summarylogtreecommitdiffstats
path: root/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
diff options
context:
space:
mode:
Diffstat (limited to '0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch')
-rw-r--r--0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch318
1 files changed, 0 insertions, 318 deletions
diff --git a/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch b/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
deleted file mode 100644
index af255c95f26b..000000000000
--- a/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
+++ /dev/null
@@ -1,318 +0,0 @@
-From 24feb06f1620de854f7ac7ec9b86b004c155f489 Mon Sep 17 00:00:00 2001
-From: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
-Date: Thu, 2 Jul 2015 09:27:36 -0400
-Subject: [PATCH 2/5] libsemanage: Add policy binary and file_contexts.local to
- the store
-
-This patch writes policy.kern and file_contexts.local to the policy store as
-well as /etc/selinux/. Additionally, policy.kern and file_contexts.local
-are now parsed from the store rather than the final directory which was
-the old behavior. This allows all policy related files to be kept in the
-policy store.
-
-This patch also renames /var/lib/selinux/tmp to 'final' and changes
-policy.kern in the store to longer be a symlink.
-
-Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
----
- libsemanage/src/booleans_policydb.c | 6 ++--
- libsemanage/src/direct_api.c | 33 +++++++++++++++----
- libsemanage/src/interfaces_policydb.c | 6 ++--
- libsemanage/src/nodes_policydb.c | 6 ++--
- libsemanage/src/ports_policydb.c | 6 ++--
- libsemanage/src/semanage_store.c | 55 ++++++++++++++++++++++++--------
- libsemanage/src/semanage_store.h | 5 +++
- libsemanage/src/users_base_policydb.c | 6 ++--
- libsemanage/utils/semanage_migrate_store | 3 +-
- 9 files changed, 86 insertions(+), 40 deletions(-)
-
-diff --git a/libsemanage/src/booleans_policydb.c b/libsemanage/src/booleans_policydb.c
-index 74af2a3300e3..6869d6cd0417 100644
---- a/libsemanage/src/booleans_policydb.c
-+++ b/libsemanage/src/booleans_policydb.c
-@@ -55,10 +55,8 @@ int bool_policydb_dbase_init(semanage_handle_t * handle,
- {
-
- if (dbase_policydb_init(handle,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_KERNEL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
- &SEMANAGE_BOOL_RTABLE,
- &SEMANAGE_BOOL_POLICYDB_RTABLE,
- &dconfig->dbase) < 0)
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
-index b0ed3388e27b..820d351c90ae 100644
---- a/libsemanage/src/direct_api.c
-+++ b/libsemanage/src/direct_api.c
-@@ -196,10 +196,8 @@ int semanage_direct_connect(semanage_handle_t * sh)
- goto err;
-
- if (fcontext_file_dbase_init(sh,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_FC_LOCAL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_FC_LOCAL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_LOCAL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
- semanage_fcontext_dbase_local(sh)) < 0)
- goto err;
-
-@@ -959,7 +957,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- size_t fc_buffer_len = 0;
- const char *ofilename = NULL;
- const char *path;
-- int retval = -1, num_modinfos = 0, i;
-+ int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0;
- sepol_policydb_t *out = NULL;
- struct cil_db *cildb = NULL;
- semanage_module_info_t *modinfos = NULL;
-@@ -1061,8 +1059,20 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- modified |= dontaudit_modified;
- modified |= preserve_tunables_modified;
-
-+ /* This is for systems that have already migrated with an older version
-+ * of semanage_migrate_store. The older version did not copy policy.kern so
-+ * the policy binary must be rebuilt here.
-+ */
-+ if (!sh->do_rebuild && !modified) {
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
-+
-+ if (access(path, F_OK) != 0) {
-+ missing_policy_kern = 1;
-+ }
-+ }
-+
- /* If there were policy changes, or explicitly requested, rebuild the policy */
-- if (sh->do_rebuild || modified) {
-+ if (sh->do_rebuild || modified || missing_policy_kern) {
- /* =================== Module expansion =============== */
-
- retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos);
-@@ -1222,6 +1232,17 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- if (retval < 0)
- goto cleanup;
-
-+ retval = semanage_copy_policydb(sh);
-+ if (retval < 0)
-+ goto cleanup;
-+
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
-+ if (access(path, F_OK) == 0) {
-+ retval = semanage_copy_fc_local(sh);
-+ if (retval < 0)
-+ goto cleanup;
-+ }
-+
- /* run genhomedircon if its enabled, this should be the last operation
- * which requires the out policydb */
- if (!sh->conf->disable_genhomedircon) {
-diff --git a/libsemanage/src/interfaces_policydb.c b/libsemanage/src/interfaces_policydb.c
-index 6a42eedf32bf..552ce7d50c5c 100644
---- a/libsemanage/src/interfaces_policydb.c
-+++ b/libsemanage/src/interfaces_policydb.c
-@@ -51,10 +51,8 @@ int iface_policydb_dbase_init(semanage_handle_t * handle,
- {
-
- if (dbase_policydb_init(handle,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_KERNEL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
- &SEMANAGE_IFACE_RTABLE,
- &SEMANAGE_IFACE_POLICYDB_RTABLE,
- &dconfig->dbase) < 0)
-diff --git a/libsemanage/src/nodes_policydb.c b/libsemanage/src/nodes_policydb.c
-index 56012fbf1c64..7224f0084758 100644
---- a/libsemanage/src/nodes_policydb.c
-+++ b/libsemanage/src/nodes_policydb.c
-@@ -50,10 +50,8 @@ int node_policydb_dbase_init(semanage_handle_t * handle,
- {
-
- if (dbase_policydb_init(handle,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_KERNEL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
- &SEMANAGE_NODE_RTABLE,
- &SEMANAGE_NODE_POLICYDB_RTABLE,
- &dconfig->dbase) < 0)
-diff --git a/libsemanage/src/ports_policydb.c b/libsemanage/src/ports_policydb.c
-index b9600f056aad..37d7deb2735c 100644
---- a/libsemanage/src/ports_policydb.c
-+++ b/libsemanage/src/ports_policydb.c
-@@ -50,10 +50,8 @@ int port_policydb_dbase_init(semanage_handle_t * handle,
- {
-
- if (dbase_policydb_init(handle,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_KERNEL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
- &SEMANAGE_PORT_RTABLE,
- &SEMANAGE_PORT_POLICYDB_RTABLE,
- &dconfig->dbase) < 0)
-diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
-index 6051691bbb2f..2856aaf25685 100644
---- a/libsemanage/src/semanage_store.c
-+++ b/libsemanage/src/semanage_store.c
-@@ -110,10 +110,12 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
- "/disable_dontaudit",
- "/preserve_tunables",
- "/modules/disabled",
-+ "/policy.kern",
-+ "/file_contexts.local"
- };
-
- static char const * const semanage_final_prefix[SEMANAGE_FINAL_NUM] = {
-- "/tmp",
-+ "/final",
- "",
- };
-
-@@ -943,9 +945,7 @@ int semanage_make_final(semanage_handle_t *sh)
- goto cleanup;
- }
-
-- /* Copy in exported databases.
-- * i = 1 to avoid copying the top level directory.
-- */
-+ // Build final directory structure
- int i;
- for (i = 1; i < SEMANAGE_FINAL_PATH_NUM; i++) {
- if (strlen(semanage_final_path(SEMANAGE_FINAL_TMP, i)) >= sizeof(fn)) {
-@@ -959,12 +959,6 @@ int semanage_make_final(semanage_handle_t *sh)
- status = -1;
- goto cleanup;
- }
--
-- semanage_copy_file(
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, i),
-- semanage_final_path(SEMANAGE_FINAL_TMP, i),
-- sh->conf->file_mode);
-- /* ignore errors, these files may not exist */
- }
-
- cleanup:
-@@ -2019,8 +2013,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in)
- FILE *infile = NULL;
-
- if ((kernel_filename =
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL)) == NULL) {
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL)) == NULL) {
- goto cleanup;
- }
- if ((infile = fopen(kernel_filename, "r")) == NULL) {
-@@ -2061,7 +2054,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out)
- FILE *outfile = NULL;
-
- if ((kernel_filename =
-- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL)) == NULL) {
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL)) == NULL) {
- goto cleanup;
- }
- if ((outfile = fopen(kernel_filename, "wb")) == NULL) {
-@@ -2921,3 +2914,39 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
-
- return 0;
- }
-+
-+int semanage_copy_policydb(semanage_handle_t *sh)
-+{
-+ const char *src = NULL;
-+ const char *dst = NULL;
-+ int rc = -1;
-+
-+ src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
-+ dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
-+
-+ rc = semanage_copy_file(src, dst, sh->conf->file_mode);
-+ if (rc != 0) {
-+ goto cleanup;
-+ }
-+
-+cleanup:
-+ return rc;
-+}
-+
-+int semanage_copy_fc_local(semanage_handle_t *sh)
-+{
-+ const char *src = NULL;
-+ const char *dst = NULL;
-+ int rc = -1;
-+
-+ src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
-+ dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL);
-+
-+ rc = semanage_copy_file(src, dst, sh->conf->file_mode);
-+ if (rc != 0) {
-+ goto cleanup;
-+ }
-+
-+cleanup:
-+ return rc;
-+}
-diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
-index 62c7079be12c..ade43f261ee0 100644
---- a/libsemanage/src/semanage_store.h
-+++ b/libsemanage/src/semanage_store.h
-@@ -55,6 +55,8 @@ enum semanage_sandbox_defs {
- SEMANAGE_DISABLE_DONTAUDIT,
- SEMANAGE_PRESERVE_TUNABLES,
- SEMANAGE_MODULES_DISABLED,
-+ SEMANAGE_STORE_KERNEL,
-+ SEMANAGE_STORE_FC_LOCAL,
- SEMANAGE_STORE_NUM_PATHS
- };
-
-@@ -148,4 +150,7 @@ int semanage_nc_sort(semanage_handle_t * sh,
- size_t buf_len,
- char **sorted_buf, size_t * sorted_buf_len);
-
-+int semanage_copy_policydb(semanage_handle_t *sh);
-+int semanage_copy_fc_local(semanage_handle_t *sh);
-+
- #endif
-diff --git a/libsemanage/src/users_base_policydb.c b/libsemanage/src/users_base_policydb.c
-index 0a6ab9cde09e..b42279c86fcd 100644
---- a/libsemanage/src/users_base_policydb.c
-+++ b/libsemanage/src/users_base_policydb.c
-@@ -50,10 +50,8 @@ int user_base_policydb_dbase_init(semanage_handle_t * handle,
- {
-
- if (dbase_policydb_init(handle,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_KERNEL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
- &SEMANAGE_USER_BASE_RTABLE,
- &SEMANAGE_USER_BASE_POLICYDB_RTABLE,
- &dconfig->dbase) < 0)
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
-index 2f85e9c561ae..b170edad3927 100755
---- a/libsemanage/utils/semanage_migrate_store
-+++ b/libsemanage/utils/semanage_migrate_store
-@@ -243,7 +243,8 @@ if __name__ == "__main__":
- "users.local",
- "users_extra.local",
- "disable_dontaudit",
-- "preserve_tunables" ]
-+ "preserve_tunables",
-+ "policy.kern" ]
-
-
- create_dir(newroot_path(), 0o755)
---
-2.5.1
-