diff options
| author |   Chris PeBenito <pebenito@gentoo.org> | 2003-06-13 16:49:27 +0000 |
|---|---|---|
| committer | Chris PeBenito <pebenito@gentoo.org> | 2003-06-13 16:49:27 +0000 |
| commit | f350049e6ccb226ba170aa018d8db878c4452141 (patch) | |
| tree | b69d0c919ddac49d70f5c42c7e280ff66ca76516 /sys-apps/selinux-small | |
| parent | show some example prompts. (diff) | |
| download | gentoo-2-f350049e6ccb226ba170aa018d8db878c4452141.tar.gz gentoo-2-f350049e6ccb226ba170aa018d8db878c4452141.tar.bz2 gentoo-2-f350049e6ccb226ba170aa018d8db878c4452141.zip | |
rev bump, many changes incl glibc 2.3.2 support
Diffstat (limited to 'sys-apps/selinux-small')
| -rw-r--r-- | sys-apps/selinux-small/ChangeLog | 13 | ||||
| -rw-r--r-- | sys-apps/selinux-small/Manifest | 8 | ||||
| -rw-r--r-- | sys-apps/selinux-small/files/digest-selinux-small-2003040709-r4 | 1 | ||||
| -rw-r--r-- | sys-apps/selinux-small/files/open_init_pty | 11 | ||||
| -rw-r--r-- | sys-apps/selinux-small/files/scmpd | 21 | ||||
| -rw-r--r-- | sys-apps/selinux-small/files/selinux-small-2003040709-gentoo.diff | 406 | ||||
| -rw-r--r-- | sys-apps/selinux-small/files/selinux-small-2003040709-newstat.diff | 252 | ||||
| -rw-r--r-- | sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild | 167 |
8 files changed, 877 insertions, 2 deletions
diff --git a/sys-apps/selinux-small/ChangeLog b/sys-apps/selinux-small/ChangeLog index a860b79a8c0e..085d15336cfd 100644 --- a/sys-apps/selinux-small/ChangeLog +++ b/sys-apps/selinux-small/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for sys-apps/selinux-small # Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/ChangeLog,v 1.20 2003/06/07 20:34:13 pebenito Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/ChangeLog,v 1.21 2003/06/13 16:49:23 pebenito Exp $ + +*selinux-small-2003040709-r4 (13 Jun 2003) + + 13 Jun 2003; Chris PeBenito <pebenito@gentoo.org> + selinux-small-2003040709-r4.ebuild, files/open_init_pty, files/scmpd, + files/selinux-small-2003040709-gentoo.diff, + files/selinux-small-2003040709-newstat.diff: + Many changes, including option to build static. Added patch to make it compile + with glibc 2.3.2. Added selopt labeled networking, though its use is + experimental. Added selopt scmpd daemon init script. Replaced the expect + open_init_pty script with a python script. 07 Jun 2003; Chris PeBenito <pebenito@gentoo.org> selinux-small-2003040709-r3.ebuild: diff --git a/sys-apps/selinux-small/Manifest b/sys-apps/selinux-small/Manifest index 0134270f988d..3552f79f494b 100644 --- a/sys-apps/selinux-small/Manifest +++ b/sys-apps/selinux-small/Manifest @@ -1,8 +1,14 @@ -MD5 65e404da392514fbd4c565d9df0da9a6 ChangeLog 4552 +MD5 4cd83c24c34a9b51b585f69500c79dcd selinux-small-2003040709-r4.ebuild 5128 +MD5 16669e6fbe4d34356e88a20398d6473b ChangeLog 5086 MD5 066e6e8cf1f067584a5e792b4b1bdb58 selinux-small-2003040709-r3.ebuild 4393 +MD5 14ef7a8e2104665076099d6fe3f0f664 files/digest-selinux-small-2003040709-r4 73 +MD5 ece4a7821d33af42526916fa2725724a files/selinux-small-2003040709-gentoo.diff 13810 +MD5 09147c78732ba1ffb7fd0ee3c79573c6 files/scmpd 527 MD5 0986e11cde481cc9d4f8061654dedead files/digest-selinux-small-2003040709-r3 151 MD5 8daee4f4fd3e4a74c4d5f2ddb6b086a5 files/newrole 1197 MD5 95245c95e7a1c329656d222c55fb769d files/rlpkg 1856 MD5 8daee4f4fd3e4a74c4d5f2ddb6b086a5 files/run_init 1197 +MD5 89d2840cccbc46b3261d7abc79b757fd files/open_init_pty 441 MD5 5b8ae6c77d50a559c31fb144faf6843e files/selinux-small-2003040709-bison.diff 553 MD5 3809db44913b783d2b8bb31c8361aa92 files/selinux-small-2003040709-setfiles.diff 2623 +MD5 16b7e55b13429ce3e437bfc457cc2a8d files/selinux-small-2003040709-newstat.diff 8495 diff --git a/sys-apps/selinux-small/files/digest-selinux-small-2003040709-r4 b/sys-apps/selinux-small/files/digest-selinux-small-2003040709-r4 new file mode 100644 index 000000000000..adac675bfa3a --- /dev/null +++ b/sys-apps/selinux-small/files/digest-selinux-small-2003040709-r4 @@ -0,0 +1 @@ +MD5 f2a8e506d952ceb4a30970a646e9a227 selinux-small-2003040709.tgz 571597 diff --git a/sys-apps/selinux-small/files/open_init_pty b/sys-apps/selinux-small/files/open_init_pty new file mode 100644 index 000000000000..77c5850f8d7d --- /dev/null +++ b/sys-apps/selinux-small/files/open_init_pty @@ -0,0 +1,11 @@ +#!/usr/bin/python2.2 +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/files/open_init_pty,v 1.1 2003/06/13 16:49:23 pebenito Exp $ + +# by Chris PeBenito <pebenito@gentoo.org> +# replacement for expect script written by Russell Coker + +import sys,pexpect +runinfo = pexpect.run( sys.argv[1], sys.argv[2:] ) +print runinfo diff --git a/sys-apps/selinux-small/files/scmpd b/sys-apps/selinux-small/files/scmpd new file mode 100644 index 000000000000..fdf45236c31f --- /dev/null +++ b/sys-apps/selinux-small/files/scmpd @@ -0,0 +1,21 @@ +#!/sbin/runscript +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/files/scmpd,v 1.1 2003/06/13 16:49:23 pebenito Exp $ + +depend() { + need net +} + +start () { + ebegin "Staring scmpd" + start-stop-daemon --start --quiet --pidfile /var/run/scmpd.pid \ + --startas /usr/sbin/scmpd + eend $? +} + +stop () { + eend "Stopping scmpd" + start-stop-daemon --stop --quiet --pidfile /var/run/scmpd.pid + eend $? +} diff --git a/sys-apps/selinux-small/files/selinux-small-2003040709-gentoo.diff b/sys-apps/selinux-small/files/selinux-small-2003040709-gentoo.diff new file mode 100644 index 000000000000..d3af3b155413 --- /dev/null +++ b/sys-apps/selinux-small/files/selinux-small-2003040709-gentoo.diff @@ -0,0 +1,406 @@ +diff -urN selinux.orig/devfsd/Makefile selinux/devfsd/Makefile +--- selinux.orig/devfsd/Makefile 2002-04-19 15:32:37.000000000 -0500 ++++ selinux/devfsd/Makefile 2003-06-06 21:21:20.000000000 -0500 +@@ -3,7 +3,7 @@ + LDFLAGS= -L/usr/local/selinux/lib + + devfsd-se.so: devfsd-se.c +- gcc -O2 -fPIC $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -lsecure ++ $(CC) -O2 -fPIC $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -lsecure + + clean: + rm -f $(LIB) +diff -urN selinux.orig/devfsd/devfsd-conflet selinux/devfsd/devfsd-conflet +--- selinux.orig/devfsd/devfsd-conflet 2002-07-17 17:00:40.000000000 -0500 ++++ selinux/devfsd/devfsd-conflet 2003-06-06 21:21:20.000000000 -0500 +@@ -4,6 +4,7 @@ + REGISTER /disc$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t + REGISTER /part[0-9]+$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t + REGISTER ^[mr]d/[0-9]+$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t ++REGISTER ^nb[^/]+$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t + REGISTER [0-9]/cd$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:removable_device_t + REGISTER ^floppy/ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:removable_device_t + REGISTER ^misc/rtc CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:clock_device_t +@@ -19,5 +20,5 @@ + REGISTER ^misc/apm_bios CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:apm_bios_t + REGISTER ^ppp$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:ppp_device_t + REGISTER ^fb/.*$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:framebuf_device_t +- +- ++REGISTER ^sound/.* CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:sound_device_t ++REGISTER ^pts/.* IGNORE +diff -urN selinux.orig/devfsd/devfsd-se.c selinux/devfsd/devfsd-se.c +--- selinux.orig/devfsd/devfsd-se.c 2002-04-19 15:32:37.000000000 -0500 ++++ selinux/devfsd/devfsd-se.c 2003-06-06 21:21:20.000000000 -0500 +@@ -19,7 +19,7 @@ + { + security_id_t sid; + struct stat buf; +- const char * const initial_context = "system_u:object_r:devfs_t"; ++ const char * const initial_context = "system_u:object_r:device_t"; + const char * const no_context = "system_u:object_r:unlabeled_t"; + + if(is_flask_enabled()) +diff -urN selinux.orig/libsecure/Makefile selinux/libsecure/Makefile +--- selinux.orig/libsecure/Makefile 2002-10-28 14:16:20.000000000 -0600 ++++ selinux/libsecure/Makefile 2003-06-06 21:33:31.000000000 -0500 +@@ -1,6 +1,6 @@ + all: +- $(MAKE) -C src +- $(MAKE) -C test ++ $(MAKE) -C src SE_INC=$(SE_INC) EXTRA_CFLAGS="$(EXTRA_CFLAGS)" ++ $(MAKE) -C test SE_INC=$(SE_INC) EXTRA_CFLAGS="$(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)" + + install: + $(MAKE) -C include install +diff -urN selinux.orig/libsecure/src/Makefile selinux/libsecure/src/Makefile +--- selinux.orig/libsecure/src/Makefile 2002-03-13 13:39:19.000000000 -0600 ++++ selinux/libsecure/src/Makefile 2003-06-06 21:21:20.000000000 -0500 +@@ -1,7 +1,7 @@ + TARGET=libsecure.a + LIBDIR=/usr/local/selinux/lib + OBJS= $(patsubst %.c,%.o,$(wildcard *.c)) +-CFLAGS = -I../include -I/usr/local/selinux/include ++CFLAGS = -I../include -I$(SE_INC) $(EXTRA_CFLAGS) + + ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/) + OBJS+= $(patsubst %.c,%.o,$(wildcard arch/$(ARCH)/*.c)) +diff -urN selinux.orig/libsecure/test/Makefile selinux/libsecure/test/Makefile +--- selinux.orig/libsecure/test/Makefile 2002-09-23 11:10:02.000000000 -0500 ++++ selinux/libsecure/test/Makefile 2003-06-06 21:33:12.000000000 -0500 +@@ -1,15 +1,15 @@ + TARGETS=$(patsubst %.c,%,$(wildcard *.c)) + BINDIR=/usr/local/selinux/bin + LDFLAGS=-L../src + LDLIBS=-lsecure +-CFLAGS=-I../include -I/usr/local/selinux/include ++CFLAGS=-I../include -I$(SE_INC) $(EXTRA_CFLAGS) + + ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/) + TARGETS+= $(patsubst %.c,%,$(wildcard arch/$(ARCH)/*.c)) + + # Only install the programs that are useful to users + # and that are not redundant with the modified utilities. +-UTILS=avc_enforcing avc_toggle load_policy context_to_sid sid_to_context list_sids chsid lchsid chsidfs ++UTILS=avc_enforcing avc_toggle load_policy context_to_sid sid_to_context list_sids chsid lchsid chsidfs get_user_sids + # Add 'exec_s' if you do not have 'runas'. + # Add 'getsecsid' if you do not have the modified 'id'. + # Add 'lstat_s' and 'stat_s' if you do not have the modified 'stat'. +diff -urN selinux.orig/libsecure/test/arch/i386/stat64_s.c selinux/libsecure/test/arch/i386/stat64_s.c +--- selinux.orig/libsecure/test/arch/i386/stat64_s.c 2002-03-13 13:39:21.000000000 -0600 ++++ selinux/libsecure/test/arch/i386/stat64_s.c 2003-06-06 21:21:20.000000000 -0500 +@@ -49,6 +49,7 @@ + } + + printf("Context: %s\n", context); ++ free(context); + } + + exit(0); +diff -urN selinux.orig/libsecure/test/getsecsid.c selinux/libsecure/test/getsecsid.c +--- selinux.orig/libsecure/test/getsecsid.c 2001-07-18 15:38:06.000000000 -0500 ++++ selinux/libsecure/test/getsecsid.c 2003-06-06 21:21:20.000000000 -0500 +@@ -51,6 +51,6 @@ + } + + printf("Context: %s\n", scontext); +- ++ free(scontext); + exit(0); + } +diff -urN selinux.orig/libsecure/test/lstat_s.c selinux/libsecure/test/lstat_s.c +--- selinux.orig/libsecure/test/lstat_s.c 2001-07-18 15:38:06.000000000 -0500 ++++ selinux/libsecure/test/lstat_s.c 2003-06-06 21:21:20.000000000 -0500 +@@ -48,6 +48,7 @@ + } + + printf("Context: %s\n", context); ++ free(context); + } + + exit(0); +diff -urN selinux.orig/libsecure/test/msgget_s.c selinux/libsecure/test/msgget_s.c +--- selinux.orig/libsecure/test/msgget_s.c 2001-07-18 15:38:06.000000000 -0500 ++++ selinux/libsecure/test/msgget_s.c 2003-06-06 21:21:20.000000000 -0500 +@@ -31,11 +31,11 @@ + key_t ipc_key; + int ret; + security_id_t sid = SECSID_NULL; +- char c; ++ int c_int; + int id; + +- while ( (c = getopt(argc, argv, "k:c:s:")) != EOF) { +- switch (c) { ++ while ( (c_int = getopt(argc, argv, "k:c:s:")) != EOF) { ++ switch ((char)c_int) { + case 'k': + ipc_key = atoi(optarg); + valid_ipc_key = 1; +diff -urN selinux.orig/libsecure/test/msgsnd_s.c selinux/libsecure/test/msgsnd_s.c +--- selinux.orig/libsecure/test/msgsnd_s.c 2001-07-18 15:38:06.000000000 -0500 ++++ selinux/libsecure/test/msgsnd_s.c 2003-06-06 21:21:20.000000000 -0500 +@@ -42,10 +42,10 @@ + int valid_msg_sid = 0; + char *word, *first_words; + int ret; +- char c; ++ int c_int; + +- while ( (c = getopt(argc, argv, "c:i:s:t:")) != EOF) { +- switch (c) { ++ while ( (c_int = getopt(argc, argv, "c:i:s:t:")) != EOF) { ++ switch ((char)c_int) { + case 's': + if (valid_msg_sid) { + fprintf (stderr, "Only a sid or a context may be given, not both\n"); +diff -urN selinux.orig/libsecure/test/semget_s.c selinux/libsecure/test/semget_s.c +--- selinux.orig/libsecure/test/semget_s.c 2001-07-18 15:38:06.000000000 -0500 ++++ selinux/libsecure/test/semget_s.c 2003-06-06 21:21:20.000000000 -0500 +@@ -32,11 +32,11 @@ + key_t ipc_key; + int ret; + security_id_t sid; +- char c; ++ int c_int; + int id; + +- while ( (c = getopt(argc, argv, "k:c:s:n:")) != EOF) { +- switch (c) { ++ while ( (c_int = getopt(argc, argv, "k:c:s:n:")) != EOF) { ++ switch ((char)c_int) { + case 'k': + ipc_key = atoi(optarg); + valid_ipc_key = 1; +diff -urN selinux.orig/libsecure/test/shmget_s.c selinux/libsecure/test/shmget_s.c +--- selinux.orig/libsecure/test/shmget_s.c 2001-07-18 15:38:06.000000000 -0500 ++++ selinux/libsecure/test/shmget_s.c 2003-06-06 21:21:20.000000000 -0500 +@@ -32,11 +32,11 @@ + key_t ipc_key; + int err, ret; + security_id_t sid = SECSID_NULL; +- char c; ++ int c_int; + int id; + +- while ( (c = getopt(argc, argv, "k:c:s:b:")) != EOF) { +- switch (c) { ++ while ( (c_int = getopt(argc, argv, "k:c:s:b:")) != EOF) { ++ switch ((char)c_int) { + case 'k': + ipc_key = atoi(optarg); + valid_ipc_key = 1; +diff -urN selinux.orig/libsecure/test/sid_to_context.c selinux/libsecure/test/sid_to_context.c +--- selinux.orig/libsecure/test/sid_to_context.c 2001-07-18 15:38:06.000000000 -0500 ++++ selinux/libsecure/test/sid_to_context.c 2003-06-06 21:21:20.000000000 -0500 +@@ -43,5 +43,6 @@ + } + + printf("%s\n", buf); ++ free(buf); + exit(0); + } +diff -urN selinux.orig/libsecure/test/stat_s.c selinux/libsecure/test/stat_s.c +--- selinux.orig/libsecure/test/stat_s.c 2001-07-18 15:38:06.000000000 -0500 ++++ selinux/libsecure/test/stat_s.c 2003-06-06 21:21:20.000000000 -0500 +@@ -48,6 +48,7 @@ + } + + printf("Context: %s\n", context); ++ free(context); + } + + exit(0); +diff -urN selinux.orig/libsecure/test/statfs_s.c selinux/libsecure/test/statfs_s.c +--- selinux.orig/libsecure/test/statfs_s.c 2001-07-18 15:38:06.000000000 -0500 ++++ selinux/libsecure/test/statfs_s.c 2003-06-06 21:21:20.000000000 -0500 +@@ -48,6 +48,7 @@ + } + + printf("Context: %s\n", context); ++ free(context); + } + + exit(0); +diff -urN selinux.orig/module/checkpolicy/Makefile selinux/module/checkpolicy/Makefile +--- selinux.orig/module/checkpolicy/Makefile 2002-09-23 11:10:02.000000000 -0500 ++++ selinux/module/checkpolicy/Makefile 2003-06-06 21:21:20.000000000 -0500 +@@ -17,7 +17,9 @@ + OPTIONS = + endif + +-CFLAGS = -g $(OPTIONS) -I$(LSMDIR)/include -Wall -O2 -pipe -include $(MODDIR)/ss/global.h -I$(MODDIR)/include -I$(MODDIR)/ss ++YACC = bison -y ++ ++CFLAGS = $(OPTIONS) -I$(LSMDIR)/include -Wall -O2 -pipe -include $(MODDIR)/ss/global.h -I$(MODDIR)/include -I$(MODDIR)/ss + + OBJS = ebitmap.o queue.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o y.tab.o lex.yy.o checkpolicy.o + +@@ -28,7 +30,7 @@ + LIBS=-lfl + + checkpolicy: $(OBJS) +- $(CC) -o $@ $^ $(LIBS) ++ $(CC) -o $@ $^ $(LIBS) $(LDFLAGS) + + %.o: $(MODDIR)/ss/%.c + $(CC) $(CFLAGS) -o $@ -c $< +diff -urN selinux.orig/setfiles/setfiles.c selinux/setfiles/setfiles.c +--- selinux.orig/setfiles/setfiles.c 2003-04-04 07:29:44.000000000 -0600 ++++ selinux/setfiles/setfiles.c 2003-06-06 21:21:20.000000000 -0500 +@@ -89,6 +89,10 @@ + static int use_inum = 0; + + static int quiet = 0; ++ ++static char *rootpath = NULL; ++static int rootpathlen = 0; ++ + #define QPRINTF(args...) do { if (!quiet) printf(args); } while (0) + + /* +@@ -283,15 +287,27 @@ + int match(const char *name, struct stat *sb, security_id_t *out_sid) + { + int i, ret; ++ const char *fullname = name; ++ ++ /* fullname will be the real file that gets labeled ++ * name will be what is matched in the policy */ ++ if (NULL != rootpath) { ++ if (0 != strncmp(rootpath, name, rootpathlen)) { ++ fprintf(stderr, "%s: %s is not located in %s\n", ++ progname, name, rootpath); ++ return -1; ++ } ++ name += rootpathlen; ++ } + + if (flask_enabled) { +- ret = lstat_secure(name, sb, out_sid); ++ ret = lstat_secure(fullname, sb, out_sid); + } else { +- ret = lstat(name, sb); ++ ret = lstat(fullname, sb); + } + if (ret) { + fprintf(stderr, "%s: unable to stat file %s\n", progname, +- name); ++ fullname); + return -1; + } + +@@ -564,6 +580,23 @@ + return 0; + } + ++void set_rootpath(const char *arg) ++{ ++ int len; ++ ++ rootpath = strdup(arg); ++ if (NULL == rootpath) { ++ fprintf(stderr, "%s: insufficient memory for rootpath\n", ++ progname); ++ exit(1); ++ } ++ ++ /* trim trailing /, if present */ ++ len = strlen(rootpath); ++ while ('/' == rootpath[len - 1]) ++ rootpath[--len] = 0; ++ rootpathlen = len; ++} + + int main(int argc, char **argv) + { +@@ -577,7 +610,7 @@ + struct stat sb; + + /* Process any options. */ +- while ((opt = getopt(argc, argv, "dinqsvRW")) > 0) { ++ while ((opt = getopt(argc, argv, "dinqsvrRW")) > 0) { + switch (opt) { + case 'd': + debug = 1; +@@ -604,6 +637,20 @@ + case 'i': + use_inum = 1; + break; ++ case 'r': ++ if (optind + 1 >= argc) { ++ fprintf(stderr, "usage: %s -r rootpath\n", ++ argv[0]); ++ exit(1); ++ } ++ if (NULL != rootpath) { ++ fprintf(stderr, ++ "%s: only one -r can be specified\n", ++ argv[0]); ++ exit(1); ++ } ++ set_rootpath(argv[optind++]); ++ break; + } + } + +@@ -675,7 +722,7 @@ + } else { + if (optind > (argc - 2)) { + fprintf(stderr, +- "usage: %s [-dnqvRW] spec_file pathname...\n", ++ "usage: %s [-dnqvrRW] spec_file pathname...\n", + argv[0]); + exit(1); + } +@@ -919,7 +966,11 @@ + } + else for (; optind < argc; optind++) + { +- ++ if (NULL != rootpath) { ++ QPRINTF("%s: labeling files, pretending %s is /\n", ++ argv[0], rootpath); ++ } ++ + if (flask_enabled) { + QPRINTF("%s: labeling files under %s\n", argv[0], + argv[optind]); +diff -urN selinux.orig/utils/newrole/Makefile selinux/utils/newrole/Makefile +--- selinux.orig/utils/newrole/Makefile 2001-12-06 11:11:18.000000000 -0600 ++++ selinux/utils/newrole/Makefile 2003-06-06 21:21:20.000000000 -0500 +@@ -29,9 +29,6 @@ + CFLAGS += -O3 + # End Release flags + +-LDFLAGS += -L/usr/local/selinux/lib +-LIBS += /usr/local/selinux/lib/libsecure.a +- + PROGS = newrole + DESTDIR = /usr/local/selinux/bin + MANDIR = /usr/local/selinux/man +diff -urN selinux.orig/utils/run_init/Makefile selinux/utils/run_init/Makefile +--- selinux.orig/utils/run_init/Makefile 2003-03-18 08:45:49.000000000 -0600 ++++ selinux/utils/run_init/Makefile 2003-06-06 21:21:20.000000000 -0500 +@@ -29,9 +29,6 @@ + CFLAGS += -O3 + # End Release flags + +-LDFLAGS += -L/usr/local/selinux/lib +-LIBS += /usr/local/selinux/lib/libsecure.a +- + PROGS = run_init + DESTDIR = /usr/local/selinux/sbin + MANDIR = /usr/local/selinux/man +diff -urN selinux.orig/utils/run_init/run_init.c selinux/utils/run_init/run_init.c +--- selinux.orig/utils/run_init/run_init.c 2002-11-26 11:32:36.000000000 -0600 ++++ selinux/utils/run_init/run_init.c 2003-06-06 21:21:20.000000000 -0500 +@@ -386,7 +386,7 @@ + exit(-1); + } + +- if ( execvp_secure(argv[1], sid, argv + 1) ) { ++ if ( execvp_secure("/usr/sbin/open_init_pty", sid, argv) ) { + perror("execvp_secure"); + exit(-1); + } diff --git a/sys-apps/selinux-small/files/selinux-small-2003040709-newstat.diff b/sys-apps/selinux-small/files/selinux-small-2003040709-newstat.diff new file mode 100644 index 000000000000..82910e6ff040 --- /dev/null +++ b/sys-apps/selinux-small/files/selinux-small-2003040709-newstat.diff @@ -0,0 +1,252 @@ +Index: selinux/libsecure/src/kernel_stat.h +=================================================================== +RCS file: /home/pal/CVS/selinux/libsecure/src/kernel_stat.h,v +retrieving revision 1.2 +diff -u -r1.2 kernel_stat.h +--- selinux/libsecure/src/kernel_stat.h 27 Nov 2001 12:21:05 -0000 1.2 ++++ selinux/libsecure/src/kernel_stat.h 22 Apr 2003 15:47:25 -0000 +@@ -15,18 +15,21 @@ + unsigned long int st_size; + unsigned long int st_blksize; + unsigned long int st_blocks; +- unsigned long int st_atime; +- unsigned long int __unused1; +-#define _HAVE___UNUSED1 +- unsigned long int st_mtime; +- unsigned long int __unused2; +-#define _HAVE___UNUSED2 +- unsigned long int st_ctime; +- unsigned long int __unused3; +-#define _HAVE___UNUSED3 ++ struct timespec st_atim; ++ struct timespec st_mtim; ++ struct timespec st_ctim; + unsigned long int __unused4; + #define _HAVE___UNUSED4 + unsigned long int __unused5; + #define _HAVE___UNUSED5 + }; + ++#define _HAVE_STAT___UNUSED4 ++#define _HAVE_STAT___UNUSED5 ++#define _HAVE_STAT___PAD1 ++#define _HAVE_STAT___PAD2 ++#define _HAVE_STAT_NSEC ++#define _HAVE_STAT64___PAD1 ++#define _HAVE_STAT64___PAD2 ++#define _HAVE_STAT64___ST_INO ++#define _HAVE_STAT64_NSEC +Index: selinux/libsecure/src/xstat_conv.h +=================================================================== +RCS file: /home/pal/CVS/selinux/libsecure/src/xstat_conv.h,v +retrieving revision 1.1.1.1 +diff -u -r1.1.1.1 xstat_conv.h +--- selinux/libsecure/src/xstat_conv.h 18 Jul 2001 20:38:06 -0000 1.1.1.1 ++++ selinux/libsecure/src/xstat_conv.h 22 Apr 2003 15:40:53 -0000 +@@ -1,21 +1,26 @@ + /* Convert between the kernel's `struct stat' format, and libc's. +- Copyright (C) 1991, 1995, 1996, 1997 Free Software Foundation, Inc. ++ Copyright (C) 1991,1995,1996,1997,2000,2002 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +- modify it under the terms of the GNU Library General Public License as +- published by the Free Software Foundation; either version 2 of the +- License, or (at your option) any later version. ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- Library General Public License for more details. ++ Lesser General Public License for more details. + +- You should have received a copy of the GNU Library General Public +- License along with the GNU C Library; see the file COPYING.LIB. If not, +- write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, +- Boston, MA 02111-1307, USA. */ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include <errno.h> ++#define __set_errno(x) (errno) = (x) ++ ++#include <string.h> + + static inline int + xstat_conv (int vers, struct kernel_stat *kbuf, void *ubuf) +@@ -35,7 +40,7 @@ + + /* Convert to current kernel version of `struct stat'. */ + buf->st_dev = kbuf->st_dev; +-#ifdef _HAVE___PAD1 ++#ifdef _HAVE_STAT___PAD1 + buf->__pad1 = 0; + #endif + buf->st_ino = kbuf->st_ino; +@@ -44,35 +49,44 @@ + buf->st_uid = kbuf->st_uid; + buf->st_gid = kbuf->st_gid; + buf->st_rdev = kbuf->st_rdev; +-#ifdef _HAVE___PAD2 ++#ifdef _HAVE_STAT___PAD2 + buf->__pad2 = 0; + #endif + buf->st_size = kbuf->st_size; + buf->st_blksize = kbuf->st_blksize; + buf->st_blocks = kbuf->st_blocks; ++#ifdef _HAVE_STAT_NSEC ++ buf->st_atim.tv_sec = kbuf->st_atim.tv_sec; ++ buf->st_atim.tv_nsec = kbuf->st_atim.tv_nsec; ++ buf->st_mtim.tv_sec = kbuf->st_mtim.tv_sec; ++ buf->st_mtim.tv_nsec = kbuf->st_mtim.tv_nsec; ++ buf->st_ctim.tv_sec = kbuf->st_ctim.tv_sec; ++ buf->st_ctim.tv_nsec = kbuf->st_ctim.tv_nsec; ++#else + buf->st_atime = kbuf->st_atime; +-#ifdef _HAVE___UNUSED1 ++ buf->st_mtime = kbuf->st_mtime; ++ buf->st_ctime = kbuf->st_ctime; ++#endif ++#ifdef _HAVE_STAT___UNUSED1 + buf->__unused1 = 0; + #endif +- buf->st_mtime = kbuf->st_mtime; +-#ifdef _HAVE___UNUSED2 ++#ifdef _HAVE_STAT___UNUSED2 + buf->__unused2 = 0; + #endif +- buf->st_ctime = kbuf->st_ctime; +-#ifdef _HAVE___UNUSED3 ++#ifdef _HAVE_STAT___UNUSED3 + buf->__unused3 = 0; + #endif +-#ifdef _HAVE___UNUSED4 ++#ifdef _HAVE_STAT___UNUSED4 + buf->__unused4 = 0; + #endif +-#ifdef _HAVE___UNUSED5 ++#ifdef _HAVE_STAT___UNUSED5 + buf->__unused5 = 0; + #endif + } + break; + + default: +- errno = EINVAL; ++ __set_errno (EINVAL); + return -1; + } + +Index: selinux/libsecure/src/arch/i386/fstat64_secure.c +=================================================================== +RCS file: /home/pal/CVS/selinux/libsecure/src/arch/i386/fstat64_secure.c,v +retrieving revision 1.2 +diff -u -r1.2 fstat64_secure.c +--- selinux/libsecure/src/arch/i386/fstat64_secure.c 2 Oct 2002 20:28:17 -0000 1.2 ++++ selinux/libsecure/src/arch/i386/fstat64_secure.c 22 Apr 2003 15:52:45 -0000 +@@ -2,26 +2,19 @@ + #include <fs_secure.h> + #include <security.h> + #include <errno.h> +-#include "kernel_stat64.h" +-#include "xstat64_conv.h" + #include <flask_util.h> + + int fstat64_secure(unsigned int fd, + struct stat64 *buf, + security_id_t *out_sid) + { +- struct kernel_stat64 kbuf; + unsigned long args[3]; +- long err; + + if (is_flask_enabled()) { + args[0] = (unsigned long)fd; +- args[1] = (unsigned long)&kbuf; ++ args[1] = (unsigned long)buf; + args[2] = (unsigned long)out_sid; +- err = security(SELINUX_MAGIC, SELINUXCALL_FSTAT64, args); +- if (err) +- return err; +- return xstat64_conv(_STAT_VER_LINUX, &kbuf, buf); ++ return security(SELINUX_MAGIC, SELINUXCALL_FSTAT64, args); + } else { + /* Compatibility for the modified utilities + until they are fixed. */ +Index: selinux/libsecure/src/arch/i386/lstat64_secure.c +=================================================================== +RCS file: /home/pal/CVS/selinux/libsecure/src/arch/i386/lstat64_secure.c,v +retrieving revision 1.2 +diff -u -r1.2 lstat64_secure.c +--- selinux/libsecure/src/arch/i386/lstat64_secure.c 2 Oct 2002 20:28:17 -0000 1.2 ++++ selinux/libsecure/src/arch/i386/lstat64_secure.c 22 Apr 2003 15:53:12 -0000 +@@ -2,26 +2,19 @@ + #include <fs_secure.h> + #include <security.h> + #include <errno.h> +-#include "kernel_stat64.h" +-#include "xstat64_conv.h" + #include <flask_util.h> + + int lstat64_secure(const char *pathname, + struct stat64 *buf, + security_id_t *out_sid) + { +- struct kernel_stat64 kbuf; + unsigned long args[3]; +- int err; + + if (is_flask_enabled()) { + args[0] = (unsigned long)pathname; +- args[1] = (unsigned long)&kbuf; ++ args[1] = (unsigned long)buf; + args[2] = (unsigned long)out_sid; +- err = security(SELINUX_MAGIC, SELINUXCALL_LSTAT64, args); +- if (err) +- return err; +- return xstat64_conv(_STAT_VER_LINUX, &kbuf, buf); ++ return security(SELINUX_MAGIC, SELINUXCALL_LSTAT64, args); + } else { + /* Compatibility for the modified utilities + until they are fixed. */ +Index: selinux/libsecure/src/arch/i386/stat64_secure.c +=================================================================== +RCS file: /home/pal/CVS/selinux/libsecure/src/arch/i386/stat64_secure.c,v +retrieving revision 1.2 +diff -u -r1.2 stat64_secure.c +--- selinux/libsecure/src/arch/i386/stat64_secure.c 2 Oct 2002 20:28:17 -0000 1.2 ++++ selinux/libsecure/src/arch/i386/stat64_secure.c 22 Apr 2003 15:52:50 -0000 +@@ -2,26 +2,19 @@ + #include <fs_secure.h> + #include <security.h> + #include <errno.h> +-#include "kernel_stat64.h" +-#include "xstat64_conv.h" + #include <flask_util.h> + + int stat64_secure(const char *pathname, + struct stat64 *buf, + security_id_t *out_sid) + { +- struct kernel_stat64 kbuf; + unsigned long args[3]; +- long err; + + if (is_flask_enabled()) { + args[0] = (unsigned long)pathname; +- args[1] = (unsigned long)&kbuf; ++ args[1] = (unsigned long)buf; + args[2] = (unsigned long)out_sid; +- err = security(SELINUX_MAGIC, SELINUXCALL_STAT64, args); +- if (err) +- return err; +- return xstat64_conv(_STAT_VER_LINUX, &kbuf, buf); ++ return security(SELINUX_MAGIC, SELINUXCALL_STAT64, args); + } else { + /* Compatibility for the modified utilities + until they are fixed. */ diff --git a/sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild b/sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild new file mode 100644 index 000000000000..1cc5d2c29277 --- /dev/null +++ b/sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild @@ -0,0 +1,167 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild,v 1.1 2003/06/13 16:49:23 pebenito Exp $ + +DESCRIPTION="SELinux libraries and policy compiler" +HOMEPAGE="http://www.nsa.gov/selinux" +SRC_URI="http://www.nsa.gov/selinux/archives/${P}.tgz" + +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/selinux" + +KEYWORDS="~x86 ~ppc ~alpha ~sparc" +IUSE="selinux static" +DEPEND=">=sys-libs/glibc-2.3.2 + sys-devel/flex + sys-libs/pam + || ( + >=sys-kernel/selinux-sources-2.4.20-r1 + >=sys-kernel/hardened-sources-2.4.20-r1 + )" + +RDEPEND="${DEPEND} + >=dev-python/pexpect-0.97 + >=sys-apps/selinux-base-policy-20030522" + +use static && LDFLAGS="-static" + +pkg_setup() { + if [ -z "`use selinux`" ]; then + eerror "selinux is missing from your USE. You seem to be using the" + eerror "incorrect profile. SELinux has a different profile than" + eerror "mainline Gentoo. Make sure the /etc/make.profile symbolic" + eend 1 "link is pointing to /usr/portage/profiles/selinux-x86-1.4/" + fi + + if [ ! -f /usr/src/linux/security/selinux/ss/ebitmap.c ]; then + eerror "The /usr/src/linux symbolic link appears to be incorrect. It" + eerror "must be pointing to a selinux-sources or hardened-sources kernel" + eerror "for selinux-small to compile. If the link is correct, the" + eerror "kernel sources may be damaged or incomplete, and will need to" + eend 1 "be remerged. Please fix and retry." + fi +} + +src_compile() { + ln -s /usr/src/linux ${WORKDIR}/lsm-2.4 + + cd ${S} + + epatch ${FILESDIR}/${P}-gentoo.diff + epatch ${FILESDIR}/${P}-newstat.diff + + einfo "Compiling checkpolicy" + cd ${S}/module + make LSMVER=-2.4 LDFLAGS=${LDFLAGS} all \ + || die "Checkpolicy compilation failed" + + einfo "Compiling libsecure" + cd ${S}/libsecure + make SE_INC=/usr/include/linux/flask EXTRA_CFLAGS="${CFLAGS}" \ + EXTRA_LDFLAGS="${LDFLAGS}" \ + || die "libsecure compile failed." + + # now set up paths, since the next compiles need libsecure + LDFLAGS="-L${S}/libsecure/src ${LDFLAGS}" + LIBSECURE="-I${S}/libsecure/include ${LDFLAGS} -DUSE_PAM" + + einfo "Compiling devfsd module" + cd ${S}/devfsd + mv devfsd-conflet selinux-small + make CFLAGS="${CFLAGS} ${LIBSECURE}" LDFLAGS="${LIBSECURE/-static}" \ + || die "devfsd compile failed." + + einfo "Compiling setfiles" + cd ${S}/setfiles + make CFLAGS="${CFLAGS} ${LIBSECURE}" LDFLAGS="${LDFLAGS}" setfiles \ + || die "setfiles compile failed." + + einfo "Compiling newrole" + cd ${S}/utils/newrole + make CFLAGS="${CFLAGS} ${LIBSECURE/-static} -lcrypt" \ + || die "newrole compile failed." + + einfo "Compiling run_init" + cd ${S}/utils/run_init + make CFLAGS="${CFLAGS} ${LIBSECURE/-static} -lcrypt" \ + || die "run_init compile failed." + + einfo "Compiling s-wrappers" + cd ${S}/utils/spasswd + make CFLAGS="${CFLAGS} ${LIBSECURE}" LDFLAGS="${LDFLAGS} -lcrypt -static" \ + || die "s-wrappers compile failed." + + einfo "Compiling selopt" + cd ${S}/selopt + make COPT_FLAGS="${CFLAGS} ${LIBSECURE}" LDFLAGS="${LDFLAGS}" \ + || die "selopt compile failed." +} + +src_install() { + # install policy stuff + dosbin ${S}/module/checkpolicy/checkpolicy + dosbin ${S}/setfiles/setfiles + + insinto /usr/include + doins ${S}/libsecure/include/*.h + + insinto /etc/devfs.d + doins ${S}/devfsd/selinux-small + + dolib.a ${S}/libsecure/src/libsecure.a + dobin ${S}/libsecure/test/{avc_enforcing,avc_toggle,context_to_sid,sid_to_context,list_sids,chsid,lchsid,chsidfs,get_user_sids} + dosbin ${S}/libsecure/test/load_policy + dobin ${S}/utils/spasswd/{sadminpasswd,schfn,schsh,spasswd,suseradd,suserdel,svipw} + dobin ${S}/utils/run_init/run_init + dobin ${S}/utils/newrole/newrole + dosbin ${FILESDIR}/{rlpkg,open_init_pty} + + doman ${S}/setfiles/setfiles.8 + doman ${S}/libsecure/man/man[12]/* + doman ${S}/utils/newrole/newrole.1 + doman ${S}/utils/run_init/run_init.8 + + dobin ${S}/selopt/utils/flmon + dosbin ${S}/selopt/utils/{ct,pt,qt} + dosbin ${S}/selopt/scmpd/scmpd + dodoc ${S}/selopt/doc/* + + exeinto /etc/init.d + doexe ${FILESDIR}/scmpd + + exeinto /lib/devfsd + doexe ${S}/devfsd/devfsd-se.so + + # install pam stuff + insinto /etc/pam.d + doins ${FILESDIR}/{newrole,run_init} +} + +pkg_postinst() { + einfo + einfo "To recompile the policy and relabel the filesystem simply run:" + einfo "ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config" + einfo + + # Stop devfsd from restoring /dev/log, it causes denials. + # The syslog will create it when it starts. Recent stock + # gentoo devfsd.conf's stopped saving /dev/log into dev-state. + [ -f /lib/dev-state/log ] && rm -f /lib/dev-state/log +} + +pkg_config() { + cd /etc/security/selinux/src/policy + + einfo "Compiling policy" + make policy || die "Policy compile failed (see above error messages)" + + einfo "Installing policy" + make install || die "Policy install failed (see above error messages)" + + einfo "Loading policy" + make load || die "Policy loading failed (see above error messages)" + + einfo "Relabeling filesystems -- This will take a very long time!" + make relabel || die "Relabeling failed (see above error messages)" +} |