plautrba pushed to libselinux (master). "Recreate libselinux-rhat.patch from https://github.com/fedora-selinux/selinux/commit/986cbec51cf3777202a90a680f86e389af6"
notifications at fedoraproject.org
notifications at fedoraproject.org
Tue Apr 21 15:38:51 UTC 2015
>From eb63890f585ffb17077af1b7631faef2d8d39f21 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba at redhat.com>
Date: Tue, 21 Apr 2015 17:32:02 +0200
Subject: Recreate libselinux-rhat.patch from
https://github.com/fedora-selinux/selinux/commit/986cbec51cf3777202a90a680f86e389af6
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 4528fbf..b7c5e16 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -1,18 +1,18 @@
-diff --git a/Makefile b/Makefile
+diff --git libselinux-2.3/Makefile libselinux-2.3/Makefile
index 6142b60..bdf9de8 100644
---- a/Makefile
-+++ b/Makefile
+--- libselinux-2.3/Makefile
++++ libselinux-2.3/Makefile
@@ -1,4 +1,4 @@
-SUBDIRS = src include utils man
+SUBDIRS = src include utils man golang
DISABLE_AVC ?= n
DISABLE_SETRANS ?= n
-diff --git a/golang/Makefile b/golang/Makefile
+diff --git libselinux-2.3/golang/Makefile libselinux-2.3/golang/Makefile
new file mode 100644
index 0000000..b75677b
--- /dev/null
-+++ b/golang/Makefile
++++ libselinux-2.3/golang/Makefile
@@ -0,0 +1,22 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
@@ -36,11 +36,11 @@ index 0000000..b75677b
+indent:
+
+relabel:
-diff --git a/golang/selinux.go b/golang/selinux.go
+diff --git libselinux-2.3/golang/selinux.go libselinux-2.3/golang/selinux.go
new file mode 100644
index 0000000..34bf6bb
--- /dev/null
-+++ b/golang/selinux.go
++++ libselinux-2.3/golang/selinux.go
@@ -0,0 +1,412 @@
+package selinux
+
@@ -454,11 +454,11 @@ index 0000000..34bf6bb
+ fmt.Println(Getfscreatecon())
+ fmt.Println(Getpidcon(1))
+}
-diff --git a/golang/test.go b/golang/test.go
+diff --git libselinux-2.3/golang/test.go libselinux-2.3/golang/test.go
new file mode 100644
index 0000000..fed6de8
--- /dev/null
-+++ b/golang/test.go
++++ libselinux-2.3/golang/test.go
@@ -0,0 +1,9 @@
+package main
+
@@ -469,10 +469,10 @@ index 0000000..fed6de8
+func main() {
+ selinux.Test()
+}
-diff --git a/include/selinux/selinux.h b/include/selinux/selinux.h
+diff --git libselinux-2.3/include/selinux/selinux.h libselinux-2.3/include/selinux/selinux.h
index d0eb5c6..4beb170 100644
---- a/include/selinux/selinux.h
-+++ b/include/selinux/selinux.h
+--- libselinux-2.3/include/selinux/selinux.h
++++ libselinux-2.3/include/selinux/selinux.h
@@ -543,6 +543,7 @@ extern const char *selinux_virtual_image_context_path(void);
extern const char *selinux_lxc_contexts_path(void);
extern const char *selinux_x_context_path(void);
@@ -481,10 +481,10 @@ index d0eb5c6..4beb170 100644
extern const char *selinux_systemd_contexts_path(void);
extern const char *selinux_contexts_path(void);
extern const char *selinux_securetty_types_path(void);
-diff --git a/man/man3/getfscreatecon.3 b/man/man3/getfscreatecon.3
+diff --git libselinux-2.3/man/man3/getfscreatecon.3 libselinux-2.3/man/man3/getfscreatecon.3
index e348d3b..8cc4df5 100644
---- a/man/man3/getfscreatecon.3
-+++ b/man/man3/getfscreatecon.3
+--- libselinux-2.3/man/man3/getfscreatecon.3
++++ libselinux-2.3/man/man3/getfscreatecon.3
@@ -49,6 +49,11 @@ Signal handlers that perform a
must take care to
save, reset, and restore the fscreate context to avoid unexpected behavior.
@@ -497,10 +497,10 @@ index e348d3b..8cc4df5 100644
.SH "RETURN VALUE"
On error \-1 is returned.
On success 0 is returned.
-diff --git a/man/man3/getkeycreatecon.3 b/man/man3/getkeycreatecon.3
+diff --git libselinux-2.3/man/man3/getkeycreatecon.3 libselinux-2.3/man/man3/getkeycreatecon.3
index 4d70f10..b51008d 100644
---- a/man/man3/getkeycreatecon.3
-+++ b/man/man3/getkeycreatecon.3
+--- libselinux-2.3/man/man3/getkeycreatecon.3
++++ libselinux-2.3/man/man3/getkeycreatecon.3
@@ -48,6 +48,10 @@ Signal handlers that perform a
.BR setkeycreatecon ()
must take care to
@@ -512,10 +512,10 @@ index 4d70f10..b51008d 100644
.
.SH "RETURN VALUE"
On error \-1 is returned.
-diff --git a/man/man3/getsockcreatecon.3 b/man/man3/getsockcreatecon.3
+diff --git libselinux-2.3/man/man3/getsockcreatecon.3 libselinux-2.3/man/man3/getsockcreatecon.3
index 4dd8f30..26086d9 100644
---- a/man/man3/getsockcreatecon.3
-+++ b/man/man3/getsockcreatecon.3
+--- libselinux-2.3/man/man3/getsockcreatecon.3
++++ libselinux-2.3/man/man3/getsockcreatecon.3
@@ -49,6 +49,11 @@ Signal handlers that perform a
must take care to
save, reset, and restore the sockcreate context to avoid unexpected behavior.
@@ -528,10 +528,10 @@ index 4dd8f30..26086d9 100644
.SH "RETURN VALUE"
On error \-1 is returned.
On success 0 is returned.
-diff --git a/man/man8/selinux.8 b/man/man8/selinux.8
+diff --git libselinux-2.3/man/man8/selinux.8 libselinux-2.3/man/man8/selinux.8
index e89b1ef..fd20363 100644
---- a/man/man8/selinux.8
-+++ b/man/man8/selinux.8
+--- libselinux-2.3/man/man8/selinux.8
++++ libselinux-2.3/man/man8/selinux.8
@@ -74,7 +74,7 @@ The best way to relabel the file system is to create the flag file
and reboot.
.BR system\-config\-selinux ,
@@ -557,10 +557,19 @@ index e89b1ef..fd20363 100644
Every confined service on the system has a man page in the following format:
.br
-diff --git a/src/Makefile b/src/Makefile
-index 4d07ba6..62c8dad 100644
---- a/src/Makefile
-+++ b/src/Makefile
+diff --git libselinux-2.3/src/Makefile libselinux-2.3/src/Makefile
+index 4d07ba6..d7f8dbd 100644
+--- libselinux-2.3/src/Makefile
++++ libselinux-2.3/src/Makefile
+@@ -59,7 +59,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
+ -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \
+ -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \
+ -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \
+- -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat \
++ -Wdisabled-optimization -Wbuiltin-macro-redefined -Wpacked-bitfield-compat \
+ -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \
+ -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \
+ -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
@@ -111,7 +111,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@
@@ -570,10 +579,62 @@ index 4d07ba6..62c8dad 100644
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
-diff --git a/src/avc_sidtab.c b/src/avc_sidtab.c
-index 52f21df..66ad9e1 100644
---- a/src/avc_sidtab.c
-+++ b/src/avc_sidtab.c
+diff --git libselinux-2.3/src/avc.c libselinux-2.3/src/avc.c
+index 2bd7d13..b1ec57f 100644
+--- libselinux-2.3/src/avc.c
++++ libselinux-2.3/src/avc.c
+@@ -288,7 +288,7 @@ void avc_av_stats(void)
+
+ avc_release_lock(avc_lock);
+
+- avc_log(SELINUX_INFO, "%s: %d AV entries and %d/%d buckets used, "
++ avc_log(SELINUX_INFO, "%s: %u AV entries and %d/%d buckets used, "
+ "longest chain length %d\n", avc_prefix,
+ avc_cache.active_nodes,
+ slots_used, AVC_CACHE_SLOTS, max_chain_len);
+@@ -471,7 +471,7 @@ static int avc_insert(security_id_t ssid, security_id_t tsid,
+
+ if (ae->avd.seqno < avc_cache.latest_notif) {
+ avc_log(SELINUX_WARNING,
+- "%s: seqno %d < latest_notif %d\n", avc_prefix,
++ "%s: seqno %u < latest_notif %u\n", avc_prefix,
+ ae->avd.seqno, avc_cache.latest_notif);
+ errno = EAGAIN;
+ rc = -1;
+diff --git libselinux-2.3/src/avc_internal.c libselinux-2.3/src/avc_internal.c
+index f735e73..be94857 100644
+--- libselinux-2.3/src/avc_internal.c
++++ libselinux-2.3/src/avc_internal.c
+@@ -125,14 +125,14 @@ static int avc_netlink_receive(char *buf, unsigned buflen, int blocking)
+
+ if (nladdrlen != sizeof nladdr) {
+ avc_log(SELINUX_WARNING,
+- "%s: warning: netlink address truncated, len %d?\n",
++ "%s: warning: netlink address truncated, len %u?\n",
+ avc_prefix, nladdrlen);
+ return -1;
+ }
+
+ if (nladdr.nl_pid) {
+ avc_log(SELINUX_WARNING,
+- "%s: warning: received spoofed netlink packet from: %d\n",
++ "%s: warning: received spoofed netlink packet from: %u\n",
+ avc_prefix, nladdr.nl_pid);
+ return -1;
+ }
+@@ -197,7 +197,7 @@ static int avc_netlink_process(char *buf)
+ case SELNL_MSG_POLICYLOAD:{
+ struct selnl_msg_policyload *msg = NLMSG_DATA(nlh);
+ avc_log(SELINUX_INFO,
+- "%s: received policyload notice (seqno=%d)\n",
++ "%s: received policyload notice (seqno=%u)\n",
+ avc_prefix, msg->seqno);
+ rc = avc_ss_reset(msg->seqno);
+ if (rc < 0) {
+diff --git libselinux-2.3/src/avc_sidtab.c libselinux-2.3/src/avc_sidtab.c
+index 52f21df..c775430 100644
+--- libselinux-2.3/src/avc_sidtab.c
++++ libselinux-2.3/src/avc_sidtab.c
@@ -81,6 +81,11 @@ sidtab_context_to_sid(struct sidtab *s,
int hvalue, rc = 0;
struct sidtab_node *cur;
@@ -586,10 +647,19 @@ index 52f21df..66ad9e1 100644
*sid = NULL;
hvalue = sidtab_hash(ctx);
-diff --git a/src/canonicalize_context.c b/src/canonicalize_context.c
+@@ -124,7 +129,7 @@ void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen)
+ }
+
+ snprintf(buf, buflen,
+- "%s: %d SID entries and %d/%d buckets used, longest "
++ "%s: %u SID entries and %d/%d buckets used, longest "
+ "chain length %d\n", avc_prefix, h->nel, slots_used,
+ SIDTAB_SIZE, max_chain_len);
+ }
+diff --git libselinux-2.3/src/canonicalize_context.c libselinux-2.3/src/canonicalize_context.c
index 7cf3139..364a746 100644
---- a/src/canonicalize_context.c
-+++ b/src/canonicalize_context.c
+--- libselinux-2.3/src/canonicalize_context.c
++++ libselinux-2.3/src/canonicalize_context.c
@@ -17,6 +17,11 @@ int security_canonicalize_context_raw(const char * con,
size_t size;
int fd, ret;
@@ -602,10 +672,10 @@ index 7cf3139..364a746 100644
if (!selinux_mnt) {
errno = ENOENT;
return -1;
-diff --git a/src/check_context.c b/src/check_context.c
+diff --git libselinux-2.3/src/check_context.c libselinux-2.3/src/check_context.c
index 52063fa..234749c 100644
---- a/src/check_context.c
-+++ b/src/check_context.c
+--- libselinux-2.3/src/check_context.c
++++ libselinux-2.3/src/check_context.c
@@ -14,6 +14,11 @@ int security_check_context_raw(const char * con)
char path[PATH_MAX];
int fd, ret;
@@ -618,10 +688,10 @@ index 52063fa..234749c 100644
if (!selinux_mnt) {
errno = ENOENT;
return -1;
-diff --git a/src/compute_av.c b/src/compute_av.c
+diff --git libselinux-2.3/src/compute_av.c libselinux-2.3/src/compute_av.c
index 937e5c3..35ace7f 100644
---- a/src/compute_av.c
-+++ b/src/compute_av.c
+--- libselinux-2.3/src/compute_av.c
++++ libselinux-2.3/src/compute_av.c
@@ -26,6 +26,11 @@ int security_compute_av_flags_raw(const char * scon,
return -1;
}
@@ -634,10 +704,10 @@ index 937e5c3..35ace7f 100644
snprintf(path, sizeof path, "%s/access", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
-diff --git a/src/compute_create.c b/src/compute_create.c
+diff --git libselinux-2.3/src/compute_create.c libselinux-2.3/src/compute_create.c
index 9559d42..14a65d1 100644
---- a/src/compute_create.c
-+++ b/src/compute_create.c
+--- libselinux-2.3/src/compute_create.c
++++ libselinux-2.3/src/compute_create.c
@@ -64,6 +64,11 @@ int security_compute_create_name_raw(const char * scon,
return -1;
}
@@ -650,10 +720,10 @@ index 9559d42..14a65d1 100644
snprintf(path, sizeof path, "%s/create", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
-diff --git a/src/compute_member.c b/src/compute_member.c
+diff --git libselinux-2.3/src/compute_member.c libselinux-2.3/src/compute_member.c
index 1fc7e41..065d996 100644
---- a/src/compute_member.c
-+++ b/src/compute_member.c
+--- libselinux-2.3/src/compute_member.c
++++ libselinux-2.3/src/compute_member.c
@@ -25,6 +25,11 @@ int security_compute_member_raw(const char * scon,
return -1;
}
@@ -666,10 +736,10 @@ index 1fc7e41..065d996 100644
snprintf(path, sizeof path, "%s/member", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
-diff --git a/src/compute_relabel.c b/src/compute_relabel.c
+diff --git libselinux-2.3/src/compute_relabel.c libselinux-2.3/src/compute_relabel.c
index 4615aee..cc77f36 100644
---- a/src/compute_relabel.c
-+++ b/src/compute_relabel.c
+--- libselinux-2.3/src/compute_relabel.c
++++ libselinux-2.3/src/compute_relabel.c
@@ -25,6 +25,11 @@ int security_compute_relabel_raw(const char * scon,
return -1;
}
@@ -682,10 +752,10 @@ index 4615aee..cc77f36 100644
snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
-diff --git a/src/compute_user.c b/src/compute_user.c
+diff --git libselinux-2.3/src/compute_user.c libselinux-2.3/src/compute_user.c
index b37c5d3..7703c26 100644
---- a/src/compute_user.c
-+++ b/src/compute_user.c
+--- libselinux-2.3/src/compute_user.c
++++ libselinux-2.3/src/compute_user.c
@@ -24,6 +24,11 @@ int security_compute_user_raw(const char * scon,
return -1;
}
@@ -698,10 +768,42 @@ index b37c5d3..7703c26 100644
snprintf(path, sizeof path, "%s/user", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
-diff --git a/src/file_path_suffixes.h b/src/file_path_suffixes.h
+diff --git libselinux-2.3/src/enabled.c libselinux-2.3/src/enabled.c
+index 5c252dd..1731ac3 100644
+--- libselinux-2.3/src/enabled.c
++++ libselinux-2.3/src/enabled.c
+@@ -11,26 +11,10 @@
+
+ int is_selinux_enabled(void)
+ {
+- int enabled = 0;
+- char * con;
+-
+ /* init_selinuxmnt() gets called before this function. We
+ * will assume that if a selinux file system is mounted, then
+ * selinux is enabled. */
+- if (selinux_mnt) {
+-
+- /* Since a file system is mounted, we consider selinux
+- * enabled. If getcon_raw fails, selinux is still enabled.
+- * We only consider it disabled if no policy is loaded. */
+- enabled = 1;
+- if (getcon_raw(&con) == 0) {
+- if (!strcmp(con, "kernel"))
+- enabled = 0;
+- freecon(con);
+- }
+- }
+-
+- return enabled;
++ return (selinux_mnt ? 1 : 0);
+ }
+
+ hidden_def(is_selinux_enabled)
+diff --git libselinux-2.3/src/file_path_suffixes.h libselinux-2.3/src/file_path_suffixes.h
index 3c92424..d1f9b48 100644
---- a/src/file_path_suffixes.h
-+++ b/src/file_path_suffixes.h
+--- libselinux-2.3/src/file_path_suffixes.h
++++ libselinux-2.3/src/file_path_suffixes.h
@@ -23,6 +23,7 @@ S_(BINPOLICY, "/policy/policy")
S_(VIRTUAL_DOMAIN, "/contexts/virtual_domain_context")
S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context")
@@ -710,10 +812,10 @@ index 3c92424..d1f9b48 100644
S_(SYSTEMD_CONTEXTS, "/contexts/systemd_contexts")
S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs")
S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist")
-diff --git a/src/fsetfilecon.c b/src/fsetfilecon.c
+diff --git libselinux-2.3/src/fsetfilecon.c libselinux-2.3/src/fsetfilecon.c
index 52707d0..0cbe12d 100644
---- a/src/fsetfilecon.c
-+++ b/src/fsetfilecon.c
+--- libselinux-2.3/src/fsetfilecon.c
++++ libselinux-2.3/src/fsetfilecon.c
@@ -9,8 +9,12 @@
int fsetfilecon_raw(int fd, const char * context)
@@ -729,10 +831,147 @@ index 52707d0..0cbe12d 100644
if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL;
int err = errno;
-diff --git a/src/load_policy.c b/src/load_policy.c
+diff --git libselinux-2.3/src/label_android_property.c libselinux-2.3/src/label_android_property.c
+index b00eb07..5e1b76e 100644
+--- libselinux-2.3/src/label_android_property.c
++++ libselinux-2.3/src/label_android_property.c
+@@ -101,7 +101,7 @@ static int process_line(struct selabel_handle *rec,
+ items = sscanf(line_buf, "%255s %255s", prop, context);
+ if (items != 2) {
+ selinux_log(SELINUX_WARNING,
+- "%s: line %d is missing fields, skipping\n", path,
++ "%s: line %u is missing fields, skipping\n", path,
+ lineno);
+ return 0;
+ }
+@@ -111,7 +111,7 @@ static int process_line(struct selabel_handle *rec,
+ spec_arr[nspec].property_key = strdup(prop);
+ if (!spec_arr[nspec].property_key) {
+ selinux_log(SELINUX_WARNING,
+- "%s: out of memory at line %d on prop %s\n",
++ "%s: out of memory at line %u on prop %s\n",
+ path, lineno, prop);
+ return -1;
+
+@@ -120,7 +120,7 @@ static int process_line(struct selabel_handle *rec,
+ spec_arr[nspec].lr.ctx_raw = strdup(context);
+ if (!spec_arr[nspec].lr.ctx_raw) {
+ selinux_log(SELINUX_WARNING,
+- "%s: out of memory at line %d on context %s\n",
++ "%s: out of memory at line %u on context %s\n",
+ path, lineno, context);
+ return -1;
+ }
+diff --git libselinux-2.3/src/label_db.c libselinux-2.3/src/label_db.c
+index ab0696a..00503a5 100644
+--- libselinux-2.3/src/label_db.c
++++ libselinux-2.3/src/label_db.c
+@@ -105,12 +105,12 @@ process_line(const char *path, char *line_buf, unsigned int line_num,
+ * <object class> <object name> <security context>
+ */
+ type = key = context = temp = NULL;
+- items = sscanf(line_buf, "%as %as %as %as",
++ items = sscanf(line_buf, "%ms %ms %ms %ms",
+ &type, &key, &context, &temp);
+ if (items != 3) {
+ if (items > 0)
+ selinux_log(SELINUX_WARNING,
+- "%s: line %d has invalid format, skipped",
++ "%s: line %u has invalid format, skipped",
+ path, line_num);
+ goto skip;
+ }
+@@ -142,7 +142,7 @@ process_line(const char *path, char *line_buf, unsigned int line_num,
+ spec->type = SELABEL_DB_LANGUAGE;
+ else {
+ selinux_log(SELINUX_WARNING,
+- "%s: line %d has invalid object type %s\n",
++ "%s: line %u has invalid object type %s\n",
+ path, line_num, type);
+ goto skip;
+ }
+diff --git libselinux-2.3/src/label_file.c libselinux-2.3/src/label_file.c
+index 615aea9..c01991c 100644
+--- libselinux-2.3/src/label_file.c
++++ libselinux-2.3/src/label_file.c
+@@ -170,10 +170,10 @@ static int process_line(struct selabel_handle *rec,
+ /* Skip comment lines and empty lines. */
+ if (*buf_p == '#' || *buf_p == 0)
+ return 0;
+- items = sscanf(line_buf, "%as %as %as", ®ex, &type, &context);
++ items = sscanf(line_buf, "%ms %ms %ms", ®ex, &type, &context);
+ if (items < 2) {
+ COMPAT_LOG(SELINUX_WARNING,
+- "%s: line %d is missing fields, skipping\n", path,
++ "%s: line %u is missing fields, skipping\n", path,
+ lineno);
+ if (items == 1)
+ free(regex);
+@@ -204,7 +204,7 @@ static int process_line(struct selabel_handle *rec,
+ spec_arr[nspec].stem_id = find_stem_from_spec(data, regex);
+ spec_arr[nspec].regex_str = regex;
+ if (rec->validating && compile_regex(data, &spec_arr[nspec], &errbuf)) {
+- COMPAT_LOG(SELINUX_WARNING, "%s: line %d has invalid regex %s: %s\n",
++ COMPAT_LOG(SELINUX_WARNING, "%s: line %u has invalid regex %s: %s\n",
+ path, lineno, regex, (errbuf ? errbuf : "out of memory"));
+ }
+
+@@ -214,7 +214,7 @@ static int process_line(struct selabel_handle *rec,
+ if (type) {
+ mode_t mode = string_to_mode(type);
+ if (mode == -1) {
+- COMPAT_LOG(SELINUX_WARNING, "%s: line %d has invalid file type %s\n",
++ COMPAT_LOG(SELINUX_WARNING, "%s: line %u has invalid file type %s\n",
+ path, lineno, type);
+ mode = 0;
+ }
+diff --git libselinux-2.3/src/label_media.c libselinux-2.3/src/label_media.c
+index 227785f..a09486b 100644
+--- libselinux-2.3/src/label_media.c
++++ libselinux-2.3/src/label_media.c
+@@ -44,10 +44,10 @@ static int process_line(const char *path, char *line_buf, int pass,
+ /* Skip comment lines and empty lines. */
+ if (*buf_p == '#' || *buf_p == 0)
+ return 0;
+- items = sscanf(line_buf, "%as %as ", &key, &context);
++ items = sscanf(line_buf, "%ms %ms ", &key, &context);
+ if (items < 2) {
+ selinux_log(SELINUX_WARNING,
+- "%s: line %d is missing fields, skipping\n", path,
++ "%s: line %u is missing fields, skipping\n", path,
+ lineno);
+ if (items == 1)
+ free(key);
+diff --git libselinux-2.3/src/label_x.c libselinux-2.3/src/label_x.c
+index 896ef02..8435b76 100644
+--- libselinux-2.3/src/label_x.c
++++ libselinux-2.3/src/label_x.c
+@@ -46,10 +46,10 @@ static int process_line(const char *path, char *line_buf, int pass,
+ /* Skip comment lines and empty lines. */
+ if (*buf_p == '#' || *buf_p == 0)
+ return 0;
+- items = sscanf(line_buf, "%as %as %as ", &type, &key, &context);
++ items = sscanf(line_buf, "%ms %ms %ms ", &type, &key, &context);
+ if (items < 3) {
+ selinux_log(SELINUX_WARNING,
+- "%s: line %d is missing fields, skipping\n", path,
++ "%s: line %u is missing fields, skipping\n", path,
+ lineno);
+ if (items > 0)
+ free(type);
+@@ -76,7 +76,7 @@ static int process_line(const char *path, char *line_buf, int pass,
+ data->spec_arr[data->nspec].type = SELABEL_X_POLYSELN;
+ else {
+ selinux_log(SELINUX_WARNING,
+- "%s: line %d has invalid object type %s\n",
++ "%s: line %u has invalid object type %s\n",
+ path, lineno, type);
+ return 0;
+ }
+diff --git libselinux-2.3/src/load_policy.c libselinux-2.3/src/load_policy.c
index e419f1a..275672d 100644
---- a/src/load_policy.c
-+++ b/src/load_policy.c
+--- libselinux-2.3/src/load_policy.c
++++ libselinux-2.3/src/load_policy.c
@@ -16,6 +16,82 @@
#include <dlfcn.h>
#include "policy.h"
@@ -908,10 +1147,10 @@ index e419f1a..275672d 100644
close:
close(fd);
dlclose:
-diff --git a/src/lsetfilecon.c b/src/lsetfilecon.c
+diff --git libselinux-2.3/src/lsetfilecon.c libselinux-2.3/src/lsetfilecon.c
index 1d3b28a..ea6d70b 100644
---- a/src/lsetfilecon.c
-+++ b/src/lsetfilecon.c
+--- libselinux-2.3/src/lsetfilecon.c
++++ libselinux-2.3/src/lsetfilecon.c
@@ -9,8 +9,13 @@
int lsetfilecon_raw(const char *path, const char * context)
@@ -928,10 +1167,10 @@ index 1d3b28a..ea6d70b 100644
if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL;
int err = errno;
-diff --git a/src/matchpathcon.c b/src/matchpathcon.c
-index 3b96b1d..d5c90f6 100644
---- a/src/matchpathcon.c
-+++ b/src/matchpathcon.c
+diff --git libselinux-2.3/src/matchpathcon.c libselinux-2.3/src/matchpathcon.c
+index 3b96b1d..3868711 100644
+--- libselinux-2.3/src/matchpathcon.c
++++ libselinux-2.3/src/matchpathcon.c
@@ -2,6 +2,7 @@
#include <string.h>
#include <errno.h>
@@ -949,10 +1188,19 @@ index 3b96b1d..d5c90f6 100644
va_end(ap);
}
-diff --git a/src/selinux_config.c b/src/selinux_config.c
+@@ -541,7 +542,7 @@ int compat_validate(struct selabel_handle *rec,
+ if (rc < 0) {
+ if (lineno) {
+ COMPAT_LOG(SELINUX_WARNING,
+- "%s: line %d has invalid context %s\n",
++ "%s: line %u has invalid context %s\n",
+ path, lineno, *ctx);
+ } else {
+ COMPAT_LOG(SELINUX_WARNING,
+diff --git libselinux-2.3/src/selinux_config.c libselinux-2.3/src/selinux_config.c
index 30e9dc7..1bfe500 100644
---- a/src/selinux_config.c
-+++ b/src/selinux_config.c
+--- libselinux-2.3/src/selinux_config.c
++++ libselinux-2.3/src/selinux_config.c
@@ -50,8 +50,9 @@
#define FILE_CONTEXT_SUBS_DIST 25
#define LXC_CONTEXTS 26
@@ -979,10 +1227,10 @@ index 30e9dc7..1bfe500 100644
const char *selinux_systemd_contexts_path(void)
{
return get_path(SYSTEMD_CONTEXTS);
-diff --git a/src/selinux_internal.h b/src/selinux_internal.h
+diff --git libselinux-2.3/src/selinux_internal.h libselinux-2.3/src/selinux_internal.h
index afb2170..fe8eb67 100644
---- a/src/selinux_internal.h
-+++ b/src/selinux_internal.h
+--- libselinux-2.3/src/selinux_internal.h
++++ libselinux-2.3/src/selinux_internal.h
@@ -82,6 +82,7 @@ hidden_proto(selinux_mkload_policy)
hidden_proto(selinux_customizable_types_path)
hidden_proto(selinux_media_context_path)
@@ -991,10 +1239,27 @@ index afb2170..fe8eb67 100644
hidden_proto(selinux_sepgsql_context_path)
hidden_proto(selinux_systemd_contexts_path)
hidden_proto(selinux_path)
-diff --git a/src/setfilecon.c b/src/setfilecon.c
+diff --git libselinux-2.3/src/selinuxswig_python.i libselinux-2.3/src/selinuxswig_python.i
+index ae72246..c9a2341 100644
+--- libselinux-2.3/src/selinuxswig_python.i
++++ libselinux-2.3/src/selinuxswig_python.i
+@@ -31,9 +31,9 @@ def restorecon(path, recursive=False):
+ lsetfilecon(path, context)
+
+ if recursive:
+- os.path.walk(path, lambda arg, dirname, fnames:
+- map(restorecon, [os.path.join(dirname, fname)
+- for fname in fnames]), None)
++ for root, dirs, files in os.walk(path):
++ for name in files + dirs:
++ restorecon(os.path.join(root, name))
+
+ def chcon(path, context, recursive=False):
+ """ Set the SELinux context on a given path """
+diff --git libselinux-2.3/src/setfilecon.c libselinux-2.3/src/setfilecon.c
index d05969c..3f0200e 100644
---- a/src/setfilecon.c
-+++ b/src/setfilecon.c
+--- libselinux-2.3/src/setfilecon.c
++++ libselinux-2.3/src/setfilecon.c
@@ -9,8 +9,12 @@
int setfilecon_raw(const char *path, const char * context)
@@ -1010,10 +1275,23 @@ index d05969c..3f0200e 100644
if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL;
int err = errno;
-diff --git a/utils/sefcontext_compile.c b/utils/sefcontext_compile.c
-index 0adc968..9618989 100644
---- a/utils/sefcontext_compile.c
-+++ b/utils/sefcontext_compile.c
+diff --git libselinux-2.3/utils/Makefile libselinux-2.3/utils/Makefile
+index f469924..5499538 100644
+--- libselinux-2.3/utils/Makefile
++++ libselinux-2.3/utils/Makefile
+@@ -11,7 +11,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
+ -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \
+ -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \
+ -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \
+- -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat \
++ -Wdisabled-optimization -Wbuiltin-macro-redefined -Wpacked-bitfield-compat \
+ -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \
+ -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \
+ -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
+diff --git libselinux-2.3/utils/sefcontext_compile.c libselinux-2.3/utils/sefcontext_compile.c
+index 0adc968..fa392d1 100644
+--- libselinux-2.3/utils/sefcontext_compile.c
++++ libselinux-2.3/utils/sefcontext_compile.c
@@ -4,6 +4,9 @@
#include <stdint.h>
#include <stdio.h>
@@ -1024,6 +1302,15 @@ index 0adc968..9618989 100644
#include <linux/limits.h>
+@@ -70,7 +73,7 @@ static int process_file(struct saved_data *data, const char *filename)
+ spec->lr.ctx_raw = context;
+ spec->mode = string_to_mode(mode);
+ if (spec->mode == -1) {
+- fprintf(stderr, "%s: line %d has invalid file type %s\n",
++ fprintf(stderr, "%s: line %u has invalid file type %s\n",
+ regex, line_num + 1, mode);
+ spec->mode = 0;
+ }
@@ -323,6 +326,7 @@ int main(int argc, char *argv[])
int rc;
char *tmp= NULL;
@@ -1057,3 +1344,16 @@ index 0adc968..9618989 100644
rc = write_binary_file(&data, fd);
if (rc < 0)
+diff --git libselinux-2.3/utils/togglesebool.c libselinux-2.3/utils/togglesebool.c
+index ad0d2a2..309f83b 100644
+--- libselinux-2.3/utils/togglesebool.c
++++ libselinux-2.3/utils/togglesebool.c
+@@ -86,7 +86,7 @@ int main(int argc, char **argv)
+ argv[i], pwd->pw_name);
+ else
+ syslog(LOG_NOTICE,
+- "The %s policy boolean was toggled by uid:%d",
++ "The %s policy boolean was toggled by uid:%u",
+ argv[i], getuid());
+
+ }
diff --git a/libselinux.spec b/libselinux.spec
index cc06d8a..dc95afd 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -18,6 +18,7 @@ Source1: selinuxconlist.8
Source2: selinuxdefcon.8
Url: https://github.com/SELinuxProject/selinux/wiki
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
+# https://github.com/fedora-selinux/selinux/commit/986cbec51cf3777202a90a680f86e389af6
Patch1: libselinux-rhat.patch
BuildRequires: pkgconfig python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel
%if 0%{?with_python3}
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/libselinux.git/commit/?h=master&id=eb63890f585ffb17077af1b7631faef2d8d39f21
More information about the scm-commits
mailing list