[libsemanage] * Wed Jul 30 2014 Miroslav Grepl <mgrepl at fedoraproject.org> - 2.3-5 - Skip policy module re-link whe
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Jul 30 17:23:32 UTC 2014
commit bc9b70b7c6efcbd95196cab6a18d0fa71e270904
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed Jul 30 19:07:08 2014 +0200
* Wed Jul 30 2014 Miroslav Grepl <mgrepl at fedoraproject.org> - 2.3-5
- Skip policy module re-link when only setting booleans.
* patch from Stephen Smalley
libsemanage-rhat.patch | 116 ++++++++++++++++++++++++++++++++++--------------
libsemanage.spec | 10 +++-
2 files changed, 90 insertions(+), 36 deletions(-)
---
diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch
index dd56774..5991109 100644
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@@ -1,39 +1,89 @@
-diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
-index f3b9b5c..1aea839 100644
---- a/libsemanage/src/genhomedircon.c
-+++ b/libsemanage/src/genhomedircon.c
-@@ -1070,8 +1070,10 @@ int semanage_genhomedircon(semanage_handle_t * sh,
- s.fallback_user = strdup(FALLBACK_USER);
- s.fallback_user_prefix = strdup(FALLBACK_USER_PREFIX);
- s.fallback_user_level = strdup(FALLBACK_USER_LEVEL);
-- if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL)
-- return STATUS_ERR;
-+ if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL) {
-+ retval = STATUS_ERR;
-+ goto done;
-+ }
+diff --git a/src/direct_api.c b/src/direct_api.c
+index 64dc7d9..5b94725 100644
+--- a/src/direct_api.c
++++ b/src/direct_api.c
+@@ -690,7 +690,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ /* Declare some variables */
+ int modified = 0, fcontexts_modified, ports_modified,
+ seusers_modified, users_extra_modified, dontaudit_modified,
+- preserve_tunables_modified;
++ preserve_tunables_modified, bools_modified;
+ dbase_config_t *users = semanage_user_dbase_local(sh);
+ dbase_config_t *users_base = semanage_user_base_dbase_local(sh);
+ dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh);
+@@ -771,11 +771,11 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ users_extra_modified =
+ users_extra->dtable->is_modified(users_extra->dbase);
+ ports_modified = ports->dtable->is_modified(ports->dbase);
++ bools_modified = bools->dtable->is_modified(bools->dbase);
- if (ignoredirs) ignore_setup(ignoredirs);
+ modified = sh->modules_modified;
+ modified |= ports_modified;
+ modified |= users->dtable->is_modified(users_base->dbase);
+- modified |= bools->dtable->is_modified(bools->dbase);
+ modified |= ifaces->dtable->is_modified(ifaces->dbase);
+ modified |= nodes->dtable->is_modified(nodes->dbase);
+ modified |= dontaudit_modified;
+@@ -891,15 +891,26 @@ static int semanage_direct_commit(semanage_handle_t * sh)
-@@ -1082,15 +1084,19 @@ int semanage_genhomedircon(semanage_handle_t * sh,
- if (!(out = fopen(s.fcfilepath, "w"))) {
- /* couldn't open output file */
- ERR(sh, "Could not open the file_context file for writing");
-- return STATUS_ERR;
-+ retval = STATUS_ERR;
-+ goto done;
- }
+ /* ==================== Policydb-backed ================ */
- retval = write_context_file(&s, out);
+- /* Create new policy object, then attach to policy databases
+- * that work with a policydb */
++ /* Create new policy object */
+ retval = semanage_expand_sandbox(sh, base, &out);
+ if (retval < 0)
+ goto cleanup;
+
+ sepol_module_package_free(base);
+ base = NULL;
++ } else {
++ /* Load already linked policy */
++ retval = sepol_policydb_create(&out);
++ if (retval < 0)
++ goto cleanup;
++
++ retval = semanage_read_policydb(sh, out);
++ if (retval < 0)
++ goto cleanup;
++ }
-- fclose(out);
-+done:
-+ if (out != NULL)
-+ fclose(out);
++ if (sh->do_rebuild || modified || bools_modified) {
++ /* Attach to policy databases that work with a policydb. */
+ dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase,
+ out);
+ dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out);
+@@ -921,14 +932,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ if (retval < 0)
+ goto cleanup;
+ } else {
+- retval = sepol_policydb_create(&out);
+- if (retval < 0)
+- goto cleanup;
+-
+- retval = semanage_read_policydb(sh, out);
+- if (retval < 0)
+- goto cleanup;
+-
++ /* Changes to non-kernel policy configurations only. */
+ if (seusers_modified || users_extra_modified) {
+ retval = semanage_link_base(sh, &base);
+ if (retval < 0)
+@@ -1007,7 +1011,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ sepol_policydb_free(out);
+ out = NULL;
- free(s.fallback_user);
- free(s.fallback_user_prefix);
-+ free(s.fallback_user_level);
- ignore_free();
+- if (sh->do_rebuild || modified ||
++ if (sh->do_rebuild || modified || bools_modified ||
+ seusers_modified || fcontexts_modified || users_extra_modified) {
+ retval = semanage_install_sandbox(sh);
+ }
+@@ -1017,7 +1021,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ free(mod_filenames[i]);
+ }
- return retval;
+- if (modified) {
++ if (modified || bools_modified) {
+ /* Detach from policydb, so it can be freed */
+ dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
+ dbase_policydb_detach((dbase_policydb_t *) pports->dbase);
diff --git a/libsemanage.spec b/libsemanage.spec
index 3bd8e34..927d455 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -7,11 +7,11 @@
Summary: SELinux binary policy manipulation library
Name: libsemanage
Version: 2.3
-Release: 4%{?dist}
+Release: 5%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
Source: libsemanage-%{version}.tgz
-#Patch: libsemanage-rhat.patch
+Patch: libsemanage-rhat.patch
URL: http://oss.tresys.com/git/selinux.git
Source1: semanage.conf
@@ -83,7 +83,7 @@ SELinux management applications.
%prep
%setup -q
-#%patch -p2 -b .rhat
+%patch -p1 -b .rhat
%build
# To support building the Python wrapper against multiple Python runtimes
@@ -181,6 +181,10 @@ rm -rf ${RPM_BUILD_ROOT}
%endif # if with_python3
%changelog
+* Wed Jul 30 2014 Miroslav Grepl <mgrepl at fedoraproject.org> - 2.3-5
+- Skip policy module re-link when only setting booleans.
+ * patch from Stephen Smalley
+
* Fri Jul 18 2014 Tom Callaway <spot at fedoraproject.org> - 2.3-4
- fix license handling
More information about the scm-commits
mailing list