[setools/f17: 1/2] Rebuild to get latest libsepol which fixes the file_name transition problems

Daniel J Walsh dwalsh at fedoraproject.org
Mon Apr 23 21:05:24 UTC 2012 

commit b150c9d13a2c573b09f3b65dc89d5acc8c720484
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Mon Apr 23 17:03:59 2012 -0400

    Rebuild to get latest libsepol which fixes the file_name transition problems

 0009-selinux_current_policy_path.patch |   84 ++++++++++++++++++++++++++++++++
 setools.spec                           |   14 ++++-
 2 files changed, 95 insertions(+), 3 deletions(-)
---
diff --git a/0009-selinux_current_policy_path.patch b/0009-selinux_current_policy_path.patch
new file mode 100644
index 0000000..e9cc81d
--- /dev/null
+++ b/0009-selinux_current_policy_path.patch
@@ -0,0 +1,84 @@
+diff -up setools-3.3.7/libqpol/src/util.c.current setools-3.3.7/libqpol/src/util.c
+--- setools-3.3.7/libqpol/src/util.c.current	2010-04-23 12:22:08.000000000 -0400
++++ setools-3.3.7/libqpol/src/util.c	2012-02-16 12:01:33.030434514 -0500
+@@ -84,75 +84,12 @@ static int get_binpol_version(const char
+ 
+ static int search_policy_binary_file(char **path)
+ {
+-	const char *binary_path;
+-	if ((binary_path = selinux_binary_policy_path()) == NULL) {
+-		return -1;
++	const char *binary_path = selinux_current_policy_path();
++	if (binary_path) {
++		*path = strdup(binary_path);
++		if (*path) return 0;
+ 	}
+-
+-	int expected_version = -1, latest_version = -1;
+-#ifdef LIBSELINUX
+-	/* if the system has SELinux enabled, prefer the policy whose
+-	   name matches the current policy version */
+-	if ((expected_version = security_policyvers()) < 0) {
+-		return -1;
+-	}
+-#endif
+-
+-	glob_t glob_buf;
+-	struct stat fs;
+-	int rt, error = 0, retval = -1;
+-	size_t i;
+-	char *pattern = NULL;
+-	if (asprintf(&pattern, "%s.*", binary_path) < 0) {
+-		return -1;
+-	}
+-	glob_buf.gl_offs = 1;
+-	glob_buf.gl_pathc = 0;
+-	rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf);
+-	if (rt != 0 && rt != GLOB_NOMATCH) {
+-		errno = EIO;
+-		return -1;
+-	}
+-
+-	for (i = 0; i < glob_buf.gl_pathc; i++) {
+-		char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs];
+-		if (stat(p, &fs) != 0) {
+-			error = errno;
+-			goto cleanup;
+-		}
+-		if (S_ISDIR(fs.st_mode))
+-			continue;
+-
+-		if ((rt = get_binpol_version(p)) < 0) {
+-			error = errno;
+-			goto cleanup;
+-		}
+-
+-		if (rt > latest_version || rt == expected_version) {
+-			free(*path);
+-			if ((*path = strdup(p)) == NULL) {
+-				error = errno;
+-				goto cleanup;
+-			}
+-			if (rt == expected_version) {
+-				break;
+-			}
+-			latest_version = rt;
+-		}
+-	}
+-
+-	if (*path == NULL) {
+-		retval = 1;
+-	} else {
+-		retval = 0;
+-	}
+-      cleanup:
+-	free(pattern);
+-	globfree(&glob_buf);
+-	if (retval == -1) {
+-		errno = error;
+-	}
+-	return retval;
++	return -1;
+ }
+ 
+ int qpol_default_policy_find(char **path)
diff --git a/setools.spec b/setools.spec
index 53cf254..9e5dd6b 100644
--- a/setools.spec
+++ b/setools.spec
@@ -5,7 +5,7 @@
 
 Name: setools
 Version: %{setools_maj_ver}.%{setools_min_ver}
-Release: 21%{?dist}
+Release: 23%{?dist}
 License: GPLv2
 URL: http://oss.tresys.com/projects/setools
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -22,6 +22,7 @@ Patch5: 0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch
 Patch6: 0006-Changes-to-support-named-file_trans-rules.patch
 Patch7: 0007-Remove-unused-variables.patch
 Patch8: 0008-Fix-output-to-match-policy-lines.patch
+Patch9: 0009-selinux_current_policy_path.patch
 Summary: Policy analysis tools for SELinux
 Group: System Environment/Base
 Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release} setools-gui = %{version}-%{release} setools-console = %{version}-%{release}
@@ -32,8 +33,8 @@ Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{r
 %define java_ver 1.2
 %define gtk_ver 2.8
 %define python_ver 2.3
-%define sepol_ver 2.1.4-4
-%define selinux_ver 1.30
+%define sepol_ver 2.1.5-3
+%define selinux_ver 2.1.9-9
 %define sqlite_ver 3.2.0
 %define swig_ver 1.3.28
 %define tcltk_ver 8.4.9
@@ -201,6 +202,7 @@ This package includes the following graphical tools:
 %patch6 -p 1 -b .filenametrans
 %patch7 -p 1 -b .unused 
 %patch8 -p 1 -b .fixoutput
+%patch9 -p 1 -b .current
 
 %ifarch sparc sparcv9 sparc64 s390 s390x
     for file in `find . -name Makefile.am`; do
@@ -367,6 +369,12 @@ rm -rf ${RPM_BUILD_ROOT}
 %postun libs-tcl -p /sbin/ldconfig
 
 %changelog
+* Mon Apr 23 2012 Dan Walsh <dwalsh at redhat.com> - 3.3.7-23
+- Rebuild to get latest libsepol which fixes the file_name transition problems
+
+* Thu Feb 15 2012 Dan Walsh <dwalsh at redhat.com> - 3.3.7-22
+- Use selinux_current_policy_path to read by default policy
+
 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.7-21
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

More information about the scm-commits mailing list