libselinux: uprev to 2.5 (20160223)

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
author: Stephen Smalley <sds@tycho.nsa.gov> 2016-03-07 15:52:42 -0500
committer: Philip Tricca <flihp@twobit.us> 2016-03-17 02:25:04 +0000
commit: 81c08f019b1edc4fe97a2e2b5cc7687114e99ec8 (patch)
tree: cf7f362f677c97b39e8b592f6dd274e81c7e15da
parent: 06d8dac0530674a8eae9b2f030f11c59980b2586 (diff)
download: meta-selinux-81c08f019b1edc4fe97a2e2b5cc7687114e99ec8.tar.gz
4 files changed, 35 insertions, 145 deletions
diff --git a/recipes-security/selinux/libselinux/libselinux-get-pywrap-depends-on-selinux.py.patch b/recipes-security/selinux/libselinux/libselinux-get-pywrap-depends-on-selinux.py.patch
deleted file mode 100644
index 7994be4..0000000
--- a/recipes-security/selinux/libselinux/libselinux-get-pywrap-depends-on-selinux.py.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 187ff834e40519b42caa3fba9f1054491f48ab67 Mon Sep 17 00:00:00 2001
-From: Wenzong Fan <wenzong.fan@windriver.com>
-Date: Tue, 11 Aug 2015 16:21:13 +0800
-Subject: [PATCH] libselinux: get pywrap depends on selinux.py
-The selinux.py will be installed as selinux/__init__.py, just make sure
-it has been generated completely while starting "make install-pywrap".
-Upstream-Status: Pending
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
- src/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/Makefile b/src/Makefile
-index a4d27f4..624d25b 100644
--- a/src/Makefile
-+++ b/src/Makefile
-@@ -90,7 +90,7 @@ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./
- 
- all: $(LIBA) $(LIBSO) $(LIBPC)
- 
-pywrap: all $(SWIGSO) $(AUDIT2WHYSO)
-+pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
- 
- rubywrap: all $(SWIGRUBYSO)
- 
-- 
-1.9.1
diff --git a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
index 453334e..98d31cc 100644
--- a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
+++ b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
@@ -24,13 +24,13 @@ Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
 src/stringrep.c  |    8 +++++++-
 4 files changed, 28 insertions(+), 4 deletions(-)
-diff --git a/src/label_file.c b/src/label_file.c
+Index: libselinux-2.5/src/label_file.c
-index 5f697f3..49bb8df 100644
+===================================================================
--- a/src/label_file.c
+--- libselinux-2.5.orig/src/label_file.c        2016-02-25 13:10:00.159980383 -0500
-+++ b/src/label_file.c
+++ libselinux-2.5/src/label_file.c     2016-02-25 13:10:00.155980383 -0500
-@@ -255,7 +255,13 @@ static int load_mmap(struct selabel_handle *rec, const char *path, struct stat *
+@@ -124,7 +124,13 @@
-        if (rc >= sizeof(mmap_path))
+                        return -1;
-                return -1;
+        }
 
 -       mmapfd = open(mmap_path, O_RDONLY | O_CLOEXEC);
 +       mmapfd = open(mmap_path, O_RDONLY 
@@ -43,30 +43,30 @@ index 5f697f3..49bb8df 100644
        if (mmapfd < 0)
                return -1;
 
-diff --git a/src/procattr.c b/src/procattr.c
+Index: libselinux-2.5/src/procattr.c
-index 6c5b45a..6cfe589 100644
+===================================================================
--- a/src/procattr.c
+--- libselinux-2.5.orig/src/procattr.c  2016-02-25 13:10:00.159980383 -0500
-+++ b/src/procattr.c
+++ libselinux-2.5/src/procattr.c       2016-02-25 13:11:58.527980013 -0500
-@@ -86,7 +86,13 @@ static int openattr(pid_t pid, const char *attr, int flags)
+@@ -76,7 +76,13 @@
-        if (rc < 0)
+                rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
-                return -1;
+                if (rc < 0)
- 
+                        return -1;
-       fd = open(path, flags | O_CLOEXEC);
+-               fd = open(path, flags | O_CLOEXEC);
-+       fd = open(path, flags
+               fd = open(path, flags
 +#ifdef O_CLOEXEC
-+             | O_CLOEXEC
+                         | O_CLOEXEC
 +#else
 +#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
 +#endif
-+             );
+                       );
-        free(path);
+                if (fd >= 0 || errno != ENOENT)
-        return fd;
+                        goto out;
- }
+                free(path);
-diff --git a/src/sestatus.c b/src/sestatus.c
+Index: libselinux-2.5/src/sestatus.c
-index ed29dc5..0cb15b6 100644
+===================================================================
--- a/src/sestatus.c
+--- libselinux-2.5.orig/src/sestatus.c  2016-02-25 13:10:00.159980383 -0500
-+++ b/src/sestatus.c
+++ libselinux-2.5/src/sestatus.c       2016-02-25 13:10:00.155980383 -0500
-@@ -268,7 +268,13 @@ int selinux_status_open(int fallback)
+@@ -268,7 +268,13 @@
                return -1;
 
        snprintf(path, sizeof(path), "%s/status", selinux_mnt);
@@ -81,11 +81,11 @@ index ed29dc5..0cb15b6 100644
        if (fd < 0)
                goto error;
 
-diff --git a/src/stringrep.c b/src/stringrep.c
+Index: libselinux-2.5/src/stringrep.c
-index ba75ccd..e6ccfd5 100644
+===================================================================
--- a/src/stringrep.c
+--- libselinux-2.5.orig/src/stringrep.c 2016-02-25 13:10:00.159980383 -0500
-+++ b/src/stringrep.c
+++ libselinux-2.5/src/stringrep.c      2016-02-25 13:10:00.155980383 -0500
-@@ -258,7 +258,13 @@ static struct discover_class_node * discover_class(const char *s)
+@@ -105,7 +105,13 @@
                struct stat m;
 
                snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
@@ -100,6 +100,3 @@ index ba75ccd..e6ccfd5 100644
                if (fd < 0)
                        goto err4;
 
-- 
-1.7.10.4
diff --git a/recipes-security/selinux/libselinux/libselinux-mount-procfs-before-check.patch b/recipes-security/selinux/libselinux/libselinux-mount-procfs-before-check.patch
deleted file mode 100644
index dc27aaa..0000000
--- a/recipes-security/selinux/libselinux/libselinux-mount-procfs-before-check.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-commit 9df498884665d79474b79f0f30d1cd67df11bd3e
-Author: Ben Shelton <ben.shelton@ni.com>
-Date:   Wed Apr 15 15:56:57 2015 -0500
-    libselinux: Mount procfs before checking /proc/filesystems
-    
-    In the case where the SELinux security module is not loaded in the
-    kernel and it's early enough in the boot process that /proc has not yet
-    been mounted, selinuxfs_exists() will incorrectly return 1, and
-    selinux_init_load_policy() will print a message like this to the
-    console:
-    
-    Mount failed for selinuxfs on /sys/fs/selinux:  No such file or directory
-    
-    To fix this, mount the procfs before attempting to open
-    /proc/filesystems, and unmount it when done if it was initially not
-    mounted.  This is the same thing that selinux_init_load_policy() does
-    when reading /proc/cmdline.
-    
-    Signed-off-by: Ben Shelton <ben.shelton@ni.com>
-Upstream-Status: Accepted
-diff --git a/src/init.c b/src/init.c
-index 6d1ef33..179e0d0 100644
--- a/src/init.c
-+++ b/src/init.c
-@@ -11,6 +11,7 @@
- #include <sys/vfs.h>
- #include <stdint.h>
- #include <limits.h>
-+#include <sys/mount.h>
- 
- #include "dso.h"
- #include "policy.h"
-@@ -54,15 +55,20 @@ static int verify_selinuxmnt(const char *mnt)
- 
- int selinuxfs_exists(void)
- {
-       int exists = 0;
-+       int exists = 0, mnt_rc = 0;
-        FILE *fp = NULL;
-        char *buf = NULL;
-        size_t len;
-        ssize_t num;
- 
-+       mnt_rc = mount("proc", "/proc", "proc", 0, 0);
-+
-        fp = fopen("/proc/filesystems", "r");
-       if (!fp)
-               return 1; /* Fail as if it exists */
-+       if (!fp) {
-+               exists = 1; /* Fail as if it exists */
-+               goto out;
-+       }
-+
-        __fsetlocking(fp, FSETLOCKING_BYCALLER);
- 
-        num = getline(&buf, &len, fp);
-@@ -76,6 +82,14 @@ int selinuxfs_exists(void)
- 
-        free(buf);
-        fclose(fp);
-+
-+out:
-+#ifndef MNT_DETACH
-+#define MNT_DETACH 2
-+#endif
-+       if (mnt_rc == 0)
-+               umount2("/proc", MNT_DETACH);
-+
-        return exists;
- }
- hidden_def(selinuxfs_exists)
diff --git a/recipes-security/selinux/libselinux_2.4.bb b/recipes-security/selinux/libselinux_2.5.bb
index 64fa81d..a744b2f 100644
--- a/recipes-security/selinux/libselinux_2.4.bb
+++ b/recipes-security/selinux/libselinux_2.5.bb
@@ -1,17 +1,15 @@
-include selinux_20150202.inc
+include selinux_20160223.inc
 include ${BPN}.inc
 LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
-SRC_URI[md5sum] = "d19af2a367a81fb00bedc1b381694995"
+SRC_URI[md5sum] = "d1399f5c2fd2fbe0e9603d5143b30367"
-SRC_URI[sha256sum] = "46043091f4c5ba4f43e8d3715f30d665a2d571c9126c1f03945c9ea4ed380f7b"
+SRC_URI[sha256sum] = "94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f"
 SRC_URI += "\
        file://libselinux-drop-Wno-unused-but-set-variable.patch \
        file://libselinux-make-O_CLOEXEC-optional.patch \
        file://libselinux-make-SOCK_CLOEXEC-optional.patch \
        file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
-        file://libselinux-get-pywrap-depends-on-selinux.py.patch \
        file://0001-src-Makefile-fix-includedir-in-libselinux.pc.patch \
-        file://libselinux-mount-procfs-before-check.patch \
        "
author	Stephen Smalley <sds@tycho.nsa.gov>	2016-03-07 15:52:42 -0500
committer	Philip Tricca <flihp@twobit.us>	2016-03-17 02:25:04 +0000
commit	81c08f019b1edc4fe97a2e2b5cc7687114e99ec8 (patch)
tree	cf7f362f677c97b39e8b592f6dd274e81c7e15da
parent	06d8dac0530674a8eae9b2f030f11c59980b2586 (diff)
download	meta-selinux-81c08f019b1edc4fe97a2e2b5cc7687114e99ec8.tar.gz

diff --git a/recipes-security/selinux/libselinux/libselinux-get-pywrap-depends-on-selinux.py.patch b/recipes-security/selinux/libselinux/libselinux-get-pywrap-depends-on-selinux.py.patch deleted file mode 100644 index 7994be4..0000000 --- a/recipes-security/selinux/libselinux/libselinux-get-pywrap-depends-on-selinux.py.patch +++ /dev/null
@@ -1,31 +0,0 @@
1	From 187ff834e40519b42caa3fba9f1054491f48ab67 Mon Sep 17 00:00:00 2001
2	From: Wenzong Fan <wenzong.fan@windriver.com>
3	Date: Tue, 11 Aug 2015 16:21:13 +0800
4	Subject: [PATCH] libselinux: get pywrap depends on selinux.py
5
6	The selinux.py will be installed as selinux/__init__.py, just make sure
7	it has been generated completely while starting "make install-pywrap".
8
9	Upstream-Status: Pending
10
11	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
12	---
13	src/Makefile \| 2 +-
14	1 file changed, 1 insertion(+), 1 deletion(-)
15
16	diff --git a/src/Makefile b/src/Makefile
17	index a4d27f4..624d25b 100644
18	--- a/src/Makefile
19	+++ b/src/Makefile
20	@@ -90,7 +90,7 @@ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./
21
22	all: $(LIBA) $(LIBSO) $(LIBPC)
23
24	-pywrap: all $(SWIGSO) $(AUDIT2WHYSO)
25	+pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
26
27	rubywrap: all $(SWIGRUBYSO)
28
29	--
30	1.9.1
31


diff --git a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch index 453334e..98d31cc 100644 --- a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch +++ b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
@@ -24,13 +24,13 @@ Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
24	src/stringrep.c \| 8 +++++++-	24	src/stringrep.c \| 8 +++++++-
25	4 files changed, 28 insertions(+), 4 deletions(-)	25	4 files changed, 28 insertions(+), 4 deletions(-)
26		26
27	diff --git a/src/label_file.c b/src/label_file.c	27	Index: libselinux-2.5/src/label_file.c
28	index 5f697f3..49bb8df 100644	28	===================================================================
29	--- a/src/label_file.c	29	--- libselinux-2.5.orig/src/label_file.c 2016-02-25 13:10:00.159980383 -0500
30	+++ b/src/label_file.c	30	+++ libselinux-2.5/src/label_file.c 2016-02-25 13:10:00.155980383 -0500
31	@@ -255,7 +255,13 @@ static int load_mmap(struct selabel_handle rec, const char path, struct stat *	31	@@ -124,7 +124,13 @@
32	if (rc >= sizeof(mmap_path))	32	return -1;
33	return -1;	33	}
34		34
35	- mmapfd = open(mmap_path, O_RDONLY \| O_CLOEXEC);	35	- mmapfd = open(mmap_path, O_RDONLY \| O_CLOEXEC);
36	+ mmapfd = open(mmap_path, O_RDONLY	36	+ mmapfd = open(mmap_path, O_RDONLY
@@ -43,30 +43,30 @@ index 5f697f3..49bb8df 100644
43	if (mmapfd < 0)	43	if (mmapfd < 0)
44	return -1;	44	return -1;
45		45
46	diff --git a/src/procattr.c b/src/procattr.c	46	Index: libselinux-2.5/src/procattr.c
47	index 6c5b45a..6cfe589 100644	47	===================================================================
48	--- a/src/procattr.c	48	--- libselinux-2.5.orig/src/procattr.c 2016-02-25 13:10:00.159980383 -0500
49	+++ b/src/procattr.c	49	+++ libselinux-2.5/src/procattr.c 2016-02-25 13:11:58.527980013 -0500
50	@@ -86,7 +86,13 @@ static int openattr(pid_t pid, const char *attr, int flags)	50	@@ -76,7 +76,13 @@
51	if (rc < 0)	51	rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
52	return -1;	52	if (rc < 0)
53		53	return -1;
54	- fd = open(path, flags \| O_CLOEXEC);	54	- fd = open(path, flags \| O_CLOEXEC);
55	+ fd = open(path, flags	55	+ fd = open(path, flags
56	+#ifdef O_CLOEXEC	56	+#ifdef O_CLOEXEC
57	+ \| O_CLOEXEC	57	+ \| O_CLOEXEC
58	+#else	58	+#else
59	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors	59	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
60	+#endif	60	+#endif
61	+ );	61	+ );
62	free(path);	62	if (fd >= 0 \|\| errno != ENOENT)
63	return fd;	63	goto out;
64	}	64	free(path);
65	diff --git a/src/sestatus.c b/src/sestatus.c	65	Index: libselinux-2.5/src/sestatus.c
66	index ed29dc5..0cb15b6 100644	66	===================================================================
67	--- a/src/sestatus.c	67	--- libselinux-2.5.orig/src/sestatus.c 2016-02-25 13:10:00.159980383 -0500
68	+++ b/src/sestatus.c	68	+++ libselinux-2.5/src/sestatus.c 2016-02-25 13:10:00.155980383 -0500
69	@@ -268,7 +268,13 @@ int selinux_status_open(int fallback)	69	@@ -268,7 +268,13 @@
70	return -1;	70	return -1;
71		71
72	snprintf(path, sizeof(path), "%s/status", selinux_mnt);	72	snprintf(path, sizeof(path), "%s/status", selinux_mnt);
@@ -81,11 +81,11 @@ index ed29dc5..0cb15b6 100644
81	if (fd < 0)	81	if (fd < 0)
82	goto error;	82	goto error;
83		83
84	diff --git a/src/stringrep.c b/src/stringrep.c	84	Index: libselinux-2.5/src/stringrep.c
85	index ba75ccd..e6ccfd5 100644	85	===================================================================
86	--- a/src/stringrep.c	86	--- libselinux-2.5.orig/src/stringrep.c 2016-02-25 13:10:00.159980383 -0500
87	+++ b/src/stringrep.c	87	+++ libselinux-2.5/src/stringrep.c 2016-02-25 13:10:00.155980383 -0500
88	@@ -258,7 +258,13 @@ static struct discover_class_node * discover_class(const char *s)	88	@@ -105,7 +105,13 @@
89	struct stat m;	89	struct stat m;
90		90
91	snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);	91	snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
@@ -100,6 +100,3 @@ index ba75ccd..e6ccfd5 100644
100	if (fd < 0)	100	if (fd < 0)
101	goto err4;	101	goto err4;
102		102
103	--
104	1.7.10.4
105


diff --git a/recipes-security/selinux/libselinux/libselinux-mount-procfs-before-check.patch b/recipes-security/selinux/libselinux/libselinux-mount-procfs-before-check.patch deleted file mode 100644 index dc27aaa..0000000 --- a/recipes-security/selinux/libselinux/libselinux-mount-procfs-before-check.patch +++ /dev/null
@@ -1,74 +0,0 @@
1	commit 9df498884665d79474b79f0f30d1cd67df11bd3e
2	Author: Ben Shelton <ben.shelton@ni.com>
3	Date: Wed Apr 15 15:56:57 2015 -0500
4
5	libselinux: Mount procfs before checking /proc/filesystems
6
7	In the case where the SELinux security module is not loaded in the
8	kernel and it's early enough in the boot process that /proc has not yet
9	been mounted, selinuxfs_exists() will incorrectly return 1, and
10	selinux_init_load_policy() will print a message like this to the
11	console:
12
13	Mount failed for selinuxfs on /sys/fs/selinux: No such file or directory
14
15	To fix this, mount the procfs before attempting to open
16	/proc/filesystems, and unmount it when done if it was initially not
17	mounted. This is the same thing that selinux_init_load_policy() does
18	when reading /proc/cmdline.
19
20	Signed-off-by: Ben Shelton <ben.shelton@ni.com>
21
22	Upstream-Status: Accepted
23
24	diff --git a/src/init.c b/src/init.c
25	index 6d1ef33..179e0d0 100644
26	--- a/src/init.c
27	+++ b/src/init.c
28	@@ -11,6 +11,7 @@
29	#include <sys/vfs.h>
30	#include <stdint.h>
31	#include <limits.h>
32	+#include <sys/mount.h>
33
34	#include "dso.h"
35	#include "policy.h"
36	@@ -54,15 +55,20 @@ static int verify_selinuxmnt(const char *mnt)
37
38	int selinuxfs_exists(void)
39	{
40	- int exists = 0;
41	+ int exists = 0, mnt_rc = 0;
42	FILE *fp = NULL;
43	char *buf = NULL;
44	size_t len;
45	ssize_t num;
46
47	+ mnt_rc = mount("proc", "/proc", "proc", 0, 0);
48	+
49	fp = fopen("/proc/filesystems", "r");
50	- if (!fp)
51	- return 1; /* Fail as if it exists */
52	+ if (!fp) {
53	+ exists = 1; /* Fail as if it exists */
54	+ goto out;
55	+ }
56	+
57	__fsetlocking(fp, FSETLOCKING_BYCALLER);
58
59	num = getline(&buf, &len, fp);
60	@@ -76,6 +82,14 @@ int selinuxfs_exists(void)
61
62	free(buf);
63	fclose(fp);
64	+
65	+out:
66	+#ifndef MNT_DETACH
67	+#define MNT_DETACH 2
68	+#endif
69	+ if (mnt_rc == 0)
70	+ umount2("/proc", MNT_DETACH);
71	+
72	return exists;
73	}
74	hidden_def(selinuxfs_exists)


diff --git a/recipes-security/selinux/libselinux_2.4.bb b/recipes-security/selinux/libselinux_2.5.bb index 64fa81d..a744b2f 100644 --- a/recipes-security/selinux/libselinux_2.4.bb +++ b/recipes-security/selinux/libselinux_2.5.bb
@@ -1,17 +1,15 @@
1	include selinux_20150202.inc	1	include selinux_20160223.inc
2	include ${BPN}.inc	2	include ${BPN}.inc
3		3
4	LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"	4	LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
5		5
6	SRC_URI[md5sum] = "d19af2a367a81fb00bedc1b381694995"	6	SRC_URI[md5sum] = "d1399f5c2fd2fbe0e9603d5143b30367"
7	SRC_URI[sha256sum] = "46043091f4c5ba4f43e8d3715f30d665a2d571c9126c1f03945c9ea4ed380f7b"	7	SRC_URI[sha256sum] = "94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f"
8		8
9	SRC_URI += "\	9	SRC_URI += "\
10	file://libselinux-drop-Wno-unused-but-set-variable.patch \	10	file://libselinux-drop-Wno-unused-but-set-variable.patch \
11	file://libselinux-make-O_CLOEXEC-optional.patch \	11	file://libselinux-make-O_CLOEXEC-optional.patch \
12	file://libselinux-make-SOCK_CLOEXEC-optional.patch \	12	file://libselinux-make-SOCK_CLOEXEC-optional.patch \
13	file://libselinux-define-FD_CLOEXEC-as-necessary.patch \	13	file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
14	file://libselinux-get-pywrap-depends-on-selinux.py.patch \
15	file://0001-src-Makefile-fix-includedir-in-libselinux.pc.patch \	14	file://0001-src-Makefile-fix-includedir-in-libselinux.pc.patch \
16	file://libselinux-mount-procfs-before-check.patch \
17	"	15	"