Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch')
-rw-r--r--sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch265
1 files changed, 0 insertions, 265 deletions
diff --git a/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch b/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
deleted file mode 100644
index 24e9778015ab..000000000000
--- a/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
+++ /dev/null
@@ -1,265 +0,0 @@
-From d56c2b434e99f60612c1290e82021ecbcbfaf5e6 Mon Sep 17 00:00:00 2001
-From: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
-Date: Tue, 21 Jul 2015 15:08:15 -0400
-Subject: [PATCH] libsemanage: Add file_contexts and seusers to the store
-
-This patch writes file_contexts and seusers to the policy store as well as
-/etc/selinux/. Additionally, file_contexts and seusers are now parsed from the
-store rather than the final directory which was the old behavior. This allows
-all policy related files to be kept in the policy store.
-
-Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
----
- libsemanage/src/direct_api.c | 69 +++++++++++++++++++++++++-------
- libsemanage/src/semanage_store.c | 49 ++++-------------------
- libsemanage/src/semanage_store.h | 5 ++-
- libsemanage/utils/semanage_migrate_store | 3 +-
- 4 files changed, 66 insertions(+), 60 deletions(-)
-
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
-index 3c6b168..b11f2ba 100644
---- a/libsemanage/src/direct_api.c
-+++ b/libsemanage/src/direct_api.c
-@@ -248,18 +248,14 @@ int semanage_direct_connect(semanage_handle_t * sh)
- goto err;
-
- if (fcontext_file_dbase_init(sh,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_FC),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_FC),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
- semanage_fcontext_dbase_policy(sh)) < 0)
- goto err;
-
- if (seuser_file_dbase_init(sh,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_SEUSERS),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_SEUSERS),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_SEUSERS),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
- semanage_seuser_dbase_policy(sh)) < 0)
- goto err;
-
-@@ -602,7 +598,7 @@ static int semanage_direct_update_seuser(semanage_handle_t * sh, cil_db_t *cildb
- }
-
- if (size > 0) {
-- ofilename = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS);
-+ ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
- if (ofilename == NULL) {
- return -1;
- }
-@@ -1039,7 +1035,8 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- size_t fc_buffer_len = 0;
- const char *ofilename = NULL;
- const char *path;
-- int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0;
-+ int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0,
-+ missing_seusers = 0, missing_fc = 0, missing = 0;
- sepol_policydb_t *out = NULL;
- struct cil_db *cildb = NULL;
- semanage_module_info_t *modinfos = NULL;
-@@ -1151,10 +1148,26 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- if (access(path, F_OK) != 0) {
- missing_policy_kern = 1;
- }
-+
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
-+
-+ if (access(path, F_OK) != 0) {
-+ missing_fc = 1;
-+ }
-+
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
-+
-+ if (access(path, F_OK) != 0) {
-+ missing_seusers = 1;
-+ }
- }
-
-+ missing |= missing_policy_kern;
-+ missing |= missing_fc;
-+ missing |= missing_seusers;
-+
- /* If there were policy changes, or explicitly requested, rebuild the policy */
-- if (sh->do_rebuild || modified || missing_policy_kern) {
-+ if (sh->do_rebuild || modified || missing) {
- /* =================== Module expansion =============== */
-
- retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos);
-@@ -1312,15 +1325,41 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- if (retval < 0)
- goto cleanup;
-
-- retval = semanage_copy_policydb(sh);
-- if (retval < 0)
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL),
-+ sh->conf->file_mode);
-+ if (retval < 0) {
- goto cleanup;
-+ }
-
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
- if (access(path, F_OK) == 0) {
-- retval = semanage_copy_fc_local(sh);
-- if (retval < 0)
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
-+ sh->conf->file_mode);
-+ if (retval < 0) {
- goto cleanup;
-+ }
-+ }
-+
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
-+ if (access(path, F_OK) == 0) {
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
-+ sh->conf->file_mode);
-+ if (retval < 0) {
-+ goto cleanup;
-+ }
-+ }
-+
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
-+ if (access(path, F_OK) == 0) {
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
-+ sh->conf->file_mode);
-+ if (retval < 0) {
-+ goto cleanup;
-+ }
- }
-
- /* run genhomedircon if its enabled, this should be the last operation
-diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
-index 2856aaf..fa0876f 100644
---- a/libsemanage/src/semanage_store.c
-+++ b/libsemanage/src/semanage_store.c
-@@ -111,7 +111,9 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
- "/preserve_tunables",
- "/modules/disabled",
- "/policy.kern",
-- "/file_contexts.local"
-+ "/file_contexts.local",
-+ "/file_contexts",
-+ "/seusers"
- };
-
- static char const * const semanage_final_prefix[SEMANAGE_FINAL_NUM] = {
-@@ -666,7 +668,7 @@ static int semanage_filename_select(const struct dirent *d)
-
- /* Copies a file from src to dst. If dst already exists then
- * overwrite it. Returns 0 on success, -1 on error. */
--static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
-+int semanage_copy_file(const char *src, const char *dst, mode_t mode)
- {
- int in, out, retval = 0, amount_read, n, errsv = errno;
- char tmp[PATH_MAX];
-@@ -1425,11 +1427,11 @@ int semanage_split_fc(semanage_handle_t * sh)
- goto cleanup;
- }
-
-- fc = open(semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
-+ fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
- O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
- if (fc < 0) {
- ERR(sh, "Could not open %s for writing.",
-- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC));
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC));
- goto cleanup;
- }
- hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL),
-@@ -1454,8 +1456,7 @@ int semanage_split_fc(semanage_handle_t * sh)
- } else {
- if (write(fc, buf, strlen(buf)) < 0) {
- ERR(sh, "Write to %s failed.",
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_FC));
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC));
- goto cleanup;
- }
- }
-@@ -2914,39 +2915,3 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
-
- return 0;
- }
--
--int semanage_copy_policydb(semanage_handle_t *sh)
--{
-- const char *src = NULL;
-- const char *dst = NULL;
-- int rc = -1;
--
-- src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
-- dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
--
-- rc = semanage_copy_file(src, dst, sh->conf->file_mode);
-- if (rc != 0) {
-- goto cleanup;
-- }
--
--cleanup:
-- return rc;
--}
--
--int semanage_copy_fc_local(semanage_handle_t *sh)
--{
-- const char *src = NULL;
-- const char *dst = NULL;
-- int rc = -1;
--
-- src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
-- dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL);
--
-- rc = semanage_copy_file(src, dst, sh->conf->file_mode);
-- if (rc != 0) {
-- goto cleanup;
-- }
--
--cleanup:
-- return rc;
--}
-diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
-index ade43f2..acb6e3f 100644
---- a/libsemanage/src/semanage_store.h
-+++ b/libsemanage/src/semanage_store.h
-@@ -57,6 +57,8 @@ enum semanage_sandbox_defs {
- SEMANAGE_MODULES_DISABLED,
- SEMANAGE_STORE_KERNEL,
- SEMANAGE_STORE_FC_LOCAL,
-+ SEMANAGE_STORE_FC,
-+ SEMANAGE_STORE_SEUSERS,
- SEMANAGE_STORE_NUM_PATHS
- };
-
-@@ -150,7 +152,6 @@ int semanage_nc_sort(semanage_handle_t * sh,
- size_t buf_len,
- char **sorted_buf, size_t * sorted_buf_len);
-
--int semanage_copy_policydb(semanage_handle_t *sh);
--int semanage_copy_fc_local(semanage_handle_t *sh);
-+int semanage_copy_file(const char *src, const char *dst, mode_t mode);
-
- #endif
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
-index b170eda..6443002 100755
---- a/libsemanage/utils/semanage_migrate_store
-+++ b/libsemanage/utils/semanage_migrate_store
-@@ -244,7 +244,8 @@ if __name__ == "__main__":
- "users_extra.local",
- "disable_dontaudit",
- "preserve_tunables",
-- "policy.kern" ]
-+ "policy.kern",
-+ "file_contexts"]
-
-
- create_dir(newroot_path(), 0o755)
---
-2.4.6
-