diff options
| author |   Chris PeBenito <pebenito@gentoo.org> | 2003-09-27 01:54:42 +0000 |
|---|---|---|
| committer | Chris PeBenito <pebenito@gentoo.org> | 2003-09-27 01:54:42 +0000 |
| commit | 3a998ff647bb1f7da6d4712d60dc942bee0a93b1 (patch) | |
| tree | 5de067ed175450e8ef6e75357ef8b8466b4f5c9c /sys-apps | |
| parent | set ppc in keywords (diff) | |
| download | gentoo-2-3a998ff647bb1f7da6d4712d60dc942bee0a93b1.tar.gz gentoo-2-3a998ff647bb1f7da6d4712d60dc942bee0a93b1.tar.bz2 gentoo-2-3a998ff647bb1f7da6d4712d60dc942bee0a93b1.zip | |
remove old
Diffstat (limited to 'sys-apps')
8 files changed, 6 insertions, 966 deletions
diff --git a/sys-apps/selinux-small/Manifest b/sys-apps/selinux-small/Manifest index 2489084aa45e..d7a5dc4706e0 100644 --- a/sys-apps/selinux-small/Manifest +++ b/sys-apps/selinux-small/Manifest @@ -1,21 +1,14 @@ -MD5 21dc909e06e313e39927d695b25a6b80 ChangeLog 6414 -MD5 052429cd392f6a1e0bc33f0bd2412286 selinux-small-2003040709-r3.ebuild 4318 -MD5 fcf8b90784ffb89bf4760b038589b36d selinux-small-2003040709-r4.ebuild 5404 MD5 74ed0ebe40bb920f2c477898e6e9abc0 metadata.xml 457 +MD5 052429cd392f6a1e0bc33f0bd2412286 selinux-small-2003040709-r3.ebuild 4318 MD5 35c7039ee5aa3ae607ee4e856f1d2d87 selinux-small-2003071106.ebuild 5387 -MD5 1aec61594c60e3447238b987bb8ea0a6 selinux-small-2003081400.ebuild 695 -MD5 14ef7a8e2104665076099d6fe3f0f664 files/digest-selinux-small-2003040709-r4 73 +MD5 21dc909e06e313e39927d695b25a6b80 ChangeLog 6414 +MD5 0986e11cde481cc9d4f8061654dedead files/digest-selinux-small-2003040709-r3 151 +MD5 4ed6e763e1f7562bb3ecb31414f3cb5e files/digest-selinux-small-2003071106 73 MD5 8daee4f4fd3e4a74c4d5f2ddb6b086a5 files/newrole 1197 -MD5 8daee4f4fd3e4a74c4d5f2ddb6b086a5 files/run_init 1197 MD5 89d2840cccbc46b3261d7abc79b757fd files/open_init_pty 441 -MD5 09147c78732ba1ffb7fd0ee3c79573c6 files/scmpd 527 MD5 40942493cfa58c7011ae2bf7d7db6194 files/rlpkg 2087 +MD5 8daee4f4fd3e4a74c4d5f2ddb6b086a5 files/run_init 1197 +MD5 09147c78732ba1ffb7fd0ee3c79573c6 files/scmpd 527 MD5 5b8ae6c77d50a559c31fb144faf6843e files/selinux-small-2003040709-bison.diff 553 MD5 3809db44913b783d2b8bb31c8361aa92 files/selinux-small-2003040709-setfiles.diff 2623 -MD5 ece4a7821d33af42526916fa2725724a files/selinux-small-2003040709-gentoo.diff 13810 -MD5 0986e11cde481cc9d4f8061654dedead files/digest-selinux-small-2003040709-r3 151 -MD5 16b7e55b13429ce3e437bfc457cc2a8d files/selinux-small-2003040709-newstat.diff 8495 -MD5 2ebe97274132b6318b82fe6e3f185ea1 files/selinux-small-2003040709-newrole.diff 2640 -MD5 4ed6e763e1f7562bb3ecb31414f3cb5e files/digest-selinux-small-2003071106 73 MD5 c5b99591882f03bac91b33c928878158 files/selinux-small-2003071106-gentoo.diff 10851 -MD5 d41d8cd98f00b204e9800998ecf8427e files/digest-selinux-small-2003081400 0 diff --git a/sys-apps/selinux-small/files/digest-selinux-small-2003040709-r4 b/sys-apps/selinux-small/files/digest-selinux-small-2003040709-r4 deleted file mode 100644 index adac675bfa3a..000000000000 --- a/sys-apps/selinux-small/files/digest-selinux-small-2003040709-r4 +++ /dev/null @@ -1 +0,0 @@ -MD5 f2a8e506d952ceb4a30970a646e9a227 selinux-small-2003040709.tgz 571597 diff --git a/sys-apps/selinux-small/files/digest-selinux-small-2003081400 b/sys-apps/selinux-small/files/digest-selinux-small-2003081400 deleted file mode 100644 index e69de29bb2d1..000000000000 --- a/sys-apps/selinux-small/files/digest-selinux-small-2003081400 +++ /dev/null diff --git a/sys-apps/selinux-small/files/selinux-small-2003040709-gentoo.diff b/sys-apps/selinux-small/files/selinux-small-2003040709-gentoo.diff deleted file mode 100644 index d3af3b155413..000000000000 --- a/sys-apps/selinux-small/files/selinux-small-2003040709-gentoo.diff +++ /dev/null @@ -1,406 +0,0 @@ -diff -urN selinux.orig/devfsd/Makefile selinux/devfsd/Makefile ---- selinux.orig/devfsd/Makefile 2002-04-19 15:32:37.000000000 -0500 -+++ selinux/devfsd/Makefile 2003-06-06 21:21:20.000000000 -0500 -@@ -3,7 +3,7 @@ - LDFLAGS= -L/usr/local/selinux/lib - - devfsd-se.so: devfsd-se.c -- gcc -O2 -fPIC $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -lsecure -+ $(CC) -O2 -fPIC $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -lsecure - - clean: - rm -f $(LIB) -diff -urN selinux.orig/devfsd/devfsd-conflet selinux/devfsd/devfsd-conflet ---- selinux.orig/devfsd/devfsd-conflet 2002-07-17 17:00:40.000000000 -0500 -+++ selinux/devfsd/devfsd-conflet 2003-06-06 21:21:20.000000000 -0500 -@@ -4,6 +4,7 @@ - REGISTER /disc$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t - REGISTER /part[0-9]+$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t - REGISTER ^[mr]d/[0-9]+$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t -+REGISTER ^nb[^/]+$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t - REGISTER [0-9]/cd$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:removable_device_t - REGISTER ^floppy/ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:removable_device_t - REGISTER ^misc/rtc CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:clock_device_t -@@ -19,5 +20,5 @@ - REGISTER ^misc/apm_bios CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:apm_bios_t - REGISTER ^ppp$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:ppp_device_t - REGISTER ^fb/.*$ CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:framebuf_device_t -- -- -+REGISTER ^sound/.* CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:sound_device_t -+REGISTER ^pts/.* IGNORE -diff -urN selinux.orig/devfsd/devfsd-se.c selinux/devfsd/devfsd-se.c ---- selinux.orig/devfsd/devfsd-se.c 2002-04-19 15:32:37.000000000 -0500 -+++ selinux/devfsd/devfsd-se.c 2003-06-06 21:21:20.000000000 -0500 -@@ -19,7 +19,7 @@ - { - security_id_t sid; - struct stat buf; -- const char * const initial_context = "system_u:object_r:devfs_t"; -+ const char * const initial_context = "system_u:object_r:device_t"; - const char * const no_context = "system_u:object_r:unlabeled_t"; - - if(is_flask_enabled()) -diff -urN selinux.orig/libsecure/Makefile selinux/libsecure/Makefile ---- selinux.orig/libsecure/Makefile 2002-10-28 14:16:20.000000000 -0600 -+++ selinux/libsecure/Makefile 2003-06-06 21:33:31.000000000 -0500 -@@ -1,6 +1,6 @@ - all: -- $(MAKE) -C src -- $(MAKE) -C test -+ $(MAKE) -C src SE_INC=$(SE_INC) EXTRA_CFLAGS="$(EXTRA_CFLAGS)" -+ $(MAKE) -C test SE_INC=$(SE_INC) EXTRA_CFLAGS="$(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)" - - install: - $(MAKE) -C include install -diff -urN selinux.orig/libsecure/src/Makefile selinux/libsecure/src/Makefile ---- selinux.orig/libsecure/src/Makefile 2002-03-13 13:39:19.000000000 -0600 -+++ selinux/libsecure/src/Makefile 2003-06-06 21:21:20.000000000 -0500 -@@ -1,7 +1,7 @@ - TARGET=libsecure.a - LIBDIR=/usr/local/selinux/lib - OBJS= $(patsubst %.c,%.o,$(wildcard *.c)) --CFLAGS = -I../include -I/usr/local/selinux/include -+CFLAGS = -I../include -I$(SE_INC) $(EXTRA_CFLAGS) - - ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/) - OBJS+= $(patsubst %.c,%.o,$(wildcard arch/$(ARCH)/*.c)) -diff -urN selinux.orig/libsecure/test/Makefile selinux/libsecure/test/Makefile ---- selinux.orig/libsecure/test/Makefile 2002-09-23 11:10:02.000000000 -0500 -+++ selinux/libsecure/test/Makefile 2003-06-06 21:33:12.000000000 -0500 -@@ -1,15 +1,15 @@ - TARGETS=$(patsubst %.c,%,$(wildcard *.c)) - BINDIR=/usr/local/selinux/bin - LDFLAGS=-L../src - LDLIBS=-lsecure --CFLAGS=-I../include -I/usr/local/selinux/include -+CFLAGS=-I../include -I$(SE_INC) $(EXTRA_CFLAGS) - - ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/) - TARGETS+= $(patsubst %.c,%,$(wildcard arch/$(ARCH)/*.c)) - - # Only install the programs that are useful to users - # and that are not redundant with the modified utilities. --UTILS=avc_enforcing avc_toggle load_policy context_to_sid sid_to_context list_sids chsid lchsid chsidfs -+UTILS=avc_enforcing avc_toggle load_policy context_to_sid sid_to_context list_sids chsid lchsid chsidfs get_user_sids - # Add 'exec_s' if you do not have 'runas'. - # Add 'getsecsid' if you do not have the modified 'id'. - # Add 'lstat_s' and 'stat_s' if you do not have the modified 'stat'. -diff -urN selinux.orig/libsecure/test/arch/i386/stat64_s.c selinux/libsecure/test/arch/i386/stat64_s.c ---- selinux.orig/libsecure/test/arch/i386/stat64_s.c 2002-03-13 13:39:21.000000000 -0600 -+++ selinux/libsecure/test/arch/i386/stat64_s.c 2003-06-06 21:21:20.000000000 -0500 -@@ -49,6 +49,7 @@ - } - - printf("Context: %s\n", context); -+ free(context); - } - - exit(0); -diff -urN selinux.orig/libsecure/test/getsecsid.c selinux/libsecure/test/getsecsid.c ---- selinux.orig/libsecure/test/getsecsid.c 2001-07-18 15:38:06.000000000 -0500 -+++ selinux/libsecure/test/getsecsid.c 2003-06-06 21:21:20.000000000 -0500 -@@ -51,6 +51,6 @@ - } - - printf("Context: %s\n", scontext); -- -+ free(scontext); - exit(0); - } -diff -urN selinux.orig/libsecure/test/lstat_s.c selinux/libsecure/test/lstat_s.c ---- selinux.orig/libsecure/test/lstat_s.c 2001-07-18 15:38:06.000000000 -0500 -+++ selinux/libsecure/test/lstat_s.c 2003-06-06 21:21:20.000000000 -0500 -@@ -48,6 +48,7 @@ - } - - printf("Context: %s\n", context); -+ free(context); - } - - exit(0); -diff -urN selinux.orig/libsecure/test/msgget_s.c selinux/libsecure/test/msgget_s.c ---- selinux.orig/libsecure/test/msgget_s.c 2001-07-18 15:38:06.000000000 -0500 -+++ selinux/libsecure/test/msgget_s.c 2003-06-06 21:21:20.000000000 -0500 -@@ -31,11 +31,11 @@ - key_t ipc_key; - int ret; - security_id_t sid = SECSID_NULL; -- char c; -+ int c_int; - int id; - -- while ( (c = getopt(argc, argv, "k:c:s:")) != EOF) { -- switch (c) { -+ while ( (c_int = getopt(argc, argv, "k:c:s:")) != EOF) { -+ switch ((char)c_int) { - case 'k': - ipc_key = atoi(optarg); - valid_ipc_key = 1; -diff -urN selinux.orig/libsecure/test/msgsnd_s.c selinux/libsecure/test/msgsnd_s.c ---- selinux.orig/libsecure/test/msgsnd_s.c 2001-07-18 15:38:06.000000000 -0500 -+++ selinux/libsecure/test/msgsnd_s.c 2003-06-06 21:21:20.000000000 -0500 -@@ -42,10 +42,10 @@ - int valid_msg_sid = 0; - char *word, *first_words; - int ret; -- char c; -+ int c_int; - -- while ( (c = getopt(argc, argv, "c:i:s:t:")) != EOF) { -- switch (c) { -+ while ( (c_int = getopt(argc, argv, "c:i:s:t:")) != EOF) { -+ switch ((char)c_int) { - case 's': - if (valid_msg_sid) { - fprintf (stderr, "Only a sid or a context may be given, not both\n"); -diff -urN selinux.orig/libsecure/test/semget_s.c selinux/libsecure/test/semget_s.c ---- selinux.orig/libsecure/test/semget_s.c 2001-07-18 15:38:06.000000000 -0500 -+++ selinux/libsecure/test/semget_s.c 2003-06-06 21:21:20.000000000 -0500 -@@ -32,11 +32,11 @@ - key_t ipc_key; - int ret; - security_id_t sid; -- char c; -+ int c_int; - int id; - -- while ( (c = getopt(argc, argv, "k:c:s:n:")) != EOF) { -- switch (c) { -+ while ( (c_int = getopt(argc, argv, "k:c:s:n:")) != EOF) { -+ switch ((char)c_int) { - case 'k': - ipc_key = atoi(optarg); - valid_ipc_key = 1; -diff -urN selinux.orig/libsecure/test/shmget_s.c selinux/libsecure/test/shmget_s.c ---- selinux.orig/libsecure/test/shmget_s.c 2001-07-18 15:38:06.000000000 -0500 -+++ selinux/libsecure/test/shmget_s.c 2003-06-06 21:21:20.000000000 -0500 -@@ -32,11 +32,11 @@ - key_t ipc_key; - int err, ret; - security_id_t sid = SECSID_NULL; -- char c; -+ int c_int; - int id; - -- while ( (c = getopt(argc, argv, "k:c:s:b:")) != EOF) { -- switch (c) { -+ while ( (c_int = getopt(argc, argv, "k:c:s:b:")) != EOF) { -+ switch ((char)c_int) { - case 'k': - ipc_key = atoi(optarg); - valid_ipc_key = 1; -diff -urN selinux.orig/libsecure/test/sid_to_context.c selinux/libsecure/test/sid_to_context.c ---- selinux.orig/libsecure/test/sid_to_context.c 2001-07-18 15:38:06.000000000 -0500 -+++ selinux/libsecure/test/sid_to_context.c 2003-06-06 21:21:20.000000000 -0500 -@@ -43,5 +43,6 @@ - } - - printf("%s\n", buf); -+ free(buf); - exit(0); - } -diff -urN selinux.orig/libsecure/test/stat_s.c selinux/libsecure/test/stat_s.c ---- selinux.orig/libsecure/test/stat_s.c 2001-07-18 15:38:06.000000000 -0500 -+++ selinux/libsecure/test/stat_s.c 2003-06-06 21:21:20.000000000 -0500 -@@ -48,6 +48,7 @@ - } - - printf("Context: %s\n", context); -+ free(context); - } - - exit(0); -diff -urN selinux.orig/libsecure/test/statfs_s.c selinux/libsecure/test/statfs_s.c ---- selinux.orig/libsecure/test/statfs_s.c 2001-07-18 15:38:06.000000000 -0500 -+++ selinux/libsecure/test/statfs_s.c 2003-06-06 21:21:20.000000000 -0500 -@@ -48,6 +48,7 @@ - } - - printf("Context: %s\n", context); -+ free(context); - } - - exit(0); -diff -urN selinux.orig/module/checkpolicy/Makefile selinux/module/checkpolicy/Makefile ---- selinux.orig/module/checkpolicy/Makefile 2002-09-23 11:10:02.000000000 -0500 -+++ selinux/module/checkpolicy/Makefile 2003-06-06 21:21:20.000000000 -0500 -@@ -17,7 +17,9 @@ - OPTIONS = - endif - --CFLAGS = -g $(OPTIONS) -I$(LSMDIR)/include -Wall -O2 -pipe -include $(MODDIR)/ss/global.h -I$(MODDIR)/include -I$(MODDIR)/ss -+YACC = bison -y -+ -+CFLAGS = $(OPTIONS) -I$(LSMDIR)/include -Wall -O2 -pipe -include $(MODDIR)/ss/global.h -I$(MODDIR)/include -I$(MODDIR)/ss - - OBJS = ebitmap.o queue.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o y.tab.o lex.yy.o checkpolicy.o - -@@ -28,7 +30,7 @@ - LIBS=-lfl - - checkpolicy: $(OBJS) -- $(CC) -o $@ $^ $(LIBS) -+ $(CC) -o $@ $^ $(LIBS) $(LDFLAGS) - - %.o: $(MODDIR)/ss/%.c - $(CC) $(CFLAGS) -o $@ -c $< -diff -urN selinux.orig/setfiles/setfiles.c selinux/setfiles/setfiles.c ---- selinux.orig/setfiles/setfiles.c 2003-04-04 07:29:44.000000000 -0600 -+++ selinux/setfiles/setfiles.c 2003-06-06 21:21:20.000000000 -0500 -@@ -89,6 +89,10 @@ - static int use_inum = 0; - - static int quiet = 0; -+ -+static char *rootpath = NULL; -+static int rootpathlen = 0; -+ - #define QPRINTF(args...) do { if (!quiet) printf(args); } while (0) - - /* -@@ -283,15 +287,27 @@ - int match(const char *name, struct stat *sb, security_id_t *out_sid) - { - int i, ret; -+ const char *fullname = name; -+ -+ /* fullname will be the real file that gets labeled -+ * name will be what is matched in the policy */ -+ if (NULL != rootpath) { -+ if (0 != strncmp(rootpath, name, rootpathlen)) { -+ fprintf(stderr, "%s: %s is not located in %s\n", -+ progname, name, rootpath); -+ return -1; -+ } -+ name += rootpathlen; -+ } - - if (flask_enabled) { -- ret = lstat_secure(name, sb, out_sid); -+ ret = lstat_secure(fullname, sb, out_sid); - } else { -- ret = lstat(name, sb); -+ ret = lstat(fullname, sb); - } - if (ret) { - fprintf(stderr, "%s: unable to stat file %s\n", progname, -- name); -+ fullname); - return -1; - } - -@@ -564,6 +580,23 @@ - return 0; - } - -+void set_rootpath(const char *arg) -+{ -+ int len; -+ -+ rootpath = strdup(arg); -+ if (NULL == rootpath) { -+ fprintf(stderr, "%s: insufficient memory for rootpath\n", -+ progname); -+ exit(1); -+ } -+ -+ /* trim trailing /, if present */ -+ len = strlen(rootpath); -+ while ('/' == rootpath[len - 1]) -+ rootpath[--len] = 0; -+ rootpathlen = len; -+} - - int main(int argc, char **argv) - { -@@ -577,7 +610,7 @@ - struct stat sb; - - /* Process any options. */ -- while ((opt = getopt(argc, argv, "dinqsvRW")) > 0) { -+ while ((opt = getopt(argc, argv, "dinqsvrRW")) > 0) { - switch (opt) { - case 'd': - debug = 1; -@@ -604,6 +637,20 @@ - case 'i': - use_inum = 1; - break; -+ case 'r': -+ if (optind + 1 >= argc) { -+ fprintf(stderr, "usage: %s -r rootpath\n", -+ argv[0]); -+ exit(1); -+ } -+ if (NULL != rootpath) { -+ fprintf(stderr, -+ "%s: only one -r can be specified\n", -+ argv[0]); -+ exit(1); -+ } -+ set_rootpath(argv[optind++]); -+ break; - } - } - -@@ -675,7 +722,7 @@ - } else { - if (optind > (argc - 2)) { - fprintf(stderr, -- "usage: %s [-dnqvRW] spec_file pathname...\n", -+ "usage: %s [-dnqvrRW] spec_file pathname...\n", - argv[0]); - exit(1); - } -@@ -919,7 +966,11 @@ - } - else for (; optind < argc; optind++) - { -- -+ if (NULL != rootpath) { -+ QPRINTF("%s: labeling files, pretending %s is /\n", -+ argv[0], rootpath); -+ } -+ - if (flask_enabled) { - QPRINTF("%s: labeling files under %s\n", argv[0], - argv[optind]); -diff -urN selinux.orig/utils/newrole/Makefile selinux/utils/newrole/Makefile ---- selinux.orig/utils/newrole/Makefile 2001-12-06 11:11:18.000000000 -0600 -+++ selinux/utils/newrole/Makefile 2003-06-06 21:21:20.000000000 -0500 -@@ -29,9 +29,6 @@ - CFLAGS += -O3 - # End Release flags - --LDFLAGS += -L/usr/local/selinux/lib --LIBS += /usr/local/selinux/lib/libsecure.a -- - PROGS = newrole - DESTDIR = /usr/local/selinux/bin - MANDIR = /usr/local/selinux/man -diff -urN selinux.orig/utils/run_init/Makefile selinux/utils/run_init/Makefile ---- selinux.orig/utils/run_init/Makefile 2003-03-18 08:45:49.000000000 -0600 -+++ selinux/utils/run_init/Makefile 2003-06-06 21:21:20.000000000 -0500 -@@ -29,9 +29,6 @@ - CFLAGS += -O3 - # End Release flags - --LDFLAGS += -L/usr/local/selinux/lib --LIBS += /usr/local/selinux/lib/libsecure.a -- - PROGS = run_init - DESTDIR = /usr/local/selinux/sbin - MANDIR = /usr/local/selinux/man -diff -urN selinux.orig/utils/run_init/run_init.c selinux/utils/run_init/run_init.c ---- selinux.orig/utils/run_init/run_init.c 2002-11-26 11:32:36.000000000 -0600 -+++ selinux/utils/run_init/run_init.c 2003-06-06 21:21:20.000000000 -0500 -@@ -386,7 +386,7 @@ - exit(-1); - } - -- if ( execvp_secure(argv[1], sid, argv + 1) ) { -+ if ( execvp_secure("/usr/sbin/open_init_pty", sid, argv) ) { - perror("execvp_secure"); - exit(-1); - } diff --git a/sys-apps/selinux-small/files/selinux-small-2003040709-newrole.diff b/sys-apps/selinux-small/files/selinux-small-2003040709-newrole.diff deleted file mode 100644 index 31e315144a2e..000000000000 --- a/sys-apps/selinux-small/files/selinux-small-2003040709-newrole.diff +++ /dev/null @@ -1,98 +0,0 @@ -Index: newrole.c -=================================================================== -RCS file: /home/pal/CVS/selinux/utils/newrole/newrole.c,v -retrieving revision 1.9 -retrieving revision 1.12 -diff -u -r1.9 -r1.12 ---- selinux/utils/newrole/newrole.c 9 Jan 2003 15:20:39 -0000 1.9 -+++ selinux/utils/newrole/newrole.c 13 Jun 2003 13:34:23 -0000 1.12 -@@ -63,6 +63,7 @@ - #include <ss.h> /* for sid<->context routines */ - #include <context.h> /* for context-mangling functions */ - #include <get_default_type.h> -+#include <signal.h> - - /* USAGE_STRING describes the command-line args of this program. */ - #define USAGE_STRING "USAGE: newrole -r role [ -t type ] [ -- args ]" -@@ -272,6 +273,7 @@ - - security_id_t tty_sid; /* The current sid of tty file */ - security_id_t new_tty_sid; /* The new tty file sid */ -+ security_id_t sid; - - security_context_t context_s; /* our security context as a string */ - int context_length; -@@ -296,6 +298,7 @@ - struct stat statbuf; /* when stat'ing the tty */ - int fd; - -+ signal(SIGHUP, SIG_DFL); - - /* - * -@@ -495,11 +498,22 @@ - - /* Fetch TTY information */ - ttyn=ttyname(0); -- if( ttyn==NULL || *ttyn=='\0' || stat_secure(ttyn,&statbuf,&tty_sid) ) { -+ if( ttyn==NULL || *ttyn=='\0') { - fprintf(stderr, "Could not retrieve tty information.\n"); - exit (-1); - } - -+ fd = open(ttyn, O_RDWR); -+ if (fd < 0) { -+ fprintf(stderr, "Could not open %s.\n", ttyn); -+ exit (-1); -+ } -+ -+ if (fstat_secure(fd,&statbuf,&tty_sid) ) { -+ fprintf(stderr, "Could not fstat_secure %s.\n", ttyn); -+ exit (-1); -+ } -+ - #ifdef CANTSPELLGDB - printf("Your tty %s was labeled with SID %d\n", ttyn, tty_sid); - #endif -@@ -515,7 +529,7 @@ - #endif - - /* Relabel it */ -- if( chsid(ttyn,new_tty_sid)!=0 ) { -+ if( fchsid(fd,new_tty_sid)!=0 ) { - fprintf(stderr,"newrole: error: chsid"); - exit(-1); - } -@@ -531,18 +545,30 @@ - /* PARENT */ - wait(NULL); - -+ /* Verify that the tty still has the SID set by newrole. */ -+ if (fstat_secure(fd,&statbuf,&sid) ) { -+ fprintf(stderr, "Could not fstat_secure %s.\n", ttyn); -+ exit (-1); -+ } -+ -+ if (sid != new_tty_sid) { -+ fprintf(stderr, "%s changed labels.\n", ttyn); -+ exit(-1); -+ } -+ - #ifdef CANTSPELLGDB - printf("Restoring tty %s back to SID %d\n", ttyn, tty_sid); - #endif - -- /* Cleanup TTY Context */ -- chsid(ttyn,tty_sid); -+ fchsid(fd,tty_sid); - - /* Done! */ - exit(0); - } - - /* CHILD */ -+ -+ close(fd); - - /* Close and reopen descriptors 0 through 2 */ - if( close(0) || close(1) || close(2) ) diff --git a/sys-apps/selinux-small/files/selinux-small-2003040709-newstat.diff b/sys-apps/selinux-small/files/selinux-small-2003040709-newstat.diff deleted file mode 100644 index 82910e6ff040..000000000000 --- a/sys-apps/selinux-small/files/selinux-small-2003040709-newstat.diff +++ /dev/null @@ -1,252 +0,0 @@ -Index: selinux/libsecure/src/kernel_stat.h -=================================================================== -RCS file: /home/pal/CVS/selinux/libsecure/src/kernel_stat.h,v -retrieving revision 1.2 -diff -u -r1.2 kernel_stat.h ---- selinux/libsecure/src/kernel_stat.h 27 Nov 2001 12:21:05 -0000 1.2 -+++ selinux/libsecure/src/kernel_stat.h 22 Apr 2003 15:47:25 -0000 -@@ -15,18 +15,21 @@ - unsigned long int st_size; - unsigned long int st_blksize; - unsigned long int st_blocks; -- unsigned long int st_atime; -- unsigned long int __unused1; --#define _HAVE___UNUSED1 -- unsigned long int st_mtime; -- unsigned long int __unused2; --#define _HAVE___UNUSED2 -- unsigned long int st_ctime; -- unsigned long int __unused3; --#define _HAVE___UNUSED3 -+ struct timespec st_atim; -+ struct timespec st_mtim; -+ struct timespec st_ctim; - unsigned long int __unused4; - #define _HAVE___UNUSED4 - unsigned long int __unused5; - #define _HAVE___UNUSED5 - }; - -+#define _HAVE_STAT___UNUSED4 -+#define _HAVE_STAT___UNUSED5 -+#define _HAVE_STAT___PAD1 -+#define _HAVE_STAT___PAD2 -+#define _HAVE_STAT_NSEC -+#define _HAVE_STAT64___PAD1 -+#define _HAVE_STAT64___PAD2 -+#define _HAVE_STAT64___ST_INO -+#define _HAVE_STAT64_NSEC -Index: selinux/libsecure/src/xstat_conv.h -=================================================================== -RCS file: /home/pal/CVS/selinux/libsecure/src/xstat_conv.h,v -retrieving revision 1.1.1.1 -diff -u -r1.1.1.1 xstat_conv.h ---- selinux/libsecure/src/xstat_conv.h 18 Jul 2001 20:38:06 -0000 1.1.1.1 -+++ selinux/libsecure/src/xstat_conv.h 22 Apr 2003 15:40:53 -0000 -@@ -1,21 +1,26 @@ - /* Convert between the kernel's `struct stat' format, and libc's. -- Copyright (C) 1991, 1995, 1996, 1997 Free Software Foundation, Inc. -+ Copyright (C) 1991,1995,1996,1997,2000,2002 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or -- modify it under the terms of the GNU Library General Public License as -- published by the Free Software Foundation; either version 2 of the -- License, or (at your option) any later version. -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -- Library General Public License for more details. -+ Lesser General Public License for more details. - -- You should have received a copy of the GNU Library General Public -- License along with the GNU C Library; see the file COPYING.LIB. If not, -- write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, -- Boston, MA 02111-1307, USA. */ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, write to the Free -+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+ 02111-1307 USA. */ -+ -+#include <errno.h> -+#define __set_errno(x) (errno) = (x) -+ -+#include <string.h> - - static inline int - xstat_conv (int vers, struct kernel_stat *kbuf, void *ubuf) -@@ -35,7 +40,7 @@ - - /* Convert to current kernel version of `struct stat'. */ - buf->st_dev = kbuf->st_dev; --#ifdef _HAVE___PAD1 -+#ifdef _HAVE_STAT___PAD1 - buf->__pad1 = 0; - #endif - buf->st_ino = kbuf->st_ino; -@@ -44,35 +49,44 @@ - buf->st_uid = kbuf->st_uid; - buf->st_gid = kbuf->st_gid; - buf->st_rdev = kbuf->st_rdev; --#ifdef _HAVE___PAD2 -+#ifdef _HAVE_STAT___PAD2 - buf->__pad2 = 0; - #endif - buf->st_size = kbuf->st_size; - buf->st_blksize = kbuf->st_blksize; - buf->st_blocks = kbuf->st_blocks; -+#ifdef _HAVE_STAT_NSEC -+ buf->st_atim.tv_sec = kbuf->st_atim.tv_sec; -+ buf->st_atim.tv_nsec = kbuf->st_atim.tv_nsec; -+ buf->st_mtim.tv_sec = kbuf->st_mtim.tv_sec; -+ buf->st_mtim.tv_nsec = kbuf->st_mtim.tv_nsec; -+ buf->st_ctim.tv_sec = kbuf->st_ctim.tv_sec; -+ buf->st_ctim.tv_nsec = kbuf->st_ctim.tv_nsec; -+#else - buf->st_atime = kbuf->st_atime; --#ifdef _HAVE___UNUSED1 -+ buf->st_mtime = kbuf->st_mtime; -+ buf->st_ctime = kbuf->st_ctime; -+#endif -+#ifdef _HAVE_STAT___UNUSED1 - buf->__unused1 = 0; - #endif -- buf->st_mtime = kbuf->st_mtime; --#ifdef _HAVE___UNUSED2 -+#ifdef _HAVE_STAT___UNUSED2 - buf->__unused2 = 0; - #endif -- buf->st_ctime = kbuf->st_ctime; --#ifdef _HAVE___UNUSED3 -+#ifdef _HAVE_STAT___UNUSED3 - buf->__unused3 = 0; - #endif --#ifdef _HAVE___UNUSED4 -+#ifdef _HAVE_STAT___UNUSED4 - buf->__unused4 = 0; - #endif --#ifdef _HAVE___UNUSED5 -+#ifdef _HAVE_STAT___UNUSED5 - buf->__unused5 = 0; - #endif - } - break; - - default: -- errno = EINVAL; -+ __set_errno (EINVAL); - return -1; - } - -Index: selinux/libsecure/src/arch/i386/fstat64_secure.c -=================================================================== -RCS file: /home/pal/CVS/selinux/libsecure/src/arch/i386/fstat64_secure.c,v -retrieving revision 1.2 -diff -u -r1.2 fstat64_secure.c ---- selinux/libsecure/src/arch/i386/fstat64_secure.c 2 Oct 2002 20:28:17 -0000 1.2 -+++ selinux/libsecure/src/arch/i386/fstat64_secure.c 22 Apr 2003 15:52:45 -0000 -@@ -2,26 +2,19 @@ - #include <fs_secure.h> - #include <security.h> - #include <errno.h> --#include "kernel_stat64.h" --#include "xstat64_conv.h" - #include <flask_util.h> - - int fstat64_secure(unsigned int fd, - struct stat64 *buf, - security_id_t *out_sid) - { -- struct kernel_stat64 kbuf; - unsigned long args[3]; -- long err; - - if (is_flask_enabled()) { - args[0] = (unsigned long)fd; -- args[1] = (unsigned long)&kbuf; -+ args[1] = (unsigned long)buf; - args[2] = (unsigned long)out_sid; -- err = security(SELINUX_MAGIC, SELINUXCALL_FSTAT64, args); -- if (err) -- return err; -- return xstat64_conv(_STAT_VER_LINUX, &kbuf, buf); -+ return security(SELINUX_MAGIC, SELINUXCALL_FSTAT64, args); - } else { - /* Compatibility for the modified utilities - until they are fixed. */ -Index: selinux/libsecure/src/arch/i386/lstat64_secure.c -=================================================================== -RCS file: /home/pal/CVS/selinux/libsecure/src/arch/i386/lstat64_secure.c,v -retrieving revision 1.2 -diff -u -r1.2 lstat64_secure.c ---- selinux/libsecure/src/arch/i386/lstat64_secure.c 2 Oct 2002 20:28:17 -0000 1.2 -+++ selinux/libsecure/src/arch/i386/lstat64_secure.c 22 Apr 2003 15:53:12 -0000 -@@ -2,26 +2,19 @@ - #include <fs_secure.h> - #include <security.h> - #include <errno.h> --#include "kernel_stat64.h" --#include "xstat64_conv.h" - #include <flask_util.h> - - int lstat64_secure(const char *pathname, - struct stat64 *buf, - security_id_t *out_sid) - { -- struct kernel_stat64 kbuf; - unsigned long args[3]; -- int err; - - if (is_flask_enabled()) { - args[0] = (unsigned long)pathname; -- args[1] = (unsigned long)&kbuf; -+ args[1] = (unsigned long)buf; - args[2] = (unsigned long)out_sid; -- err = security(SELINUX_MAGIC, SELINUXCALL_LSTAT64, args); -- if (err) -- return err; -- return xstat64_conv(_STAT_VER_LINUX, &kbuf, buf); -+ return security(SELINUX_MAGIC, SELINUXCALL_LSTAT64, args); - } else { - /* Compatibility for the modified utilities - until they are fixed. */ -Index: selinux/libsecure/src/arch/i386/stat64_secure.c -=================================================================== -RCS file: /home/pal/CVS/selinux/libsecure/src/arch/i386/stat64_secure.c,v -retrieving revision 1.2 -diff -u -r1.2 stat64_secure.c ---- selinux/libsecure/src/arch/i386/stat64_secure.c 2 Oct 2002 20:28:17 -0000 1.2 -+++ selinux/libsecure/src/arch/i386/stat64_secure.c 22 Apr 2003 15:52:50 -0000 -@@ -2,26 +2,19 @@ - #include <fs_secure.h> - #include <security.h> - #include <errno.h> --#include "kernel_stat64.h" --#include "xstat64_conv.h" - #include <flask_util.h> - - int stat64_secure(const char *pathname, - struct stat64 *buf, - security_id_t *out_sid) - { -- struct kernel_stat64 kbuf; - unsigned long args[3]; -- long err; - - if (is_flask_enabled()) { - args[0] = (unsigned long)pathname; -- args[1] = (unsigned long)&kbuf; -+ args[1] = (unsigned long)buf; - args[2] = (unsigned long)out_sid; -- err = security(SELINUX_MAGIC, SELINUXCALL_STAT64, args); -- if (err) -- return err; -- return xstat64_conv(_STAT_VER_LINUX, &kbuf, buf); -+ return security(SELINUX_MAGIC, SELINUXCALL_STAT64, args); - } else { - /* Compatibility for the modified utilities - until they are fixed. */ diff --git a/sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild b/sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild deleted file mode 100644 index 5fb2ad851f71..000000000000 --- a/sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild +++ /dev/null @@ -1,177 +0,0 @@ -# Copyright 1999-2003 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild,v 1.7 2003/09/08 08:02:30 msterret Exp $ - -DESCRIPTION="SELinux libraries and policy compiler" -HOMEPAGE="http://www.nsa.gov/selinux" -SRC_URI="http://www.nsa.gov/selinux/archives/${P}.tgz" - -LICENSE="GPL-2" -SLOT="0" -S="${WORKDIR}/selinux" - -KEYWORDS="~x86 ~amd64 ~ppc ~alpha ~sparc" -IUSE="selinux static" -DEPEND="sys-devel/flex - sys-libs/pam - || ( - >=sys-kernel/selinux-sources-2.4.20-r1 - >=sys-kernel/hardened-sources-2.4.20-r1 - )" - -RDEPEND="${DEPEND} - >=dev-python/pexpect-0.97 - >=sec-policy/selinux-base-policy-20030522" - -use static && LDFLAGS="-static" - -pkg_setup() { - if [ -z "`use selinux`" ]; then - eerror "selinux is missing from your USE. You seem to be using the" - eerror "incorrect profile. SELinux has a different profile than" - eerror "mainline Gentoo. Make sure the /etc/make.profile symbolic" - eend 1 "link is pointing to /usr/portage/profiles/selinux-x86-1.4/" - fi - - if [ ! -f /usr/src/linux/security/selinux/ss/ebitmap.c ]; then - eerror "The /usr/src/linux symbolic link appears to be incorrect. It" - eerror "must be pointing to a selinux-sources or hardened-sources kernel" - eerror "for selinux-small to compile. If the link is correct, the" - eerror "kernel sources may be damaged or incomplete, and will need to" - eend 1 "be remerged. Please fix and retry." - fi - - if [ -z "`use pam`" ]; then - eerror "pam is missing from your USE. Currently selinux requires pam." - eerror "Please add pam, so all programs work correctly. A pam-less" - eend 1 "install will probably be supported in the future." - fi -} - -src_unpack() { - unpack ${A} - cd ${S} - - epatch ${FILESDIR}/${P}-gentoo.diff - has_version '>=sys-libs/glibc-2.3.2' && epatch ${FILESDIR}/${P}-newstat.diff - epatch ${FILESDIR}/${P}-newrole.diff - - ln -s /usr/src/linux ${WORKDIR}/lsm-2.4 -} - -src_compile() { - - einfo "Compiling checkpolicy" - cd ${S}/module - make LSMVER=-2.4 LDFLAGS=${LDFLAGS} all \ - || die "Checkpolicy compilation failed" - - einfo "Compiling libsecure" - cd ${S}/libsecure - make SE_INC=/usr/include/linux/flask EXTRA_CFLAGS="${CFLAGS}" \ - EXTRA_LDFLAGS="${LDFLAGS}" \ - || die "libsecure compile failed." - - # now set up paths, since the next compiles need libsecure - LDFLAGS="-L${S}/libsecure/src ${LDFLAGS}" - LIBSECURE="-I${S}/libsecure/include ${LDFLAGS} -DUSE_PAM" - - einfo "Compiling devfsd module" - cd ${S}/devfsd - mv devfsd-conflet selinux-small - make CFLAGS="${CFLAGS}" LDFLAGS="${LIBSECURE/-static}" \ - || die "devfsd compile failed." - - einfo "Compiling setfiles" - cd ${S}/setfiles - make CFLAGS="${CFLAGS} ${LIBSECURE}" LDFLAGS="${LDFLAGS}" setfiles \ - || die "setfiles compile failed." - - einfo "Compiling newrole" - cd ${S}/utils/newrole - make CFLAGS="${CFLAGS} ${LIBSECURE/-static} -lcrypt" \ - || die "newrole compile failed." - - einfo "Compiling run_init" - cd ${S}/utils/run_init - make CFLAGS="${CFLAGS} ${LIBSECURE/-static} -lcrypt" \ - || die "run_init compile failed." - - einfo "Compiling s-wrappers" - cd ${S}/utils/spasswd - make CFLAGS="${CFLAGS} ${LIBSECURE}" LDFLAGS="${LDFLAGS} -lcrypt -static" \ - || die "s-wrappers compile failed." - - einfo "Compiling selopt" - cd ${S}/selopt - make COPT_FLAGS="${CFLAGS} ${LIBSECURE}" LDFLAGS="${LDFLAGS}" \ - || die "selopt compile failed." -} - -src_install() { - # install policy stuff - dosbin ${S}/module/checkpolicy/checkpolicy - dosbin ${S}/setfiles/setfiles - - insinto /usr/include - doins ${S}/libsecure/include/*.h - - insinto /etc/devfs.d - doins ${S}/devfsd/selinux-small - - dolib.a ${S}/libsecure/src/libsecure.a - dobin ${S}/libsecure/test/{avc_enforcing,avc_toggle,context_to_sid,sid_to_context,list_sids,chsid,lchsid,chsidfs,get_user_sids} - dosbin ${S}/libsecure/test/load_policy - dobin ${S}/utils/spasswd/{sadminpasswd,schfn,schsh,spasswd,suseradd,suserdel,svipw} - dobin ${S}/utils/run_init/run_init - dobin ${S}/utils/newrole/newrole - dosbin ${FILESDIR}/{rlpkg,open_init_pty} - - doman ${S}/setfiles/setfiles.8 - doman ${S}/libsecure/man/man[12]/* - doman ${S}/utils/newrole/newrole.1 - doman ${S}/utils/run_init/run_init.8 - - dobin ${S}/selopt/utils/flmon - dosbin ${S}/selopt/utils/{ct,pt,qt} - dosbin ${S}/selopt/scmpd/scmpd - dodoc ${S}/selopt/doc/* - - exeinto /etc/init.d - doexe ${FILESDIR}/scmpd - - exeinto /lib/devfsd - doexe ${S}/devfsd/devfsd-se.so - - # install pam stuff - insinto /etc/pam.d - doins ${FILESDIR}/{newrole,run_init} -} - -pkg_postinst() { - einfo - einfo "To recompile the policy and relabel the filesystem simply run:" - einfo "ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config" - einfo - - # Stop devfsd from restoring /dev/log, it causes denials. - # The syslog will create it when it starts. Recent stock - # gentoo devfsd.conf's stopped saving /dev/log into dev-state. - [ -f /lib/dev-state/log ] && rm -f /lib/dev-state/log -} - -pkg_config() { - cd /etc/security/selinux/src/policy - - einfo "Compiling policy" - make policy || die "Policy compile failed (see above error messages)" - - einfo "Installing policy" - make install || die "Policy install failed (see above error messages)" - - einfo "Loading policy" - make load || die "Policy loading failed (see above error messages)" - - einfo "Relabeling filesystems -- This will take a very long time!" - make relabel || die "Relabeling failed (see above error messages)" -} diff --git a/sys-apps/selinux-small/selinux-small-2003081400.ebuild b/sys-apps/selinux-small/selinux-small-2003081400.ebuild deleted file mode 100644 index 9e12eca3a4a8..000000000000 --- a/sys-apps/selinux-small/selinux-small-2003081400.ebuild +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 1999-2003 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/selinux-small-2003081400.ebuild,v 1.1 2003/09/05 19:20:05 pebenito Exp $ - -DESCRIPTION="SELinux old api to new api transition package" -HOMEPAGE="http://www.nsa.gov/selinux/" - -DEPEND="sys-libs/libselinux - sys-apps/checkpolicy - sys-apps/policycoreutils" - -# The new SELinux API for 2.6 (and late 2.4) no longer uses -# selinux-small and libsecure. The new API is based on -# libselinux. This package is for helping to get a -# libsecure installation updated to a libselinux version. - -SLOT="0" -LICENSE="GPL-2" -KEYWORDS="~x86" |