diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e766aa5 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libselinux-3.2.tar.gz diff --git a/.libselinux.metadata b/.libselinux.metadata new file mode 100644 index 0000000..c81fb15 --- /dev/null +++ b/.libselinux.metadata @@ -0,0 +1 @@ +59d7e9a2db64ba994e2da976b4374871535cd196 SOURCES/libselinux-3.2.tar.gz diff --git a/SOURCES/0001-libselinux-do-not-duplicate-make-target-when-going-i.patch b/SOURCES/0001-libselinux-do-not-duplicate-make-target-when-going-i.patch new file mode 100644 index 0000000..3d123e5 --- /dev/null +++ b/SOURCES/0001-libselinux-do-not-duplicate-make-target-when-going-i.patch @@ -0,0 +1,59 @@ +From f63263c2d002fc8a4e681ea1a1b1db1e455acc49 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Thu, 22 Apr 2021 08:43:56 +0200 +Subject: [PATCH] libselinux: do not duplicate make target when going into + subdirectory + +When running "make install-pywrap", make displays: + + make[1]: Entering directory '/root/selinux/libselinux' + make -C src install-pywrap install-pywrap + make[2]: Entering directory '/root/selinux/libselinux/src' + +The duplicated "install-pywrap" is not expected. Remove it from the +Makefile. + +Signed-off-by: Nicolas Iooss +--- + libselinux/Makefile | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/libselinux/Makefile b/libselinux/Makefile +index ac16c15e8d0a..439bc6a9b7fd 100644 +--- a/libselinux/Makefile ++++ b/libselinux/Makefile +@@ -50,24 +50,24 @@ all install relabel clean distclean indent: + done + + swigify: all +- $(MAKE) -C src swigify $@ ++ $(MAKE) -C src $@ + + pywrap: +- $(MAKE) -C src pywrap $@ ++ $(MAKE) -C src $@ + + rubywrap: +- $(MAKE) -C src rubywrap $@ ++ $(MAKE) -C src $@ + + install-pywrap: +- $(MAKE) -C src install-pywrap $@ ++ $(MAKE) -C src $@ + + install-rubywrap: +- $(MAKE) -C src install-rubywrap $@ ++ $(MAKE) -C src $@ + + clean-pywrap: +- $(MAKE) -C src clean-pywrap $@ ++ $(MAKE) -C src $@ + + clean-rubywrap: +- $(MAKE) -C src clean-rubywrap $@ ++ $(MAKE) -C src $@ + + test: +-- +2.32.0 + diff --git a/SOURCES/0002-libselinux-selinux_check_passwd_access_internal-resp.patch b/SOURCES/0002-libselinux-selinux_check_passwd_access_internal-resp.patch new file mode 100644 index 0000000..9eb5b1b --- /dev/null +++ b/SOURCES/0002-libselinux-selinux_check_passwd_access_internal-resp.patch @@ -0,0 +1,45 @@ +From a88d24522fe74100478122c298aa4ace1af876fd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 10 May 2021 12:12:38 +0200 +Subject: [PATCH] libselinux: selinux_check_passwd_access_internal(): respect + deny_unknown +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +`selinux_check_passwd_access_internal()`, and thereby +`checkPasswdAccess(3)` and `selinux_check_passwd_access(3)`, does not +respect the policy defined setting of `deny_unknown`, like +`selinux_check_access(3)` does. +This means in case the security class `passwd` is not defined, success +is returned instead of failure, i.e. permission denied. + +Most policies should define the `passwd` class and the two affected +public functions are marked deprecated. + +Align the behavior with `selinux_check_access(3)` and respect +the deny_unknown setting in case the security class is not defined. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/checkAccess.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c +index b337ea64f977..022cd6b5ecab 100644 +--- a/libselinux/src/checkAccess.c ++++ b/libselinux/src/checkAccess.c +@@ -78,7 +78,9 @@ static int selinux_check_passwd_access_internal(access_vector_t requested) + passwd_class = string_to_security_class("passwd"); + if (passwd_class == 0) { + freecon(user_context); +- return 0; ++ if (security_deny_unknown() == 0) ++ return 0; ++ return -1; + } + + retval = security_compute_av_raw(user_context, +-- +2.32.0 + diff --git a/SOURCES/0003-libselinux-silence-Wstringop-overflow-warning-from-g.patch b/SOURCES/0003-libselinux-silence-Wstringop-overflow-warning-from-g.patch new file mode 100644 index 0000000..4fc315c --- /dev/null +++ b/SOURCES/0003-libselinux-silence-Wstringop-overflow-warning-from-g.patch @@ -0,0 +1,51 @@ +From f1bc162cc272e01631e8f6d890fae71e1cb96e03 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Fri, 30 Apr 2021 21:37:02 +0200 +Subject: [PATCH] libselinux: silence -Wstringop-overflow warning from gcc + 10.3.1 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When building libselinux on Fedora 33 with gcc 10.3.1, the compiler +reports: + + label_file.c: In function ‘lookup_all.isra’: + label_file.c:940:4: error: ‘strncpy’ specified bound depends on the + length of the source argument [-Werror=stringop-overflow=] + 940 | strncpy(clean_key, key, len - 1); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + label_file.c:927:8: note: length computed here + 927 | len = strlen(key); + | ^~~~~~~~~~~ + cc1: all warnings being treated as errors + +As clean_key is the result of malloc(len), there is no issue here. But +using strncpy can be considered as strange, because the size of the +string is already known and the NUL terminator is always added later, in +function ‘lookup_all.isra. + +Replace strncpy with memcpy to silence this gcc false-positive warning. + +Signed-off-by: Nicolas Iooss +Acked-by: Petr Lautrbach +--- + libselinux/src/label_file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index 726394ca4332..cfce23e0119e 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -909,7 +909,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec, + if (!clean_key) + goto finish; + +- strncpy(clean_key, key, len - 1); ++ memcpy(clean_key, key, len - 1); + } + + clean_key[len - 1] = '\0'; +-- +2.32.0 + diff --git a/SOURCES/0004-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch b/SOURCES/0004-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch new file mode 100644 index 0000000..4041dc4 --- /dev/null +++ b/SOURCES/0004-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch @@ -0,0 +1,46 @@ +From ae34b3ca3c605f8648b10722330ef3fbc872f3d6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:35 +0200 +Subject: [PATCH] libselinux: sidtab_hash(): do not discard const qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not discard the const qualifier of the function argument, and drop +the redundant local variable `keyp`. + +avc_sidtab.c: In function ‘sidtab_hash’: +avc_sidtab.c:23:9: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 23 | keyp = (char *)key; + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/avc_sidtab.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c +index 9669264d651a..8dc875608762 100644 +--- a/libselinux/src/avc_sidtab.c ++++ b/libselinux/src/avc_sidtab.c +@@ -15,14 +15,13 @@ + + static inline unsigned sidtab_hash(const char * key) + { +- char *p, *keyp; ++ const char *p; + unsigned int size; + unsigned int val; + + val = 0; +- keyp = (char *)key; +- size = strlen(keyp); +- for (p = keyp; (unsigned int)(p - keyp) < size; p++) ++ size = strlen(key); ++ for (p = key; (unsigned int)(p - key) < size; p++) + val = + (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p); + return val & (SIDTAB_SIZE - 1); +-- +2.32.0 + diff --git a/SOURCES/0005-libselinux-selinux_file_context_cmp-do-not-discard-c.patch b/SOURCES/0005-libselinux-selinux_file_context_cmp-do-not-discard-c.patch new file mode 100644 index 0000000..c370725 --- /dev/null +++ b/SOURCES/0005-libselinux-selinux_file_context_cmp-do-not-discard-c.patch @@ -0,0 +1,48 @@ +From d23421c65a4e53bef900d9e015833015fa123765 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:40 +0200 +Subject: [PATCH] libselinux: selinux_file_context_cmp(): do not discard const + qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +matchpathcon.c: In function ‘selinux_file_context_cmp’: +matchpathcon.c:487:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 487 | rest_a = strchr((char *)a, ':'); + | ^ +matchpathcon.c:488:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 488 | rest_b = strchr((char *)b, ':'); + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/matchpathcon.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c +index 2ec66650cae0..9e1fab593266 100644 +--- a/libselinux/src/matchpathcon.c ++++ b/libselinux/src/matchpathcon.c +@@ -477,15 +477,15 @@ void matchpathcon_checkmatches(char *str __attribute__((unused))) + int selinux_file_context_cmp(const char * a, + const char * b) + { +- char *rest_a, *rest_b; /* Rest of the context after the user */ ++ const char *rest_a, *rest_b; /* Rest of the context after the user */ + if (!a && !b) + return 0; + if (!a) + return -1; + if (!b) + return 1; +- rest_a = strchr((char *)a, ':'); +- rest_b = strchr((char *)b, ':'); ++ rest_a = strchr(a, ':'); ++ rest_b = strchr(b, ':'); + if (!rest_a && !rest_b) + return 0; + if (!rest_a) +-- +2.32.0 + diff --git a/SOURCES/0006-libselinux-label_common-do-not-discard-const-qualifi.patch b/SOURCES/0006-libselinux-label_common-do-not-discard-const-qualifi.patch new file mode 100644 index 0000000..0dca8cd --- /dev/null +++ b/SOURCES/0006-libselinux-label_common-do-not-discard-const-qualifi.patch @@ -0,0 +1,69 @@ +From 3950b1afedd1a5247dcb0eb4acffc3fe045a9fb3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:42 +0200 +Subject: [PATCH] libselinux: label_common(): do not discard const qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As the const qualifier is discarded in label_common(), do not return a +const qualified pointer pointer from the local function `lookup_all()`. + +label_file.c: In function ‘lookup_common’: +label_file.c:994:24: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 994 | struct spec *result = (struct spec*)matches[0]; + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index cfce23e0119e..b080fcf1305b 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -845,7 +845,7 @@ static void closef(struct selabel_handle *rec) + // Finds all the matches of |key| in the given context. Returns the result in + // the allocated array and updates the match count. If match_count is NULL, + // stops early once the 1st match is found. +-static const struct spec **lookup_all(struct selabel_handle *rec, ++static struct spec **lookup_all(struct selabel_handle *rec, + const char *key, + int type, + bool partial, +@@ -861,7 +861,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec, + unsigned int sofar = 0; + char *sub = NULL; + +- const struct spec **result = NULL; ++ struct spec **result = NULL; + if (match_count) { + *match_count = 0; + result = calloc(data->nspec, sizeof(struct spec*)); +@@ -987,11 +987,11 @@ static struct spec *lookup_common(struct selabel_handle *rec, + const char *key, + int type, + bool partial) { +- const struct spec **matches = lookup_all(rec, key, type, partial, NULL); ++ struct spec **matches = lookup_all(rec, key, type, partial, NULL); + if (!matches) { + return NULL; + } +- struct spec *result = (struct spec*)matches[0]; ++ struct spec *result = matches[0]; + free(matches); + return result; + } +@@ -1054,7 +1054,7 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key + assert(digest); + + size_t total_matches; +- const struct spec **matches = lookup_all(rec, key, 0, true, &total_matches); ++ struct spec **matches = lookup_all(rec, key, 0, true, &total_matches); + if (!matches) { + return false; + } +-- +2.32.0 + diff --git a/SOURCES/0007-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch b/SOURCES/0007-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch new file mode 100644 index 0000000..a60225c --- /dev/null +++ b/SOURCES/0007-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch @@ -0,0 +1,85 @@ +From 7ca82e0db464052c1ed51e77b2d61ede82dfe3ee Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:44 +0200 +Subject: [PATCH] libselinux: Sha1Finalise(): do not discard const qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Mark the argument `Buffer` of `Sha1Update()` const, since it is not +modified. + +sha1.c: In function ‘Sha1Finalise’: +sha1.c:208:25: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 208 | Sha1Update(Context, (uint8_t*)"\x80", 1); + | ^ +sha1.c:211:29: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 211 | Sha1Update(Context, (uint8_t*)"\0", 1); + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/sha1.c | 10 +++++----- + libselinux/src/sha1.h | 2 +- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c +index 9a8ce01dceda..664bbcf26eef 100644 +--- a/libselinux/src/sha1.c ++++ b/libselinux/src/sha1.c +@@ -151,7 +151,7 @@ void + Sha1Update + ( + Sha1Context* Context, +- void* Buffer, ++ const void* Buffer, + uint32_t BufferSize + ) + { +@@ -172,7 +172,7 @@ void + TransformFunction(Context->State, Context->Buffer); + for (; i + 63 < BufferSize; i += 64) + { +- TransformFunction(Context->State, (uint8_t*)Buffer + i); ++ TransformFunction(Context->State, (const uint8_t*)Buffer + i); + } + j = 0; + } +@@ -181,7 +181,7 @@ void + i = 0; + } + +- memcpy(&Context->Buffer[j], &((uint8_t*)Buffer)[i], BufferSize - i); ++ memcpy(&Context->Buffer[j], &((const uint8_t*)Buffer)[i], BufferSize - i); + } + + /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +@@ -205,10 +205,10 @@ void + finalcount[i] = (unsigned char)((Context->Count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); // Endian independent + } +- Sha1Update(Context, (uint8_t*)"\x80", 1); ++ Sha1Update(Context, (const uint8_t*)"\x80", 1); + while ((Context->Count[0] & 504) != 448) + { +- Sha1Update(Context, (uint8_t*)"\0", 1); ++ Sha1Update(Context, (const uint8_t*)"\0", 1); + } + + Sha1Update(Context, finalcount, 8); // Should cause a Sha1TransformFunction() +diff --git a/libselinux/src/sha1.h b/libselinux/src/sha1.h +index eac3c195351a..f83a6e7ed7ba 100644 +--- a/libselinux/src/sha1.h ++++ b/libselinux/src/sha1.h +@@ -64,7 +64,7 @@ void + Sha1Update + ( + Sha1Context* Context, +- void* Buffer, ++ const void* Buffer, + uint32_t BufferSize + ); + +-- +2.32.0 + diff --git a/SOURCES/0008-libselinux-sefcontext_compile-mark-local-variable-st.patch b/SOURCES/0008-libselinux-sefcontext_compile-mark-local-variable-st.patch new file mode 100644 index 0000000..39366bd --- /dev/null +++ b/SOURCES/0008-libselinux-sefcontext_compile-mark-local-variable-st.patch @@ -0,0 +1,31 @@ +From 11194b982bb32c05548c38e4c81b1f166083f7e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:46 +0200 +Subject: [PATCH] libselinux: sefcontext_compile: mark local variable static +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `policy_file` is only used in sefcontext_compile.c. + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/sefcontext_compile.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c +index dcb0085ad67e..6c32172d9944 100644 +--- a/libselinux/utils/sefcontext_compile.c ++++ b/libselinux/utils/sefcontext_compile.c +@@ -14,7 +14,7 @@ + #include "../src/label_file.h" + #include "../src/regex.h" + +-const char *policy_file; ++static const char *policy_file; + static int ctx_err; + + static int validate_context(char **ctxp) +-- +2.32.0 + diff --git a/SOURCES/0009-libselinux-avcstat-use-standard-length-modifier-for-.patch b/SOURCES/0009-libselinux-avcstat-use-standard-length-modifier-for-.patch new file mode 100644 index 0000000..39a1ea4 --- /dev/null +++ b/SOURCES/0009-libselinux-avcstat-use-standard-length-modifier-for-.patch @@ -0,0 +1,42 @@ +From 533e9d6ce07c8909c9c020cd6920a2384f7eee22 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:48 +0200 +Subject: [PATCH] libselinux: avcstat: use standard length modifier for + unsigned long long +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The format width specifier `L` is only standardized for floating point +types. Use `ll` for fixed-width data types. + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/avcstat.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libselinux/utils/avcstat.c b/libselinux/utils/avcstat.c +index da2392870c51..cc9a48dd4c3a 100644 +--- a/libselinux/utils/avcstat.c ++++ b/libselinux/utils/avcstat.c +@@ -205,7 +205,7 @@ int main(int argc, char **argv) + die("unable to parse \'%s\': no data", avcstatfile); + + if (cumulative || !i) +- printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", ++ printf("%10llu %10llu %10llu %10llu %10llu %10llu\n", + tot.lookups, tot.hits, tot.misses, + tot.allocations, tot.reclaims, tot.frees); + else { +@@ -215,7 +215,7 @@ int main(int argc, char **argv) + rel.allocations = tot.allocations - last.allocations; + rel.reclaims = tot.reclaims - last.reclaims; + rel.frees = tot.frees - last.frees; +- printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", ++ printf("%10llu %10llu %10llu %10llu %10llu %10llu\n", + rel.lookups, rel.hits, rel.misses, + rel.allocations, rel.reclaims, rel.frees); + } +-- +2.32.0 + diff --git a/SOURCES/0010-libselinux-selinux_restorecon-mark-local-variable-st.patch b/SOURCES/0010-libselinux-selinux_restorecon-mark-local-variable-st.patch new file mode 100644 index 0000000..28b1188 --- /dev/null +++ b/SOURCES/0010-libselinux-selinux_restorecon-mark-local-variable-st.patch @@ -0,0 +1,38 @@ +From 7464272caa1a69e3fc7971d1d80b6afd4785abef Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:51 +0200 +Subject: [PATCH] libselinux: selinux_restorecon: mark local variable static +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `dir_xattr_list` is only used inside `selinux_restorecon.c`. + +selinux_restorecon.c:65:19: warning: no previous extern declaration for non-static variable 'dir_xattr_list' [-Wmissing-variable-declarations] +struct dir_xattr *dir_xattr_list; + ^ +selinux_restorecon.c:65:1: note: declare 'static' if the variable is not intended to be used outside of this translation unit +struct dir_xattr *dir_xattr_list; +^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/selinux_restorecon.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 63fb8dc53c28..249c361fa988 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -62,7 +62,7 @@ static uint64_t fc_count = 0; /* Number of files processed so far */ + static uint64_t efile_count; /* Estimated total number of files */ + + /* Store information on directories with xattr's. */ +-struct dir_xattr *dir_xattr_list; ++static struct dir_xattr *dir_xattr_list; + static struct dir_xattr *dir_xattr_last; + + /* restorecon_flags for passing to restorecon_sb() */ +-- +2.32.0 + diff --git a/SOURCES/0011-libselinux-selabel_get_digests_all_partial_matches-f.patch b/SOURCES/0011-libselinux-selabel_get_digests_all_partial_matches-f.patch new file mode 100644 index 0000000..5187561 --- /dev/null +++ b/SOURCES/0011-libselinux-selabel_get_digests_all_partial_matches-f.patch @@ -0,0 +1,51 @@ +From d0c02882b7fdcf5e6478f9a82ac2946174f4bca4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:53 +0200 +Subject: [PATCH] libselinux: selabel_get_digests_all_partial_matches: free + memory after FTS_D block +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Free all memory from `selabel_get_digests_all_partial_matches()` in case +of success and failure. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + .../utils/selabel_get_digests_all_partial_matches.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c +index 0c2edc67771d..e28833d2ce97 100644 +--- a/libselinux/utils/selabel_get_digests_all_partial_matches.c ++++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c +@@ -128,7 +128,7 @@ int main(int argc, char **argv) + printf("No SHA1 digest available for: %s\n", + ftsent->fts_path); + printf("as file_context entry is \"<>\"\n"); +- break; ++ goto cleanup; + } + + printf("The file_context entries for: %s\n", +@@ -149,11 +149,11 @@ int main(int argc, char **argv) + xattr_digest[i]); + printf("%s\n", sha1_buf); + } +- +- free(xattr_digest); +- free(calculated_digest); +- free(sha1_buf); + } ++ cleanup: ++ free(xattr_digest); ++ free(calculated_digest); ++ free(sha1_buf); + break; + } + default: +-- +2.32.0 + diff --git a/SOURCES/0012-libselinux-getconlist-free-memory-on-multiple-level-.patch b/SOURCES/0012-libselinux-getconlist-free-memory-on-multiple-level-.patch new file mode 100644 index 0000000..4a6f921 --- /dev/null +++ b/SOURCES/0012-libselinux-getconlist-free-memory-on-multiple-level-.patch @@ -0,0 +1,34 @@ +From d0e16077d4ded64bbc878d29e0dc22b1f5e0912f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:55 +0200 +Subject: [PATCH] libselinux: getconlist: free memory on multiple level + arguments +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not leak memory if the program argument `l` got passed more than +once. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/getconlist.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c +index 76654b75151a..0bb2846937ca 100644 +--- a/libselinux/utils/getconlist.c ++++ b/libselinux/utils/getconlist.c +@@ -26,6 +26,7 @@ int main(int argc, char **argv) + while ((opt = getopt(argc, argv, "l:")) > 0) { + switch (opt) { + case 'l': ++ free(level); + level = strdup(optarg); + if (!level) { + fprintf(stderr, "memory allocation failure: %d(%s)\n", +-- +2.32.0 + diff --git a/SOURCES/0013-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch b/SOURCES/0013-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch new file mode 100644 index 0000000..a78e2ec --- /dev/null +++ b/SOURCES/0013-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch @@ -0,0 +1,42 @@ +From 319429ba3358c32a566f2c59898d01f2f36fdc95 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:57 +0200 +Subject: [PATCH] libselinux: exclude_non_seclabel_mounts(): drop unused + variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `num` is never read from. + +Found by clang-analyer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/selinux_restorecon.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 249c361fa988..6fb9e1ff486d 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -230,7 +230,6 @@ static int exclude_non_seclabel_mounts(void) + struct utsname uts; + FILE *fp; + size_t len; +- ssize_t num; + int index = 0, found = 0, nfile = 0; + char *mount_info[4]; + char *buf = NULL, *item; +@@ -245,7 +244,7 @@ static int exclude_non_seclabel_mounts(void) + if (!fp) + return 0; + +- while ((num = getline(&buf, &len, fp)) != -1) { ++ while (getline(&buf, &len, fp) != -1) { + found = 0; + index = 0; + item = strtok(buf, " "); +-- +2.32.0 + diff --git a/SOURCES/0014-libselinux-context_new-drop-dead-assignment.patch b/SOURCES/0014-libselinux-context_new-drop-dead-assignment.patch new file mode 100644 index 0000000..e1df68b --- /dev/null +++ b/SOURCES/0014-libselinux-context_new-drop-dead-assignment.patch @@ -0,0 +1,34 @@ +From 782fa6ea38f323c60fc437577af515ce44627452 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:59 +0200 +Subject: [PATCH] libselinux: context_new(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `i` is not used inside this loop, and it later +unconditionally set to 0. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/context.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/context.c b/libselinux/src/context.c +index ce4258806c53..b2144c7cf76c 100644 +--- a/libselinux/src/context.c ++++ b/libselinux/src/context.c +@@ -37,7 +37,7 @@ context_t context_new(const char *str) + } + n->current_str = n->component[0] = n->component[1] = n->component[2] = + n->component[3] = 0; +- for (i = count = 0, p = str; *p; p++) { ++ for (count = 0, p = str; *p; p++) { + switch (*p) { + case ':': + count++; +-- +2.32.0 + diff --git a/SOURCES/0015-libselinux-label_x-init-drop-dead-assignment.patch b/SOURCES/0015-libselinux-label_x-init-drop-dead-assignment.patch new file mode 100644 index 0000000..0f9fadd --- /dev/null +++ b/SOURCES/0015-libselinux-label_x-init-drop-dead-assignment.patch @@ -0,0 +1,33 @@ +From 9c26043af6e4947e0e3e7fb789452da0c66e11c9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:01 +0200 +Subject: [PATCH] libselinux: label_x::init(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `lineno` is only used in the preceding loop and is always +set prior that to 0. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_x.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c +index 9674529931a7..e9fa063fafff 100644 +--- a/libselinux/src/label_x.c ++++ b/libselinux/src/label_x.c +@@ -146,7 +146,6 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, + if (process_line(path, line_buf, pass, ++lineno, rec)) + goto finish; + } +- lineno = 0; + + if (pass == 0) { + if (data->nspec == 0) { +-- +2.32.0 + diff --git a/SOURCES/0016-libselinux-label_media-init-drop-dead-assignment.patch b/SOURCES/0016-libselinux-label_media-init-drop-dead-assignment.patch new file mode 100644 index 0000000..3fd23ed --- /dev/null +++ b/SOURCES/0016-libselinux-label_media-init-drop-dead-assignment.patch @@ -0,0 +1,33 @@ +From 04335ab146d18f5865bed3516d5cbc9057a3df89 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:03 +0200 +Subject: [PATCH] libselinux: label_media::init(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `lineno` is only used in the preceding loop and it always +set prior that to 0. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_media.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c +index d202e5d5ab83..eb27deaf510e 100644 +--- a/libselinux/src/label_media.c ++++ b/libselinux/src/label_media.c +@@ -119,7 +119,6 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, + if (process_line(path, line_buf, pass, ++lineno, rec)) + goto finish; + } +- lineno = 0; + + if (pass == 0) { + if (data->nspec == 0) { +-- +2.32.0 + diff --git a/SOURCES/0017-libselinux-setexecfilecon-drop-dead-assignment.patch b/SOURCES/0017-libselinux-setexecfilecon-drop-dead-assignment.patch new file mode 100644 index 0000000..ff787d6 --- /dev/null +++ b/SOURCES/0017-libselinux-setexecfilecon-drop-dead-assignment.patch @@ -0,0 +1,33 @@ +From 411c5a54587b1459528fb8e6b66d0bebf1a5fb39 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:05 +0200 +Subject: [PATCH] libselinux: setexecfilecon(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `rc` is always unconditionally assigned by the next call of +`setexeccon()` and never read in between. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/setexecfilecon.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c +index e72ba0d98880..2c6505a96a48 100644 +--- a/libselinux/src/setexecfilecon.c ++++ b/libselinux/src/setexecfilecon.c +@@ -37,7 +37,6 @@ int setexecfilecon(const char *filename, const char *fallback_type) + newcon = strdup(context_str(con)); + if (!newcon) + goto out; +- rc = 0; + } + + rc = setexeccon(newcon); +-- +2.32.0 + diff --git a/SOURCES/0018-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch b/SOURCES/0018-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch new file mode 100644 index 0000000..eeecd9c --- /dev/null +++ b/SOURCES/0018-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch @@ -0,0 +1,51 @@ +From db69a3d3622005d3ffd62498eac8da1ded264874 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:07 +0200 +Subject: [PATCH] libselinux: getdefaultcon: free memory on multiple same + arguments +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not leak memory if program arguments get specified more than once. + +Found by clang-anlyzer. + +getdefaultcon.c:52:3: warning: Potential leak of memory pointed to by 'level' [unix.Malloc] + fprintf(stderr, + ^~~~~~~~~~~~~~~ +getdefaultcon.c:52:3: warning: Potential leak of memory pointed to by 'role' [unix.Malloc] + fprintf(stderr, + ^~~~~~~~~~~~~~~ +getdefaultcon.c:52:3: warning: Potential leak of memory pointed to by 'service' [unix.Malloc] + fprintf(stderr, + ^~~~~~~~~~~~~~~ + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/getdefaultcon.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c +index 96a5a8c23656..957c1cb2e307 100644 +--- a/libselinux/utils/getdefaultcon.c ++++ b/libselinux/utils/getdefaultcon.c +@@ -28,12 +28,15 @@ int main(int argc, char **argv) + while ((opt = getopt(argc, argv, "l:r:s:v")) > 0) { + switch (opt) { + case 'l': ++ free(level); + level = strdup(optarg); + break; + case 'r': ++ free(role); + role = strdup(optarg); + break; + case 's': ++ free(service); + service = strdup(optarg); + break; + case 'v': +-- +2.32.0 + diff --git a/SOURCES/0019-libselinux-store_stem-do-not-free-possible-non-heap-.patch b/SOURCES/0019-libselinux-store_stem-do-not-free-possible-non-heap-.patch new file mode 100644 index 0000000..e9e5446 --- /dev/null +++ b/SOURCES/0019-libselinux-store_stem-do-not-free-possible-non-heap-.patch @@ -0,0 +1,62 @@ +From 6e5d16a012e1845774da106846b87090d39ea8f3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:09 +0200 +Subject: [PATCH] libselinux: store_stem(): do not free possible non-heap + object +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC 11 complains: + +In file included from label_file.c:24: +In function ‘store_stem’, + inlined from ‘load_mmap’ at label_file.c:277:12, + inlined from ‘process_file’ at label_file.c:551:5: +label_file.h:289:25: error: ‘free’ called on pointer ‘*mmap_area.next_addr’ with nonzero offset 4 [-Werror=free-nonheap-object] + 289 | free(buf); + | ^~~~~~~~~ + +Free the pointer on failure at the caller instead of inside `store_stem()`. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.h | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h +index baed3341b6b3..9f6337012216 100644 +--- a/libselinux/src/label_file.h ++++ b/libselinux/src/label_file.h +@@ -286,7 +286,6 @@ static inline int store_stem(struct saved_data *data, char *buf, int stem_len) + tmp_arr = realloc(data->stem_arr, + sizeof(*tmp_arr) * alloc_stems); + if (!tmp_arr) { +- free(buf); + return -1; + } + data->alloc_stems = alloc_stems; +@@ -308,6 +307,7 @@ static inline int find_stem_from_spec(struct saved_data *data, const char *buf) + int stem_len = get_stem_from_spec(buf); + int stemid; + char *stem; ++ int r; + + if (!stem_len) + return -1; +@@ -321,7 +321,11 @@ static inline int find_stem_from_spec(struct saved_data *data, const char *buf) + if (!stem) + return -1; + +- return store_stem(data, stem, stem_len); ++ r = store_stem(data, stem, stem_len); ++ if (r < 0) ++ free(stem); ++ ++ return r; + } + + /* This will always check for buffer over-runs and either read the next entry +-- +2.32.0 + diff --git a/SOURCES/0020-libselinux-matchmediacon-close-file-on-error.patch b/SOURCES/0020-libselinux-matchmediacon-close-file-on-error.patch new file mode 100644 index 0000000..22c4c0c --- /dev/null +++ b/SOURCES/0020-libselinux-matchmediacon-close-file-on-error.patch @@ -0,0 +1,39 @@ +From 0280a2a70c35c5c319f82f37a685424706b03ad4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:11 +0200 +Subject: [PATCH] libselinux: matchmediacon(): close file on error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by Infer. + +matchmediacon.c:25: error: Resource Leak + resource of type `_IO_FILE` acquired to `return` by call to `fopen()` at line 21, column 16 is not released after line 25, column 4. + 23. while (!feof_unlocked(infile)) { + 24. if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { + 25. return -1; + ^ + 26. } + 27. if (current_line[strlen(current_line) - 1]) + +Signed-off-by: Christian Göttsche +--- + libselinux/src/matchmediacon.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libselinux/src/matchmediacon.c b/libselinux/src/matchmediacon.c +index 23d01af476d2..d3d9504348e1 100644 +--- a/libselinux/src/matchmediacon.c ++++ b/libselinux/src/matchmediacon.c +@@ -22,6 +22,7 @@ int matchmediacon(const char *media, char ** con) + return -1; + while (!feof_unlocked(infile)) { + if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { ++ fclose(infile); + return -1; + } + if (current_line[strlen(current_line) - 1]) +-- +2.32.0 + diff --git a/SOURCES/0021-libselinux-init_selinux_config-free-resources-on-err.patch b/SOURCES/0021-libselinux-init_selinux_config-free-resources-on-err.patch new file mode 100644 index 0000000..905d7fb --- /dev/null +++ b/SOURCES/0021-libselinux-init_selinux_config-free-resources-on-err.patch @@ -0,0 +1,53 @@ +From 9ab27e21800e8b5589eef0fa9242042567e9bc78 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:13 +0200 +Subject: [PATCH] libselinux: init_selinux_config(): free resources on error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by Infer. + +selinux_config.c:181: error: Resource Leak + resource of type `_IO_FILE` acquired by call to `fopen()` at line 165, column 7 is not released after line 181, column 6. + 179. type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1); + 180. if (!type) + 181. return; + ^ + 182. end = type + strlen(type) - 1; + 183. while ((end > type) && + +Signed-off-by: Christian Göttsche +--- + libselinux/src/selinux_config.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c +index 6c5238953cb1..97f81a8b61ce 100644 +--- a/libselinux/src/selinux_config.c ++++ b/libselinux/src/selinux_config.c +@@ -177,8 +177,11 @@ static void init_selinux_config(void) + if (!strncasecmp(buf_p, SELINUXTYPETAG, + sizeof(SELINUXTYPETAG) - 1)) { + type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1); +- if (!type) ++ if (!type) { ++ free(line_buf); ++ fclose(fp); + return; ++ } + end = type + strlen(type) - 1; + while ((end > type) && + (isspace(*end) || iscntrl(*end))) { +@@ -187,6 +190,8 @@ static void init_selinux_config(void) + } + if (setpolicytype(type) != 0) { + free(type); ++ free(line_buf); ++ fclose(fp); + return; + } + free(type); +-- +2.32.0 + diff --git a/SOURCES/0022-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch b/SOURCES/0022-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch new file mode 100644 index 0000000..7b4243c --- /dev/null +++ b/SOURCES/0022-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch @@ -0,0 +1,48 @@ +From bc0a0327ca6e47400e161f6d1e70e08cb350a36f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:15 +0200 +Subject: [PATCH] libselinux: label_file::init(): do not pass NULL to strdup +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If any of the build flags `BUILD_HOST` or `ANDROID` is set and the +caller did not pass an option of type `SELABEL_OPT_PATH`, the variable +`path` might be not set. +Add a check to avoid calling `strdup()` with a NULL pointer. + +Found by cppcheck. + +src/label_file.c:759:26: warning: Possible null pointer dereference: path [nullPointer] + rec->spec_file = strdup(path); + ^ +src/label_file.c:713:21: note: Assignment 'path=NULL', assigned value is 0 + const char *path = NULL; + ^ +src/label_file.c:759:26: note: Null pointer dereference + rec->spec_file = strdup(path); + ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index b080fcf1305b..4268b52c84cc 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -756,6 +756,10 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, + } + + #endif ++ ++ if (!path) ++ goto finish; ++ + rec->spec_file = strdup(path); + + /* +-- +2.32.0 + diff --git a/SOURCES/0023-libselinux-matchpathcon-free-memory-on-realloc-failu.patch b/SOURCES/0023-libselinux-matchpathcon-free-memory-on-realloc-failu.patch new file mode 100644 index 0000000..463fc49 --- /dev/null +++ b/SOURCES/0023-libselinux-matchpathcon-free-memory-on-realloc-failu.patch @@ -0,0 +1,80 @@ +From 65f1ccbecc30d31e66126e470d404b757eb9898e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:17 +0200 +Subject: [PATCH] libselinux: matchpathcon: free memory on realloc failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case `realloc()` fails and returns NULL, free the passed array, +instead of just setting the size helper variables to 0. + +Also free the string contents in `free_array_elts()` of the array +`con_array`, instead of just the array of pointers. + +Found by cppcheck. + +src/matchpathcon.c:86:4: error: Common realloc mistake: 'con_array' nulled but not freed upon failure [memleakOnRealloc] + con_array = (char **)realloc(con_array, sizeof(char*) * + ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/matchpathcon.c | 26 ++++++++++++++++---------- + 1 file changed, 16 insertions(+), 10 deletions(-) + +diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c +index 9e1fab593266..075a3fb3ffcb 100644 +--- a/libselinux/src/matchpathcon.c ++++ b/libselinux/src/matchpathcon.c +@@ -78,17 +78,30 @@ static pthread_once_t once = PTHREAD_ONCE_INIT; + static pthread_key_t destructor_key; + static int destructor_key_initialized = 0; + ++static void free_array_elts(void) ++{ ++ int i; ++ for (i = 0; i < con_array_used; i++) ++ free(con_array[i]); ++ free(con_array); ++ ++ con_array_size = con_array_used = 0; ++ con_array = NULL; ++} ++ + static int add_array_elt(char *con) + { ++ char **tmp; + if (con_array_size) { + while (con_array_used >= con_array_size) { + con_array_size *= 2; +- con_array = (char **)realloc(con_array, sizeof(char*) * ++ tmp = (char **)realloc(con_array, sizeof(char*) * + con_array_size); +- if (!con_array) { +- con_array_size = con_array_used = 0; ++ if (!tmp) { ++ free_array_elts(); + return -1; + } ++ con_array = tmp; + } + } else { + con_array_size = 1000; +@@ -105,13 +118,6 @@ static int add_array_elt(char *con) + return con_array_used++; + } + +-static void free_array_elts(void) +-{ +- con_array_size = con_array_used = 0; +- free(con_array); +- con_array = NULL; +-} +- + void set_matchpathcon_invalidcon(int (*f) (const char *p, unsigned l, char *c)) + { + myinvalidcon = f; +-- +2.32.0 + diff --git a/SOURCES/0024-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch b/SOURCES/0024-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch new file mode 100644 index 0000000..205b477 --- /dev/null +++ b/SOURCES/0024-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch @@ -0,0 +1,36 @@ +From e1999379dfc6d12abb9fa454ac01d4239baf361f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:19 +0200 +Subject: [PATCH] libselinux: label_db::db_init(): open file with CLOEXEC mode +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Open the file stream with the `e` flag, so that the underlying file +descriptor gets closed on an exec in a potential sibling thread. + +Also drop the flag `b`, since it is ignored on POSIX systems. + +Found by clang-tidy. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_db.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c +index fba96c92299f..94c05c6d4397 100644 +--- a/libselinux/src/label_db.c ++++ b/libselinux/src/label_db.c +@@ -277,7 +277,7 @@ db_init(const struct selinux_opt *opts, unsigned nopts, + if (!path) + path = selinux_sepgsql_context_path(); + +- if ((filp = fopen(path, "rb")) == NULL) { ++ if ((filp = fopen(path, "re")) == NULL) { + free(catalog); + return NULL; + } +-- +2.32.0 + diff --git a/SOURCES/0025-libselinux-drop-redundant-casts-to-the-same-type.patch b/SOURCES/0025-libselinux-drop-redundant-casts-to-the-same-type.patch new file mode 100644 index 0000000..b680c7b --- /dev/null +++ b/SOURCES/0025-libselinux-drop-redundant-casts-to-the-same-type.patch @@ -0,0 +1,73 @@ +From 8827610e5045b9bce7d2fe24058548f938921ccf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:22 +0200 +Subject: [PATCH] libselinux: drop redundant casts to the same type +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by clang-tidy. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/audit2why.c | 2 +- + libselinux/src/avc_sidtab.c | 2 +- + libselinux/src/is_customizable_type.c | 2 +- + libselinux/src/selinux_restorecon.c | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c +index d56b56eb2a1a..029f874f4702 100644 +--- a/libselinux/src/audit2why.c ++++ b/libselinux/src/audit2why.c +@@ -275,7 +275,7 @@ static int __policy_init(const char *init_path) + } + + sepol_bool_iterate(avc->handle, avc->policydb, +- load_booleans, (void *)NULL); ++ load_booleans, NULL); + + /* Initialize the sidtab for subsequent use by sepol_context_to_sid + and sepol_compute_av_reason. */ +diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c +index 8dc875608762..8c81cf65d2ef 100644 +--- a/libselinux/src/avc_sidtab.c ++++ b/libselinux/src/avc_sidtab.c +@@ -56,7 +56,7 @@ int sidtab_insert(struct sidtab *s, const char * ctx) + rc = -1; + goto out; + } +- newctx = (char *) strdup(ctx); ++ newctx = strdup(ctx); + if (!newctx) { + rc = -1; + avc_free(newnode); +diff --git a/libselinux/src/is_customizable_type.c b/libselinux/src/is_customizable_type.c +index 92876f4d9371..1b17860c3622 100644 +--- a/libselinux/src/is_customizable_type.c ++++ b/libselinux/src/is_customizable_type.c +@@ -38,7 +38,7 @@ static int get_customizable_type_list(char *** retlist) + while (fgets_unlocked(buf, selinux_page_size, fp) + && i < ctr) { + buf[strlen(buf) - 1] = 0; +- list[i] = (char *) strdup(buf); ++ list[i] = strdup(buf); + if (!list[i]) { + unsigned int j; + for (j = 0; j < i; j++) +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 6fb9e1ff486d..999aa924ba32 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -1152,7 +1152,7 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl) + unsigned char *fc_digest; + size_t num_specfiles, fc_digest_len; + +- fc_sehandle = (struct selabel_handle *) hndl; ++ fc_sehandle = hndl; + if (!fc_sehandle) + return; + +-- +2.32.0 + diff --git a/SOURCES/0026-libselinux-sidtab_sid_stats-unify-parameter-name.patch b/SOURCES/0026-libselinux-sidtab_sid_stats-unify-parameter-name.patch new file mode 100644 index 0000000..9ba272e --- /dev/null +++ b/SOURCES/0026-libselinux-sidtab_sid_stats-unify-parameter-name.patch @@ -0,0 +1,60 @@ +From b1a4603c9208982e33291fe6dc5aa78148762530 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:24 +0200 +Subject: [PATCH] libselinux: sidtab_sid_stats(): unify parameter name +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by clang-tidy. + +libselinux/src/avc_sidtab.h:32:6: warning: function 'sidtab_sid_stats' has a definition with different parameter names [readability-inconsistent-declaration-parameter-name] +void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) ; + ^ +libselinux/src/avc_sidtab.c:103:6: note: the definition seen here +void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) + ^ +libselinux/src/avc_sidtab.h:32:6: note: differing parameters are named here: ('s'), in definition: ('h') +void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) ; + ^ ~ + h + +Signed-off-by: Christian Göttsche +--- + libselinux/src/avc_sidtab.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c +index 8c81cf65d2ef..f179d8558a45 100644 +--- a/libselinux/src/avc_sidtab.c ++++ b/libselinux/src/avc_sidtab.c +@@ -100,7 +100,7 @@ sidtab_context_to_sid(struct sidtab *s, + return rc; + } + +-void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) ++void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) + { + int i, chain_len, slots_used, max_chain_len; + struct sidtab_node *cur; +@@ -108,7 +108,7 @@ void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) + slots_used = 0; + max_chain_len = 0; + for (i = 0; i < SIDTAB_SIZE; i++) { +- cur = h->htable[i]; ++ cur = s->htable[i]; + if (cur) { + slots_used++; + chain_len = 0; +@@ -124,7 +124,7 @@ void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) + + snprintf(buf, buflen, + "%s: %u SID entries and %d/%d buckets used, longest " +- "chain length %d\n", avc_prefix, h->nel, slots_used, ++ "chain length %d\n", avc_prefix, s->nel, slots_used, + SIDTAB_SIZE, max_chain_len); + } + +-- +2.32.0 + diff --git a/SOURCES/0027-libselinux-regex-unify-parameter-names.patch b/SOURCES/0027-libselinux-regex-unify-parameter-names.patch new file mode 100644 index 0000000..5781ab6 --- /dev/null +++ b/SOURCES/0027-libselinux-regex-unify-parameter-names.patch @@ -0,0 +1,42 @@ +From e057080fcc148b3b1fc613c100340c325bde6c7e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:26 +0200 +Subject: [PATCH] libselinux: regex: unify parameter names +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use the same parameter names as in the header `regex.h`. + +Found by clang-tidy. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/regex.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c +index 770bc3ea1310..73987d9f1063 100644 +--- a/libselinux/src/regex.c ++++ b/libselinux/src/regex.c +@@ -319,7 +319,7 @@ char const *regex_version(void) + } + + int regex_load_mmap(struct mmap_area *mmap_area, struct regex_data **regex, +- int unused __attribute__((unused)), bool *regex_compiled) ++ int do_load_precompregex __attribute__((unused)), bool *regex_compiled) + { + int rc; + uint32_t entry_len; +@@ -387,7 +387,7 @@ static inline pcre_extra *get_pcre_extra(struct regex_data *regex) + } + + int regex_writef(struct regex_data *regex, FILE *fp, +- int unused __attribute__((unused))) ++ int do_write_precompregex __attribute__((unused))) + { + int rc; + size_t len; +-- +2.32.0 + diff --git a/SOURCES/0028-libselinux-label_file.c-fix-indent.patch b/SOURCES/0028-libselinux-label_file.c-fix-indent.patch new file mode 100644 index 0000000..f072b85 --- /dev/null +++ b/SOURCES/0028-libselinux-label_file.c-fix-indent.patch @@ -0,0 +1,35 @@ +From 2657e3ccbd01f09ea4c637c2d8cf23646507475a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:31 +0200 +Subject: [PATCH] libselinux: label_file.c: fix indent +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by clang-tidy. + +libselinux/src/label_file.c:374:4: warning: different indentation for 'if' and corresponding 'else' [readability-misleading-indentation] + else + ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index 4268b52c84cc..56f499faef97 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -371,7 +371,7 @@ end_arch_check: + + if (stem_id < 0 || stem_id >= (int32_t)stem_map_len) + spec->stem_id = -1; +- else ++ else + spec->stem_id = stem_map[stem_id]; + + /* retrieve the hasMetaChars bit */ +-- +2.32.0 + diff --git a/SOURCES/0029-libselinux-avc_destroy-3-closes-status-page.patch b/SOURCES/0029-libselinux-avc_destroy-3-closes-status-page.patch new file mode 100644 index 0000000..1142019 --- /dev/null +++ b/SOURCES/0029-libselinux-avc_destroy-3-closes-status-page.patch @@ -0,0 +1,34 @@ +From a2304cef5780d72ef0eb927b799337982c599ca9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 10 May 2021 12:56:46 +0200 +Subject: [PATCH] libselinux: avc_destroy(3) closes status page +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Mention in the manpage of avc_destroy(3) that it does close the SELinux +status page, which might have been opened manually by the client +application. + +Signed-off-by: Christian Göttsche +--- + libselinux/man/man3/avc_open.3 | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libselinux/man/man3/avc_open.3 b/libselinux/man/man3/avc_open.3 +index 3090dd5077c7..55683bb6594b 100644 +--- a/libselinux/man/man3/avc_open.3 ++++ b/libselinux/man/man3/avc_open.3 +@@ -26,6 +26,9 @@ initializes the userspace AVC and must be called before any other AVC operation + destroys the userspace AVC, freeing all internal memory structures. After this call has been made, + .BR avc_open () + must be called again before any AVC operations can be performed. ++.BR avc_destroy () ++also closes the SELinux status page, which might have been opened manually by ++.BR selinux_status_open (3). + + .BR avc_reset () + flushes the userspace AVC, causing it to forget any cached access decisions. The userspace AVC normally calls this function automatically when needed, see +-- +2.32.0 + diff --git a/SOURCES/0030-libselinux-make-selinux_status_open-3-reentrant.patch b/SOURCES/0030-libselinux-make-selinux_status_open-3-reentrant.patch new file mode 100644 index 0000000..953b991 --- /dev/null +++ b/SOURCES/0030-libselinux-make-selinux_status_open-3-reentrant.patch @@ -0,0 +1,39 @@ +From c5a699046f4a08a554d2da9121924fc80bf27cba Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 10 May 2021 12:56:47 +0200 +Subject: [PATCH] libselinux: make selinux_status_open(3) reentrant +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not mmap the status page again if `selinux_status_open(3)` has already +been called with success. + +`selinux_status_open(3)` might be called unintentionally multiple times, +e.g. once to manually be able to call `selinux_status_getenforce(3)` and +once indirectly through `selinux_check_access(3)` +(since libselinux 3.2). + +Signed-off-by: Christian Göttsche +--- + libselinux/src/sestatus.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c +index 12b015e088ea..531a522c0f48 100644 +--- a/libselinux/src/sestatus.c ++++ b/libselinux/src/sestatus.c +@@ -282,6 +282,10 @@ int selinux_status_open(int fallback) + long pagesize; + uint32_t seqno; + ++ if (selinux_status != NULL) { ++ return 0; ++ } ++ + if (!selinux_mnt) { + errno = ENOENT; + return -1; +-- +2.32.0 + diff --git a/SOURCES/0031-libselinux-do-not-use-status-page-fallback-mode-inte.patch b/SOURCES/0031-libselinux-do-not-use-status-page-fallback-mode-inte.patch new file mode 100644 index 0000000..a952d93 --- /dev/null +++ b/SOURCES/0031-libselinux-do-not-use-status-page-fallback-mode-inte.patch @@ -0,0 +1,49 @@ +From 3cef4110bee88ac81dfb5e62c2a8b7902248abba Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 10 May 2021 12:56:48 +0200 +Subject: [PATCH] libselinux: do not use status page fallback mode internally +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Currently `avc_init_internal()`, called by `avc_open(3)` and +`avc_init(3)`, does open the SELinux status page with fallback mode +enabled. + +Quote from man:selinux_status_open(3): + In this case, this function tries to open a netlink socket using + .BR avc_netlink_open (3) and overwrite corresponding callbacks + (setenforce and policyload). Thus, we need to pay attention to the + interaction with these interfaces, when fallback mode is enabled. + +Calling `selinux_status_open` internally in fallback mode is bad, cause +it overrides callbacks from client applications or the internal +fallback-callbacks get overridden by client applications. +Note that `avc_open(3)` gets called under the hood by +`selinux_check_access(3)` without checking for failure. +Also the status page is available since Linux 2.6.37, so failures of +`selinux_status_open(3)` in non-fallback mode should only be caused by +policies not allowing the client process to open/read/map +the /sys/fs/selinux/status file. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/avc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c +index 8314d7ba3de6..daaedbc6a6fd 100644 +--- a/libselinux/src/avc.c ++++ b/libselinux/src/avc.c +@@ -214,7 +214,7 @@ static int avc_init_internal(const char *prefix, + avc_enforcing = rc; + } + +- rc = selinux_status_open(1); ++ rc = selinux_status_open(0); + if (rc < 0) { + avc_log(SELINUX_ERROR, + "%s: could not open selinux status page: %d (%s)\n", +-- +2.32.0 + diff --git a/SOURCES/0032-libselinux-selinux_status_open-return-1-in-fallback-.patch b/SOURCES/0032-libselinux-selinux_status_open-return-1-in-fallback-.patch new file mode 100644 index 0000000..00ade44 --- /dev/null +++ b/SOURCES/0032-libselinux-selinux_status_open-return-1-in-fallback-.patch @@ -0,0 +1,36 @@ +From ed2e4db2f9941e01e65248ce5f0a9e49f3efd130 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 1 Jun 2021 17:05:23 +0200 +Subject: [PATCH] libselinux: selinux_status_open: return 1 in fallback mode +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case of a recurring call to `selinux_status_open(3)`, which +previously has been opened in fallback mode, return `1` according to its +documentation. + +Fixes: c5a699046f4 ("libselinux: make selinux_status_open(3) reentrant") + +Signed-off-by: Christian Göttsche +Acked-by: Petr Lautrbach +--- + libselinux/src/sestatus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c +index 531a522c0f48..89c1f6216702 100644 +--- a/libselinux/src/sestatus.c ++++ b/libselinux/src/sestatus.c +@@ -283,7 +283,7 @@ int selinux_status_open(int fallback) + uint32_t seqno; + + if (selinux_status != NULL) { +- return 0; ++ return (selinux_status == MAP_FAILED) ? 1 : 0; + } + + if (!selinux_mnt) { +-- +2.32.0 + diff --git a/SOURCES/0033-libselinux-improve-getcon-3-man-page.patch b/SOURCES/0033-libselinux-improve-getcon-3-man-page.patch new file mode 100644 index 0000000..c1b4851 --- /dev/null +++ b/SOURCES/0033-libselinux-improve-getcon-3-man-page.patch @@ -0,0 +1,118 @@ +From ea02e0acfaab93219359448a66edff365aef4ca5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 1 Jun 2021 17:35:09 +0200 +Subject: [PATCH] libselinux: improve getcon(3) man page +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Improve formatting of section DESCRIPTION by adding list points. +Mention errno is set on failure. +Mention the returned context might be NULL if SELinux is not enabled. +Align setcon/_raw parameter by adding const. + +Signed-off-by: Christian Göttsche +Acked-by: Petr Lautrbach +--- + libselinux/man/man3/getcon.3 | 41 +++++++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 12 deletions(-) + +diff --git a/libselinux/man/man3/getcon.3 b/libselinux/man/man3/getcon.3 +index 67872a4dede6..e7e394f305b7 100644 +--- a/libselinux/man/man3/getcon.3 ++++ b/libselinux/man/man3/getcon.3 +@@ -7,7 +7,7 @@ freecon, freeconary \- free memory associated with SELinux security contexts + getpeercon \- get security context of a peer socket + + setcon \- set current security context of a process +-. ++ + .SH "SYNOPSIS" + .B #include + .sp +@@ -31,30 +31,39 @@ setcon \- set current security context of a process + .sp + .BI "void freeconary(char **" con ); + .sp +-.BI "int setcon(char *" context ); ++.BI "int setcon(const char *" context ); + .sp +-.BI "int setcon_raw(char *" context ); +-. ++.BI "int setcon_raw(const char *" context ); ++ + .SH "DESCRIPTION" ++.TP + .BR getcon () + retrieves the context of the current process, which must be free'd with +-freecon. ++.BR freecon (). + ++.TP + .BR getprevcon () + same as getcon but gets the context before the last exec. + ++.TP + .BR getpidcon () +-returns the process context for the specified PID. ++returns the process context for the specified PID, which must be free'd with ++.BR freecon (). + ++.TP + .BR getpeercon () +-retrieves context of peer socket, and set +-.BI * context +-to refer to it, which must be free'd with ++retrieves the context of the peer socket, which must be free'd with + .BR freecon (). + ++.TP + .BR freecon () + frees the memory allocated for a security context. + ++If ++.I con ++is NULL, no operation is performed. ++ ++.TP + .BR freeconary () + frees the memory allocated for a context array. + +@@ -62,6 +71,7 @@ If + .I con + is NULL, no operation is performed. + ++.TP + .BR setcon () + sets the current security context of the process to a new value. Note + that use of this function requires that the entire application be +@@ -110,6 +120,8 @@ context and the + .BR setcon () + will fail if it is not allowed by policy. + ++.TP ++.BR *_raw() + .BR getcon_raw (), + .BR getprevcon_raw (), + .BR getpidcon_raw (), +@@ -118,9 +130,14 @@ and + .BR setcon_raw () + behave identically to their non-raw counterparts but do not perform context + translation. +-. ++ + .SH "RETURN VALUE" +-On error \-1 is returned. On success 0 is returned. +-. ++On error \-1 is returned with errno set. On success 0 is returned. ++ ++.SH "NOTES" ++The retrieval functions might return success and set ++.I *context ++to NULL if and only if SELinux is not enabled. ++ + .SH "SEE ALSO" + .BR selinux "(8), " setexeccon "(3)" +-- +2.32.0 + diff --git a/SOURCES/0034-libselinux-fix-typo.patch b/SOURCES/0034-libselinux-fix-typo.patch new file mode 100644 index 0000000..3d9d604 --- /dev/null +++ b/SOURCES/0034-libselinux-fix-typo.patch @@ -0,0 +1,30 @@ +From fa4de3c9d85a310248bae516ed4535773885845b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 8 Jun 2021 17:36:44 +0200 +Subject: [PATCH] libselinux: fix typo +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche +Acked-by: Petr Lautrbach +--- + libselinux/src/regex.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/regex.h b/libselinux/src/regex.h +index 10c3df7856e1..2dfa25342034 100644 +--- a/libselinux/src/regex.h ++++ b/libselinux/src/regex.h +@@ -44,7 +44,7 @@ struct mmap_area; + char const *regex_arch_string(void) ; + + /** +- * regex_verison returns the version string of the underlying regular ++ * regex_version returns the version string of the underlying regular + * regular expressions library. In the case of PCRE it just returns the + * result of pcre_version(). In the case of PCRE2, the very first time this + * function is called it allocates a buffer large enough to hold the version +-- +2.32.0 + diff --git a/SOURCES/0035-selinux.8-document-how-mount-flag-nosuid-affects-SEL.patch b/SOURCES/0035-selinux.8-document-how-mount-flag-nosuid-affects-SEL.patch new file mode 100644 index 0000000..fdaabab --- /dev/null +++ b/SOURCES/0035-selinux.8-document-how-mount-flag-nosuid-affects-SEL.patch @@ -0,0 +1,34 @@ +From 70b31e75fe157f4cfa5afc6589c0605868017028 Mon Sep 17 00:00:00 2001 +From: Topi Miettinen +Date: Sat, 12 Jun 2021 12:07:38 +0300 +Subject: [PATCH] selinux.8: document how mount flag nosuid affects SELinux + +Using mount flag `nosuid` also affects SELinux domain transitions but +this has not been documented well. + +Signed-off-by: Topi Miettinen +--- + libselinux/man/man8/selinux.8 | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 +index 0ef014609a36..5842150bfc72 100644 +--- a/libselinux/man/man8/selinux.8 ++++ b/libselinux/man/man8/selinux.8 +@@ -94,6 +94,13 @@ and reboot. + also has this capability. The + .BR restorecon / fixfiles + commands are also available for relabeling files. ++ ++Please note that using mount flag ++.I nosuid ++also disables SELinux domain transitions, unless permission ++.I nosuid_transition ++is used in the policy to allow this, which in turn needs also policy capability ++.IR nnp_nosuid_transition . + . + .SH AUTHOR + This manual page was written by Dan Walsh . +-- +2.32.0 + diff --git a/SOURCES/0036-libselinux-utils-getseuser.c-fix-build-with-gcc-4.8.patch b/SOURCES/0036-libselinux-utils-getseuser.c-fix-build-with-gcc-4.8.patch new file mode 100644 index 0000000..2953a46 --- /dev/null +++ b/SOURCES/0036-libselinux-utils-getseuser.c-fix-build-with-gcc-4.8.patch @@ -0,0 +1,46 @@ +From 4859b738136ef8889fbb71a166cfec8d313ba4e0 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Thu, 1 Jul 2021 19:06:19 +0200 +Subject: [PATCH] libselinux/utils/getseuser.c: fix build with gcc 4.8 + +Fix the following build failure with gcc 4.8 which is raised since +version 3.2 and +https://github.com/SELinuxProject/selinux/commit/156dd0de5cad31e7d437c64e11a8aef027f0a691 + +getseuser.c:53:2: error: 'for' loop initial declarations are only allowed in C99 mode + for (int i = 0; i < n; i++) + ^ + +Fixes: + - http://autobuild.buildroot.org/results/37eb0952a763256fbf6ef3c668f6c95fbdf2dd35 + +Signed-off-by: Fabrice Fontaine +--- + libselinux/utils/getseuser.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libselinux/utils/getseuser.c b/libselinux/utils/getseuser.c +index ce1b7b27dbd9..34f2e887ffa0 100644 +--- a/libselinux/utils/getseuser.c ++++ b/libselinux/utils/getseuser.c +@@ -9,7 +9,7 @@ int main(int argc, char **argv) + { + char *seuser = NULL, *level = NULL; + char **contextlist; +- int rc, n; ++ int rc, n, i; + + if (argc != 3) { + fprintf(stderr, "usage: %s linuxuser fromcon\n", argv[0]); +@@ -50,7 +50,7 @@ int main(int argc, char **argv) + if (n == 0) + printf("no valid context found\n"); + +- for (int i = 0; i < n; i++) ++ for (i = 0; i < n; i++) + printf("Context %d\t%s\n", i, contextlist[i]); + + freeconary(contextlist); +-- +2.32.0 + diff --git a/SOURCES/0037-libselinux-silence-Wextra-semi-stmt-warning.patch b/SOURCES/0037-libselinux-silence-Wextra-semi-stmt-warning.patch new file mode 100644 index 0000000..bf958ac --- /dev/null +++ b/SOURCES/0037-libselinux-silence-Wextra-semi-stmt-warning.patch @@ -0,0 +1,191 @@ +From 40543dceedc1510d0d27177f564db0f232689803 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Sat, 3 Jul 2021 16:31:18 +0200 +Subject: [PATCH] libselinux: silence -Wextra-semi-stmt warning + +On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt +(which is not the default build configuration), the compiler reports: + + sha1.c:90:21: error: empty expression statement has no effect; + remove unnecessary ';' to silence this warning + [-Werror,-Wextra-semi-stmt] + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + ^ + In file included from selinux_restorecon.c:39: + ./label_file.h:458:15: error: empty expression statement has no + effect; remove unnecessary ';' to silence this warning + [-Werror,-Wextra-semi-stmt] + lineno); + ^ + +Introduce "do { } while (0)" blocks to silence such warnings. + +Signed-off-by: Nicolas Iooss +--- + libselinux/src/avc_internal.h | 22 +++++++++++++------- + libselinux/src/label_internal.h | 10 +++++---- + libselinux/src/load_policy.c | 2 +- + libselinux/src/procattr.c | 4 ++-- + libselinux/src/sha1.c | 11 +++++----- + libselinux/utils/matchpathcon.c | 2 +- + libselinux/utils/selabel_lookup_best_match.c | 2 +- + 7 files changed, 31 insertions(+), 22 deletions(-) + +diff --git a/libselinux/src/avc_internal.h b/libselinux/src/avc_internal.h +index da67affc9307..a9a4aa0b3c42 100644 +--- a/libselinux/src/avc_internal.h ++++ b/libselinux/src/avc_internal.h +@@ -85,10 +85,12 @@ static inline void avc_free(void *ptr) + + /* this is a macro in order to use the variadic capability. */ + #define avc_log(type, format...) \ +- if (avc_func_log) \ +- avc_func_log(format); \ +- else \ +- selinux_log(type, format); ++ do { \ ++ if (avc_func_log) \ ++ avc_func_log(format); \ ++ else \ ++ selinux_log(type, format); \ ++ } while (0) + + static inline void avc_suppl_audit(void *ptr, security_class_t class, + char *buf, size_t len) +@@ -137,14 +139,18 @@ static inline void avc_free_lock(void *lock) + #ifdef AVC_CACHE_STATS + + #define avc_cache_stats_incr(field) \ +- cache_stats.field ++; ++ do { \ ++ cache_stats.field ++; \ ++ } while (0) + #define avc_cache_stats_add(field, num) \ +- cache_stats.field += num; ++ do { \ ++ cache_stats.field += num; \ ++ } while (0) + + #else + +-#define avc_cache_stats_incr(field) +-#define avc_cache_stats_add(field, num) ++#define avc_cache_stats_incr(field) do {} while (0) ++#define avc_cache_stats_add(field, num) do {} while (0) + + #endif + +diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h +index 361b443cb9c4..782c6aa8cc0c 100644 +--- a/libselinux/src/label_internal.h ++++ b/libselinux/src/label_internal.h +@@ -128,10 +128,12 @@ extern int myprintf_compat; + extern void __attribute__ ((format(printf, 1, 2))) + (*myprintf) (const char *fmt, ...) ; + +-#define COMPAT_LOG(type, fmt...) if (myprintf_compat) \ +- myprintf(fmt); \ +- else \ +- selinux_log(type, fmt); ++#define COMPAT_LOG(type, fmt...) do { \ ++ if (myprintf_compat) \ ++ myprintf(fmt); \ ++ else \ ++ selinux_log(type, fmt); \ ++ } while (0) + + extern int + compat_validate(struct selabel_handle *rec, +diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c +index 0034fa53d6e6..5857b821e80e 100644 +--- a/libselinux/src/load_policy.c ++++ b/libselinux/src/load_policy.c +@@ -80,7 +80,7 @@ int selinux_mkload_policy(int preservebools __attribute__((unused))) + if (libsepolh) { + usesepol = 1; + dlerror(); +-#define DLERR() if ((errormsg = dlerror())) goto dlclose; ++#define DLERR() do { if ((errormsg = dlerror())) goto dlclose; } while (0) + vers_max = dlsym(libsepolh, "sepol_policy_kern_vers_max"); + DLERR(); + vers_min = dlsym(libsepolh, "sepol_policy_kern_vers_min"); +diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c +index 840570525f5f..6552ee01bca8 100644 +--- a/libselinux/src/procattr.c ++++ b/libselinux/src/procattr.c +@@ -146,7 +146,7 @@ static int getprocattrcon_raw(char ** context, + default: + errno = ENOENT; + return -1; +- }; ++ } + + if (prev_context && prev_context != UNSET) { + *context = strdup(prev_context); +@@ -240,7 +240,7 @@ static int setprocattrcon_raw(const char * context, + default: + errno = ENOENT; + return -1; +- }; ++ } + + if (!context && !*prev_context) + return 0; +diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c +index 664bbcf26eef..a848467785f3 100644 +--- a/libselinux/src/sha1.c ++++ b/libselinux/src/sha1.c +@@ -16,6 +16,7 @@ + // sha1.c:73:33: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'CHAR64LONG16 *' increases required alignment from 1 to 4 [-Werror,-Wcast-align] + // CHAR64LONG16* block = (CHAR64LONG16*) workspace; + // William Roberts ++// - Silence clang's -Wextra-semi-stmt warning - July 2021, Nicolas Iooss + /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + + /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +@@ -49,11 +50,11 @@ typedef union + ^block->l[(i+2)&15]^block->l[i&15],1)) + + // (R0+R1), R2, R3, R4 are the different operations used in SHA1 +-#define R0(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk0(i)+ 0x5A827999 + rol(v,5); w=rol(w,30); +-#define R1(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk(i) + 0x5A827999 + rol(v,5); w=rol(w,30); +-#define R2(v,w,x,y,z,i) z += (w^x^y) + blk(i) + 0x6ED9EBA1 + rol(v,5); w=rol(w,30); +-#define R3(v,w,x,y,z,i) z += (((w|x)&y)|(w&x)) + blk(i) + 0x8F1BBCDC + rol(v,5); w=rol(w,30); +-#define R4(v,w,x,y,z,i) z += (w^x^y) + blk(i) + 0xCA62C1D6 + rol(v,5); w=rol(w,30); ++#define R0(v,w,x,y,z,i) do { z += ((w&(x^y))^y) + blk0(i)+ 0x5A827999 + rol(v,5); w=rol(w,30); } while (0) ++#define R1(v,w,x,y,z,i) do { z += ((w&(x^y))^y) + blk(i) + 0x5A827999 + rol(v,5); w=rol(w,30); } while (0) ++#define R2(v,w,x,y,z,i) do { z += (w^x^y) + blk(i) + 0x6ED9EBA1 + rol(v,5); w=rol(w,30); } while (0) ++#define R3(v,w,x,y,z,i) do { z += (((w|x)&y)|(w&x)) + blk(i) + 0x8F1BBCDC + rol(v,5); w=rol(w,30); } while (0) ++#define R4(v,w,x,y,z,i) do { z += (w^x^y) + blk(i) + 0xCA62C1D6 + rol(v,5); w=rol(w,30); } while (0) + + + /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +diff --git a/libselinux/utils/matchpathcon.c b/libselinux/utils/matchpathcon.c +index a07e160dee71..1d713c01f81c 100644 +--- a/libselinux/utils/matchpathcon.c ++++ b/libselinux/utils/matchpathcon.c +@@ -65,7 +65,7 @@ static mode_t string_to_mode(char *s) + return S_IFREG; + default: + return -1; +- }; ++ } + return -1; + } + +diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c +index 6a7174233667..2cddc6cde051 100644 +--- a/libselinux/utils/selabel_lookup_best_match.c ++++ b/libselinux/utils/selabel_lookup_best_match.c +@@ -47,7 +47,7 @@ static mode_t string_to_mode(char *s) + return S_IFSOCK; + case 'f': + return S_IFREG; +- }; ++ } + return 0; + } + +-- +2.32.0 + diff --git a/SOURCES/0038-sha1-sha256.patch b/SOURCES/0038-sha1-sha256.patch new file mode 100644 index 0000000..b49047f --- /dev/null +++ b/SOURCES/0038-sha1-sha256.patch @@ -0,0 +1,1333 @@ +From 697f19f787686e423f7e92ccbbdf29fb486791f0 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Fri, 30 Jul 2021 11:58:33 +0200 +Subject: [PATCH] Use SHA-2 instead of SHA-1 + +The use of SHA-1 in RHEL9 is deprecated +--- + libselinux/include/selinux/label.h | 6 +- + libselinux/include/selinux/restorecon.h | 4 +- + libselinux/man/man3/selabel_digest.3 | 4 +- + libselinux/man/man3/selabel_open.3 | 2 +- + libselinux/man/man3/selinux_restorecon.3 | 16 +- + .../man/man3/selinux_restorecon_xattr.3 | 2 +- + libselinux/src/Makefile | 2 +- + libselinux/src/label_file.c | 40 +-- + libselinux/src/label_internal.h | 10 +- + libselinux/src/label_support.c | 8 +- + libselinux/src/selinux_restorecon.c | 24 +- + libselinux/src/sha1.c | 220 ------------- + libselinux/src/sha1.h | 85 ----- + libselinux/src/sha256.c | 294 ++++++++++++++++++ + libselinux/src/sha256.h | 89 ++++++ + libselinux/utils/selabel_digest.c | 26 +- + .../selabel_get_digests_all_partial_matches.c | 28 +- + 17 files changed, 469 insertions(+), 391 deletions(-) + delete mode 100644 libselinux/src/sha1.c + delete mode 100644 libselinux/src/sha1.h + create mode 100644 libselinux/src/sha256.c + create mode 100644 libselinux/src/sha256.h + +diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h +index e8983606d93b..a35d84d63b0a 100644 +--- a/libselinux/include/selinux/label.h ++++ b/libselinux/include/selinux/label.h +@@ -120,13 +120,13 @@ extern int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con, + const char *key, const char **aliases, int type); + + /** +- * selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to ++ * selabel_digest - Retrieve the SHA256 digest and the list of specfiles used to + * generate the digest. The SELABEL_OPT_DIGEST option must + * be set in selabel_open() to initiate the digest generation. + * @handle: specifies backend instance to query +- * @digest: returns a pointer to the SHA1 digest. ++ * @digest: returns a pointer to the SHA256 digest. + * @digest_len: returns length of digest in bytes. +- * @specfiles: a list of specfiles used in the SHA1 digest generation. ++ * @specfiles: a list of specfiles used in the SHA256 digest generation. + * The list is NULL terminated and will hold @num_specfiles entries. + * @num_specfiles: number of specfiles in the list. + * +diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h +index 466de39aac72..ca8ce768587a 100644 +--- a/libselinux/include/selinux/restorecon.h ++++ b/libselinux/include/selinux/restorecon.h +@@ -27,8 +27,8 @@ extern int selinux_restorecon(const char *pathname, + * restorecon_flags options + */ + /* +- * Force the checking of labels even if the stored SHA1 digest +- * matches the specfiles SHA1 digest (requires CAP_SYS_ADMIN). ++ * Force the checking of labels even if the stored SHA256 digest ++ * matches the specfiles SHA256 digest (requires CAP_SYS_ADMIN). + */ + #define SELINUX_RESTORECON_IGNORE_DIGEST 0x00001 + /* +diff --git a/libselinux/man/man3/selabel_digest.3 b/libselinux/man/man3/selabel_digest.3 +index 56a008f00df0..5f7c42533d0e 100644 +--- a/libselinux/man/man3/selabel_digest.3 ++++ b/libselinux/man/man3/selabel_digest.3 +@@ -20,11 +20,11 @@ selabel_digest \- Return digest of specfiles and list of files used + .BR selabel_digest () + performs an operation on the handle + .IR hnd , +-returning the results of the SHA1 digest pointed to by ++returning the results of the SHA256 digest pointed to by + .IR digest , + whose length will be + .IR digest_len . +-The list of specfiles used in the SHA1 digest calculation is returned in ++The list of specfiles used in the SHA256 digest calculation is returned in + .I specfiles + with the number of entries in + .IR num_specfiles . +diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3 +index 971ebc1acd41..2cf2eb8a1410 100644 +--- a/libselinux/man/man3/selabel_open.3 ++++ b/libselinux/man/man3/selabel_open.3 +@@ -69,7 +69,7 @@ is used; a custom validation function can be provided via + Note that an invalid context may not be treated as an error unless it is actually encountered during a lookup operation. + .TP + .B SELABEL_OPT_DIGEST +-A non-null value for this option enables the generation of an SHA1 digest of ++A non-null value for this option enables the generation of an SHA256 digest of + the spec files loaded as described in + .BR selabel_digest (3) + . +diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3 +index ad637406a30d..c4576fe79ff6 100644 +--- a/libselinux/man/man3/selinux_restorecon.3 ++++ b/libselinux/man/man3/selinux_restorecon.3 +@@ -28,7 +28,7 @@ If this is a directory and the + .B SELINUX_RESTORECON_RECURSE + has been set (for descending through directories), then + .BR selinux_restorecon () +-will write an SHA1 digest of specfile entries calculated by ++will write an SHA256 digest of specfile entries calculated by + .BR selabel_get_digests_all_partial_matches (3) + to an extended attribute of + .IR security.sehash +@@ -47,7 +47,7 @@ will take place. + .br + The + .IR restorecon_flags +-that can be used to manage the usage of the SHA1 digest are: ++that can be used to manage the usage of the SHA256 digest are: + .RS + .B SELINUX_RESTORECON_SKIP_DIGEST + .br +@@ -65,8 +65,8 @@ Do not check or update any extended attribute + entries. + .sp + .B SELINUX_RESTORECON_IGNORE_DIGEST +-force the checking of labels even if the stored SHA1 digest matches the +-specfile entries SHA1 digest. The specfile entries digest will be written to the ++force the checking of labels even if the stored SHA256 digest matches the ++specfile entries SHA256 digest. The specfile entries digest will be written to the + .IR security.sehash + extended attribute once relabeling has been completed successfully provided the + .B SELINUX_RESTORECON_NOCHANGE +@@ -84,7 +84,7 @@ default specfile context. + .sp + .B SELINUX_RESTORECON_RECURSE + change file and directory labels recursively (descend directories) +-and if successful write an SHA1 digest of the specfile entries to an ++and if successful write an SHA256 digest of the specfile entries to an + extended attribute as described in the + .B NOTES + section. +@@ -158,7 +158,7 @@ to treat conflicting specifications, such as where two hardlinks for the + same inode have different contexts, as errors. + .RE + .sp +-The behavior regarding the checking and updating of the SHA1 digest described ++The behavior regarding the checking and updating of the SHA256 digest described + above is the default behavior. It is possible to change this by first calling + .BR selabel_open (3) + and not enabling the +@@ -200,7 +200,7 @@ To improve performance when relabeling file systems recursively (e.g. the + .B SELINUX_RESTORECON_RECURSE + flag is set) + .BR selinux_restorecon () +-will write a calculated SHA1 digest of the specfile entries returned by ++will write a calculated SHA256 digest of the specfile entries returned by + .BR selabel_get_digests_all_partial_matches (3) + to an extended attribute named + .IR security.sehash +@@ -222,7 +222,7 @@ Should any of the specfile entries have changed, then when + .BR selinux_restorecon () + is run again with the + .B SELINUX_RESTORECON_RECURSE +-flag set, new SHA1 digests will be calculated and all files automatically ++flag set, new SHA256 digests will be calculated and all files automatically + relabeled depending on the settings of the + .B SELINUX_RESTORECON_SET_SPECFILE_CTX + flag (provided +diff --git a/libselinux/man/man3/selinux_restorecon_xattr.3 b/libselinux/man/man3/selinux_restorecon_xattr.3 +index c56326814b94..098c840fc59b 100644 +--- a/libselinux/man/man3/selinux_restorecon_xattr.3 ++++ b/libselinux/man/man3/selinux_restorecon_xattr.3 +@@ -119,7 +119,7 @@ By default + .BR selinux_restorecon_xattr (3) + will use the default set of specfiles described in + .BR files_contexts (5) +-to calculate the SHA1 digests to be used for comparison. ++to calculate the SHA256 digests to be used for comparison. + To change this default behavior + .BR selabel_open (3) + must be called specifying the required +diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile +index 52c40f018f51..674a5ed3a6f8 100644 +--- a/libselinux/src/Makefile ++++ b/libselinux/src/Makefile +@@ -120,7 +120,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \ + -DBUILD_HOST + SRCS= callbacks.c freecon.c label.c label_file.c \ + label_backends_android.c regex.c label_support.c \ +- matchpathcon.c setrans_client.c sha1.c booleans.c ++ matchpathcon.c setrans_client.c sha256.c booleans.c + else + LABEL_BACKEND_ANDROID=y + endif +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index 56f499faef97..db5d7553aab2 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -1002,7 +1002,7 @@ static struct spec *lookup_common(struct selabel_handle *rec, + + /* + * Returns true if the digest of all partial matched contexts is the same as +- * the one saved by setxattr, otherwise returns false. The length of the SHA1 ++ * the one saved by setxattr, otherwise returns false. The length of the SHA256 + * digest will always be returned. The caller must free any returned digests. + */ + static bool get_digests_all_partial_matches(struct selabel_handle *rec, +@@ -1011,39 +1011,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec, + uint8_t **xattr_digest, + size_t *digest_len) + { +- uint8_t read_digest[SHA1_HASH_SIZE]; ++ uint8_t read_digest[SHA256_HASH_SIZE]; + ssize_t read_size = getxattr(pathname, RESTORECON_PARTIAL_MATCH_DIGEST, +- read_digest, SHA1_HASH_SIZE ++ read_digest, SHA256_HASH_SIZE + #ifdef __APPLE__ + , 0, 0 + #endif /* __APPLE __ */ + ); +- uint8_t hash_digest[SHA1_HASH_SIZE]; ++ uint8_t hash_digest[SHA256_HASH_SIZE]; + bool status = selabel_hash_all_partial_matches(rec, pathname, + hash_digest); + + *xattr_digest = NULL; + *calculated_digest = NULL; +- *digest_len = SHA1_HASH_SIZE; ++ *digest_len = SHA256_HASH_SIZE; + +- if (read_size == SHA1_HASH_SIZE) { +- *xattr_digest = calloc(1, SHA1_HASH_SIZE + 1); ++ if (read_size == SHA256_HASH_SIZE) { ++ *xattr_digest = calloc(1, SHA256_HASH_SIZE + 1); + if (!*xattr_digest) + goto oom; + +- memcpy(*xattr_digest, read_digest, SHA1_HASH_SIZE); ++ memcpy(*xattr_digest, read_digest, SHA256_HASH_SIZE); + } + + if (status) { +- *calculated_digest = calloc(1, SHA1_HASH_SIZE + 1); ++ *calculated_digest = calloc(1, SHA256_HASH_SIZE + 1); + if (!*calculated_digest) + goto oom; + +- memcpy(*calculated_digest, hash_digest, SHA1_HASH_SIZE); ++ memcpy(*calculated_digest, hash_digest, SHA256_HASH_SIZE); + } + +- if (status && read_size == SHA1_HASH_SIZE && +- memcmp(read_digest, hash_digest, SHA1_HASH_SIZE) == 0) ++ if (status && read_size == SHA256_HASH_SIZE && ++ memcmp(read_digest, hash_digest, SHA256_HASH_SIZE) == 0) + return true; + + return false; +@@ -1063,22 +1063,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key + return false; + } + +- Sha1Context context; +- Sha1Initialise(&context); ++ Sha256Context context; ++ Sha256Initialise(&context); + size_t i; + for (i = 0; i < total_matches; i++) { + char* regex_str = matches[i]->regex_str; + mode_t mode = matches[i]->mode; + char* ctx_raw = matches[i]->lr.ctx_raw; + +- Sha1Update(&context, regex_str, strlen(regex_str) + 1); +- Sha1Update(&context, &mode, sizeof(mode_t)); +- Sha1Update(&context, ctx_raw, strlen(ctx_raw) + 1); ++ Sha256Update(&context, regex_str, strlen(regex_str) + 1); ++ Sha256Update(&context, &mode, sizeof(mode_t)); ++ Sha256Update(&context, ctx_raw, strlen(ctx_raw) + 1); + } + +- SHA1_HASH sha1_hash; +- Sha1Finalise(&context, &sha1_hash); +- memcpy(digest, sha1_hash.bytes, SHA1_HASH_SIZE); ++ SHA256_HASH sha256_hash; ++ Sha256Finalise(&context, &sha256_hash); ++ memcpy(digest, sha256_hash.bytes, SHA256_HASH_SIZE); + + free(matches); + return true; +diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h +index 782c6aa8cc0c..304e8d96490a 100644 +--- a/libselinux/src/label_internal.h ++++ b/libselinux/src/label_internal.h +@@ -13,7 +13,7 @@ + #include + #include + #include +-#include "sha1.h" ++#include "sha256.h" + + #if defined(ANDROID) || defined(__APPLE__) + // Android and Mac do not have fgets_unlocked() +@@ -47,15 +47,15 @@ int selabel_service_init(struct selabel_handle *rec, + */ + + /* +- * Calculate an SHA1 hash of all the files used to build the specs. ++ * Calculate an SHA256 hash of all the files used to build the specs. + * The hash value is held in rec->digest if SELABEL_OPT_DIGEST set. To + * calculate the hash the hashbuf will hold a concatenation of all the files + * used. This is released once the value has been calculated. + */ +-#define DIGEST_SPECFILE_SIZE SHA1_HASH_SIZE ++#define DIGEST_SPECFILE_SIZE SHA256_HASH_SIZE + #define DIGEST_FILES_MAX 8 + struct selabel_digest { +- unsigned char *digest; /* SHA1 digest of specfiles */ ++ unsigned char *digest; /* SHA256 digest of specfiles */ + unsigned char *hashbuf; /* buffer to hold specfiles */ + size_t hashbuf_size; /* buffer size */ + size_t specfile_cnt; /* how many specfiles processed */ +@@ -110,7 +110,7 @@ struct selabel_handle { + */ + char *spec_file; + +- /* ptr to SHA1 hash information if SELABEL_OPT_DIGEST set */ ++ /* ptr to SHA256 hash information if SELABEL_OPT_DIGEST set */ + struct selabel_digest *digest; + }; + +diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c +index 94ed6e4273cb..f53d73b609ab 100644 +--- a/libselinux/src/label_support.c ++++ b/libselinux/src/label_support.c +@@ -115,15 +115,15 @@ int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...) + /* Once all the specfiles are in the hash_buf, generate the hash. */ + void digest_gen_hash(struct selabel_digest *digest) + { +- Sha1Context context; ++ Sha256Context context; + + /* If SELABEL_OPT_DIGEST not set then just return */ + if (!digest) + return; + +- Sha1Initialise(&context); +- Sha1Update(&context, digest->hashbuf, digest->hashbuf_size); +- Sha1Finalise(&context, (SHA1_HASH *)digest->digest); ++ Sha256Initialise(&context); ++ Sha256Update(&context, digest->hashbuf, digest->hashbuf_size); ++ Sha256Finalise(&context, (SHA256_HASH *)digest->digest); + free(digest->hashbuf); + digest->hashbuf = NULL; + return; +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 999aa924ba32..10211a888cf6 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -37,7 +37,7 @@ + #include "callbacks.h" + #include "selinux_internal.h" + #include "label_file.h" +-#include "sha1.h" ++#include "sha256.h" + + #define STAR_COUNT 1024 + +@@ -293,7 +293,7 @@ static int exclude_non_seclabel_mounts(void) + static int add_xattr_entry(const char *directory, bool delete_nonmatch, + bool delete_all) + { +- char *sha1_buf = NULL; ++ char *sha256_buf = NULL; + size_t i, digest_len = 0; + int rc, digest_result; + bool match; +@@ -316,15 +316,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, + } + + /* Convert entry to a hex encoded string. */ +- sha1_buf = malloc(digest_len * 2 + 1); +- if (!sha1_buf) { ++ sha256_buf = malloc(digest_len * 2 + 1); ++ if (!sha256_buf) { + free(xattr_digest); + free(calculated_digest); + goto oom; + } + + for (i = 0; i < digest_len; i++) +- sprintf((&sha1_buf[i * 2]), "%02x", xattr_digest[i]); ++ sprintf((&sha256_buf[i * 2]), "%02x", xattr_digest[i]); + + digest_result = match ? MATCH : NOMATCH; + +@@ -345,7 +345,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, + /* Now add entries to link list. */ + new_entry = malloc(sizeof(struct dir_xattr)); + if (!new_entry) { +- free(sha1_buf); ++ free(sha256_buf); + goto oom; + } + new_entry->next = NULL; +@@ -353,15 +353,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, + new_entry->directory = strdup(directory); + if (!new_entry->directory) { + free(new_entry); +- free(sha1_buf); ++ free(sha256_buf); + goto oom; + } + +- new_entry->digest = strdup(sha1_buf); ++ new_entry->digest = strdup(sha256_buf); + if (!new_entry->digest) { + free(new_entry->directory); + free(new_entry); +- free(sha1_buf); ++ free(sha256_buf); + goto oom; + } + +@@ -375,7 +375,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, + dir_xattr_last = new_entry; + } + +- free(sha1_buf); ++ free(sha256_buf); + return 0; + + oom: +@@ -742,7 +742,7 @@ err: + + struct dir_hash_node { + char *path; +- uint8_t digest[SHA1_HASH_SIZE]; ++ uint8_t digest[SHA256_HASH_SIZE]; + struct dir_hash_node *next; + }; + /* +@@ -1085,7 +1085,7 @@ int selinux_restorecon(const char *pathname_orig, + if (setxattr(current->path, + RESTORECON_PARTIAL_MATCH_DIGEST, + current->digest, +- SHA1_HASH_SIZE, 0) < 0) { ++ SHA256_HASH_SIZE, 0) < 0) { + selinux_log(SELINUX_ERROR, + "setxattr failed: %s: %s\n", + current->path, +diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c +deleted file mode 100644 +index a848467785f3..000000000000 +--- a/libselinux/src/sha1.c ++++ /dev/null +@@ -1,220 +0,0 @@ +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// LibSha1 +-// +-// Implementation of SHA1 hash function. +-// Original author: Steve Reid +-// Contributions by: James H. Brown , Saul Kravitz , +-// and Ralph Giles +-// Modified by WaterJuice retaining Public Domain license. +-// +-// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org +-// Modified to: +-// - stop symbols being exported for libselinux shared library - October 2015 +-// Richard Haines +-// - Not cast the workspace from a byte array to a CHAR64LONG16 due to alignment isses. +-// Fixes: +-// sha1.c:73:33: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'CHAR64LONG16 *' increases required alignment from 1 to 4 [-Werror,-Wcast-align] +-// CHAR64LONG16* block = (CHAR64LONG16*) workspace; +-// William Roberts +-// - Silence clang's -Wextra-semi-stmt warning - July 2021, Nicolas Iooss +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// IMPORTS +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +- +-#include "sha1.h" +-#include +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// TYPES +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +- +-typedef union +-{ +- uint8_t c [64]; +- uint32_t l [16]; +-} CHAR64LONG16; +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// INTERNAL FUNCTIONS +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +- +-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) +- +-// blk0() and blk() perform the initial expand. +-#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ +- |(rol(block->l[i],8)&0x00FF00FF)) +- +-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ +- ^block->l[(i+2)&15]^block->l[i&15],1)) +- +-// (R0+R1), R2, R3, R4 are the different operations used in SHA1 +-#define R0(v,w,x,y,z,i) do { z += ((w&(x^y))^y) + blk0(i)+ 0x5A827999 + rol(v,5); w=rol(w,30); } while (0) +-#define R1(v,w,x,y,z,i) do { z += ((w&(x^y))^y) + blk(i) + 0x5A827999 + rol(v,5); w=rol(w,30); } while (0) +-#define R2(v,w,x,y,z,i) do { z += (w^x^y) + blk(i) + 0x6ED9EBA1 + rol(v,5); w=rol(w,30); } while (0) +-#define R3(v,w,x,y,z,i) do { z += (((w|x)&y)|(w&x)) + blk(i) + 0x8F1BBCDC + rol(v,5); w=rol(w,30); } while (0) +-#define R4(v,w,x,y,z,i) do { z += (w^x^y) + blk(i) + 0xCA62C1D6 + rol(v,5); w=rol(w,30); } while (0) +- +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// TransformFunction +-// +-// Hash a single 512-bit block. This is the core of the algorithm +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-static +-void +- TransformFunction +- ( +- uint32_t state[5], +- const uint8_t buffer[64] +- ) +-{ +- uint32_t a; +- uint32_t b; +- uint32_t c; +- uint32_t d; +- uint32_t e; +- CHAR64LONG16 workspace; +- CHAR64LONG16* block = &workspace; +- +- memcpy(block, buffer, 64); +- +- // Copy context->state[] to working vars +- a = state[0]; +- b = state[1]; +- c = state[2]; +- d = state[3]; +- e = state[4]; +- +- // 4 rounds of 20 operations each. Loop unrolled. +- R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); +- R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); +- R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); +- R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); +- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); +- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); +- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); +- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); +- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); +- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); +- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); +- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); +- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); +- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); +- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); +- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); +- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); +- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); +- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); +- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); +- +- // Add the working vars back into context.state[] +- state[0] += a; +- state[1] += b; +- state[2] += c; +- state[3] += d; +- state[4] += e; +-} +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// PUBLIC FUNCTIONS +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// Sha1Initialise +-// +-// Initialises an SHA1 Context. Use this to initialise/reset a context. +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-void +- Sha1Initialise +- ( +- Sha1Context* Context +- ) +-{ +- // SHA1 initialization constants +- Context->State[0] = 0x67452301; +- Context->State[1] = 0xEFCDAB89; +- Context->State[2] = 0x98BADCFE; +- Context->State[3] = 0x10325476; +- Context->State[4] = 0xC3D2E1F0; +- Context->Count[0] = 0; +- Context->Count[1] = 0; +-} +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// Sha1Update +-// +-// Adds data to the SHA1 context. This will process the data and update the internal state of the context. Keep on +-// calling this function until all the data has been added. Then call Sha1Finalise to calculate the hash. +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-void +- Sha1Update +- ( +- Sha1Context* Context, +- const void* Buffer, +- uint32_t BufferSize +- ) +-{ +- uint32_t i; +- uint32_t j; +- +- j = (Context->Count[0] >> 3) & 63; +- if ((Context->Count[0] += BufferSize << 3) < (BufferSize << 3)) +- { +- Context->Count[1]++; +- } +- +- Context->Count[1] += (BufferSize >> 29); +- if ((j + BufferSize) > 63) +- { +- i = 64 - j; +- memcpy(&Context->Buffer[j], Buffer, i); +- TransformFunction(Context->State, Context->Buffer); +- for (; i + 63 < BufferSize; i += 64) +- { +- TransformFunction(Context->State, (const uint8_t*)Buffer + i); +- } +- j = 0; +- } +- else +- { +- i = 0; +- } +- +- memcpy(&Context->Buffer[j], &((const uint8_t*)Buffer)[i], BufferSize - i); +-} +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// Sha1Finalise +-// +-// Performs the final calculation of the hash and returns the digest (20 byte buffer containing 160bit hash). After +-// calling this, Sha1Initialised must be used to reuse the context. +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-void +- Sha1Finalise +- ( +- Sha1Context* Context, +- SHA1_HASH* Digest +- ) +-{ +- uint32_t i; +- uint8_t finalcount[8]; +- +- for (i = 0; i < 8; i++) +- { +- finalcount[i] = (unsigned char)((Context->Count[(i >= 4 ? 0 : 1)] +- >> ((3-(i & 3)) * 8) ) & 255); // Endian independent +- } +- Sha1Update(Context, (const uint8_t*)"\x80", 1); +- while ((Context->Count[0] & 504) != 448) +- { +- Sha1Update(Context, (const uint8_t*)"\0", 1); +- } +- +- Sha1Update(Context, finalcount, 8); // Should cause a Sha1TransformFunction() +- for (i = 0; i < SHA1_HASH_SIZE; i++) +- { +- Digest->bytes[i] = (uint8_t)((Context->State[i>>2] >> ((3-(i & 3)) * 8) ) & 255); +- } +-} +diff --git a/libselinux/src/sha1.h b/libselinux/src/sha1.h +deleted file mode 100644 +index f83a6e7ed7ba..000000000000 +--- a/libselinux/src/sha1.h ++++ /dev/null +@@ -1,85 +0,0 @@ +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// LibSha1 +-// +-// Implementation of SHA1 hash function. +-// Original author: Steve Reid +-// Contributions by: James H. Brown , Saul Kravitz , +-// and Ralph Giles +-// Modified by WaterJuice retaining Public Domain license. +-// +-// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +- +-#ifndef _sha1_h_ +-#define _sha1_h_ +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// IMPORTS +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +- +-#include +-#include +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// TYPES +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +- +-// Sha1Context - This must be initialised using Sha1Initialised. Do not modify the contents of this structure directly. +-typedef struct +-{ +- uint32_t State[5]; +- uint32_t Count[2]; +- uint8_t Buffer[64]; +-} Sha1Context; +- +-#define SHA1_HASH_SIZE ( 160 / 8 ) +- +-typedef struct +-{ +- uint8_t bytes [SHA1_HASH_SIZE]; +-} SHA1_HASH; +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// PUBLIC FUNCTIONS +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// Sha1Initialise +-// +-// Initialises an SHA1 Context. Use this to initialise/reset a context. +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-void +- Sha1Initialise +- ( +- Sha1Context* Context +- ); +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// Sha1Update +-// +-// Adds data to the SHA1 context. This will process the data and update the internal state of the context. Keep on +-// calling this function until all the data has been added. Then call Sha1Finalise to calculate the hash. +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-void +- Sha1Update +- ( +- Sha1Context* Context, +- const void* Buffer, +- uint32_t BufferSize +- ); +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-// Sha1Finalise +-// +-// Performs the final calculation of the hash and returns the digest (20 byte buffer containing 160bit hash). After +-// calling this, Sha1Initialised must be used to reuse the context. +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-void +- Sha1Finalise +- ( +- Sha1Context* Context, +- SHA1_HASH* Digest +- ); +- +-/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +-#endif //_sha1_h_ +diff --git a/libselinux/src/sha256.c b/libselinux/src/sha256.c +new file mode 100644 +index 000000000000..fe2aeef07f53 +--- /dev/null ++++ b/libselinux/src/sha256.c +@@ -0,0 +1,294 @@ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// WjCryptLib_Sha256 ++// ++// Implementation of SHA256 hash function. ++// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org ++// Modified by WaterJuice retaining Public Domain license. ++// ++// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// IMPORTS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#include "sha256.h" ++#include ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// MACROS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits)))) ++ ++#define MIN(x, y) ( ((x)<(y))?(x):(y) ) ++ ++#define STORE32H(x, y) \ ++ { (y)[0] = (uint8_t)(((x)>>24)&255); (y)[1] = (uint8_t)(((x)>>16)&255); \ ++ (y)[2] = (uint8_t)(((x)>>8)&255); (y)[3] = (uint8_t)((x)&255); } ++ ++#define LOAD32H(x, y) \ ++ { x = ((uint32_t)((y)[0] & 255)<<24) | \ ++ ((uint32_t)((y)[1] & 255)<<16) | \ ++ ((uint32_t)((y)[2] & 255)<<8) | \ ++ ((uint32_t)((y)[3] & 255)); } ++ ++#define STORE64H(x, y) \ ++ { (y)[0] = (uint8_t)(((x)>>56)&255); (y)[1] = (uint8_t)(((x)>>48)&255); \ ++ (y)[2] = (uint8_t)(((x)>>40)&255); (y)[3] = (uint8_t)(((x)>>32)&255); \ ++ (y)[4] = (uint8_t)(((x)>>24)&255); (y)[5] = (uint8_t)(((x)>>16)&255); \ ++ (y)[6] = (uint8_t)(((x)>>8)&255); (y)[7] = (uint8_t)((x)&255); } ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// CONSTANTS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++// The K array ++static const uint32_t K[64] = { ++ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, ++ 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, ++ 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, ++ 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, ++ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, ++ 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, ++ 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, ++ 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, ++ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, ++ 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, ++ 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, ++ 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, ++ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL ++}; ++ ++#define BLOCK_SIZE 64 ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// INTERNAL FUNCTIONS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++// Various logical functions ++#define Ch( x, y, z ) (z ^ (x & (y ^ z))) ++#define Maj( x, y, z ) (((x | y) & z) | (x & y)) ++#define S( x, n ) ror((x),(n)) ++#define R( x, n ) (((x)&0xFFFFFFFFUL)>>(n)) ++#define Sigma0( x ) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) ++#define Sigma1( x ) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) ++#define Gamma0( x ) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) ++#define Gamma1( x ) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) ++ ++#define Sha256Round( a, b, c, d, e, f, g, h, i ) \ ++ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ ++ t1 = Sigma0(a) + Maj(a, b, c); \ ++ d += t0; \ ++ h = t0 + t1; ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// TransformFunction ++// ++// Compress 512-bits ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++static ++void ++ TransformFunction ++ ( ++ Sha256Context* Context, ++ uint8_t const* Buffer ++ ) ++{ ++ uint32_t S[8]; ++ uint32_t W[64]; ++ uint32_t t0; ++ uint32_t t1; ++ uint32_t t; ++ int i; ++ ++ // Copy state into S ++ for( i=0; i<8; i++ ) ++ { ++ S[i] = Context->state[i]; ++ } ++ ++ // Copy the state into 512-bits into W[0..15] ++ for( i=0; i<16; i++ ) ++ { ++ LOAD32H( W[i], Buffer + (4*i) ); ++ } ++ ++ // Fill W[16..63] ++ for( i=16; i<64; i++ ) ++ { ++ W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16]; ++ } ++ ++ // Compress ++ for( i=0; i<64; i++ ) ++ { ++ Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i ); ++ t = S[7]; ++ S[7] = S[6]; ++ S[6] = S[5]; ++ S[5] = S[4]; ++ S[4] = S[3]; ++ S[3] = S[2]; ++ S[2] = S[1]; ++ S[1] = S[0]; ++ S[0] = t; ++ } ++ ++ // Feedback ++ for( i=0; i<8; i++ ) ++ { ++ Context->state[i] = Context->state[i] + S[i]; ++ } ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// PUBLIC FUNCTIONS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Initialise ++// ++// Initialises a SHA256 Context. Use this to initialise/reset a context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Initialise ++ ( ++ Sha256Context* Context // [out] ++ ) ++{ ++ Context->curlen = 0; ++ Context->length = 0; ++ Context->state[0] = 0x6A09E667UL; ++ Context->state[1] = 0xBB67AE85UL; ++ Context->state[2] = 0x3C6EF372UL; ++ Context->state[3] = 0xA54FF53AUL; ++ Context->state[4] = 0x510E527FUL; ++ Context->state[5] = 0x9B05688CUL; ++ Context->state[6] = 0x1F83D9ABUL; ++ Context->state[7] = 0x5BE0CD19UL; ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Update ++// ++// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on ++// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Update ++ ( ++ Sha256Context* Context, // [in out] ++ void const* Buffer, // [in] ++ uint32_t BufferSize // [in] ++ ) ++{ ++ uint32_t n; ++ ++ if( Context->curlen > sizeof(Context->buf) ) ++ { ++ return; ++ } ++ ++ while( BufferSize > 0 ) ++ { ++ if( Context->curlen == 0 && BufferSize >= BLOCK_SIZE ) ++ { ++ TransformFunction( Context, (uint8_t*)Buffer ); ++ Context->length += BLOCK_SIZE * 8; ++ Buffer = (uint8_t*)Buffer + BLOCK_SIZE; ++ BufferSize -= BLOCK_SIZE; ++ } ++ else ++ { ++ n = MIN( BufferSize, (BLOCK_SIZE - Context->curlen) ); ++ memcpy( Context->buf + Context->curlen, Buffer, (size_t)n ); ++ Context->curlen += n; ++ Buffer = (uint8_t*)Buffer + n; ++ BufferSize -= n; ++ if( Context->curlen == BLOCK_SIZE ) ++ { ++ TransformFunction( Context, Context->buf ); ++ Context->length += 8*BLOCK_SIZE; ++ Context->curlen = 0; ++ } ++ } ++ } ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Finalise ++// ++// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After ++// calling this, Sha256Initialised must be used to reuse the context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Finalise ++ ( ++ Sha256Context* Context, // [in out] ++ SHA256_HASH* Digest // [out] ++ ) ++{ ++ int i; ++ ++ if( Context->curlen >= sizeof(Context->buf) ) ++ { ++ return; ++ } ++ ++ // Increase the length of the message ++ Context->length += Context->curlen * 8; ++ ++ // Append the '1' bit ++ Context->buf[Context->curlen++] = (uint8_t)0x80; ++ ++ // if the length is currently above 56 bytes we append zeros ++ // then compress. Then we can fall back to padding zeros and length ++ // encoding like normal. ++ if( Context->curlen > 56 ) ++ { ++ while( Context->curlen < 64 ) ++ { ++ Context->buf[Context->curlen++] = (uint8_t)0; ++ } ++ TransformFunction(Context, Context->buf); ++ Context->curlen = 0; ++ } ++ ++ // Pad up to 56 bytes of zeroes ++ while( Context->curlen < 56 ) ++ { ++ Context->buf[Context->curlen++] = (uint8_t)0; ++ } ++ ++ // Store length ++ STORE64H( Context->length, Context->buf+56 ); ++ TransformFunction( Context, Context->buf ); ++ ++ // Copy output ++ for( i=0; i<8; i++ ) ++ { ++ STORE32H( Context->state[i], Digest->bytes+(4*i) ); ++ } ++} ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Calculate ++// ++// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the ++// buffer. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Calculate ++ ( ++ void const* Buffer, // [in] ++ uint32_t BufferSize, // [in] ++ SHA256_HASH* Digest // [in] ++ ) ++{ ++ Sha256Context context; ++ ++ Sha256Initialise( &context ); ++ Sha256Update( &context, Buffer, BufferSize ); ++ Sha256Finalise( &context, Digest ); ++} +diff --git a/libselinux/src/sha256.h b/libselinux/src/sha256.h +new file mode 100644 +index 000000000000..406ed869cd82 +--- /dev/null ++++ b/libselinux/src/sha256.h +@@ -0,0 +1,89 @@ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// WjCryptLib_Sha256 ++// ++// Implementation of SHA256 hash function. ++// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org ++// Modified by WaterJuice retaining Public Domain license. ++// ++// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#pragma once ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// IMPORTS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++#include ++#include ++ ++typedef struct ++{ ++ uint64_t length; ++ uint32_t state[8]; ++ uint32_t curlen; ++ uint8_t buf[64]; ++} Sha256Context; ++ ++#define SHA256_HASH_SIZE ( 256 / 8 ) ++ ++typedef struct ++{ ++ uint8_t bytes [SHA256_HASH_SIZE]; ++} SHA256_HASH; ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// PUBLIC FUNCTIONS ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Initialise ++// ++// Initialises a SHA256 Context. Use this to initialise/reset a context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Initialise ++ ( ++ Sha256Context* Context // [out] ++ ); ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Update ++// ++// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on ++// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Update ++ ( ++ Sha256Context* Context, // [in out] ++ void const* Buffer, // [in] ++ uint32_t BufferSize // [in] ++ ); ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Finalise ++// ++// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After ++// calling this, Sha256Initialised must be used to reuse the context. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Finalise ++ ( ++ Sha256Context* Context, // [in out] ++ SHA256_HASH* Digest // [out] ++ ); ++ ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++// Sha256Calculate ++// ++// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the ++// buffer. ++//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ++void ++ Sha256Calculate ++ ( ++ void const* Buffer, // [in] ++ uint32_t BufferSize, // [in] ++ SHA256_HASH* Digest // [in] ++ ); +diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c +index 49408a0ba8d8..67befadd23c5 100644 +--- a/libselinux/utils/selabel_digest.c ++++ b/libselinux/utils/selabel_digest.c +@@ -15,8 +15,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname) + "Where:\n\t" + "-b The backend - \"file\", \"media\", \"x\", \"db\" or " + "\"prop\"\n\t" +- "-v Run \"cat | openssl dgst -sha1 -hex\"\n\t" +- " on the list of specfiles to compare the SHA1 digests.\n\t" ++ "-v Run \"cat | openssl dgst -sha256 -hex\"\n\t" ++ " on the list of specfiles to compare the SHA256 digests.\n\t" + "-B Use base specfiles only (valid for \"-b file\" only).\n\t" + "-i Do not request a digest.\n\t" + "-f Optional file containing the specs (defaults to\n\t" +@@ -62,12 +62,12 @@ int main(int argc, char **argv) + int backend = 0, rc, opt, validate = 0; + char *baseonly = NULL, *file = NULL, *digest = (char *)1; + char **specfiles = NULL; +- unsigned char *sha1_digest = NULL; ++ unsigned char *sha256_digest = NULL; + size_t i, num_specfiles; + + char cmd_buf[4096]; + char *cmd_ptr; +- char *sha1_buf; ++ char *sha256_buf; + + struct selabel_handle *hnd; + struct selinux_opt selabel_option[] = { +@@ -137,7 +137,7 @@ int main(int argc, char **argv) + return -1; + } + +- rc = selabel_digest(hnd, &sha1_digest, &digest_len, &specfiles, ++ rc = selabel_digest(hnd, &sha256_digest, &digest_len, &specfiles, + &num_specfiles); + + if (rc) { +@@ -152,19 +152,19 @@ int main(int argc, char **argv) + goto err; + } + +- sha1_buf = malloc(digest_len * 2 + 1); +- if (!sha1_buf) { ++ sha256_buf = malloc(digest_len * 2 + 1); ++ if (!sha256_buf) { + fprintf(stderr, "Could not malloc buffer ERROR: %s\n", + strerror(errno)); + rc = -1; + goto err; + } + +- printf("SHA1 digest: "); ++ printf("SHA256 digest: "); + for (i = 0; i < digest_len; i++) +- sprintf(&(sha1_buf[i * 2]), "%02x", sha1_digest[i]); ++ sprintf(&(sha256_buf[i * 2]), "%02x", sha256_digest[i]); + +- printf("%s\n", sha1_buf); ++ printf("%s\n", sha256_buf); + printf("calculated using the following specfile(s):\n"); + + if (specfiles) { +@@ -177,13 +177,13 @@ int main(int argc, char **argv) + cmd_ptr += strlen(specfiles[i]) + 1; + printf("%s\n", specfiles[i]); + } +- sprintf(cmd_ptr, "| /usr/bin/openssl dgst -sha1 -hex"); ++ sprintf(cmd_ptr, "| /usr/bin/openssl dgst -sha256 -hex"); + + if (validate) +- rc = run_check_digest(cmd_buf, sha1_buf); ++ rc = run_check_digest(cmd_buf, sha256_buf); + } + +- free(sha1_buf); ++ free(sha256_buf); + err: + selabel_close(hnd); + return rc; +diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c +index e28833d2ce97..900f018c0091 100644 +--- a/libselinux/utils/selabel_get_digests_all_partial_matches.c ++++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c +@@ -18,8 +18,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname) + "-v Validate file_contxts entries against loaded policy.\n\t" + "-r Recursively descend directories.\n\t" + "-f Optional file_contexts file (defaults to current policy).\n\t" +- "path Path to check current SHA1 digest against file_contexts entries.\n\n" +- "This will check the directory selinux.sehash SHA1 digest for " ++ "path Path to check current SHA256 digest against file_contexts entries.\n\n" ++ "This will check the directory selinux.sehash SHA256 digest for " + " against\na newly generated digest based on the " + "file_context entries for that node\n(using the regx, mode " + "and path entries).\n", progname); +@@ -37,7 +37,7 @@ int main(int argc, char **argv) + char *paths[2] = { NULL, NULL }; + uint8_t *xattr_digest = NULL; + uint8_t *calculated_digest = NULL; +- char *sha1_buf = NULL; ++ char *sha256_buf = NULL; + + struct selabel_handle *hnd; + struct selinux_opt selabel_option[] = { +@@ -105,27 +105,27 @@ int main(int argc, char **argv) + &xattr_digest, + &digest_len); + +- sha1_buf = calloc(1, digest_len * 2 + 1); +- if (!sha1_buf) { ++ sha256_buf = calloc(1, digest_len * 2 + 1); ++ if (!sha256_buf) { + fprintf(stderr, "Could not calloc buffer ERROR: %s\n", + strerror(errno)); + return -1; + } + + if (status) { /* They match */ +- printf("xattr and file_contexts SHA1 digests match for: %s\n", ++ printf("xattr and file_contexts SHA256 digests match for: %s\n", + ftsent->fts_path); + + if (calculated_digest) { + for (i = 0; i < digest_len; i++) +- sprintf((&sha1_buf[i * 2]), ++ sprintf((&sha256_buf[i * 2]), + "%02x", + calculated_digest[i]); +- printf("SHA1 digest: %s\n", sha1_buf); ++ printf("SHA256 digest: %s\n", sha256_buf); + } + } else { + if (!calculated_digest) { +- printf("No SHA1 digest available for: %s\n", ++ printf("No SHA256 digest available for: %s\n", + ftsent->fts_path); + printf("as file_context entry is \"<>\"\n"); + goto cleanup; +@@ -135,25 +135,25 @@ int main(int argc, char **argv) + ftsent->fts_path); + + for (i = 0; i < digest_len; i++) +- sprintf((&sha1_buf[i * 2]), "%02x", ++ sprintf((&sha256_buf[i * 2]), "%02x", + calculated_digest[i]); +- printf("generated SHA1 digest: %s\n", sha1_buf); ++ printf("generated SHA256 digest: %s\n", sha256_buf); + + if (!xattr_digest) { + printf("however there is no selinux.sehash xattr entry.\n"); + } else { + printf("however it does NOT match the current entry of:\n"); + for (i = 0; i < digest_len; i++) +- sprintf((&sha1_buf[i * 2]), ++ sprintf((&sha256_buf[i * 2]), + "%02x", + xattr_digest[i]); +- printf("%s\n", sha1_buf); ++ printf("%s\n", sha256_buf); + } + } + cleanup: + free(xattr_digest); + free(calculated_digest); +- free(sha1_buf); ++ free(sha256_buf); + break; + } + default: +-- +2.32.0 + diff --git a/SOURCES/selinuxconlist.8 b/SOURCES/selinuxconlist.8 new file mode 100644 index 0000000..c698daa --- /dev/null +++ b/SOURCES/selinuxconlist.8 @@ -0,0 +1,18 @@ +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" +selinuxconlist \- list all SELinux context reachable for user +.SH "SYNOPSIS" +.B selinuxconlist [-l level] user [context] + +.SH "DESCRIPTION" +.B selinuxconlist +reports the list of context reachable for user from the current context or specified context + +.B \-l level +mcs/mls level + +.SH AUTHOR +This manual page was written by Dan Walsh . + +.SH "SEE ALSO" +secon(8), selinuxdefcon(8) diff --git a/SOURCES/selinuxdefcon.8 b/SOURCES/selinuxdefcon.8 new file mode 100644 index 0000000..3cbeff2 --- /dev/null +++ b/SOURCES/selinuxdefcon.8 @@ -0,0 +1,24 @@ +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" +selinuxdefcon \- report default SELinux context for user + +.SH "SYNOPSIS" +.B selinuxdefcon [-l level] user fromcon + +.SH "DESCRIPTION" +.B selinuxdefcon +reports the default context for the specified user from the specified context + +.B \-l level +mcs/mls level + +.SH EXAMPLE +# selinuxdefcon jsmith system_u:system_r:sshd_t:s0 +.br +unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 + +.SH AUTHOR +This manual page was written by Dan Walsh . + +.SH "SEE ALSO" +secon(8), selinuxconlist(8) diff --git a/SPECS/libselinux.spec b/SPECS/libselinux.spec new file mode 100644 index 0000000..cdb5158 --- /dev/null +++ b/SPECS/libselinux.spec @@ -0,0 +1,2835 @@ +%define ruby_inc %(pkg-config --cflags ruby) +%define libsepolver 3.2-3 + +Summary: SELinux library and simple utilities +Name: libselinux +Version: 3.2 +Release: 6%{?dist} +License: Public Domain +# https://github.com/SELinuxProject/selinux/wiki/Releases +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/libselinux-3.2.tar.gz +Source1: selinuxconlist.8 +Source2: selinuxdefcon.8 +Url: https://github.com/SELinuxProject/selinux/wiki +# $ git clone https://github.com/fedora-selinux/selinux.git +# $ cd selinux +# $ git format-patch -N 3.2 -- libselinux +# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done +# Patch list start +Patch0001: 0001-libselinux-do-not-duplicate-make-target-when-going-i.patch +Patch0002: 0002-libselinux-selinux_check_passwd_access_internal-resp.patch +Patch0003: 0003-libselinux-silence-Wstringop-overflow-warning-from-g.patch +Patch0004: 0004-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch +Patch0005: 0005-libselinux-selinux_file_context_cmp-do-not-discard-c.patch +Patch0006: 0006-libselinux-label_common-do-not-discard-const-qualifi.patch +Patch0007: 0007-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch +Patch0008: 0008-libselinux-sefcontext_compile-mark-local-variable-st.patch +Patch0009: 0009-libselinux-avcstat-use-standard-length-modifier-for-.patch +Patch0010: 0010-libselinux-selinux_restorecon-mark-local-variable-st.patch +Patch0011: 0011-libselinux-selabel_get_digests_all_partial_matches-f.patch +Patch0012: 0012-libselinux-getconlist-free-memory-on-multiple-level-.patch +Patch0013: 0013-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch +Patch0014: 0014-libselinux-context_new-drop-dead-assignment.patch +Patch0015: 0015-libselinux-label_x-init-drop-dead-assignment.patch +Patch0016: 0016-libselinux-label_media-init-drop-dead-assignment.patch +Patch0017: 0017-libselinux-setexecfilecon-drop-dead-assignment.patch +Patch0018: 0018-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch +Patch0019: 0019-libselinux-store_stem-do-not-free-possible-non-heap-.patch +Patch0020: 0020-libselinux-matchmediacon-close-file-on-error.patch +Patch0021: 0021-libselinux-init_selinux_config-free-resources-on-err.patch +Patch0022: 0022-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch +Patch0023: 0023-libselinux-matchpathcon-free-memory-on-realloc-failu.patch +Patch0024: 0024-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch +Patch0025: 0025-libselinux-drop-redundant-casts-to-the-same-type.patch +Patch0026: 0026-libselinux-sidtab_sid_stats-unify-parameter-name.patch +Patch0027: 0027-libselinux-regex-unify-parameter-names.patch +Patch0028: 0028-libselinux-label_file.c-fix-indent.patch +Patch0029: 0029-libselinux-avc_destroy-3-closes-status-page.patch +Patch0030: 0030-libselinux-make-selinux_status_open-3-reentrant.patch +Patch0031: 0031-libselinux-do-not-use-status-page-fallback-mode-inte.patch +Patch0032: 0032-libselinux-selinux_status_open-return-1-in-fallback-.patch +Patch0033: 0033-libselinux-improve-getcon-3-man-page.patch +Patch0034: 0034-libselinux-fix-typo.patch +Patch0035: 0035-selinux.8-document-how-mount-flag-nosuid-affects-SEL.patch +Patch0036: 0036-libselinux-utils-getseuser.c-fix-build-with-gcc-4.8.patch +Patch0037: 0037-libselinux-silence-Wextra-semi-stmt-warning.patch +Patch0038: 0038-sha1-sha256.patch +# Patch list end +BuildRequires: gcc make +BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel +BuildRequires: python3 python3-devel +BuildRequires: systemd +Requires: libsepol%{?_isa} >= %{libsepolver} pcre2 +Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 + +%description +Security-enhanced Linux is a feature of the Linux® kernel and a number +of utilities with enhanced security functionality designed to add +mandatory access controls to Linux. The Security-enhanced Linux +kernel contains new architectural components originally developed to +improve the security of the Flask operating system. These +architectural components provide general support for the enforcement +of many kinds of mandatory access control policies, including those +based on the concepts of Type Enforcement®, Role-based Access +Control, and Multi-level Security. + +libselinux provides an API for SELinux applications to get and set +process and file security contexts and to obtain security policy +decisions. Required for any applications that use the SELinux API. + +%package utils +Summary: SELinux libselinux utilities +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description utils +The libselinux-utils package contains the utilities + +%package -n python3-libselinux +Summary: SELinux python 3 bindings for libselinux +Requires: %{name}%{?_isa} = %{version}-%{release} +%{?python_provide:%python_provide python3-libselinux} +# Remove before F30 +Provides: %{name}-python3 = %{version}-%{release} +Provides: %{name}-python3%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-python3 < %{version}-%{release} + +%description -n python3-libselinux +The libselinux-python3 package contains python 3 bindings for developing +SELinux applications. + +%package ruby +Summary: SELinux ruby bindings for libselinux +Requires: %{name}%{?_isa} = %{version}-%{release} +Provides: ruby(selinux) + +%description ruby +The libselinux-ruby package contains the ruby bindings for developing +SELinux applications. + +%package devel +Summary: Header files and libraries used to build SELinux +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: libsepol-devel%{?_isa} >= %{libsepolver} + +%description devel +The libselinux-devel package contains the libraries and header files +needed for developing SELinux applications. + +%package static +Summary: Static libraries used to build SELinux +Requires: %{name}-devel%{?_isa} = %{version}-%{release} + +%description static +The libselinux-static package contains the static libraries +needed for developing SELinux applications. + +%prep +%autosetup -p 2 -n libselinux-%{version} + +%build +export DISABLE_RPM="y" +export USE_PCRE2="y" + +%set_build_flags +CFLAGS="$CFLAGS -fno-semantic-interposition" + +# To support building the Python wrapper against multiple Python runtimes +# Define a function, for how to perform a "build" of the python wrapper against +# a specific runtime: +BuildPythonWrapper() { + BinaryName=$1 + + # Perform the build from the upstream Makefile: + %make_build \ + PYTHON=$BinaryName \ + LIBDIR="%{_libdir}" \ + pywrap +} + +%make_build LIBDIR="%{_libdir}" swigify +%make_build LIBDIR="%{_libdir}" all + +BuildPythonWrapper %{__python3} + +%make_build RUBYINC="%{ruby_inc}" SHLIBDIR="%{_libdir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" rubywrap + +%install +InstallPythonWrapper() { + BinaryName=$1 + + make \ + PYTHON=$BinaryName \ + DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" \ + SHLIBDIR="%{_lib}" BINDIR="%{_bindir}" \ + SBINDIR="%{_sbindir}" \ + LIBSEPOLA="%{_libdir}/libsepol.a" \ + install-pywrap +} + +rm -rf %{buildroot} +mkdir -p %{buildroot}%{_tmpfilesdir} +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_includedir} +mkdir -p %{buildroot}%{_sbindir} +install -d -m 0755 %{buildroot}%{_rundir}/setrans +echo "d %{_rundir}/setrans 0755 root root" > %{buildroot}%{_tmpfilesdir}/libselinux.conf + +InstallPythonWrapper %{__python3} + +%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_bindir}" SBINDIR="%{_sbindir}" +make DESTDIR="%{buildroot}" RUBYINSTALL=%{ruby_vendorarchdir} install-rubywrap + +# Nuke the files we don't want to distribute +rm -f %{buildroot}%{_sbindir}/compute_* +rm -f %{buildroot}%{_sbindir}/deftype +rm -f %{buildroot}%{_sbindir}/execcon +rm -f %{buildroot}%{_sbindir}/getenforcemode +rm -f %{buildroot}%{_sbindir}/getfilecon +rm -f %{buildroot}%{_sbindir}/getpidcon +rm -f %{buildroot}%{_sbindir}/mkdircon +rm -f %{buildroot}%{_sbindir}/policyvers +rm -f %{buildroot}%{_sbindir}/setfilecon +rm -f %{buildroot}%{_sbindir}/selinuxconfig +rm -f %{buildroot}%{_sbindir}/selinuxdisable +rm -f %{buildroot}%{_sbindir}/getseuser +rm -f %{buildroot}%{_sbindir}/togglesebool +rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context +mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon +mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist +install -d %{buildroot}%{_mandir}/man8/ +install -m 644 %{SOURCE1} %{buildroot}%{_mandir}/man8/ +install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/ +rm -f %{buildroot}%{_mandir}/man8/togglesebool* + +%ldconfig_scriptlets + +%files +%license LICENSE +%{_libdir}/libselinux.so.* +%dir %{_rundir}/setrans/ +%{_tmpfilesdir}/libselinux.conf + +%files utils +%{_sbindir}/avcstat +%{_sbindir}/getenforce +%{_sbindir}/getsebool +%{_sbindir}/matchpathcon +%{_sbindir}/sefcontext_compile +%{_sbindir}/selinuxconlist +%{_sbindir}/selinuxdefcon +%{_sbindir}/selinuxexeccon +%{_sbindir}/selinuxenabled +%{_sbindir}/setenforce +%{_sbindir}/selabel_digest +%{_sbindir}/selabel_lookup +%{_sbindir}/selabel_lookup_best_match +%{_sbindir}/selabel_partial_match +%{_sbindir}/selinux_check_access +%{_sbindir}/selabel_get_digests_all_partial_matches +%{_sbindir}/validatetrans +%{_mandir}/man5/* +%{_mandir}/man8/* +%{_mandir}/ru/man5/* +%{_mandir}/ru/man8/* + +%files devel +%{_libdir}/libselinux.so +%{_libdir}/pkgconfig/libselinux.pc +%{_includedir}/selinux/ +%{_mandir}/man3/* + +%files static +%{_libdir}/libselinux.a + +%files -n python3-libselinux +%{python3_sitearch}/selinux/ +%{python3_sitearch}/selinux-%{version}* +%{python3_sitearch}/_selinux* + +%files ruby +%{ruby_vendorarchdir}/selinux.so + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 3.2-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jul 28 2021 Petr Lautrbach - 3.2-5 +- Rebase on upstream commit 32611aea6543 + +* Fri Jun 25 2021 Petr Lautrbach - 3.2-4 +- Use SHA-2 instead of SHA-1 (#1934964) + +* Tue May 25 2021 Petr Lautrbach - 3.2-3 +- selinux_check_passwd_access_internal(): respect deny_unknown +- Silence -Wstringop-overflow warning from gcc 10.3.1 +- Fixed misc compiler and static analyzer findings + +* Fri Apr 16 2021 Mohan Boddu - 3.2-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Mar 8 2021 Petr Lautrbach - 3.2-1 +- SELinux userspace 3.2 release + +* Fri Feb 5 2021 Petr Lautrbach - 3.2-0.rc2.1 +- SELinux userspace 3.2-rc2 release + +* Tue Jan 26 2021 Fedora Release Engineering - 3.2-0.rc1.1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 20 2021 Petr Lautrbach - 3.2-0.rc1.1 +- SELinux userspace 3.2-rc1 release + +* Thu Jan 07 2021 Mamoru TASAKA - 3.1-6 +- F-34: rebuild against ruby 3.0 + +* Fri Nov 20 2020 Petr Lautrbach - 3.1-5 +- selinux(8): explain that runtime disable is deprecated + +* Fri Oct 30 2020 Petr Lautrbach - 3.1-4 +- Use libsepol.so.2 +- Convert matchpathcon to selabel_lookup() +- Change userspace AVC setenforce and policy load messages to audit + format +- Remove trailing slash on selabel_file lookups +- Use kernel status page by default + +* Wed Sep 02 2020 Jeff Law - 3.1-3 +- Re-enable LTO + +* Mon Jul 13 2020 Tom Stellard - 3.1-2 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro +- Use -fno-semantic-interposition and more make macros + +* Fri Jul 10 2020 Petr Lautrbach - 3.1-1 +- SELinux userspace 3.1 release + +* Wed Jul 1 2020 Jeff Law - 3.0-6 +- Disable LTO + +* Sat May 23 2020 Miro Hrončok - 3.0-5 +- Rebuilt for Python 3.9 + +* Thu Mar 5 2020 Petr Lautrbach - 3.0-4 +- Eliminate use of security_compute_user() + +* Wed Jan 29 2020 Fedora Release Engineering - 3.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Jan 18 2020 Mamoru TASAKA - 3.0-2 +- F-32: rebuild against ruby27 + +* Fri Dec 6 2019 Petr Lautrbach - 3.0-1 +- SELinux userspace 3.0 release + +* Mon Nov 11 2019 Petr Lautrbach - 3.0-0.r1.1 +- SELinux userspace 3.0-rc1 release candidate + +* Thu Oct 03 2019 Miro Hrončok - 2.9-7 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Fri Aug 16 2019 Miro Hrončok - 2.9-6 +- Rebuilt for Python 3.8 + +* Mon Aug 12 2019 Petr Lautrbach - 2.9-5 +- Drop python2-libselinux (#1739646) + +* Thu Jul 25 2019 Fedora Release Engineering - 2.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jun 28 2019 Petr Lautrbach - 2.9-3 +- Use standard build flags for Python bindings + +* Fri May 24 2019 Petr Lautrbach - 2.9-2 +- Use Python distutils to install SELinux python bindings + +* Mon Mar 18 2019 Petr Lautrbach - 2.9-1 +- SELinux userspace 2.9 release + +* Wed Mar 6 2019 Petr Lautrbach - 2.9-0.rc2.1 +- SELinux userspace 2.9-rc2 release + +* Fri Feb 01 2019 Fedora Release Engineering - 2.9-0.rc1.1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jan 25 2019 Petr Lautrbach - 2.9-0.rc1.1 +- SELinux userspace 2.9-rc1 release + +* Tue Jan 22 2019 Mamoru TASAKA - 2.8-8 +- F-30: again rebuild against ruby26 + +* Mon Jan 21 2019 Petr Lautrbach - 2.8-7 +- selinux_restorecon: Skip customized files also without -v +- Do not dereference symlink with statfs in selinux_restorecon + +* Mon Jan 21 2019 Mamoru TASAKA - 2.8-6 +- F-30: rebuild against ruby26 + +* Tue Nov 13 2018 Petr Lautrbach - 2.8-5 +- Fix RESOURCE_LEAK coverity scan defects + +* Tue Sep 4 2018 Petr Lautrbach - 2.8-4 +- Fix the whatis line for the selinux_boolean_sub.3 manpage +- Fix line wrapping in selabel_file.5 +- Fix spelling errors in manpages + +* Fri Jul 13 2018 Fedora Release Engineering - 2.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Jun 15 2018 Miro Hrončok - 2.8-2 +- Rebuilt for Python 3.7 + +* Fri May 25 2018 Petr Lautrbach - 2.8-1 +- SELinux userspace 2.8 release + +* Mon May 14 2018 Petr Lautrbach - 2.8-0.rc3.1 +- SELinux userspace 2.8-rc3 release candidate + +* Fri May 4 2018 Petr Lautrbach - 2.8-0.rc2.1 +- SELinux userspace 2.8-rc2 release candidate + +* Mon Apr 23 2018 Petr Lautrbach - 2.8-0.rc1.1 +- SELinux userspace 2.8-rc1 release candidate + +* Wed Mar 21 2018 Petr Lautrbach - 2.7-13 +- build: Replace PYSITEDIR with PYTHONLIBDIR + +* Tue Mar 13 2018 Petr Lautrbach - 2.7-12 +- Correct manpages regarding removable_context +- build: follow standard semantics for DESTDIR and PREFIX + +* Fri Feb 09 2018 Igor Gnatenko - 2.7-11 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 2.7-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Igor Gnatenko - 2.7-9 +- Switch to %%ldconfig_scriptlets + +* Tue Jan 09 2018 Iryna Shcherbina - 2.7-8 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Jan 05 2018 Mamoru TASAKA - 2.7-7 +- F-28: rebuild for ruby25 + +* Wed Nov 22 2017 Petr Lautrbach - 2.7-6 +- Rebuild with libsepol-2.7-3 + +* Fri Oct 20 2017 Petr Lautrbach - 2.7-5 +- Drop golang bindings +- Add support for pcre2 to pkgconfig definition + +* Wed Sep 27 2017 Petr Šabata - 2.7-4 +- Enable the python3 subpackages on EL + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 2.7-3 +- Also add Provides for the old name without %%_isa + +* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek - 2.7-2 +- Python 2 binary package renamed to python2-libselinux + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 +- Python 3 binary package renamed to python3-libselinux + +* Mon Aug 07 2017 Petr Lautrbach - 2.7-1 +- Update to upstream release 2017-08-04 + +* Thu Aug 03 2017 Fedora Release Engineering - 2.6-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Sat Jul 29 2017 Florian Weimer - 2.6-9 +- Rebuild with binutils fix for ppc64le (#1475636) + +* Fri Jul 28 2017 Petr Lautrbach - 2.6-8 +- Always unmount selinuxfs for SELINUX=disabled + +* Wed Jul 26 2017 Fedora Release Engineering - 2.6-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Apr 28 2017 Petr Lautrbach - 2.6-6 +- Don't finalize mount state in selinux_set_policy_root() +- Follow upstream and rename _selinux.so to _selinux.cpython-36m-x86_64-linux-gnu.so + +* Thu Apr 06 2017 Petr Lautrbach - 2.6-5 +- Fix setfiles progress indicator + +* Wed Mar 22 2017 Petr Lautrbach - 2.6-4 +- Fix segfault in selinux_restorecon_sb() (#1433577) +- Change matchpathcon usage to match with matchpathcon manpage +- Fix a corner case getsebool return value + +* Tue Mar 14 2017 Petr Lautrbach - 2.6-3 +- Fix 'semanage boolean -m' to modify active value + +* Thu Mar 02 2017 Petr Lautrbach - 2.6-2 +- Fix FTBFS - fatal error (#1427902) + +* Sun Feb 12 2017 Petr Lautrbach - 2.6-1 +- Update to upstream release 2016-10-14 + +* Fri Feb 10 2017 Fedora Release Engineering - 2.5-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 01 2017 Stephen Gallagher - 2.5-17 +- Add missing %%license macro + +* Fri Jan 13 2017 Vít Ondruch - 2.5-16 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.4 + +* Wed Jan 11 2017 Petr Lautrbach - 2.5-15 +- Rewrite restorecon() python method + +* Fri Dec 09 2016 Charalampos Stratakis - 2.5-14 +- Rebuild for Python 3.6 + +* Tue Nov 22 2016 Petr Lautrbach - 2.5-13 +- Fix pointer handling in realpath_not_final (#1376598) + +* Mon Oct 03 2016 Petr Lautrbach 2.5-12 +- Fix -Wsign-compare warnings +- Drop unused stdio_ext.h header file +- Kill logging check for selinux_enabled() +- Drop usage of _D_ALLOC_NAMLEN +- Add openrc_contexts functions +- Fix redefinition of XATTR_NAME_SELINUX +- Correct error path to always try text +- Clean up process_file() +- Handle NULL pcre study data +- Fix in tree compilation of utils that depend on libsepol + +* Mon Aug 01 2016 Petr Lautrbach 2.5-11 +- Rebuilt with libsepol-2.5-9 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.5-10 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Mon Jun 27 2016 Petr Lautrbach - 2.5-9 +- Clarify is_selinux_mls_enabled() description +- Explain how to free policy type from selinux_getpolicytype() +- Compare absolute pathname in matchpathcon -V +- Add selinux_snapperd_contexts_path() + +* Fri Jun 24 2016 Petr Lautrbach - 2.5-8 +- Move _selinux.so to /usr/lib64/python*/site-packages + +* Thu Jun 23 2016 Petr Lautrbach - 2.5-7 +- Modify audit2why analyze function to use loaded policy +- Sort object files for deterministic linking order +- Respect CC and PKG_CONFIG environment variable +- Avoid mounting /proc outside of selinux_init_load_policy() + +* Fri May 06 2016 Petr Lautrbach - 2.5-6 +- Fix multiple spelling errors + +* Mon May 02 2016 Petr Lautrbach - 2.5-5 +- Rebuilt with libsepol-2.5-5 + +* Fri Apr 29 2016 Petr Lautrbach - 2.5-4 +- Fix typo in sefcontext_compile.8 + +* Fri Apr 08 2016 Petr Lautrbach - 2.5-3 +- Fix location of selinuxfs mount point +- Only mount /proc if necessary +- procattr: return einval for <= 0 pid args +- procattr: return error on invalid pid_t input + +* Sat Feb 27 2016 Petr Lautrbach 2.5-2 +- Use fully versioned arch-specific requires + +* Tue Feb 23 2016 Petr Lautrbach 2.5-1 +- Update to upstream release 2016-02-23 + +* Sun Feb 21 2016 Petr Lautrbach 2.5-0.1.rc1 +- Update to upstream rc1 release 2016-01-07 + +* Thu Feb 04 2016 Fedora Release Engineering - 2.4-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jan 12 2016 Vít Ondruch - 2.4-7 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.3 + +* Thu Dec 10 2015 Petr Lautrbach - 2.4-6 +- Build libselinux without rpm_execcon() (#1284019) + +* Thu Oct 15 2015 Robert Kuska - 2.4-5 +- Rebuilt for Python3.5 rebuild + +* Wed Sep 30 2015 Petr Lautrbach 2.4-4 +- Flush the class/perm string mapping cache on policy reload (#1264051) +- Fix restorecon when path has no context + +* Wed Sep 02 2015 Petr Lautrbach 2.4-3 +- Simplify procattr cache (#1257157,#1232371) + +* Fri Aug 14 2015 Adam Jackson 2.4-2 +- Export ldflags into the build so hardening works + +* Tue Jul 21 2015 Petr Lautrbach 2.4-1.1 +- Update to 2.4 release + +* Wed Jun 17 2015 Fedora Release Engineering - 2.3-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 12 2015 Petr Lautrbach 2.3-10 +- is_selinux_enabled: Add /etc/selinux/config test (#1219045) +- matchpathcon/selabel_file: Fix man pages (#1219718) + +* Thu Apr 23 2015 Petr Lautrbach 2.3-9 +- revert support for policy compressed with xv (#1185266) + +* Tue Apr 21 2015 Petr Lautrbach 2.3-8 +- selinux.py - use os.walk() instead of os.path.walk() (#1195004) +- is_selinux_enabled(): drop no-policy-loaded test (#1195074) +- fix -Wformat errors and remove deprecated mudflap option + +* Mon Mar 16 2015 Than Ngo - 2.3-7 +- bump release and rebuild so that koji-shadow can rebuild it + against new gcc on secondary arch + +* Mon Jan 19 2015 Vít Ondruch - 2.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.2 + +* Thu Aug 21 2014 Miroslav Grepl - 2.3-5 +- Compiled file context files and the original should have the same permissions from dwalsh@redhat.com +- Add selinux_openssh_contexts_path() to get a path to /contexts/openssh_contexts + +* Sun Aug 17 2014 Fedora Release Engineering - 2.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 28 2014 Kalev Lember - 2.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Tue May 6 2014 Dan Walsh - 2.3-1 +- Update to upstream + * Get rid of security_context_t and fix const declarations. + * Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. + +* Tue May 6 2014 Miroslav Grepl - 2.2.2-8 +- Add selinux_openssh_contexts_path() + +* Thu Apr 24 2014 Vít Ondruch - 2.2.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1 + +* Mon Feb 24 2014 Dan Walsh - 2.2.2-6 +- Fix spelling mistake in man page + +* Thu Feb 20 2014 Dan Walsh - 2.2.2-5 +- More go bindings +- restorecon, getpidcon, setexeccon + +* Fri Feb 14 2014 Dan Walsh - 2.2.2-4 +- Add additional go bindings for get*con calls +- Add go bindings test command +- Modify man pages of set*con calls to mention that they are thread specific + +* Fri Jan 24 2014 Dan Walsh - 2.2.2-3 +- Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go +- Add Int_to_mcs function to generate MCS labels from integers. + +* Tue Jan 14 2014 Dan Walsh - 2.2.2-2 +- Add ghost flag for /var/run/setrans + +* Mon Jan 6 2014 Dan Walsh - 2.2.2-1 +- Update to upstream + * Fix userspace AVC handling of per-domain permissive mode. +- Verify context is not null when passed into *setfilecon_raw + +* Fri Dec 27 2013 Adam Williamson - 2.2.1-6 +- revert unexplained change to rhat.patch which broke SELinux disablement + +* Mon Dec 23 2013 Dan Walsh - 2.2.1-5 +- Verify context is not null when passed into lsetfilecon_raw + +* Wed Dec 18 2013 Dan Walsh - 2.2.1-4 +- Mv selinux.go to /usr/share/gocode/src/selinux + +* Tue Dec 17 2013 Dan Walsh - 2.2.1-3 +- Add golang support to selinux. + +* Thu Dec 5 2013 Dan Walsh - 2.2.1-2 +- Remove togglesebool man page + +* Mon Nov 25 2013 Dan Walsh - 2.2.1-1 +- Update to upstream + * Remove -lpthread from pkg-config file; it is not required. +- Add support for policy compressed with xv + +* Thu Oct 31 2013 Dan Walsh - 2.2-1 +- Update to upstream + * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. + * Support overriding Makefile RANLIB from Sven Vermeulen. + * Update pkgconfig definition from Sven Vermeulen. + * Mount sysfs before trying to mount selinuxfs from Sven Vermeulen. + * Fix man pages from Laurent Bigonville. + * Support overriding PATH and LIBBASE in Makefiles from Laurent Bigonville. + * Fix LDFLAGS usage from Laurent Bigonville + * Avoid shadowing stat in load_mmap from Joe MacDonald. + * Support building on older PCRE libraries from Joe MacDonald. + * Fix handling of temporary file in sefcontext_compile from Dan Walsh. + * Fix procattr cache from Dan Walsh. + * Define python constants for getenforce result from Dan Walsh. + * Fix label substitution handling of / from Dan Walsh. + * Add selinux_current_policy_path from Dan Walsh. + * Change get_context_list to only return good matches from Dan Walsh. + * Support udev-197 and higher from Sven Vermeulen and Dan Walsh. + * Add support for local substitutions from Dan Walsh. + * Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh. + * Python wrapper leak fixes from Dan Walsh. + * Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh. + * Add selinux_systemd_contexts_path from Dan Walsh. + * Add selinux_set_policy_root from Dan Walsh. + * Add man page for sefcontext_compile from Dan Walsh. + +* Fri Oct 4 2013 Dan Walsh - 2.1.13-21 +- Add systemd_contexts support +- Do substitutions on a local sub followed by a dist sub + +* Thu Oct 3 2013 Dan Walsh - 2.1.13-20 +- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek +Resolves #1013801 + +* Mon Sep 16 2013 Dan Walsh - 2.1.13-19 +- Fix handling of libselinux getconlist with only one entry + +* Tue Sep 3 2013 Dan Walsh - 2.1.13-17 +- Add Python constants for SELinux enforcing modes + +* Sat Aug 03 2013 Fedora Release Engineering - 2.1.13-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Jun 28 2013 Dan Walsh - 2.1.13-16 +- Add sefcontext_compile.8 man page +- Add Russell Coker patch to fix man pages +- Add patches from Laurent Bigonville to fix Makefiles for debian. +- modify spec file to use %%{_prefix}/lib + +* Mon May 6 2013 Dan Walsh - 2.1.13-15 +- Fix patch that Handles substitutions for / + +* Wed Apr 17 2013 Dan Walsh - 2.1.13-14 +- Handle substitutions for / +- semanage fcontext -a -e / /opt/rh/devtoolset-2/root + +* Tue Apr 9 2013 Dan Walsh - 2.1.13-13 +- Add Eric Paris patch to fix procattr calls after a fork. + +* Tue Mar 26 2013 Dan Walsh - 2.1.13-12 +- Move secolor.conf.5 into mcstrans package and out of libselinux + +* Wed Mar 20 2013 Dan Walsh - 2.1.13-11 +- Fix python bindings for selinux_check_access + +* Tue Mar 19 2013 Dan Walsh - 2.1.13-10 +- Fix reseting the policy root in matchpathcon + +* Wed Mar 6 2013 Dan Walsh - 2.1.13-9 +- Cleanup setfcontext_compile atomic patch +- Add matchpathcon -P /etc/selinux/mls support by allowing users to set alternate root +- Make sure we set exit codes from selinux_label calls to ENOENT or SUCCESS + +* Wed Mar 6 2013 Dan Walsh - 2.1.13-8 +- Make setfcontext_compile atomic + +* Wed Mar 6 2013 Dan Walsh - 2.1.13-7 +- Fix memory leak in set*con calls. + +* Thu Feb 28 2013 Dan Walsh - 2.1.13-6 +- Move matchpathcon to -utils package +- Remove togglesebool + +* Thu Feb 21 2013 Dan Walsh - 2.1.13-5 +- Fix selinux man page to reflect what current selinux policy is. + +* Fri Feb 15 2013 Dan Walsh - 2.1.13-4 +- Add new constant SETRANS_DIR which points to the directory where mstransd can find the socket and libvirt can write its translations files. + +* Fri Feb 15 2013 Dan Walsh - 2.1.13-3 +- Bring back selinux_current_policy_path + +* Thu Feb 14 2013 Dan Walsh - 2.1.13-2 +- Revert some changes which are causing the wrong policy version file to be created + +* Thu Feb 7 2013 Dan Walsh - 2.1.13-1 +- Update to upstream + * audit2why: make sure path is nul terminated + * utils: new file context regex compiler + * label_file: use precompiled filecontext when possible + * do not leak mmapfd + * sefcontontext_compile: Add error handling to help debug problems in libsemanage. + * man: make selinux.8 mention service man pages + * audit2why: Fix segfault if finish() called twice + * audit2why: do not leak on multiple init() calls + * mode_to_security_class: interface to translate a mode_t in to a security class + * audit2why: Cleanup audit2why analysys function + * man: Fix program synopsis and function prototypes in man pages + * man: Fix man pages formatting + * man: Fix typo in man page + * man: Add references and man page links to _raw function variants + * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions + * man: context_new(3): fix the return value description + * selinux_status_open: handle error from sysconf + * selinux_status_open: do not leak statusfd on exec + * Fix errors found by coverity + * Change boooleans.subs to booleans.subs_dist. + * optimize set*con functions + * pkg-config do not specifc ruby version + * unmap file contexts on selabel_close() + * do not leak file contexts with mmap'd backend + * sefcontext_compile: do not leak fd on error + * matchmediacon: do not leak fd + * src/label_android_property: do not leak fd on error + +* Sun Jan 27 2013 Dan Walsh - 2.1.12-20 +- Update to latest patches from eparis/Upstream + +* Fri Jan 25 2013 Dan Walsh - 2.1.12-19 +- Update to latest patches from eparis/Upstream + +* Wed Jan 23 2013 Dan Walsh - 2.1.12-18 +- Try procatt speedup patch again + +* Wed Jan 23 2013 Dan Walsh - 2.1.12-17 +- Roll back procattr speedups since it seems to be screwing up systemd labeling. + +* Tue Jan 22 2013 Dan Walsh - 2.1.12-16 +- Fix tid handling for setfscreatecon, old patch still broken in libvirt + +* Wed Jan 16 2013 Dan Walsh - 2.1.12-15 +- Fix tid handling for setfscreatecon, old patch still broken in libvirt + +* Mon Jan 14 2013 Dan Walsh - 2.1.12-14 +- setfscreatecon after fork was broken by the Set*con patch. +- We needed to reset the thread variables after a fork. + +* Thu Jan 10 2013 Dan Walsh - 2.1.12-13 +- Fix setfscreatecon call to handle failure mode, which was breaking udev + +* Wed Jan 9 2013 Dan Walsh - 2.1.12-12 +- Ondrej Oprala patch to optimize set*con functions +- Set*con now caches the security context and only re-sets it if it changes. + +* Tue Jan 8 2013 Dan Walsh - 2.1.12-11 +- Rebuild against latest libsepol + +* Fri Jan 4 2013 Dan Walsh - 2.1.12-10 +- Update to latest patches from eparis/Upstream +- Fix errors found by coverity +- set the sepol_compute_av_reason_buffer flag to 0. This means calculate denials only? +- audit2why: remove a useless policy vers variable +- audit2why: use the new constraint information + +* Mon Nov 19 2012 Dan Walsh - 2.1.12-9 +- Rebuild with latest libsepol + +* Fri Nov 16 2012 Dan Walsh - 2.1.12-8 +- Return EPERM if login program can not reach default label for user +- Attempt to return container info from audit2why + +* Thu Nov 1 2012 Dan Walsh - 2.1.12-7 +- Apply patch from eparis to fix leaked file descriptor in new labeling code + +* Fri Oct 19 2012 Dan Walsh - 2.1.12-6 +- Add new function mode_to_security_class which takes mode instead of a string. +- Possibly will be used with coreutils. + +* Mon Oct 15 2012 Dan Walsh - 2.1.12-5 +- Add back selinuxconlist and selinuxdefcon man pages + +* Mon Oct 15 2012 Dan Walsh - 2.1.12-4 +- Fix segfault from calling audit2why.finish() multiple times + +* Fri Oct 12 2012 Dan Walsh - 2.1.12-3 +- Fix up selinux man page to reference service man pages + +* Wed Sep 19 2012 Dan Walsh - 2.1.12-2 +- Rebuild with fixed libsepol + +* Thu Sep 13 2012 Dan Walsh - 2.1.12-1 +- Update to upstream + * Add support for lxc_contexts_path + * utils: add service to getdefaultcon + * libsemanage: do not set soname needlessly + * libsemanage: remove PYTHONLIBDIR and ruby equivalent + * boolean name equivalency + * getsebool: support boolean name substitution + * Add man page for new selinux_boolean_sub function. + * expose selinux_boolean_sub + * matchpathcon: add -m option to force file type check + * utils: avcstat: clear sa_mask set + * seusers: Check for strchr failure + * booleans: initialize pointer to silence coveriety + * stop messages when SELinux disabled + * label_file: use PCRE instead of glibc regex functions + * label_file: remove all typedefs + * label_file: move definitions to include file + * label_file: do string to mode_t conversion in a helper function + * label_file: move error reporting back into caller + * label_file: move stem/spec handling to header + * label_file: drop useless ncomp field from label_file data + * label_file: move spec_hasMetaChars to header + * label_file: fix potential read past buffer in spec_hasMetaChars + * label_file: move regex sorting to the header + * label_file: add accessors for the pcre extra data + * label_file: only run regex files one time + * label_file: new process_file function + * label_file: break up find_stem_from_spec + * label_file: struct reorg + * label_file: only run array once when sorting + * Ensure that we only close the selinux netlink socket once. + * improve the file_contexts.5 manual page + +* Fri Aug 03 2012 David Malcolm - 2.1.11-6 +- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 + +* Wed Aug 1 2012 David Malcolm - 2.1.11-5 +- make with_python3 be conditional on fedora + +* Thu Jul 19 2012 Fedora Release Engineering - 2.1.11-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 16 2012 Dan Walsh - 2.1.11-3 +- Move the tmpfiles.d content from /etc/tmpfiles.d to /usr/lib/tmpfiles.d + +* Fri Jul 13 2012 Dan Walsh - 2.1.11-2 +- Revert Eric Paris Patch for selinux_binary_policy_path + +* Wed Jul 4 2012 Dan Walsh - 2.1.11-1 +- Update to upstream + * Fortify source now requires all code to be compiled with -O flag + * asprintf return code must be checked + * avc_netlink_recieve handle EINTR + * audit2why: silence -Wmissing-prototypes warning + * libsemanage: remove build warning when build swig c files + * matchpathcon: bad handling of symlinks in / + * seusers: remove unused lineno + * seusers: getseuser: gracefully handle NULL service + * New Android property labeling backend + * label_android_property whitespace cleanups + * additional makefile support for rubywrap + +* Mon Jun 11 2012 Dan Walsh - 2.1.10-5 +- Fix booleans.subs name, change function name to selinux_boolean_sub, + add man page, minor fixes to the function + +* Fri May 25 2012 Dan Walsh - 2.1.10-4 +- Fix to compile with Fortify source + * Add -O compiler flag + * Check return code from asprintf +- Fix handling of symbolic links in / by realpath_not_final + +* Tue Apr 17 2012 Dan Walsh - 2.1.10-3 +- Add support for lxc contexts file + +* Fri Mar 30 2012 Dan Walsh - 2.1.10-2 +- Add support fot boolean subs file + +* Thu Mar 29 2012 Dan Walsh - 2.1.10-1 +- Update to upstream + * Fix dead links to www.nsa.gov/selinux + * Remove jump over variable declaration + * Fix old style function definitions + * Fix const-correctness + * Remove unused flush_class_cache method + * Add prototype decl for destructor + * Add more printf format annotations + * Add printf format attribute annotation to die() method + * Fix const-ness of parameters & make usage() methods static + * Enable many more gcc warnings for libselinux/src/ builds + * utils: Enable many more gcc warnings for libselinux/utils builds + * Change annotation on include/selinux/avc.h to avoid upsetting SWIG + * Ensure there is a prototype for 'matchpathcon_lib_destructor' + * Update Makefiles to handle /usrmove + * utils: Stop separating out matchpathcon as something special + * pkg-config to figure out where ruby include files are located + * build with either ruby 1.9 or ruby 1.8 + * assert if avc_init() not called + * take security_deny_unknown into account + * security_compute_create_name(3) + * Do not link against python library, this is considered + * bad practice in debian + * Hide unnecessarily-exported library destructors + +* Thu Feb 16 2012 Dan Walsh - 2.1.9-9 +- Add selinux_current_policy_path to return /sys/fs/selinux/policy if it exists +- Otherwise search for policy on disk + +* Wed Feb 15 2012 Dan Walsh - 2.1.9-8 +- Change selinux_binary_policy_path to return /sys/fs/selinux/policy +- Add selinux_installed_policy_path to return what selinux_binary_policy_path used to return +- avc_has_perm will now return yes if the machine is in permissive mode +- Make work with ruby-1.9 + +* Fri Feb 3 2012 Dan Walsh - 2.1.9-7 +- avc_netlink_recieve should continue to poll if it receinves an EINTR rather + +* Sun Jan 29 2012 Kay Sievers - 2.1.9-6 +- use /sbin/ldconfig, glibc does not provide + /usr/sbin/ldconfig in the RPM database for now + +* Fri Jan 27 2012 Dan Walsh - 2.1.9-5 +- Rebuild with cleaned up upstream to work in /usr + +* Wed Jan 25 2012 Harald Hoyer 2.1.9-4 +- install everything in /usr + https://fedoraproject.org/wiki/Features/UsrMove + +* Mon Jan 23 2012 Dan Walsh - 2.1.9-3 +- Add Dan Berrange code cleanup patches. + +* Wed Jan 4 2012 Dan Walsh - 2.1.9-2 +- Fix selabal_open man page to refer to proper selinux_opt structure + +* Wed Dec 21 2011 Dan Walsh - 2.1.9-1 +-Update to upstream + * Fix setenforce man page to refer to selinux man page + * Cleanup Man pages + * merge freecon with getcon man page + +* Mon Dec 19 2011 Dan Walsh - 2.1.8-5 +- Add patch from Richard Haines + When selabel_lookup found an invalid context with validation enabled, it + always stated it was 'file_contexts' whether media, x, db or file. + The fix is to store the spec file name in the selabel_lookup_rec on + selabel_open and use this as output for logs. Also a minor fix if key is + NULL to stop seg faults. +- Fix setenforce manage page. + +* Thu Dec 15 2011 Dan Walsh - 2.1.8-4 +- Rebuild with new libsepol + +* Tue Dec 6 2011 Dan Walsh - 2.1.8-2 +- Fix setenforce man page, from Miroslav Grepl + +* Tue Dec 6 2011 Dan Walsh - 2.1.8-1 +- Upgrade to upstream + * selinuxswig_python.i: don't make syscall if it won't change anything + * Remove assert in security_get_boolean_names(3) + * Mapped compute functions now obey deny_unknown flag + * get_default_type now sets EINVAL if no entry. + * return EINVAL if invalid role selected + * Updated selabel_file(5) man page + * Updated selabel_db(5) man page + * Updated selabel_media(5) man page + * Updated selabel_x(5) man page + * Add man/man5 man pages + * Add man/man5 man pages + * Add man/man5 man pages + * use -W and -Werror in utils + +* Tue Nov 29 2011 Dan Walsh - 2.1.7-2 +- Change python binding for restorecon to check if the context matches. +- If it does do not reset + +* Fri Nov 4 2011 Dan Walsh - 2.1.7-1 +- Upgrade to upstream + * Makefiles: syntax, convert all ${VAR} to $(VAR) + * load_policy: handle selinux=0 and /sys/fs/selinux not exist + * regenerate .pc on VERSION change + * label: cosmetic cleanups + * simple interface for access checks + * Don't reinitialize avc_init if it has been called previously + * seusers: fix to handle large sets of groups + * audit2why: close fd on enomem + * rename and export symlink_realpath + * label_file: style changes to make Eric happy. + +* Mon Oct 24 2011 Dan Walsh - 2.1.6-4 +- Apply libselinux patch to handle large groups in seusers. + +* Wed Oct 19 2011 Dan Walsh - 2.1.6-3 +- Add selinux_check_access function. Needed for passwd, chfn, chsh + +* Thu Sep 22 2011 Dan Walsh - 2.1.6-2 +- Handle situation where selinux=0 passed to the kernel and both /selinux and + +* Mon Sep 19 2011 Dan Walsh - 2.1.6-1 +-Update to upstream + * utils: matchpathcon: remove duplicate declaration + * src: matchpathcon: use myprintf not fprintf + * src: matchpathcon: make sure resolved path starts + * put libselinux.so.1 in /lib not /usr/lib + * tree: default make target to all not + +* Wed Sep 14 2011 Dan Walsh - 2.1.5-5 +- Switch to use ":" as prefix separator rather then ";" + +* Thu Sep 8 2011 Ville Skyttä - 2.1.5-4 +- Avoid unnecessary shell invocation in %%post. + +* Tue Sep 6 2011 Dan Walsh - 2.1.5-3 +- Fix handling of subset labeling that is causing segfault in restorecon + +* Fri Sep 2 2011 Dan Walsh - 2.1.5-2 +- Change matchpathcon_init_prefix and selabel_open to allow multiple initial +prefixes. Now you can specify a ";" separated list of prefixes and the +labeling system will only load regular expressions that match these prefixes. + +* Tue Aug 30 2011 Dan Walsh - 2.1.5-1 +- Change matchpatcon to use proper myprintf +- Fix symlink_realpath to always include "/" +- Update to upstream + * selinux_file_context_verify function returns wrong value. + * move realpath helper to matchpathcon library + * python wrapper makefile changes + +* Mon Aug 22 2011 Dan Walsh - 2.1.4-2 +- Move to new Makefile that can build with or without PYTHON being set + +* Thu Aug 18 2011 Dan Walsh - 2.1.4-1 +-Update to upstream +2.1.4 2011-0817 + * mapping fix for invalid class/perms after selinux_set_mapping + * audit2why: work around python bug not defining + * resolv symlinks and dot directories before matching + +2.1.2 2011-0803 + * audit2allow: do not print statistics + * make python bindings for restorecon work on relative path + * fix python audit2why binding error + * support new python3 functions + * do not check fcontext duplicates on use + * Patch for python3 for libselinux + +2.1.1 2011-08-02 + * move .gitignore into utils + * new setexecon utility + * selabel_open fix processing of substitution files + * mountpoint changing patch. + * simplify SRCS in Makefile + +2.1.1 2011-08-01 + * Remove generated files, introduce more .gitignore + + + +* Thu Jul 28 2011 Dan Walsh - 2.1.0-1 +-Update to upstream + * Release, minor version bump + * Give correct names to mount points in load_policy by Dan Walsh. + * Make sure selinux state is reported correctly if selinux is disabled or + fails to load by Dan Walsh. + * Fix crash if selinux_key_create was never called by Dan Walsh. + * Add new file_context.subs_dist for distro specific filecon substitutions + by Dan Walsh. + * Update man pages for selinux_color_* functions by Richard Haines. + +* Mon Jun 13 2011 Dan Walsh - 2.0.102-6 +- Only call dups check within selabel/matchpathcon if you are validating the +context +- This seems to speed the loading of labels by 4 times. + +* Fri Apr 29 2011 Dan Walsh - 2.0.102-5 +- Move /selinux to /sys/fs/selinux +- Add selinuxexeccon +- Add realpath to matchpathcon to handle matchpathcon * type queries. + +* Thu Apr 21 2011 Dan Walsh - 2.0.102-4 +- Update for latest libsepol + +* Mon Apr 18 2011 Dan Walsh - 2.0.102-3 +- Update for latest libsepol + +* Wed Apr 13 2011 Dan Walsh - 2.0.102-2 +- Fix restorecon python binding to accept relative paths + +* Tue Apr 12 2011 Dan Walsh - 2.0.102-1 +-Update to upstream + * Give correct names to mount points in load_policy by Dan Walsh. + * Make sure selinux state is reported correctly if selinux is disabled or + fails to load by Dan Walsh. + * Fix crash if selinux_key_create was never called by Dan Walsh. + * Add new file_context.subs_dist for distro specific filecon substitutions + by Dan Walsh. + * Update man pages for selinux_color_* functions by Richard Haines. + +* Wed Apr 6 2011 Dan Walsh - 2.0.101-1 +- Clean up patch to make handling of constructor cleanup more portable + * db_language object class support for selabel_lookup from KaiGai Kohei. + * Library destructors for thread local storage keys from Eamon Walsh. + +* Tue Apr 5 2011 Dan Walsh - 2.0.99-5 +- Add distribution subs path + +* Tue Apr 5 2011 Dan Walsh - 2.0.99-4 +Add patch from dbhole@redhat.com to initialize thread keys to -1 +Errors were being seen in libpthread/libdl that were related +to corrupt thread specific keys. Global destructors that are called on dl +unload. During destruction delete a thread specific key without checking +if it has been initialized. Since the constructor is not called each time +(i.e. key is not initialized with pthread_key_create each time), and the +default is 0, there is a possibility that key 0 for an active thread gets +deleted. This is exactly what is happening in case of OpenJDK. + +Workaround patch that initializes the key to -1. Thus if the constructor is not +called, the destructor tries to delete key -1 which is deemed invalid by +pthread_key_delete, and is ignored. + +* Tue Apr 5 2011 Dan Walsh - 2.0.99-3 +- Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data + +* Fri Apr 1 2011 Dan Walsh - 2.0.99-2 +- Change mount source options to use "proc" and "selinuxfs" + +* Tue Mar 1 2011 Dan Walsh - 2.0.99-1 +- Update to upstream + * Turn off default user handling when computing user contexts by Dan Walsh + +* Tue Feb 08 2011 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Feb 1 2011 Dan Walsh - 2.0.98-3 +- Fixup selinux man page + +* Tue Jan 18 2011 Dan Walsh - 2.0.98-2 +- Fix Makefile to use pkg-config --cflags python3 to discover include paths + +* Tue Dec 21 2010 Dan Walsh - 2.0.98-1 +- Update to upstream + - Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list + +* Mon Dec 6 2010 Dan Walsh - 2.0.97-1 +- Update to upstream + * Thread local storage fixes from Eamon Walsh. + +* Sat Dec 4 2010 Dan Walsh - 2.0.96-9 +- Add /etc/tmpfiles.d support for /var/run/setrans + +* Wed Nov 24 2010 Dan Walsh - 2.0.96-8 +- Ghost /var/run/setrans + +* Wed Sep 29 2010 jkeating - 2.0.96-7 +- Rebuilt for gcc bug 634757 + +* Thu Sep 16 2010 Adam Tkac - 2.0.96-6 +- rebuild via updated swig (#624674) + +* Sun Aug 22 2010 Dan Walsh - 2.0.96-5 +- Update for python 3.2a1 + +* Tue Jul 27 2010 Dan Walsh - 2.0.96-4 +- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list + +* Wed Jul 21 2010 David Malcolm - 2.0.96-3 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Fri Jun 25 2010 Dan Walsh - 2.0.96-2 +- Turn off messages in audit2why + +* Wed Mar 24 2010 Dan Walsh - 2.0.96-1 +- Update to upstream + * Add const qualifiers to public API where appropriate by KaiGai Kohei. + +2.0.95 2010-06-10 + * Remove duplicate slashes in paths in selabel_lookup from Chad Sellers + * Adds a chcon method to the libselinux python bindings from Steve Lawrence +- add python3 subpackage from David Malcolm + +* Wed Mar 24 2010 Dan Walsh - 2.0.94-1 +* Set errno=EINVAL for invalid contexts from Dan Walsh. + +* Tue Mar 16 2010 Dan Walsh - 2.0.93-1 +- Update to upstream + * Show strerror for security_getenforce() by Colin Waters. + * Merged selabel database support by KaiGai Kohei. + * Modify netlink socket blocking code by KaiGai Kohei. + +* Sun Mar 7 2010 Dan Walsh - 2.0.92-1 +- Update to upstream + * Fix from Eric Paris to fix leak on non-selinux systems. + * regenerate swig wrappers + * pkgconfig fix to respect LIBDIR from Dan Walsh. + +* Wed Feb 24 2010 Dan Walsh - 2.0.91-1 +- Update to upstream + * Change the AVC to only audit the permissions specified by the + policy, excluding any permissions specified via dontaudit or not + specified via auditallow. + * Fix compilation of label_file.c with latest glibc headers. + +* Mon Feb 22 2010 Dan Walsh - 2.0.90-5 +- Fix potential doublefree on init + +* Thu Feb 18 2010 Dan Walsh - 2.0.90-4 +- Fix libselinux.pc + +* Mon Jan 18 2010 Dan Walsh - 2.0.90-3 +- Fix man page for selinuxdefcon + +* Mon Jan 4 2010 Dan Walsh - 2.0.90-2 +- Free memory on disabled selinux boxes + +* Tue Dec 1 2009 Dan Walsh - 2.0.90-1 +- Update to upstream + * add/reformat man pages by Guido Trentalancia . + * Change exception.sh to be called with bash by Manoj Srivastava + +* Mon Nov 2 2009 Dan Walsh - 2.0.89-2 +- Fix selinuxdefcon man page + +* Mon Nov 2 2009 Dan Walsh - 2.0.89-1 +- Update to upstream + * Add pkgconfig file from Eamon Walsh. + +* Thu Oct 29 2009 Dan Walsh - 2.0.88-1 +- Update to upstream + * Rename and export selinux_reset_config() + +* Tue Sep 8 2009 Dan Walsh - 2.0.87-1 +- Update to upstream + * Add exception handling in libselinux from Dan Walsh. This uses a + shell script called exception.sh to generate a swig interface file. + * make swigify + * Make matchpathcon print <> if path not found in fcontext file. + +* Tue Sep 8 2009 Dan Walsh - 2.0.86-2 +- Eliminate -pthread switch in Makefile + +* Tue Sep 8 2009 Dan Walsh - 2.0.86-1 +- Update to upstream + * Removal of reference counting on userspace AVC SID's. + +* Sat Jul 25 2009 Fedora Release Engineering - 2.0.85-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jul 7 2009 Dan Walsh - 2.0.85-1 +- Update to upstream + * Reverted Tomas Mraz's fix for freeing thread local storage to avoid + pthread dependency. + * Removed fini_context_translations() altogether. + * Merged lazy init patch from Stephen Smalley based on original patch + by Steve Grubb. + +* Tue Jul 7 2009 Dan Walsh - 2.0.84-1 +- Update to upstream + * Add per-service seuser support from Dan Walsh. + * Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley. + * Check /proc/filesystems before /proc/mounts for selinuxfs from Eric + Paris. + +* Wed Jun 24 2009 Dan Walsh - 2.0.82-2 +- Add provices ruby(selinux) + +* Tue Jun 23 2009 Dan Walsh - 2.0.82-1 +- Update to upstream + * Fix improper use of thread local storage from Tomas Mraz . + * Label substitution support from Dan Walsh. + * Support for labeling virtual machine images from Dan Walsh. + +* Mon May 18 2009 Dan Walsh - 2.0.81-1 +- Update to upstream + * Trim / from the end of input paths to matchpathcon from Dan Walsh. + * Fix leak in process_line in label_file.c from Hiroshi Shinji. + * Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. + * getdefaultcon to print just the correct match and add verbose option from Dan Walsh. + +* Wed Apr 8 2009 Dan Walsh - 2.0.80-1 +- Update to upstream + * deny_unknown wrapper function from KaiGai Kohei. + * security_compute_av_flags API from KaiGai Kohei. + * Netlink socket management and callbacks from KaiGai Kohei. + +* Fri Apr 3 2009 Dan Walsh - 2.0.79-6 +- Fix Memory Leak + +* Thu Apr 2 2009 Dan Walsh - 2.0.79-5 +- Fix crash in python + +* Sun Mar 29 2009 Dan Walsh - 2.0.79-4 +- Add back in additional interfaces + +* Fri Mar 27 2009 Dan Walsh - 2.0.79-3 +- Add back in av_decision to python swig + +* Thu Mar 12 2009 Dan Walsh - 2.0.79-1 +- Update to upstream + * Netlink socket handoff patch from Adam Jackson. + * AVC caching of compute_create results by Eric Paris. + +* Tue Mar 10 2009 Dan Walsh - 2.0.78-5 +- Add patch from ajax to accellerate X SELinux +- Update eparis patch + +* Mon Mar 9 2009 Dan Walsh - 2.0.78-4 +- Add eparis patch to accellerate Xwindows performance + +* Mon Mar 9 2009 Dan Walsh - 2.0.78-3 +- Fix URL + +* Fri Mar 6 2009 Dan Walsh - 2.0.78-2 +- Add substitute pattern +- matchpathcon output <> on ENOENT + +* Mon Mar 2 2009 Dan Walsh - 2.0.78-1 +- Update to upstream + * Fix incorrect conversion in discover_class code. + +* Wed Feb 25 2009 Fedora Release Engineering - 2.0.77-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Feb 18 2009 Dan Walsh - 2.0.77-5 +- Add + - selinux_virtual_domain_context_path + - selinux_virtual_image_context_path + +* Tue Jan 6 2009 Dan Walsh - 2.0.77-3 +- Throw exeptions in python swig bindings on failures + +* Tue Jan 6 2009 Dan Walsh - 2.0.77-2 +- Fix restorecon python code + +* Tue Jan 6 2009 Dan Walsh - 2.0.77-1 +- Update to upstream + +* Tue Dec 16 2008 Dan Walsh - 2.0.76-6 +- Strip trailing / for matchpathcon + +* Tue Dec 16 2008 Dan Walsh l - 2.0.76-5 +- Fix segfault if seusers file does not work + +* Fri Dec 12 2008 Dan Walsh - 2.0.76-4 +- Add new function getseuser which will take username and service and return +- seuser and level. ipa will populate file in future. +- Change selinuxdefcon to return just the context by default + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 2.0.76-2 +- Rebuild for Python 2.6 + +* Mon Nov 17 2008 Dan Walsh - 2.0.76-1 +- Update to Upstream + * Allow shell-style wildcards in x_contexts file. + +* Mon Nov 17 2008 Dan Walsh - 2.0.75-2 +- Eamon Walsh Patch - libselinux: allow shell-style wildcarding in X names +- Add Restorecon/Install python functions from Luke Macken + +* Fri Nov 7 2008 Dan Walsh - 2.0.75-1 +- Update to Upstream + * Correct message types in AVC log messages. + * Make matchpathcon -V pass mode from Dan Walsh. + * Add man page for selinux_file_context_cmp from Dan Walsh. + +* Tue Sep 30 2008 Dan Walsh - 2.0.73-1 +- Update to Upstream + * New man pages from Dan Walsh. + * Update flask headers from refpolicy trunk from Dan Walsh. + +* Fri Sep 26 2008 Dan Walsh - 2.0.71-6 +- Fix matchpathcon -V call + +* Tue Sep 9 2008 Dan Walsh - 2.0.71-5 +- Add flask definitions for open, X and nlmsg_tty_audit + +* Tue Sep 9 2008 Dan Walsh - 2.0.71-4 +- Add missing get/setkeycreatecon man pages + +* Tue Sep 9 2008 Dan Walsh - 2.0.71-3 +- Split out utilities + +* Tue Sep 9 2008 Dan Walsh - 2.0.71-2 +- Add missing man page links for [lf]getfilecon + +* Tue Aug 5 2008 Dan Walsh - 2.0.71-1 +- Update to Upstream + * Add group support to seusers using %%groupname syntax from Dan Walsh. + * Mark setrans socket close-on-exec from Stephen Smalley. + * Only apply nodups checking to base file contexts from Stephen Smalley. + +* Fri Aug 1 2008 Dan Walsh - 2.0.70-1 +- Update to Upstream + * Merge ruby bindings from Dan Walsh. +- Add support for Linux groups to getseuserbyname + +* Fri Aug 1 2008 Dan Walsh - 2.0.69-2 +- Allow group handling in getseuser call + +* Tue Jul 29 2008 Dan Walsh - 2.0.69-1 +- Update to Upstream + * Handle duplicate file context regexes as a fatal error from Stephen Smalley. + This prevents adding them via semanage. + * Fix audit2why shadowed variables from Stephen Smalley. + * Note that freecon NULL is legal in man page from Karel Zak. + +* Wed Jul 9 2008 Dan Walsh - 2.0.67-4 +- Add ruby support for puppet + +* Tue Jul 8 2008 Dan Walsh - 2.0.67-3 +- Rebuild for new libsepol + +* Sun Jun 29 2008 Dan Walsh - 2.0.67-2 +- Add Karel Zak patch for freecon man page + +* Sun Jun 22 2008 Dan Walsh - 2.0.67-1 +- Update to Upstream + * New and revised AVC, label, and mapping man pages from Eamon Walsh. + * Add swig python bindings for avc interfaces from Dan Walsh. + +* Sun Jun 22 2008 Dan Walsh - 2.0.65-1 +- Update to Upstream + * Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized. + * Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status. + +* Fri May 16 2008 Dan Walsh - 2.0.64-3 +- libselinux no longer neets to telnet -u in post install + +* Wed May 7 2008 Dan Walsh - 2.0.64-2 +- Add sedefaultcon and setconlist commands to dump login context + +* Tue Apr 22 2008 Dan Walsh - 2.0.64-1 +- Update to Upstream + * Fixed selinux_set_callback man page. + * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. + * Fix memory leaks in matchpathcon from Eamon Walsh. + +* Wed Apr 16 2008 Dan Walsh - 2.0.61-4 +- Add Xavior Toth patch for security_id_t in swig + +* Thu Apr 10 2008 Dan Walsh - 2.0.61-3 +- Add avc.h to swig code + +* Wed Apr 9 2008 Dan Walsh - 2.0.61-2 +- Grab the latest policy for the kernel + +* Tue Apr 1 2008 Dan Walsh - 2.0.61-1 +- Update to Upstream + * Man page typo fix from Jim Meyering. + +* Sun Mar 23 2008 Dan Walsh - 2.0.60-1 +- Update to Upstream + * Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel. + +* Thu Mar 13 2008 Dan Walsh - 2.0.59-2 +- Fix matchpathcon memory leak + +* Fri Feb 29 2008 Dan Walsh - 2.0.59-1 +- Update to Upstream + * Merged new X label "poly_selection" namespace from Eamon Walsh. + +* Thu Feb 28 2008 Dan Walsh - 2.0.58-1 +- Update to Upstream + * Merged reset_selinux_config() for load policy from Dan Walsh. + +* Thu Feb 28 2008 Dan Walsh - 2.0.57-2 +- Reload library on loading of policy to handle chroot + +* Mon Feb 25 2008 Dan Walsh - 2.0.57-1 +- Update to Upstream + * Merged avc_has_perm() errno fix from Eamon Walsh. + +* Fri Feb 22 2008 Dan Walsh - 2.0.56-1 +- Update to Upstream + * Regenerated Flask headers from refpolicy flask definitions. + +* Wed Feb 13 2008 Dan Walsh - 2.0.55-1 +- Update to Upstream + * Merged compute_member AVC function and manpages from Eamon Walsh. + * Provide more error reporting on load policy failures from Stephen Smalley. + +* Fri Feb 8 2008 Dan Walsh - 2.0.53-1 +- Update to Upstream + * Merged new X label "poly_prop" namespace from Eamon Walsh. + +* Wed Feb 6 2008 Dan Walsh - 2.0.52-1 +- Update to Upstream + * Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley. + * Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley. + +* Tue Jan 29 2008 Dan Walsh - 2.0.50-1 +- Update to Upstream + * Merged fix for audit2why from Dan Walsh. + +* Fri Jan 25 2008 Dan Walsh - 2.0.49-2 +- Fix audit2why to grab latest policy versus the one selected by the kernel + +* Wed Jan 23 2008 Dan Walsh - 2.0.49-1 +* Merged audit2why python binding from Dan Walsh. + +* Wed Jan 23 2008 Dan Walsh - 2.0.48-1 +* Merged updated swig bindings from Dan Walsh, including typemap for pid_t. + +* Mon Jan 21 2008 Dan Walsh - 2.0.47-4 +- Update to use libsepol-static library + +* Wed Jan 16 2008 Adel Gadllah - 2.0.47-3 +- Move libselinux.a to -static package +- Spec cleanups + +* Tue Jan 15 2008 Dan Walsh - 2.0.47-2 +- Put back libselinux.a + +* Fri Jan 11 2008 Dan Walsh - 2.0.47-1 +- Fix memory references in audit2why and change to use tuples +- Update to Upstream + * Fix for the avc: granted null message bug from Stephen Smalley. + +* Fri Jan 11 2008 Dan Walsh - 2.0.46-6 +- Fix __init__.py specification + +* Tue Jan 8 2008 Dan Walsh - 2.0.46-5 +- Add audit2why python bindings + +* Tue Jan 8 2008 Dan Walsh - 2.0.46-4 +- Add pid_t typemap for swig bindings + +* Thu Jan 3 2008 Dan Walsh - 2.0.46-3 +- smp_mflag + +* Thu Jan 3 2008 Dan Walsh - 2.0.46-2 +- Fix spec file caused by spec review + +* Fri Nov 30 2007 Dan Walsh - 2.0.46-1 +- Upgrade to upstream + * matchpathcon(8) man page update from Dan Walsh. + +* Fri Nov 30 2007 Dan Walsh - 2.0.45-1 +- Upgrade to upstream + * dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley. + * Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley. + * A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD. + +* Thu Nov 15 2007 Dan Walsh - 2.0.43-1 +- Upgrade to upstream + * Regenerated Flask headers from policy. + +* Thu Nov 15 2007 Dan Walsh - 2.0.42-1 +- Upgrade to upstream + * AVC enforcing mode override patch from Eamon Walsh. + * Aligned attributes in AVC netlink code from Eamon Walsh. +- Move libselinux.so back into devel package, procps has been fixed + +* Tue Nov 6 2007 Dan Walsh - 2.0.40-1 +- Upgrade to upstream + * Merged refactored AVC netlink code from Eamon Walsh. + * Merged new X label namespaces from Eamon Walsh. + * Bux fix and minor refactoring in string representation code. + +* Fri Oct 5 2007 Dan Walsh - 2.0.37-1 +- Upgrade to upstream + * Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh. + +* Fri Sep 28 2007 Dan Walsh - 2.0.36-1 +- Upgrade to upstream + * Fix segfault resulting from missing file_contexts file. + +* Thu Sep 27 2007 Dan Walsh - 2.0.35-2 +- Fix segfault on missing file_context file + +* Wed Sep 26 2007 Dan Walsh - 2.0.35-1 +- Upgrade to upstream + * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh. + * Pass CFLAGS when using gcc for linking from Dennis Gilmore. + +* Mon Sep 24 2007 Dan Walsh - 2.0.34-3 +- Add sparc patch to from Dennis Gilmore to build on Sparc platform + +* Mon Sep 24 2007 Dan Walsh - 2.0.34-2 +- Remove leaked file descriptor + +* Tue Sep 18 2007 Dan Walsh - 2.0.34-1 +- Upgrade to latest from NSA + * Fix selabel option flag setting for 64-bit from Stephen Smalley. + +* Tue Sep 18 2007 Dan Walsh - 2.0.33-2 +- Change matchpatcon to use syslog instead of syserror + +* Thu Sep 13 2007 Dan Walsh - 2.0.33-1 +- Upgrade to latest from NSA + * Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley. + * Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley. + * Fix swig binding for rpm_execcon from James Athey. + +* Thu Sep 6 2007 Dan Walsh - 2.0.31-4 +- Apply James Athway patch to fix rpm_execcon python binding + +* Tue Aug 28 2007 Dan Walsh - 2.0.31-3 +- Move libselinux.so back into main package, breaks procps + +* Thu Aug 23 2007 Dan Walsh - 2.0.31-2 +- Upgrade to upstream + * Fix file_contexts.homedirs path from Todd Miller. + +* Tue Aug 21 2007 Dan Walsh - 2.0.30-2 +- Remove requirement on setransd, Moved to selinux-policy-mls + +* Fri Aug 10 2007 Dan Walsh - 2.0.30-1 +- Move libselinux.so into devel package +- Upgrade to upstream + * Fix segfault resulting from uninitialized print-callback pointer. + * Added x_contexts path function patch from Eamon Walsh. + * Fix build for EMBEDDED=y from Yuichi Nakamura. + * Fix markup problems in selinux man pages from Dan Walsh. + +* Fri Aug 3 2007 Dan Walsh - 2.0.29-1 +- Upgrade to upstream + * Updated version for stable branch. + * Added x_contexts path function patch from Eamon Walsh. + * Fix build for EMBEDDED=y from Yuichi Nakamura. + * Fix markup problems in selinux man pages from Dan Walsh. + * Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh. + * Added swigify to top-level Makefile from Dan Walsh. + * Fix for string_to_security_class segfault on x86_64 from Stephen + Smalley. + +* Mon Jul 23 2007 Dan Walsh - 2.0.24-3 +- Apply Steven Smalley patch to fix segfault in string_to_security_class + +* Wed Jul 18 2007 Dan Walsh - 2.0.24-2 +- Fix matchpathcon to set default myprintf + +* Mon Jul 16 2007 Dan Walsh - 2.0.24-1 +- Upgrade to upstream + * Fix for getfilecon() for zero-length contexts from Stephen Smalley. + +* Wed Jul 11 2007 Dan Walsh - 2.0.23-3 +- Update to match flask/access_vectors in policy + +* Tue Jul 10 2007 Dan Walsh - 2.0.23-2 +- Fix man page markup lanquage for translations + +* Tue Jun 26 2007 Dan Walsh - 2.0.23-1 +- Fix semanage segfault on x86 platform + +* Thu Jun 21 2007 Dan Walsh - 2.0.22-1 +- Upgrade to upstream + * Labeling and callback interface patches from Eamon Walsh. + +* Tue Jun 19 2007 Dan Walsh - 2.0.21-2 +- Refactored swig + +* Mon Jun 11 2007 Dan Walsh - 2.0.21-1 +- Upgrade to upstream + * Class and permission mapping support patches from Eamon Walsh. + * Object class discovery support patches from Chris PeBenito. + * Refactoring and errno support in string representation code. + +* Fri Jun 1 2007 Dan Walsh - 2.0.18-1 +- Upgrade to upstream +- Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura. + This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case. + +2.0.17 2007-05-31 + * Updated Lindent script and reindented two header files. + +* Fri May 4 2007 Dan Walsh - 2.0.16-1 +- Upgrade to upstream + * Merged additional swig python bindings from Dan Walsh. + * Merged helpful message when selinuxfs mount fails patch from Dax Kelson. + +* Tue Apr 24 2007 Dan Walsh - 2.0.14-1 +- Upgrade to upstream + * Merged build fix for avc_internal.c from Joshua Brindle. + +* Mon Apr 23 2007 Dan Walsh - 2.0.13-2 +- Add get_context_list funcitions to swig file + +* Thu Apr 12 2007 Dan Walsh - 2.0.13-1 +- Upgrade to upstream + * Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh. + +* Thu Apr 12 2007 Dan Walsh - 2.0.12-2 +- Add missing interface + +* Wed Apr 11 2007 Dan Walsh - 2.0.12-1 +- Upgrade to upstream + * Merged support for getting initial contexts from James Carter. + +* Mon Apr 9 2007 Dan Walsh - 2.0.11-1 +- Upgrade to upstream + * Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh. + * Merged sidput(NULL) patch from Eamon Walsh. + +* Thu Apr 5 2007 Dan Walsh - 2.0.9-2 +- Make rpm_exec swig work + +* Tue Mar 27 2007 Dan Walsh - 2.0.9-1 +- Upgrade to upstream + * Merged class/av string conversion and avc_compute_create patch from Eamon Walsh. + +* Tue Mar 27 2007 Dan Walsh - 2.0.8-1 +- Upgrade to upstream + * Merged fix for avc.h #include's from Eamon Walsh. + +* Thu Mar 22 2007 Dan Walsh - 2.0.7-2 +- Add stdint.h to avc.h + +* Mon Mar 12 2007 Dan Walsh - 2.0.7-1 +- Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb. +- Merged patch to drop support for old /etc/sysconfig/selinux and +- /etc/security policy file layout from Steve Grubb. + +* Thu Mar 8 2007 Dan Walsh - 2.0.5-2 +- Do not fail on permission denied in getsebool + +* Tue Feb 27 2007 Dan Walsh - 2.0.5-1 +- Upgrade to upstream + * Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb. + +* Wed Feb 21 2007 Dan Walsh - 2.0.4-1 +- Upgrade to upstream + * Removed sending of setrans init message. + * Merged matchpathcon memory leak fix from Steve Grubb. + +* Tue Feb 20 2007 Dan Walsh - 2.0.2-1 +- Upgrade to upstream + * Merged more swig initializers from Dan Walsh. + +* Sun Feb 18 2007 Dan Walsh - 2.0.1-1 +- Upgrade to upstream + * Merged patch from Todd Miller to convert int types over to C99 style. + +* Wed Feb 7 2007 Dan Walsh - 2.0.0-1 +- Merged patch from Todd Miller to remove sscanf in matchpathcon.c because + of the use of the non-standard format (original patch changed + for style). +- Merged patch from Todd Miller to fix memory leak in matchpathcon.c. + +* Fri Jan 19 2007 Dan Walsh - 1.34.0-2 +- Add context function to python to split context into 4 parts + +* Fri Jan 19 2007 Dan Walsh - 1.34.0-1 +- Upgrade to upstream + * Updated version for stable branch. + +* Wed Jan 17 2007 Dan Walsh - 1.33.6-1 +- Upgrade to upstream + * Merged man page updates to make "apropos selinux" work from Dan Walsh. + +* Wed Jan 17 2007 Dan Walsh - 1.33.5-1 +- Upgrade to upstream + * Merged getdefaultcon utility from Dan Walsh. + +* Mon Jan 15 2007 Dan Walsh - 1.33.4-3 +- Add Ulrich NSCD__GETSERV and NSCD__SHMEMGRP for Uli + +* Fri Jan 12 2007 Dan Walsh - 1.33.4-2 +- Add reference to selinux man page in all man pages to make apropos work +Resolves: # 217881 + +* Thu Jan 11 2007 Dan Walsh - 1.33.4-1 +- Upstream wanted some minor changes, upgrading to keep api the same +- Upgrade to upstream + * Merged selinux_check_securetty_context() and support from Dan Walsh. +Resolves: #200110 + +* Fri Jan 5 2007 Dan Walsh - 1.33.3-3 +- Cleanup patch + +* Fri Jan 5 2007 Dan Walsh - 1.33.3-2 +- Add securetty handling +Resolves: #200110 + +* Thu Jan 4 2007 Dan Walsh - 1.33.3-1 +- Upgrade to upstream + * Merged patch for matchpathcon utility to use file mode information + when available from Dan Walsh. + +* Thu Dec 7 2006 Jeremy Katz - 1.33.2-4 +- rebuild against python 2.5 + +* Wed Dec 6 2006 Dan Walsh - 1.33.2-3 +- Fix matchpathcon to lstat files + +* Thu Nov 30 2006 Dan Walsh - 1.33.2-2 +- Update man page + +* Tue Nov 14 2006 Dan Walsh - 1.33.2-1 +- Upgrade to upstream + +* Fri Nov 3 2006 Dan Walsh - 1.33.1-2 +- Add James Antill patch for login verification of MLS Levels +- MLS ragnes need to be checked, Eg. login/cron. This patch adds infrastructure. + +* Tue Oct 24 2006 Dan Walsh - 1.33.1-1 +- Upgrade to latest from NSA + * Merged updated flask definitions from Darrel Goeddel. + This adds the context security class, and also adds + the string definitions for setsockcreate and polmatch. + +* Tue Oct 17 2006 Dan Walsh - 1.32-1 +- Upgrade to latest from NSA + * Updated version for release. + +* Sun Oct 01 2006 Jesse Keating - 1.30.29-2 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Fri Sep 29 2006 Dan Walsh - 1.30.29-1 +- Upgrade to latest from NSA + * Merged av_permissions.h update from Steve Grubb, + adding setsockcreate and polmatch definitions. + +* Wed Sep 27 2006 Jeremy Katz - 1.30.28-3 +- really make -devel depend on libsepol-devel + +* Wed Sep 27 2006 Dan Walsh - 1.30.28-2 +- Add sgrubb patch for polmatch + +* Wed Sep 13 2006 Dan Walsh - 1.30.28-1 +- Upgrade to latest from NSA + * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client + +* Tue Sep 5 2006 Jeremy Katz - 1.30.27-2 +- have -devel require libsepol-devel + +* Thu Aug 24 2006 Dan Walsh - 1.30.27-1 +- Upgrade to latest from NSA + * Merged patch to not log avc stats upon a reset from Steve Grubb. + * Applied patch to revert compat_net setting upon policy load. + * Merged file context homedir and local path functions from + Chris PeBenito. + +* Fri Aug 18 2006 Jesse Keating - 1.20.26-2 +- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc* + (#203001) + +* Sat Aug 12 2006 Dan Walsh - 1.30.25-1 +- Upgrade to latest from NSA + * Merged file context homedir and local path functions from + Chris PeBenito. + * Rework functions that access /proc/pid/attr to access the + per-thread nodes, and unify the code to simplify maintenance. + +* Fri Aug 11 2006 Dan Walsh - 1.30.24-1 +- Upgrade to latest from NSA + * Merged return value fix for *getfilecon() from Dan Walsh. + * Merged sockcreate interfaces from Eric Paris. + +* Wed Aug 9 2006 Dan Walsh - 1.30.22-2 +- Fix translation return codes to return size of buffer + +* Tue Aug 1 2006 Dan Walsh - 1.30.22-1 +- Upgrade to latest from NSA + * Merged no-tls-direct-seg-refs patch from Jeremy Katz. + * Merged netfilter_contexts support patch from Chris PeBenito. + +* Tue Aug 1 2006 Dan Walsh - 1.30.20-1 +- Upgrade to latest from NSA + * Merged context_*_set errno patch from Jim Meyering. + +* Tue Aug 1 2006 Jeremy Katz - 1.30.19-5 +- only build non-fpic objects with -mno-tls-direct-seg-refs + +* Tue Aug 1 2006 Jeremy Katz - 1.30.19-4 +- build with -mno-tls-direct-seg-refs on x86 to avoid triggering + segfaults with xen (#200783) + +* Mon Jul 17 2006 Dan Walsh 1.30.19-3 +- Rebuild for new gcc + +* Tue Jul 11 2006 Dan Walsh 1.30.19-2 +- Fix libselinux to not telinit during installs + +* Tue Jul 4 2006 Dan Walsh 1.30.19-1 +- Upgrade to latest from NSA + * Lindent. + * Merged {get,set}procattrcon patch set from Eric Paris. + * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris. + * Regenerated Flask headers from refpolicy. + * Merged patch from Dan Walsh with: + - Added selinux_file_context_{cmp,verify}. + - Added selinux_lsetfilecon_default. + - Delay translation of contexts in matchpathcon. + +* Wed Jun 21 2006 Dan Walsh 1.30.15-5 +- Yet another change to matchpathcon + +* Wed Jun 21 2006 Dan Walsh 1.30.15-4 +- Turn off error printing in library. Need to compile with DEBUG to get it back + +* Wed Jun 21 2006 Dan Walsh 1.30.15-3 +- Fix error reporting of matchpathcon + +* Mon Jun 19 2006 Dan Walsh 1.30.15-2 +- Add function to compare file context on disk versus contexts in file_contexts file. + +* Fri Jun 16 2006 Dan Walsh 1.30.15-1 +- Upgrade to latest from NSA + * Merged patch from Dan Walsh with: + * Added selinux_getpolicytype() function. + * Modified setrans code to skip processing if !mls_enabled. + * Set errno in the !selinux_mnt case. + * Allocate large buffers from the heap, not on stack. + Affects is_context_customizable, selinux_init_load_policy, + and selinux_getenforcemode. + +* Thu Jun 8 2006 Dan Walsh 1.30.12-2 +- Add selinux_getpolicytype() + +* Thu Jun 1 2006 Dan Walsh 1.30.12-1 +- Upgrade to latest from NSA + * Merged !selinux_mnt checks from Ian Kent. + +* Thu Jun 1 2006 Dan Walsh 1.30.11-2 +- Check for selinux_mnt == NULL + +* Tue May 30 2006 Dan Walsh 1.30.11-1 +- Merged matchmediacon and trans_to_raw_context fixes from + Serge Hallyn. + +* Fri May 26 2006 Dan Walsh 1.30.10-4 +- Remove getseuser + +* Thu May 25 2006 Dan Walsh 1.30.10-3 +- Bump requires to grab latest libsepol + +* Tue May 23 2006 Dan Walsh 1.30.10-2 +- Add BuildRequires for swig + +* Tue May 23 2006 Dan Walsh 1.30.10-1 +- Upgrade to latest from NSA + * Merged simple setrans client cache from Dan Walsh. + Merged avcstat patch from Russell Coker. + * Modified selinux_mkload_policy() to also set /selinux/compat_net + appropriately for the loaded policy. + +* Thu May 18 2006 Dan Walsh 1.30.8-1 +- More fixes for translation cache +- Upgrade to latest from NSA + * Added matchpathcon_fini() function to free memory allocated by + matchpathcon_init(). + +* Wed May 17 2006 Dan Walsh 1.30.7-2 +- Add simple cache to improve translation speed + +* Tue May 16 2006 Dan Walsh 1.30.7-1 +- Upgrade to latest from NSA + * Merged setrans client cleanup patch from Steve Grubb. + +* Tue May 9 2006 Dan Walsh 1.30.6-2 +- Add Russell's AVC patch to handle large numbers + +* Mon May 8 2006 Dan Walsh 1.30.6-1 +- Upgrade to latest from NSA + * Merged getfscreatecon man page fix from Dan Walsh. + * Updated booleans(8) man page to drop references to the old + booleans file and to note that setsebool can be used to set + the boot-time defaults via -P. + +* Mon May 8 2006 Dan Walsh 1.30.5-1 +- Upgrade to latest from NSA + * Merged fix warnings patch from Karl MacMillan. + * Merged setrans client support from Dan Walsh. + This removes use of libsetrans. + * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh. + * Merged swig typemap fixes from Glauber de Oliveira Costa. + +* Wed May 3 2006 Dan Walsh 1.30.3-3 +- Change the way translations work, Use setransd/remove libsetrans + +* Tue May 2 2006 Dan Walsh 1.30.3-2 +- Add selinuxswig fixes +- Stop using PAGE_SIZE and start using sysconf(_SC_PAGE_SIZE) + +* Fri Apr 14 2006 Dan Walsh 1.30.3-1 +- Upgrade to latest from NSA + * Added distclean target to Makefile. + * Regenerated swig files. + * Changed matchpathcon_init to verify that the spec file is + a regular file. + * Merged python binding t_output_helper removal patch from Dan Walsh. + +* Tue Apr 11 2006 Dan Walsh 1.30.1-2 +- Fix python bindings for matchpathcon +- Fix booleans man page + +* Mon Mar 27 2006 Dan Walsh 1.30.1-1 +- Merged Makefile PYLIBVER definition patch from Dan Walsh. + +* Fri Mar 10 2006 Dan Walsh 1.30-1 +- Make some fixes so it will build on RHEL4 +- Upgrade to latest from NSA + * Updated version for release. + * Altered rpm_execcon fallback logic for permissive mode to also + handle case where /selinux/enforce is not available. + +* Fri Feb 10 2006 Jesse Keating - 1.29.7-1.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.29.7-1.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Jan 20 2006 Dan Walsh 1.29.7-1 +- Upgrade to latest from NSA + * Merged install-pywrap Makefile patch from Joshua Brindle. + +* Wed Jan 18 2006 Dan Walsh 1.29.6-1 +- Upgrade to latest from NSA + * Merged pywrap Makefile patch from Dan Walsh. + +* Fri Jan 13 2006 Dan Walsh 1.29.5-2 +- Split out pywrap in Makefile + +* Fri Jan 13 2006 Dan Walsh 1.29.5-1 +- Upgrade to latest from NSA + * Added getseuser test program. + +* Fri Jan 6 2006 Dan Walsh 1.29.4-1 +- Upgrade to latest from NSA + * Added format attribute to myprintf in matchpathcon.c and + removed obsoleted rootlen variable in init_selinux_config(). + +* Wed Jan 4 2006 Dan Walsh 1.29.3-2 +- Build with new libsepol + +* Wed Jan 4 2006 Dan Walsh 1.29.3-1 +- Upgrade to latest from NSA + * Merged several fixes and improvements from Ulrich Drepper + (Red Hat), including: + - corrected use of getline + - further calls to __fsetlocking for local files + - use of strdupa and asprintf + - proper handling of dirent in booleans code + - use of -z relro + - several other optimizations + * Merged getpidcon python wrapper from Dan Walsh (Red Hat). + +* Sat Dec 24 2005 Dan Walsh 1.29.2-4 +- Add build requires line for libsepol-devel + +* Tue Dec 20 2005 Dan Walsh 1.29.2-3 +- Fix swig call for getpidcon + +* Mon Dec 19 2005 Dan Walsh 1.29.2-2 +- Move libselinux.so to base package + +* Wed Dec 14 2005 Dan Walsh 1.29.2-1 +- Upgrade to latest from NSA + * Merged call to finish_context_translations from Dan Walsh. + This eliminates a memory leak from failing to release memory + allocated by libsetrans. + +* Sun Dec 11 2005 Dan Walsh 1.29.1-3 +- update to latest libsetrans +- Fix potential memory leak + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Dec 8 2005 Dan Walsh 1.29.1-1 +- Update to never version + * Merged patch for swig interfaces from Dan Walsh. + +* Wed Dec 7 2005 Dan Walsh 1.28-1 +- Update to never version + +* Wed Dec 7 2005 Dan Walsh 1.27.28-2 +- Fix some of the python swig objects + +* Thu Dec 1 2005 Dan Walsh 1.27.28-1 +- Update to latest from NSA + * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and + modified matchpathcon implementation to make context validation/ + canonicalization optional at matchpathcon_init time, deferring it + to a successful matchpathcon by default unless the new flag is set + by the caller. + * Added matchpathcon_init_prefix() interface, and + reworked matchpathcon implementation to support selective + loading of file contexts entries based on prefix matching + between the pathname regex stems and the specified path + prefix (stem must be a prefix of the specified path prefix). + +* Wed Nov 30 2005 Dan Walsh 1.27.26-1 +- Update to latest from NSA + * Change getsebool to return on/off instead of active/inactive + +* Tue Nov 29 2005 Dan Walsh 1.27.25-1 +- Update to latest from NSA + * Added -f file_contexts option to matchpathcon util. + Fixed warning message in matchpathcon_init(). + * Merged Makefile python definitions patch from Dan Walsh. + +* Mon Nov 28 2005 Dan Walsh 1.27.23-1 +- Update to latest from NSA + * Merged swigify patch from Dan Walsh. + +* Mon Nov 28 2005 Dan Walsh 1.27.22-4 +- Separate out libselinux-python bindings into separate rpm + +* Thu Nov 17 2005 Dan Walsh 1.27.22-3 +- Read libsetrans requirement + +* Thu Nov 17 2005 Dan Walsh 1.27.22-2 +- Add python bindings + +* Wed Nov 16 2005 Dan Walsh 1.27.22-1 +- Update to latest from NSA + * Merged make failure in rpm_execcon non-fatal in permissive mode + patch from Ivan Gyurdiev. + +* Tue Nov 15 2005 Dan Walsh 1.27.21-2 +- Remove requirement for libsetrans + +* Tue Nov 8 2005 Dan Walsh 1.27.21-1 +- Update to latest from NSA + * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags() + and modified matchpathcon_init() to skip context translation + if it is set by the caller. + +* Tue Nov 8 2005 Dan Walsh 1.27.20-1 +- Update to latest from NSA + * Added security_canonicalize_context() interface and + set_matchpathcon_canoncon() interface for obtaining + canonical contexts. Changed matchpathcon internals + to obtain canonical contexts by default. Provided + fallback for kernels that lack extended selinuxfs context + interface. +- Patch to not translate mls when calling setfiles + +* Mon Nov 7 2005 Dan Walsh 1.27.19-1 +- Update to latest from NSA + * Merged seusers parser changes from Ivan Gyurdiev. + * Merged setsebool to libsemanage patch from Ivan Gyurdiev. + * Changed seusers parser to reject empty fields. + +* Fri Nov 4 2005 Dan Walsh 1.27.18-1 +- Update to latest from NSA + * Merged seusers empty level handling patch from Jonathan Kim (TCS). + +* Thu Nov 3 2005 Dan Walsh 1.27.17-4 +- Rebuild for latest libsepol + +* Mon Oct 31 2005 Dan Walsh 1.27.17-2 +- Rebuild for latest libsepol + +* Wed Oct 26 2005 Dan Walsh 1.27.17-1 +- Change default to __default__ + +* Wed Oct 26 2005 Dan Walsh 1.27.14-3 +- Change default to __default__ + +* Tue Oct 25 2005 Dan Walsh 1.27.14-2 +- Add selinux_translations_path + +* Tue Oct 25 2005 Dan Walsh 1.27.14-1 +- Update to latest from NSA + * Merged selinux_path() and selinux_homedir_context_path() + functions from Joshua Brindle. + +* Fri Oct 21 2005 Dan Walsh 1.27.13-2 +- Need to check for /sbin/telinit + +* Thu Oct 20 2005 Dan Walsh 1.27.13-1 +- Update to latest from NSA + * Merged fixes for make DESTDIR= builds from Joshua Brindle. + +* Mon Oct 17 2005 Dan Walsh 1.27.12-1 +- Update to latest from NSA + * Merged get_default_context_with_rolelevel and man pages from + Dan Walsh (Red Hat). + * Updated call to sepol_policydb_to_image for sepol changes. + * Changed getseuserbyname to ignore empty lines and to handle + no matching entry in the same manner as no seusers file. + +* Fri Oct 14 2005 Dan Walsh 1.27.9-2 +- Tell init to reexec itself in post script + +* Fri Oct 7 2005 Dan Walsh 1.27.9-1 +- Update to latest from NSA + * Changed selinux_mkload_policy to try downgrading the + latest policy version available to the kernel-supported version. + * Changed selinux_mkload_policy to fall back to the maximum + policy version supported by libsepol if the kernel policy version + falls outside of the supported range. + +* Fri Oct 7 2005 Dan Walsh 1.27.7-1 +- Update to latest from NSA + * Changed getseuserbyname to fall back to the Linux username and + NULL level if seusers config file doesn't exist unless + REQUIRESEUSERS=1 is set in /etc/selinux/config. + * Moved seusers.conf under $SELINUXTYPE and renamed to seusers. + +* Thu Oct 6 2005 Dan Walsh 1.27.6-1 +- Update to latest from NSA + * Added selinux_init_load_policy() function as an even higher level + interface for the initial policy load by /sbin/init. This obsoletes + the load_policy() function in the sysvinit-selinux.patch. + * Added selinux_mkload_policy() function as a higher level interface + for loading policy than the security_load_policy() interface. + +* Thu Oct 6 2005 Dan Walsh 1.27.4-1 +- Update to latest from NSA + * Merged fix for matchpathcon (regcomp error checking) from Johan + Fischer. Also added use of regerror to obtain the error string + for inclusion in the error message. + +* Tue Oct 4 2005 Dan Walsh 1.27.3-1 +- Update to latest from NSA + * Changed getseuserbyname to not require (and ignore if present) + the MLS level in seusers.conf if MLS is disabled, setting *level + to NULL in this case. + +* Mon Oct 3 2005 Dan Walsh 1.27.2-1 +- Update to latest from NSA + * Merged getseuserbyname patch from Dan Walsh. + +* Thu Sep 29 2005 Dan Walsh 1.27.1-3 +- Fix patch to satisfy upstream + +* Wed Sep 28 2005 Dan Walsh 1.27.1-2 +- Update to latest from NSA +- Add getseuserbyname + +* Fri Sep 16 2005 Dan Walsh 1.26-6 +- Fix patch call + +* Tue Sep 13 2005 Dan Walsh 1.26-5 +- Fix strip_con call + +* Tue Sep 13 2005 Dan Walsh 1.26-3 +- Go back to original libsetrans code + +* Mon Sep 12 2005 Dan Walsh 1.26-2 +- Eliminate forth param from mls context when mls is not enabled. + +* Tue Sep 6 2005 Dan Walsh 1.25.7-1 +- Update from NSA + * Merged modified form of patch to avoid dlopen/dlclose by + the static libselinux from Dan Walsh. Users of the static libselinux + will not have any context translation by default. + +* Thu Sep 1 2005 Dan Walsh 1.25.6-1 +- Update from NSA + * Added public functions to export context translation to + users of libselinux (selinux_trans_to_raw_context, + selinux_raw_to_trans_context). + +* Mon Aug 29 2005 Dan Walsh 1.25.5-1 +- Update from NSA + * Remove special definition for context_range_set; use + common code. + +* Thu Aug 25 2005 Dan Walsh 1.25.4-1 +- Update from NSA + * Hid translation-related symbols entirely and ensured that + raw functions have hidden definitions for internal use. + * Allowed setting NULL via context_set* functions. + * Allowed whitespace in MLS component of context. + * Changed rpm_execcon to use translated functions to workaround + lack of MLS level on upgraded systems. + +* Wed Aug 24 2005 Dan Walsh 1.25.3-2 +- Allow set_comp on unset ranges + +* Wed Aug 24 2005 Dan Walsh 1.25.3-1 +- Merged context translation patch, originally by TCS, + with modifications by Dan Walsh (Red Hat). + +* Wed Aug 17 2005 Dan Walsh 1.25.2-2 +- Apply translation patch + +* Thu Aug 11 2005 Dan Walsh 1.25.2-1 +- Update from NSA + * Merged several fixes for error handling paths in the + AVC sidtab, matchpathcon, booleans, context, and get_context_list + code from Serge Hallyn (IBM). Bugs found by Coverity. + * Removed setupns; migrated to pam. + * Merged patches to rename checkPasswdAccess() from Joshua Brindle. + Original symbol is temporarily retained for compatibility until + all callers are updated. + +* Mon Jul 18 2005 Dan Walsh 1.24.2-1 +- Update makefiles + +* Wed Jun 29 2005 Dan Walsh 1.24.1-1 +- Update from NSA + * Merged security_setupns() from Chad Sellers. +- fix selinuxenabled man page + +* Fri May 20 2005 Dan Walsh 1.23.11-1 +- Update from NSA + * Merged avcstat and selinux man page from Dan Walsh. + * Changed security_load_booleans to process booleans.local + even if booleans file doesn't exist. + +* Fri Apr 29 2005 Dan Walsh 1.23.10-3 +- Fix avcstat to clear totals + +* Fri Apr 29 2005 Dan Walsh 1.23.10-2 +- Add info to man page + +* Fri Apr 29 2005 Dan Walsh 1.23.10-1 +- Update from NSA + * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat). + * Rewrote get_ordered_context_list and helpers, including + changing logic to allow variable MLS fields. + +* Tue Apr 26 2005 Dan Walsh 1.23.8-1 +- Update from NSA + +* Thu Apr 21 2005 Dan Walsh 1.23.7-3 +- Add backin matchpathcon + +* Wed Apr 13 2005 Dan Walsh 1.23.7-2 +- Fix selinux_policy_root man page + +* Wed Apr 13 2005 Dan Walsh 1.23.7-1 +- Change assert(selinux_mnt) to if (!selinux_mnt) return -1; + +* Mon Apr 11 2005 Dan Walsh 1.23.6-1 +- Update from NSA + * Fixed bug in matchpathcon_filespec_destroy. + +* Wed Apr 6 2005 Dan Walsh 1.23.5-1 +- Update from NSA + * Fixed bug in rpm_execcon error handling path. + +* Mon Apr 4 2005 Dan Walsh 1.23.4-1 +- Update from NSA + * Merged fix for set_matchpathcon* functions from Andreas Steinmetz. + * Merged fix for getconlist utility from Andreas Steinmetz. + +* Tue Mar 29 2005 Dan Walsh 1.23.2-3 +- Update from NSA + +* Wed Mar 23 2005 Dan Walsh 1.23.2-2 +- Better handling of booleans + +* Thu Mar 17 2005 Dan Walsh 1.23.2-1 +- Update from NSA + * Merged destructors patch from Tomas Mraz. + +* Thu Mar 17 2005 Dan Walsh 1.23.1-1 +- Update from NSA + * Added set_matchpathcon_flags() function for setting flags + controlling operation of matchpathcon. MATCHPATHCON_BASEONLY + means only process the base file_contexts file, not + file_contexts.homedirs or file_contexts.local, and is for use by + setfiles -c. + * Updated matchpathcon.3 man page. + +* Thu Mar 10 2005 Dan Walsh 1.22-1 +- Update from NSA + +* Tue Mar 8 2005 Dan Walsh 1.21.13-1 +- Update from NSA + * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head. + +* Tue Mar 1 2005 Dan Walsh 1.21.12-1 +- Update from NSA + * Changed matchpathcon_common to ignore any non-format bits in the mode. + +* Mon Feb 28 2005 Dan Walsh 1.21.11-2 +- Default matchpathcon to regular files if the user specifies a mode + +* Tue Feb 22 2005 Dan Walsh 1.21.11-1 +- Update from NSA + * Merged several fixes from Ulrich Drepper. + +* Mon Feb 21 2005 Dan Walsh 1.21.10-3 +- Fix matchpathcon on eof. + +* Thu Feb 17 2005 Dan Walsh 1.21.10-1 +- Update from NSA + * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh. + * Added selinux_users_path() for path to directory containing + system.users and local.users. + +* Thu Feb 10 2005 Dan Walsh 1.21.9-2 +- Process file_context.homedir + +* Thu Feb 10 2005 Dan Walsh 1.21.9-1 +- Update from NSA + * Changed relabel Makefile target to use restorecon. + +* Tue Feb 8 2005 Dan Walsh 1.21.8-1 +- Update from NSA + * Regenerated av_permissions.h. + +* Wed Feb 2 2005 Dan Walsh 1.21.7-1 +- Update from NSA + * Modified avc_dump_av to explicitly check for any permissions that + cannot be mapped to string names and display them as a hex value. + * Regenerated av_permissions.h. + +* Mon Jan 31 2005 Dan Walsh 1.21.5-1 +- Update from NSA + * Generalized matchpathcon internals, exported more interfaces, + and moved additional code from setfiles into libselinux so that + setfiles can directly use matchpathcon. + +* Fri Jan 28 2005 Dan Walsh 1.21.4-1 +- Update from NSA + * Prevent overflow of spec array in matchpathcon. + * Fixed several uses of internal functions to avoid relocations. + * Changed rpm_execcon to check is_selinux_enabled() and fallback to + a regular execve if not enabled (or unable to determine due to a lack + of /proc, e.g. chroot'd environment). + +* Wed Jan 26 2005 Dan Walsh 1.21.2-1 +- Update from NSA + * Merged minor fix for avcstat from Dan Walsh. + +* Mon Jan 24 2005 Dan Walsh 1.21.1-3 +- rpmexeccon should not fail in permissive mode. + +* Fri Jan 21 2005 Dan Walsh 1.21.1-2 +- fix printf in avcstat + +* Thu Jan 20 2005 Dan Walsh 1.21.1-1 +- Update from NSA + +* Wed Jan 12 2005 Dan Walsh 1.20.1-3 +- Modify matchpathcon to also process file_contexts.local if it exists + +* Wed Jan 12 2005 Dan Walsh 1.20.1-2 +- Add is_customizable_types function call + +* Fri Jan 7 2005 Dan Walsh 1.20.1-1 +- Update to latest from upstream + * Just changing version number to match upstream + +* Wed Dec 29 2004 Dan Walsh 1.19.4-1 +- Update to latest from upstream + * Changed matchpathcon to return -1 with errno ENOENT for + <> entries, and also for an empty file_contexts configuration. + +* Tue Dec 28 2004 Dan Walsh 1.19.3-3 +- Fix link devel libraries + +* Mon Dec 27 2004 Dan Walsh 1.19.3-2 +- Fix unitialized variable in avcstat.c + +* Tue Nov 30 2004 Dan Walsh 1.19.3-1 +- Upgrade to upstream + * Removed some trivial utils that were not useful or redundant. + * Changed BINDIR default to /usr/sbin to match change in Fedora. + * Added security_compute_member. + * Added man page for setcon. + +* Tue Nov 30 2004 Dan Walsh 1.19.2-1 +- Upgrade to upstream + +* Thu Nov 18 2004 Dan Walsh 1.19.1-6 +- Add avcstat program + +* Mon Nov 15 2004 Dan Walsh 1.19.1-4 +- Add lots of missing man pages + +* Fri Nov 12 2004 Dan Walsh 1.19.1-2 +- Fix output of getsebool. + +* Tue Nov 9 2004 Dan Walsh 1.19.1-1 +- Update from upstream, fix setsebool -P segfault + +* Fri Nov 5 2004 Steve Grubb 1.18.1-5 +- Add a patch from upstream. Fixes signed/unsigned issues, and + incomplete structure copy. + +* Thu Nov 4 2004 Dan Walsh 1.18.1-4 +- More fixes from sgrubb, better syslog + +* Thu Nov 4 2004 Dan Walsh 1.18.1-3 +- Have setsebool and togglesebool log changes to syslog + +* Wed Nov 3 2004 Steve Grubb 1.18.1-2 +- Add patch to make setsebool update bool on disk +- Make togglesebool have a rollback capability in case it blows up inflight + +* Tue Nov 2 2004 Dan Walsh 1.18.1-1 +- Upgrade to latest from NSA + +* Thu Oct 28 2004 Steve Grubb 1.17.15-2 +- Changed the location of the utilities to /usr/sbin since + normal users can't use them anyways. + +* Wed Oct 27 2004 Steve Grubb 1.17.15-2 +- Updated various utilities, removed utilities that are for testing, + added man pages. + +* Fri Oct 15 2004 Dan Walsh 1.17.15-1 +- Add -g flag to make +- Upgrade to latest from NSA + * Added rpm_execcon. + +* Fri Oct 1 2004 Dan Walsh 1.17.14-1 +- Upgrade to latest from NSA + * Merged setenforce and removable context patch from Dan Walsh. + * Merged build fix for alpha from Ulrich Drepper. + * Removed copyright/license from selinux_netlink.h - definitions only. + +* Fri Oct 1 2004 Dan Walsh 1.17.13-3 +- Change setenforce to accept Enforcing and Permissive + +* Wed Sep 22 2004 Dan Walsh 1.17.13-2 +- Add alpha patch + +* Mon Sep 20 2004 Dan Walsh 1.17.13-1 +- Upgrade to latest from NSA + +* Thu Sep 16 2004 Dan Walsh 1.17.12-2 +- Add selinux_removable_context_path + +* Tue Sep 14 2004 Dan Walsh 1.17.12-1 +- Update from NSA + * Add matchmediacon + +* Tue Sep 14 2004 Dan Walsh 1.17.11-1 +- Update from NSA + * Merged in matchmediacon changes. + +* Fri Sep 10 2004 Dan Walsh 1.17.10-1 +- Update from NSA + * Regenerated headers for new nscd permissions. + +* Wed Sep 8 2004 Dan Walsh 1.17.9-2 +- Add matchmediacon + +* Wed Sep 8 2004 Dan Walsh 1.17.9-1 +- Update from NSA + * Added get_default_context_with_role. + +* Thu Sep 2 2004 Dan Walsh 1.17.8-2 +- Clean up spec file + * Patch from Matthias Saou + +* Thu Sep 2 2004 Dan Walsh 1.17.8-1 +- Update from NSA + * Added set_matchpathcon_printf. + +* Wed Sep 1 2004 Dan Walsh 1.17.7-1 +- Update from NSA + * Reworked av_inherit.h to allow easier re-use by kernel. + +* Tue Aug 31 2004 Dan Walsh 1.17.6-1 +- Add strcasecmp in selinux_config +- Update from NSA + * Changed avc_has_perm_noaudit to not fail on netlink errors. + * Changed avc netlink code to check pid based on patch by Steve Grubb. + * Merged second optimization patch from Ulrich Drepper. + * Changed matchpathcon to skip invalid file_contexts entries. + * Made string tables private to libselinux. + * Merged strcat->stpcpy patch from Ulrich Drepper. + * Merged matchpathcon man page from Dan Walsh. + * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. + * Autobind netlink socket. + * Dropped compatibility code from security_compute_user. + * Merged fix for context_range_set from Chad Hanson. + * Merged allocation failure checking patch from Chad Hanson. + * Merged avc netlink error message patch from Colin Walters. + + +* Mon Aug 30 2004 Dan Walsh 1.17.5-1 +- Update from NSA + * Merged second optimization patch from Ulrich Drepper. + * Changed matchpathcon to skip invalid file_contexts entries. + * Made string tables private to libselinux. + * Merged strcat->stpcpy patch from Ulrich Drepper. + * Merged matchpathcon man page from Dan Walsh. + * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. + * Autobind netlink socket. + * Dropped compatibility code from security_compute_user. + * Merged fix for context_range_set from Chad Hanson. + * Merged allocation failure checking patch from Chad Hanson. + * Merged avc netlink error message patch from Colin Walters. + +* Mon Aug 30 2004 Dan Walsh 1.17.4-1 +- Update from NSA +- Add optflags + +* Fri Aug 27 2004 Dan Walsh 1.17.3-1 +- Update from NSA + +* Thu Aug 26 2004 Dan Walsh 1.17.2-1 +- Add matchpathcon man page +- Latest from NSA + * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. + * Autobind netlink socket. + * Dropped compatibility code from security_compute_user. + * Merged fix for context_range_set from Chad Hanson. + * Merged allocation failure checking patch from Chad Hanson. + * Merged avc netlink error message patch from Colin Walters. + +* Tue Aug 24 2004 Dan Walsh 1.17.1-1 +- Latest from NSA + * Autobind netlink socket. + * Dropped compatibility code from security_compute_user. + * Merged fix for context_range_set from Chad Hanson. + * Merged allocation failure checking patch from Chad Hanson. + * Merged avc netlink error message patch from Colin Walters. + +* Sun Aug 22 2004 Dan Walsh 1.16.1-1 +- Latest from NSA + +* Thu Aug 19 2004 Colin Walters 1.16-1 +- New upstream version + +* Tue Aug 17 2004 Dan Walsh 1.15.7-1 +- Latest from Upstream + +* Mon Aug 16 2004 Dan Walsh 1.15.6-1 +- Fix man pages + +* Mon Aug 16 2004 Dan Walsh 1.15.5-1 +- Latest from Upstream + +* Fri Aug 13 2004 Dan Walsh 1.15.4-1 +- Latest from Upstream + +* Thu Aug 12 2004 Dan Walsh 1.15.3-2 +- Add man page for boolean functions and SELinux + +* Sun Aug 8 2004 Dan Walsh 1.15.3-1 +- Latest from NSA + +* Mon Jul 19 2004 Dan Walsh 1.15.2-1 +- Latest from NSA + +* Mon Jul 19 2004 Dan Walsh 1.15.1-3 +- uppercase getenforce returns, to make them match system-config-securitylevel + +* Thu Jul 15 2004 Dan Walsh 1.15.1-2 +- Remove old path patch + +* Thu Jul 8 2004 Dan Walsh 1.15.1-1 +- Update to latest from NSA +- Add fix to only get old path if file_context file exists in old location + +* Wed Jun 30 2004 Dan Walsh 1.14.1-1 +- Update to latest from NSA + +* Wed Jun 16 2004 Dan Walsh 1.13.4-1 +- add nlclass patch +- Update to latest from NSA + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Sun Jun 13 2004 Dan Walsh 1.13.3-2 +- Fix selinux_config to break once it finds SELINUXTYPE. + +* Fri May 28 2004 Dan Walsh 1.13.2-1 +-Update with latest from NSA + +* Thu May 27 2004 Dan Walsh 1.13.1-1 +- Change to use new policy mechanism + +* Mon May 17 2004 Dan Walsh 1.12-2 +- add man patch + +* Fri May 14 2004 Dan Walsh 1.12-1 +- Update with latest from NSA + +* Wed May 5 2004 Dan Walsh 1.11.4-1 +- Update with latest from NSA + +* Thu Apr 22 2004 Dan Walsh 1.11.3-1 +- Add changes for relaxed policy +- Update to match NSA + +* Thu Apr 15 2004 Dan Walsh 1.11.2-1 +- Add relaxed policy changes + +* Thu Apr 15 2004 Dan Walsh 1.11-4 +- Sync with NSA + +* Thu Apr 15 2004 Dan Walsh 1.11-3 +- Remove requires glibc>2.3.4 + +* Wed Apr 14 2004 Dan Walsh 1.11-2 +- Fix selinuxenabled man page. + +* Wed Apr 7 2004 Dan Walsh 1.11-1 +- Upgrade to 1.11 + +* Wed Apr 7 2004 Dan Walsh 1.10-2 +- Add memleaks patch + +* Wed Apr 7 2004 Dan Walsh 1.10-1 +- Upgrade to latest from NSA and add more man pages + +* Thu Apr 1 2004 Dan Walsh 1.9-1 +- Update to match NSA +- Cleanup some man pages + +* Tue Mar 30 2004 Dan Walsh 1.8-1 +- Upgrade to latest from NSA + +* Thu Mar 25 2004 Dan Walsh 1.6-6 +- Add Russell's Man pages + +* Thu Mar 25 2004 Dan Walsh 1.6-5 +- Change getenforce to also check is_selinux_enabled + +* Thu Mar 25 2004 Dan Walsh 1.6-4 +- Add ownership to /usr/include/selinux + +* Wed Mar 10 2004 Dan Walsh 1.6-3 +- fix location of file_contexts file. + +* Wed Mar 10 2004 Dan Walsh 1.6-2 +- Fix matchpathcon to use BUFSIZ + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Mon Feb 23 2004 Dan Walsh 1.4-11 +- add matchpathcon + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Fri Jan 23 2004 Dan Walsh 1.4-9 +- Add rootok patch + +* Wed Jan 14 2004 Dan Walsh 1.4-8 +- Updated getpeernam patch + +* Tue Jan 13 2004 Dan Walsh 1.4-7 +- Add getpeernam patch + +* Thu Dec 18 2003 Dan Walsh 1.4-6 +- Add getpeercon patch + +* Thu Dec 18 2003 Dan Walsh 1.4-5 +- Put mntpoint patch, because found fix for SysVinit + +* Wed Dec 17 2003 Dan Walsh 1.4-4 +- Add remove mntpoint patch, because it breaks SysVinit + +* Wed Dec 17 2003 Dan Walsh 1.4-3 +- Add mntpoint patch for SysVinit + +* Fri Dec 12 2003 Dan Walsh 1.4-2 +- Add -r -u -t to getcon + +* Sat Dec 6 2003 Dan Walsh 1.4-1 +- Upgrade to latest from NSA + +* Mon Oct 27 2003 Dan Walsh 1.3-2 +- Fix x86_64 build + +* Wed Oct 22 2003 Dan Walsh 1.3-1 +- Latest tarball from NSA. + +* Tue Oct 21 2003 Dan Walsh 1.2-9 +- Update with latest changes from NSA + +* Mon Oct 20 2003 Dan Walsh 1.2-8 +- Change location of .so file + +* Wed Oct 8 2003 Dan Walsh 1.2-7 +- Break out into development library + +* Wed Oct 8 2003 Dan Walsh 1.2-6 +- Move location of libselinux.so to /lib + +* Fri Oct 3 2003 Dan Walsh 1.2-5 +- Add selinuxenabled patch + +* Wed Oct 1 2003 Dan Walsh 1.2-4 +- Update with final NSA 1.2 sources. + +* Fri Sep 12 2003 Dan Walsh 1.2-3 +- Update with latest from NSA. + +* Thu Aug 28 2003 Dan Walsh 1.2-2 +- Fix to build on x86_64 + +* Thu Aug 21 2003 Dan Walsh 1.2-1 +- update for version 1.2 + +* Tue May 27 2003 Dan Walsh 1.0-1 +- Initial version