if (rt == expected_version) {
+- break;
+- }
+- latest_version = rt;
+- }
+- }
+-
+- if (*path == NULL) {
+- retval = 1;
+- } else {
+- retval = 0;
+- }
+- cleanup:
+- free(pattern);
+- globfree(&glob_buf);
+- if (retval == -1) {
+- errno = error;
+- }
+- return retval;
++ return -1;
+ }
+
+ int qpol_default_policy_find(char **path)
diff --git a/setools.spec b/setools.spec
index 53cf254..9e5dd6b 100644
--- a/setools.spec
+++ b/setools.spec
@@ -5,7 +5,7 @@
Name: setools
Version: %{setools_maj_ver}.%{setools_min_ver}
-Release: 21%{?dist}
+Release: 23%{?dist}
License: GPLv2
URL: http://oss.tresys.com/projects/setools
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -22,6 +22,7 @@ Patch5: 0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch
Patch6: 0006-Changes-to-support-named-file_trans-rules.patch
Patch7: 0007-Remove-unused-variables.patch
Patch8: 0008-Fix-output-to-match-policy-lines.patch
+Patch9: 0009-selinux_current_policy_path.patch
Summary: Policy analysis tools for SELinux
Group: System Environment/Base
Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release} setools-gui = %{version}-%{release} setools-console = %{version}-%{release}
@@ -32,8 +33,8 @@ Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{r
%define java_ver 1.2
%define gtk_ver 2.8
%define python_ver 2.3
-%define sepol_ver 2.1.4-4
-%define selinux_ver 1.30
+%define sepol_ver 2.1.5-3
+%define selinux_ver 2.1.9-9
%define sqlite_ver 3.2.0
%define swig_ver 1.3.28
%define tcltk_ver 8.4.9
@@ -201,6 +202,7 @@ This package includes the following graphical tools:
%patch6 -p 1 -b .filenametrans
%patch7 -p 1 -b .unused
%patch8 -p 1 -b .fixoutput
+%patch9 -p 1 -b .current
%ifarch sparc sparcv9 sparc64 s390 s390x
for file in `find . -name Makefile.am`; do
@@ -367,6 +369,12 @@ rm -rf ${RPM_BUILD_ROOT}
%postun libs-tcl -p /sbin/ldconfig
%changelog
+* Mon Apr 23 2012 Dan Walsh <dwalsh at redhat.com> - 3.3.7-23
+- Rebuild to get latest libsepol which fixes the file_name transition problems
+
+* Thu Feb 15 2012 Dan Walsh <dwalsh at redhat.com> - 3.3.7-22
+- Use selinux_current_policy_path to read by default policy
+
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.7-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
More information about the scm-commits
mailing list