* [gentoo-commits] repo/gentoo:master commit in: sys-libs/libsemanage/files/, sys-libs/libsemanage/
@ 2015-09-04 2:55 Jason Zaman
0 siblings, 0 replies; 5+ messages in thread
From: Jason Zaman @ 2015-09-04 2:55 UTC (permalink / raw
To: gentoo-commits
commit: 71382d74cac988e273a4f7b77bf9eadfcc47fdac
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 4 02:54:45 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Sep 4 02:54:45 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71382d74
sys-libs/libsemanage: add patches to fix missing homedir contexts
Gentoo-Bug: https://bugs.gentoo.org/558686
Package-Manager: portage-2.2.20.1
...-Add-policy-binary-and-file_contexts.loca.patch | 318 +++++++++++++++++++++
...-Add-file_contexts-and-seusers-to-the-sto.patch | 265 +++++++++++++++++
...-save-homedir_template-in-the-policy-stor.patch | 54 ++++
| 57 ++++
sys-libs/libsemanage/libsemanage-2.4-r2.ebuild | 131 +++++++++
5 files changed, 825 insertions(+)
diff --git a/sys-libs/libsemanage/files/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch b/sys-libs/libsemanage/files/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
new file mode 100644
index 0000000..e5e821e
--- /dev/null
+++ b/sys-libs/libsemanage/files/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
@@ -0,0 +1,318 @@
+From 9638af24a1e890d673549f0b25d854458e07032e Mon Sep 17 00:00:00 2001
+From: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
+Date: Thu, 2 Jul 2015 09:27:36 -0400
+Subject: [PATCH] libsemanage: Add policy binary and file_contexts.local to the
+ store
+
+This patch writes policy.kern and file_contexts.local to the policy store as
+well as /etc/selinux/. Additionally, policy.kern and file_contexts.local
+are now parsed from the store rather than the final directory which was
+the old behavior. This allows all policy related files to be kept in the
+policy store.
+
+This patch also renames /var/lib/selinux/tmp to 'final' and changes
+policy.kern in the store to longer be a symlink.
+
+Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
+---
+ libsemanage/src/booleans_policydb.c | 6 ++--
+ libsemanage/src/direct_api.c | 33 +++++++++++++++----
+ libsemanage/src/interfaces_policydb.c | 6 ++--
+ libsemanage/src/nodes_policydb.c | 6 ++--
+ libsemanage/src/ports_policydb.c | 6 ++--
+ libsemanage/src/semanage_store.c | 55 ++++++++++++++++++++++++--------
+ libsemanage/src/semanage_store.h | 5 +++
+ libsemanage/src/users_base_policydb.c | 6 ++--
+ libsemanage/utils/semanage_migrate_store | 3 +-
+ 9 files changed, 86 insertions(+), 40 deletions(-)
+
+diff --git a/libsemanage/src/booleans_policydb.c b/libsemanage/src/booleans_policydb.c
+index 74af2a3..6869d6c 100644
+--- a/libsemanage/src/booleans_policydb.c
++++ b/libsemanage/src/booleans_policydb.c
+@@ -55,10 +55,8 @@ int bool_policydb_dbase_init(semanage_handle_t * handle,
+ {
+
+ if (dbase_policydb_init(handle,
+- semanage_final_path(SEMANAGE_FINAL_SELINUX,
+- SEMANAGE_KERNEL),
+- semanage_final_path(SEMANAGE_FINAL_TMP,
+- SEMANAGE_KERNEL),
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
+ &SEMANAGE_BOOL_RTABLE,
+ &SEMANAGE_BOOL_POLICYDB_RTABLE,
+ &dconfig->dbase) < 0)
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index d57f934..3c6b168 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -196,10 +196,8 @@ int semanage_direct_connect(semanage_handle_t * sh)
+ goto err;
+
+ if (fcontext_file_dbase_init(sh,
+- semanage_final_path(SEMANAGE_FINAL_SELINUX,
+- SEMANAGE_FC_LOCAL),
+- semanage_final_path(SEMANAGE_FINAL_TMP,
+- SEMANAGE_FC_LOCAL),
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_LOCAL),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
+ semanage_fcontext_dbase_local(sh)) < 0)
+ goto err;
+
+@@ -1041,7 +1039,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ size_t fc_buffer_len = 0;
+ const char *ofilename = NULL;
+ const char *path;
+- int retval = -1, num_modinfos = 0, i;
++ int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0;
+ sepol_policydb_t *out = NULL;
+ struct cil_db *cildb = NULL;
+ semanage_module_info_t *modinfos = NULL;
+@@ -1143,8 +1141,20 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ modified |= dontaudit_modified;
+ modified |= preserve_tunables_modified;
+
++ /* This is for systems that have already migrated with an older version
++ * of semanage_migrate_store. The older version did not copy policy.kern so
++ * the policy binary must be rebuilt here.
++ */
++ if (!sh->do_rebuild && !modified) {
++ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
++
++ if (access(path, F_OK) != 0) {
++ missing_policy_kern = 1;
++ }
++ }
++
+ /* If there were policy changes, or explicitly requested, rebuild the policy */
+- if (sh->do_rebuild || modified) {
++ if (sh->do_rebuild || modified || missing_policy_kern) {
+ /* =================== Module expansion =============== */
+
+ retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos);
+@@ -1302,6 +1312,17 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ if (retval < 0)
+ goto cleanup;
+
++ retval = semanage_copy_policydb(sh);
++ if (retval < 0)
++ goto cleanup;
++
++ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
++ if (access(path, F_OK) == 0) {
++ retval = semanage_copy_fc_local(sh);
++ if (retval < 0)
++ goto cleanup;
++ }
++
+ /* run genhomedircon if its enabled, this should be the last operation
+ * which requires the out policydb */
+ if (!sh->conf->disable_genhomedircon) {
+diff --git a/libsemanage/src/interfaces_policydb.c b/libsemanage/src/interfaces_policydb.c
+index 6a42eed..552ce7d 100644
+--- a/libsemanage/src/interfaces_policydb.c
++++ b/libsemanage/src/interfaces_policydb.c
+@@ -51,10 +51,8 @@ int iface_policydb_dbase_init(semanage_handle_t * handle,
+ {
+
+ if (dbase_policydb_init(handle,
+- semanage_final_path(SEMANAGE_FINAL_SELINUX,
+- SEMANAGE_KERNEL),
+- semanage_final_path(SEMANAGE_FINAL_TMP,
+- SEMANAGE_KERNEL),
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
+ &SEMANAGE_IFACE_RTABLE,
+ &SEMANAGE_IFACE_POLICYDB_RTABLE,
+ &dconfig->dbase) < 0)
+diff --git a/libsemanage/src/nodes_policydb.c b/libsemanage/src/nodes_policydb.c
+index 56012fb..7224f00 100644
+--- a/libsemanage/src/nodes_policydb.c
++++ b/libsemanage/src/nodes_policydb.c
+@@ -50,10 +50,8 @@ int node_policydb_dbase_init(semanage_handle_t * handle,
+ {
+
+ if (dbase_policydb_init(handle,
+- semanage_final_path(SEMANAGE_FINAL_SELINUX,
+- SEMANAGE_KERNEL),
+- semanage_final_path(SEMANAGE_FINAL_TMP,
+- SEMANAGE_KERNEL),
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
+ &SEMANAGE_NODE_RTABLE,
+ &SEMANAGE_NODE_POLICYDB_RTABLE,
+ &dconfig->dbase) < 0)
+diff --git a/libsemanage/src/ports_policydb.c b/libsemanage/src/ports_policydb.c
+index b9600f0..37d7deb 100644
+--- a/libsemanage/src/ports_policydb.c
++++ b/libsemanage/src/ports_policydb.c
+@@ -50,10 +50,8 @@ int port_policydb_dbase_init(semanage_handle_t * handle,
+ {
+
+ if (dbase_policydb_init(handle,
+- semanage_final_path(SEMANAGE_FINAL_SELINUX,
+- SEMANAGE_KERNEL),
+- semanage_final_path(SEMANAGE_FINAL_TMP,
+- SEMANAGE_KERNEL),
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
+ &SEMANAGE_PORT_RTABLE,
+ &SEMANAGE_PORT_POLICYDB_RTABLE,
+ &dconfig->dbase) < 0)
+diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
+index 6051691..2856aaf 100644
+--- a/libsemanage/src/semanage_store.c
++++ b/libsemanage/src/semanage_store.c
+@@ -110,10 +110,12 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
+ "/disable_dontaudit",
+ "/preserve_tunables",
+ "/modules/disabled",
++ "/policy.kern",
++ "/file_contexts.local"
+ };
+
+ static char const * const semanage_final_prefix[SEMANAGE_FINAL_NUM] = {
+- "/tmp",
++ "/final",
+ "",
+ };
+
+@@ -943,9 +945,7 @@ int semanage_make_final(semanage_handle_t *sh)
+ goto cleanup;
+ }
+
+- /* Copy in exported databases.
+- * i = 1 to avoid copying the top level directory.
+- */
++ // Build final directory structure
+ int i;
+ for (i = 1; i < SEMANAGE_FINAL_PATH_NUM; i++) {
+ if (strlen(semanage_final_path(SEMANAGE_FINAL_TMP, i)) >= sizeof(fn)) {
+@@ -959,12 +959,6 @@ int semanage_make_final(semanage_handle_t *sh)
+ status = -1;
+ goto cleanup;
+ }
+-
+- semanage_copy_file(
+- semanage_final_path(SEMANAGE_FINAL_SELINUX, i),
+- semanage_final_path(SEMANAGE_FINAL_TMP, i),
+- sh->conf->file_mode);
+- /* ignore errors, these files may not exist */
+ }
+
+ cleanup:
+@@ -2019,8 +2013,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in)
+ FILE *infile = NULL;
+
+ if ((kernel_filename =
+- semanage_final_path(SEMANAGE_FINAL_SELINUX,
+- SEMANAGE_KERNEL)) == NULL) {
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL)) == NULL) {
+ goto cleanup;
+ }
+ if ((infile = fopen(kernel_filename, "r")) == NULL) {
+@@ -2061,7 +2054,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out)
+ FILE *outfile = NULL;
+
+ if ((kernel_filename =
+- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL)) == NULL) {
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL)) == NULL) {
+ goto cleanup;
+ }
+ if ((outfile = fopen(kernel_filename, "wb")) == NULL) {
+@@ -2921,3 +2914,39 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
+
+ return 0;
+ }
++
++int semanage_copy_policydb(semanage_handle_t *sh)
++{
++ const char *src = NULL;
++ const char *dst = NULL;
++ int rc = -1;
++
++ src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
++ dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
++
++ rc = semanage_copy_file(src, dst, sh->conf->file_mode);
++ if (rc != 0) {
++ goto cleanup;
++ }
++
++cleanup:
++ return rc;
++}
++
++int semanage_copy_fc_local(semanage_handle_t *sh)
++{
++ const char *src = NULL;
++ const char *dst = NULL;
++ int rc = -1;
++
++ src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
++ dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL);
++
++ rc = semanage_copy_file(src, dst, sh->conf->file_mode);
++ if (rc != 0) {
++ goto cleanup;
++ }
++
++cleanup:
++ return rc;
++}
+diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
+index 62c7079..ade43f2 100644
+--- a/libsemanage/src/semanage_store.h
++++ b/libsemanage/src/semanage_store.h
+@@ -55,6 +55,8 @@ enum semanage_sandbox_defs {
+ SEMANAGE_DISABLE_DONTAUDIT,
+ SEMANAGE_PRESERVE_TUNABLES,
+ SEMANAGE_MODULES_DISABLED,
++ SEMANAGE_STORE_KERNEL,
++ SEMANAGE_STORE_FC_LOCAL,
+ SEMANAGE_STORE_NUM_PATHS
+ };
+
+@@ -148,4 +150,7 @@ int semanage_nc_sort(semanage_handle_t * sh,
+ size_t buf_len,
+ char **sorted_buf, size_t * sorted_buf_len);
+
++int semanage_copy_policydb(semanage_handle_t *sh);
++int semanage_copy_fc_local(semanage_handle_t *sh);
++
+ #endif
+diff --git a/libsemanage/src/users_base_policydb.c b/libsemanage/src/users_base_policydb.c
+index 0a6ab9c..b42279c 100644
+--- a/libsemanage/src/users_base_policydb.c
++++ b/libsemanage/src/users_base_policydb.c
+@@ -50,10 +50,8 @@ int user_base_policydb_dbase_init(semanage_handle_t * handle,
+ {
+
+ if (dbase_policydb_init(handle,
+- semanage_final_path(SEMANAGE_FINAL_SELINUX,
+- SEMANAGE_KERNEL),
+- semanage_final_path(SEMANAGE_FINAL_TMP,
+- SEMANAGE_KERNEL),
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
+ &SEMANAGE_USER_BASE_RTABLE,
+ &SEMANAGE_USER_BASE_POLICYDB_RTABLE,
+ &dconfig->dbase) < 0)
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index 2f85e9c..b170eda 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -243,7 +243,8 @@ if __name__ == "__main__":
+ "users.local",
+ "users_extra.local",
+ "disable_dontaudit",
+- "preserve_tunables" ]
++ "preserve_tunables",
++ "policy.kern" ]
+
+
+ create_dir(newroot_path(), 0o755)
+--
+2.4.6
+
diff --git a/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch b/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
new file mode 100644
index 0000000..24e9778
--- /dev/null
+++ b/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
@@ -0,0 +1,265 @@
+From d56c2b434e99f60612c1290e82021ecbcbfaf5e6 Mon Sep 17 00:00:00 2001
+From: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
+Date: Tue, 21 Jul 2015 15:08:15 -0400
+Subject: [PATCH] libsemanage: Add file_contexts and seusers to the store
+
+This patch writes file_contexts and seusers to the policy store as well as
+/etc/selinux/. Additionally, file_contexts and seusers are now parsed from the
+store rather than the final directory which was the old behavior. This allows
+all policy related files to be kept in the policy store.
+
+Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
+---
+ libsemanage/src/direct_api.c | 69 +++++++++++++++++++++++++-------
+ libsemanage/src/semanage_store.c | 49 ++++-------------------
+ libsemanage/src/semanage_store.h | 5 ++-
+ libsemanage/utils/semanage_migrate_store | 3 +-
+ 4 files changed, 66 insertions(+), 60 deletions(-)
+
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index 3c6b168..b11f2ba 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -248,18 +248,14 @@ int semanage_direct_connect(semanage_handle_t * sh)
+ goto err;
+
+ if (fcontext_file_dbase_init(sh,
+- semanage_final_path(SEMANAGE_FINAL_SELINUX,
+- SEMANAGE_FC),
+- semanage_final_path(SEMANAGE_FINAL_TMP,
+- SEMANAGE_FC),
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
+ semanage_fcontext_dbase_policy(sh)) < 0)
+ goto err;
+
+ if (seuser_file_dbase_init(sh,
+- semanage_final_path(SEMANAGE_FINAL_SELINUX,
+- SEMANAGE_SEUSERS),
+- semanage_final_path(SEMANAGE_FINAL_TMP,
+- SEMANAGE_SEUSERS),
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_SEUSERS),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
+ semanage_seuser_dbase_policy(sh)) < 0)
+ goto err;
+
+@@ -602,7 +598,7 @@ static int semanage_direct_update_seuser(semanage_handle_t * sh, cil_db_t *cildb
+ }
+
+ if (size > 0) {
+- ofilename = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS);
++ ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
+ if (ofilename == NULL) {
+ return -1;
+ }
+@@ -1039,7 +1035,8 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ size_t fc_buffer_len = 0;
+ const char *ofilename = NULL;
+ const char *path;
+- int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0;
++ int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0,
++ missing_seusers = 0, missing_fc = 0, missing = 0;
+ sepol_policydb_t *out = NULL;
+ struct cil_db *cildb = NULL;
+ semanage_module_info_t *modinfos = NULL;
+@@ -1151,10 +1148,26 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ if (access(path, F_OK) != 0) {
+ missing_policy_kern = 1;
+ }
++
++ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
++
++ if (access(path, F_OK) != 0) {
++ missing_fc = 1;
++ }
++
++ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
++
++ if (access(path, F_OK) != 0) {
++ missing_seusers = 1;
++ }
+ }
+
++ missing |= missing_policy_kern;
++ missing |= missing_fc;
++ missing |= missing_seusers;
++
+ /* If there were policy changes, or explicitly requested, rebuild the policy */
+- if (sh->do_rebuild || modified || missing_policy_kern) {
++ if (sh->do_rebuild || modified || missing) {
+ /* =================== Module expansion =============== */
+
+ retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos);
+@@ -1312,15 +1325,41 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ if (retval < 0)
+ goto cleanup;
+
+- retval = semanage_copy_policydb(sh);
+- if (retval < 0)
++ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
++ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL),
++ sh->conf->file_mode);
++ if (retval < 0) {
+ goto cleanup;
++ }
+
+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
+ if (access(path, F_OK) == 0) {
+- retval = semanage_copy_fc_local(sh);
+- if (retval < 0)
++ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
++ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
++ sh->conf->file_mode);
++ if (retval < 0) {
+ goto cleanup;
++ }
++ }
++
++ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
++ if (access(path, F_OK) == 0) {
++ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
++ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
++ sh->conf->file_mode);
++ if (retval < 0) {
++ goto cleanup;
++ }
++ }
++
++ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
++ if (access(path, F_OK) == 0) {
++ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
++ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
++ sh->conf->file_mode);
++ if (retval < 0) {
++ goto cleanup;
++ }
+ }
+
+ /* run genhomedircon if its enabled, this should be the last operation
+diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
+index 2856aaf..fa0876f 100644
+--- a/libsemanage/src/semanage_store.c
++++ b/libsemanage/src/semanage_store.c
+@@ -111,7 +111,9 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
+ "/preserve_tunables",
+ "/modules/disabled",
+ "/policy.kern",
+- "/file_contexts.local"
++ "/file_contexts.local",
++ "/file_contexts",
++ "/seusers"
+ };
+
+ static char const * const semanage_final_prefix[SEMANAGE_FINAL_NUM] = {
+@@ -666,7 +668,7 @@ static int semanage_filename_select(const struct dirent *d)
+
+ /* Copies a file from src to dst. If dst already exists then
+ * overwrite it. Returns 0 on success, -1 on error. */
+-static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
++int semanage_copy_file(const char *src, const char *dst, mode_t mode)
+ {
+ int in, out, retval = 0, amount_read, n, errsv = errno;
+ char tmp[PATH_MAX];
+@@ -1425,11 +1427,11 @@ int semanage_split_fc(semanage_handle_t * sh)
+ goto cleanup;
+ }
+
+- fc = open(semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
++ fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
+ O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+ if (fc < 0) {
+ ERR(sh, "Could not open %s for writing.",
+- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC));
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC));
+ goto cleanup;
+ }
+ hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL),
+@@ -1454,8 +1456,7 @@ int semanage_split_fc(semanage_handle_t * sh)
+ } else {
+ if (write(fc, buf, strlen(buf)) < 0) {
+ ERR(sh, "Write to %s failed.",
+- semanage_final_path(SEMANAGE_FINAL_TMP,
+- SEMANAGE_FC));
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC));
+ goto cleanup;
+ }
+ }
+@@ -2914,39 +2915,3 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
+
+ return 0;
+ }
+-
+-int semanage_copy_policydb(semanage_handle_t *sh)
+-{
+- const char *src = NULL;
+- const char *dst = NULL;
+- int rc = -1;
+-
+- src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
+- dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
+-
+- rc = semanage_copy_file(src, dst, sh->conf->file_mode);
+- if (rc != 0) {
+- goto cleanup;
+- }
+-
+-cleanup:
+- return rc;
+-}
+-
+-int semanage_copy_fc_local(semanage_handle_t *sh)
+-{
+- const char *src = NULL;
+- const char *dst = NULL;
+- int rc = -1;
+-
+- src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
+- dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL);
+-
+- rc = semanage_copy_file(src, dst, sh->conf->file_mode);
+- if (rc != 0) {
+- goto cleanup;
+- }
+-
+-cleanup:
+- return rc;
+-}
+diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
+index ade43f2..acb6e3f 100644
+--- a/libsemanage/src/semanage_store.h
++++ b/libsemanage/src/semanage_store.h
+@@ -57,6 +57,8 @@ enum semanage_sandbox_defs {
+ SEMANAGE_MODULES_DISABLED,
+ SEMANAGE_STORE_KERNEL,
+ SEMANAGE_STORE_FC_LOCAL,
++ SEMANAGE_STORE_FC,
++ SEMANAGE_STORE_SEUSERS,
+ SEMANAGE_STORE_NUM_PATHS
+ };
+
+@@ -150,7 +152,6 @@ int semanage_nc_sort(semanage_handle_t * sh,
+ size_t buf_len,
+ char **sorted_buf, size_t * sorted_buf_len);
+
+-int semanage_copy_policydb(semanage_handle_t *sh);
+-int semanage_copy_fc_local(semanage_handle_t *sh);
++int semanage_copy_file(const char *src, const char *dst, mode_t mode);
+
+ #endif
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index b170eda..6443002 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -244,7 +244,8 @@ if __name__ == "__main__":
+ "users_extra.local",
+ "disable_dontaudit",
+ "preserve_tunables",
+- "policy.kern" ]
++ "policy.kern",
++ "file_contexts"]
+
+
+ create_dir(newroot_path(), 0o755)
+--
+2.4.6
+
diff --git a/sys-libs/libsemanage/files/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch b/sys-libs/libsemanage/files/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch
new file mode 100644
index 0000000..3bc1370
--- /dev/null
+++ b/sys-libs/libsemanage/files/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch
@@ -0,0 +1,54 @@
+From 75dd8c062d1f6f0e0a7a9f1856c0957b423e8a02 Mon Sep 17 00:00:00 2001
+From: Steve Lawrence <slawrence@tresys.com>
+Date: Thu, 3 Sep 2015 09:28:08 -0400
+Subject: [PATCH 1/3] libsemanage: save homedir_template in the policy store
+ for genhomedircon
+
+We don't currently store homedir_template in the policy store, which
+means genhomedircon only has a template file to use if the
+homedir_template was generated from the file contexts in the same
+transaction. But homedir_template isn't always generated, as in the
+case with setsebool -P. In this and other cases, genhomedircon will not
+have a template file resulting in an empty file_contexts.homedir file.
+
+This commit changes this so that homedir_template is always stored in
+the policy store so it can be used by genhomedircon regardless of how
+policy was built. Also add the homedir_template file to the migration
+script.
+
+Signed-off by: Steve Lawrence <slawrence@tresys.com>
+Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libsemanage/src/direct_api.c | 1 -
+ libsemanage/utils/semanage_migrate_store | 3 ++-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index 90a7b22..6e49cae 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -1415,7 +1415,6 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+
+ /* remove files that are automatically generated and no longer needed */
+ unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
+- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL));
+ unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA));
+
+ if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) {
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index 539f469..297c71b 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -251,7 +251,8 @@ if __name__ == "__main__":
+ "disable_dontaudit",
+ "preserve_tunables",
+ "policy.kern",
+- "file_contexts"]
++ "file_contexts",
++ "homedir_template"]
+
+
+ create_dir(newroot_path(), 0o755)
+--
+2.4.6
+
--git a/sys-libs/libsemanage/files/0005-libsemanage-store-users_extra-in-the-policy-store.patch b/sys-libs/libsemanage/files/0005-libsemanage-store-users_extra-in-the-policy-store.patch
new file mode 100644
index 0000000..1aca2ad
--- /dev/null
+++ b/sys-libs/libsemanage/files/0005-libsemanage-store-users_extra-in-the-policy-store.patch
@@ -0,0 +1,57 @@
+From dbc639a35af71eec1a1b386b74a822d794bb59df Mon Sep 17 00:00:00 2001
+From: Steve Lawrence <slawrence@tresys.com>
+Date: Thu, 3 Sep 2015 13:07:36 -0400
+Subject: [PATCH 2/3] libsemanage: store users_extra in the policy store
+
+users_extra is needed by genhomedircon and when listing seusers, so it
+must be kept in the policy store. Also move the FC_TMPL unlink() closer
+to where the FC_TMPL is created; not a functional change, but eaiser to
+follow.
+
+Signed-off-by: Steve Lawrence <slawrence@tresys.com>
+Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libsemanage/src/direct_api.c | 7 +++----
+ libsemanage/utils/semanage_migrate_store | 1 +
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index 6e49cae..68dd0d1 100644
+--- a/libsemanage/src/direct_api.c
++++ b/libsemanage/src/direct_api.c
+@@ -1272,6 +1272,9 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ if (retval < 0)
+ goto cleanup;
+
++ /* remove FC_TMPL now that it is now longer needed */
++ unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
++
+ pfcontexts->dtable->drop_cache(pfcontexts->dbase);
+
+ /* SEUsers */
+@@ -1413,10 +1416,6 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ sepol_policydb_free(out);
+ out = NULL;
+
+- /* remove files that are automatically generated and no longer needed */
+- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
+- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA));
+-
+ if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) {
+ retval = semanage_install_sandbox(sh);
+ }
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index 297c71b..b5eefaa 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -247,6 +247,7 @@ if __name__ == "__main__":
+ "file_contexts.local",
+ "seusers",
+ "users.local",
++ "users_extra",
+ "users_extra.local",
+ "disable_dontaudit",
+ "preserve_tunables",
+--
+2.4.6
+
diff --git a/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild b/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild
new file mode 100644
index 0000000..5e14e7d
--- /dev/null
+++ b/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild
@@ -0,0 +1,131 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
+
+inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
+
+MY_P="${P//_/-}"
+
+SEPOL_VER="${PV}"
+SELNX_VER="${PV}"
+
+DESCRIPTION="SELinux kernel and policy management library"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="python"
+
+RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
+ >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}]
+ >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
+ >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}]
+ "
+DEPEND="${RDEPEND}
+ sys-devel/bison
+ sys-devel/flex
+ python? (
+ >=dev-lang/swig-2.0.4-r1
+ virtual/pkgconfig
+ ${PYTHON_DEPS}
+ )"
+
+# tests are not meant to be run outside of the
+# full SELinux userland repo
+RESTRICT="test"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+ echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
+ echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
+ echo "# or debugging of policy." >> "${S}/src/semanage.conf"
+ echo "save-linked=false" >> "${S}/src/semanage.conf"
+ echo >> "${S}/src/semanage.conf"
+ echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf"
+ echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf"
+ echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf"
+ echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf"
+ echo "# would catch." >> "${S}/src/semanage.conf"
+ echo "expand-check=1" >> "${S}/src/semanage.conf"
+ echo >> "${S}/src/semanage.conf"
+ echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf"
+ echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf"
+ echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf"
+ echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf"
+ echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf"
+ echo "bzip-blocksize=0" >> "${S}/src/semanage.conf"
+ echo >> "${S}/src/semanage.conf"
+ echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
+ echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
+ echo "bzip-small=true" >> "${S}/src/semanage.conf"
+
+ epatch "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch" \
+ "${FILESDIR}/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch" \
+ "${FILESDIR}/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch" \
+ "${FILESDIR}/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch" \
+ "${FILESDIR}/0005-libsemanage-store-users_extra-in-the-policy-store.patch"
+
+ epatch_user
+
+ multilib_copy_sources
+}
+
+multilib_src_compile() {
+ emake \
+ AR="$(tc-getAR)" \
+ CC="$(tc-getCC)" \
+ LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
+ all
+
+ if multilib_is_native_abi && use python; then
+ building_py() {
+ python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
+ emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@"
+ }
+ python_foreach_impl building_py swigify
+ python_foreach_impl building_py pywrap
+ fi
+}
+
+multilib_src_install() {
+ emake \
+ LIBDIR="${ED}/usr/$(get_libdir)" \
+ SHLIBDIR="${ED}/usr/$(get_libdir)" \
+ DESTDIR="${ED}" install
+
+ if multilib_is_native_abi && use python; then
+ installation_py() {
+ emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \
+ SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap
+ python_optimize # bug 531638
+ }
+ python_foreach_impl installation_py
+ fi
+}
+
+pkg_postinst() {
+ # Migrate the SELinux semanage configuration store if not done already
+ local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' /etc/selinux/config);
+ if [ -n "${selinuxtype}" ] && [ ! -d /var/lib/selinux/${mcs}/active ] ; then
+ ewarn "Since the 2.4 SELinux userspace, the policy module store is moved"
+ ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now."
+ ewarn "If there are any issues, it can be done manually by running:"
+ ewarn "/usr/libexec/selinux/semanage_migrate_store"
+ ewarn "For more information, please see"
+ ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration"
+ fi
+
+ # Run the store migration without rebuilds
+ for POLICY_TYPE in ${POLICY_TYPES} ; do
+ if [ ! -d "${ROOT}/var/lib/selinux/${POLICY_TYPE}/active" ] ; then
+ einfo "Migrating store ${POLICY_TYPE} (without policy rebuild)."
+ /usr/libexec/selinux/semanage_migrate_store -n -s "${POLICY_TYPE}" || die "Failed to migrate store ${POLICY_TYPE}"
+ fi
+ done
+}
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-libs/libsemanage/files/, sys-libs/libsemanage/
@ 2016-09-01 16:31 Jason Zaman
0 siblings, 0 replies; 5+ messages in thread
From: Jason Zaman @ 2016-09-01 16:31 UTC (permalink / raw
To: gentoo-commits
commit: 25a69d7a8fc755476905c0ac23720fd166957f41
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 1 15:51:58 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Sep 1 16:28:16 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25a69d7a
sys-libs/libsemanage: Drop old
Package-Manager: portage-2.2.28
sys-libs/libsemanage/Manifest | 3 -
...-Add-policy-binary-and-file_contexts.loca.patch | 318 ---------------------
...-Add-file_contexts-and-seusers-to-the-sto.patch | 265 -----------------
...-save-homedir_template-in-the-policy-stor.patch | 54 ----
| 57 ----
sys-libs/libsemanage/libsemanage-2.2-r2.ebuild | 91 ------
sys-libs/libsemanage/libsemanage-2.3-r4.ebuild | 104 -------
sys-libs/libsemanage/libsemanage-2.4-r1.ebuild | 127 --------
sys-libs/libsemanage/libsemanage-2.4-r2.ebuild | 132 ---------
9 files changed, 1151 deletions(-)
diff --git a/sys-libs/libsemanage/Manifest b/sys-libs/libsemanage/Manifest
index 1f49a87..87c6ec0 100644
--- a/sys-libs/libsemanage/Manifest
+++ b/sys-libs/libsemanage/Manifest
@@ -1,4 +1 @@
-DIST libsemanage-2.2.tar.gz 138208 SHA256 11f60bfa0f1c6063cd9bd99ce0cb4acc9d6d9e9b8d7743d39e847bcd7803bd75 SHA512 09032b1b322fec7346164939ade118034812cb538ebc72121640d4ac5c89d2a66b59caa465027cfbebb590dee039a26d4345eafedf365d7f6ad0b5e90377d50f WHIRLPOOL 49170c5ee9ff57dcc4a15aa72386f37993f76436f0da25808c60dab2d03ba52932d0d4fa753c326900d83d2fae30f8bcf659251f17327783f2e2be3deb4842f4
-DIST libsemanage-2.3.tar.gz 138231 SHA256 03e09e35e611c286e446bef92b6023ef2623815996f5a53394bb02e49a312e4b SHA512 defe3bbdbe51abdaa13a39f693c33446d8a1a8509ac1eb25c7770da2df6487bcb0ca31259d02b4531d4c81db5e221e94e95bec97f6a1a155e1de2f65e6f0da34 WHIRLPOOL 943d4d300aa8ad49c411b10b41c0c3e751c46dbcbbe129bdd1d2e975e231c58391d6ecdee6b27699fff9f6e6facf5b48fc8d57c2ff68692694c7de430750fac9
-DIST libsemanage-2.4.tar.gz 151173 SHA256 1a4cace4ef16786531ec075c0e7b2f961e2fee5dc86c5f983a689058899a6484 SHA512 54f993253b22207b053daf4d34e72c65c72279866416089b6c0f047ef77bca3e307eac0ce6dfe40bd14e2e47e79841b358d5607501779f38d9b5f7c35f3b7729 WHIRLPOOL 7303c06515ed59b5756a87d08aff07671e51d26ce9fa452ca75643dd0ce4658571dc69d86434c943d691a4ab0d90cbdccdaa27e5aaec5fdf8057cf2d5d30631e
DIST libsemanage-2.5.tar.gz 152884 SHA256 46e2f36254369b6e91d1eea0460c262b139361b055a3a67d3ceea2d8ef72e006 SHA512 cf644b77d8a24f76c630ece582df1b49a0c5f48f1c9f79b1caee0df10372008954406974472a072360dbe6de5ebc19b1b21bb247084d75b7186f61b32f33b8ec WHIRLPOOL 397b7fd2e9b2c00dbc2f58bdc023501dcd7ecf1212fef9ad7993b4763a041068416ef06552c0abf0beef8c69f4704933feca36951866c43d867181332971f6be
diff --git a/sys-libs/libsemanage/files/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch b/sys-libs/libsemanage/files/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
deleted file mode 100644
index e5e821e..00000000
--- a/sys-libs/libsemanage/files/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch
+++ /dev/null
@@ -1,318 +0,0 @@
-From 9638af24a1e890d673549f0b25d854458e07032e Mon Sep 17 00:00:00 2001
-From: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
-Date: Thu, 2 Jul 2015 09:27:36 -0400
-Subject: [PATCH] libsemanage: Add policy binary and file_contexts.local to the
- store
-
-This patch writes policy.kern and file_contexts.local to the policy store as
-well as /etc/selinux/. Additionally, policy.kern and file_contexts.local
-are now parsed from the store rather than the final directory which was
-the old behavior. This allows all policy related files to be kept in the
-policy store.
-
-This patch also renames /var/lib/selinux/tmp to 'final' and changes
-policy.kern in the store to longer be a symlink.
-
-Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
----
- libsemanage/src/booleans_policydb.c | 6 ++--
- libsemanage/src/direct_api.c | 33 +++++++++++++++----
- libsemanage/src/interfaces_policydb.c | 6 ++--
- libsemanage/src/nodes_policydb.c | 6 ++--
- libsemanage/src/ports_policydb.c | 6 ++--
- libsemanage/src/semanage_store.c | 55 ++++++++++++++++++++++++--------
- libsemanage/src/semanage_store.h | 5 +++
- libsemanage/src/users_base_policydb.c | 6 ++--
- libsemanage/utils/semanage_migrate_store | 3 +-
- 9 files changed, 86 insertions(+), 40 deletions(-)
-
-diff --git a/libsemanage/src/booleans_policydb.c b/libsemanage/src/booleans_policydb.c
-index 74af2a3..6869d6c 100644
---- a/libsemanage/src/booleans_policydb.c
-+++ b/libsemanage/src/booleans_policydb.c
-@@ -55,10 +55,8 @@ int bool_policydb_dbase_init(semanage_handle_t * handle,
- {
-
- if (dbase_policydb_init(handle,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_KERNEL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
- &SEMANAGE_BOOL_RTABLE,
- &SEMANAGE_BOOL_POLICYDB_RTABLE,
- &dconfig->dbase) < 0)
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
-index d57f934..3c6b168 100644
---- a/libsemanage/src/direct_api.c
-+++ b/libsemanage/src/direct_api.c
-@@ -196,10 +196,8 @@ int semanage_direct_connect(semanage_handle_t * sh)
- goto err;
-
- if (fcontext_file_dbase_init(sh,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_FC_LOCAL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_FC_LOCAL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_LOCAL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
- semanage_fcontext_dbase_local(sh)) < 0)
- goto err;
-
-@@ -1041,7 +1039,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- size_t fc_buffer_len = 0;
- const char *ofilename = NULL;
- const char *path;
-- int retval = -1, num_modinfos = 0, i;
-+ int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0;
- sepol_policydb_t *out = NULL;
- struct cil_db *cildb = NULL;
- semanage_module_info_t *modinfos = NULL;
-@@ -1143,8 +1141,20 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- modified |= dontaudit_modified;
- modified |= preserve_tunables_modified;
-
-+ /* This is for systems that have already migrated with an older version
-+ * of semanage_migrate_store. The older version did not copy policy.kern so
-+ * the policy binary must be rebuilt here.
-+ */
-+ if (!sh->do_rebuild && !modified) {
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
-+
-+ if (access(path, F_OK) != 0) {
-+ missing_policy_kern = 1;
-+ }
-+ }
-+
- /* If there were policy changes, or explicitly requested, rebuild the policy */
-- if (sh->do_rebuild || modified) {
-+ if (sh->do_rebuild || modified || missing_policy_kern) {
- /* =================== Module expansion =============== */
-
- retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos);
-@@ -1302,6 +1312,17 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- if (retval < 0)
- goto cleanup;
-
-+ retval = semanage_copy_policydb(sh);
-+ if (retval < 0)
-+ goto cleanup;
-+
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
-+ if (access(path, F_OK) == 0) {
-+ retval = semanage_copy_fc_local(sh);
-+ if (retval < 0)
-+ goto cleanup;
-+ }
-+
- /* run genhomedircon if its enabled, this should be the last operation
- * which requires the out policydb */
- if (!sh->conf->disable_genhomedircon) {
-diff --git a/libsemanage/src/interfaces_policydb.c b/libsemanage/src/interfaces_policydb.c
-index 6a42eed..552ce7d 100644
---- a/libsemanage/src/interfaces_policydb.c
-+++ b/libsemanage/src/interfaces_policydb.c
-@@ -51,10 +51,8 @@ int iface_policydb_dbase_init(semanage_handle_t * handle,
- {
-
- if (dbase_policydb_init(handle,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_KERNEL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
- &SEMANAGE_IFACE_RTABLE,
- &SEMANAGE_IFACE_POLICYDB_RTABLE,
- &dconfig->dbase) < 0)
-diff --git a/libsemanage/src/nodes_policydb.c b/libsemanage/src/nodes_policydb.c
-index 56012fb..7224f00 100644
---- a/libsemanage/src/nodes_policydb.c
-+++ b/libsemanage/src/nodes_policydb.c
-@@ -50,10 +50,8 @@ int node_policydb_dbase_init(semanage_handle_t * handle,
- {
-
- if (dbase_policydb_init(handle,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_KERNEL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
- &SEMANAGE_NODE_RTABLE,
- &SEMANAGE_NODE_POLICYDB_RTABLE,
- &dconfig->dbase) < 0)
-diff --git a/libsemanage/src/ports_policydb.c b/libsemanage/src/ports_policydb.c
-index b9600f0..37d7deb 100644
---- a/libsemanage/src/ports_policydb.c
-+++ b/libsemanage/src/ports_policydb.c
-@@ -50,10 +50,8 @@ int port_policydb_dbase_init(semanage_handle_t * handle,
- {
-
- if (dbase_policydb_init(handle,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_KERNEL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
- &SEMANAGE_PORT_RTABLE,
- &SEMANAGE_PORT_POLICYDB_RTABLE,
- &dconfig->dbase) < 0)
-diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
-index 6051691..2856aaf 100644
---- a/libsemanage/src/semanage_store.c
-+++ b/libsemanage/src/semanage_store.c
-@@ -110,10 +110,12 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
- "/disable_dontaudit",
- "/preserve_tunables",
- "/modules/disabled",
-+ "/policy.kern",
-+ "/file_contexts.local"
- };
-
- static char const * const semanage_final_prefix[SEMANAGE_FINAL_NUM] = {
-- "/tmp",
-+ "/final",
- "",
- };
-
-@@ -943,9 +945,7 @@ int semanage_make_final(semanage_handle_t *sh)
- goto cleanup;
- }
-
-- /* Copy in exported databases.
-- * i = 1 to avoid copying the top level directory.
-- */
-+ // Build final directory structure
- int i;
- for (i = 1; i < SEMANAGE_FINAL_PATH_NUM; i++) {
- if (strlen(semanage_final_path(SEMANAGE_FINAL_TMP, i)) >= sizeof(fn)) {
-@@ -959,12 +959,6 @@ int semanage_make_final(semanage_handle_t *sh)
- status = -1;
- goto cleanup;
- }
--
-- semanage_copy_file(
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, i),
-- semanage_final_path(SEMANAGE_FINAL_TMP, i),
-- sh->conf->file_mode);
-- /* ignore errors, these files may not exist */
- }
-
- cleanup:
-@@ -2019,8 +2013,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in)
- FILE *infile = NULL;
-
- if ((kernel_filename =
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL)) == NULL) {
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL)) == NULL) {
- goto cleanup;
- }
- if ((infile = fopen(kernel_filename, "r")) == NULL) {
-@@ -2061,7 +2054,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out)
- FILE *outfile = NULL;
-
- if ((kernel_filename =
-- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL)) == NULL) {
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL)) == NULL) {
- goto cleanup;
- }
- if ((outfile = fopen(kernel_filename, "wb")) == NULL) {
-@@ -2921,3 +2914,39 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
-
- return 0;
- }
-+
-+int semanage_copy_policydb(semanage_handle_t *sh)
-+{
-+ const char *src = NULL;
-+ const char *dst = NULL;
-+ int rc = -1;
-+
-+ src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
-+ dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
-+
-+ rc = semanage_copy_file(src, dst, sh->conf->file_mode);
-+ if (rc != 0) {
-+ goto cleanup;
-+ }
-+
-+cleanup:
-+ return rc;
-+}
-+
-+int semanage_copy_fc_local(semanage_handle_t *sh)
-+{
-+ const char *src = NULL;
-+ const char *dst = NULL;
-+ int rc = -1;
-+
-+ src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
-+ dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL);
-+
-+ rc = semanage_copy_file(src, dst, sh->conf->file_mode);
-+ if (rc != 0) {
-+ goto cleanup;
-+ }
-+
-+cleanup:
-+ return rc;
-+}
-diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
-index 62c7079..ade43f2 100644
---- a/libsemanage/src/semanage_store.h
-+++ b/libsemanage/src/semanage_store.h
-@@ -55,6 +55,8 @@ enum semanage_sandbox_defs {
- SEMANAGE_DISABLE_DONTAUDIT,
- SEMANAGE_PRESERVE_TUNABLES,
- SEMANAGE_MODULES_DISABLED,
-+ SEMANAGE_STORE_KERNEL,
-+ SEMANAGE_STORE_FC_LOCAL,
- SEMANAGE_STORE_NUM_PATHS
- };
-
-@@ -148,4 +150,7 @@ int semanage_nc_sort(semanage_handle_t * sh,
- size_t buf_len,
- char **sorted_buf, size_t * sorted_buf_len);
-
-+int semanage_copy_policydb(semanage_handle_t *sh);
-+int semanage_copy_fc_local(semanage_handle_t *sh);
-+
- #endif
-diff --git a/libsemanage/src/users_base_policydb.c b/libsemanage/src/users_base_policydb.c
-index 0a6ab9c..b42279c 100644
---- a/libsemanage/src/users_base_policydb.c
-+++ b/libsemanage/src/users_base_policydb.c
-@@ -50,10 +50,8 @@ int user_base_policydb_dbase_init(semanage_handle_t * handle,
- {
-
- if (dbase_policydb_init(handle,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_KERNEL),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_KERNEL),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
- &SEMANAGE_USER_BASE_RTABLE,
- &SEMANAGE_USER_BASE_POLICYDB_RTABLE,
- &dconfig->dbase) < 0)
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
-index 2f85e9c..b170eda 100755
---- a/libsemanage/utils/semanage_migrate_store
-+++ b/libsemanage/utils/semanage_migrate_store
-@@ -243,7 +243,8 @@ if __name__ == "__main__":
- "users.local",
- "users_extra.local",
- "disable_dontaudit",
-- "preserve_tunables" ]
-+ "preserve_tunables",
-+ "policy.kern" ]
-
-
- create_dir(newroot_path(), 0o755)
---
-2.4.6
-
diff --git a/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch b/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
deleted file mode 100644
index 24e9778..00000000
--- a/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch
+++ /dev/null
@@ -1,265 +0,0 @@
-From d56c2b434e99f60612c1290e82021ecbcbfaf5e6 Mon Sep 17 00:00:00 2001
-From: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
-Date: Tue, 21 Jul 2015 15:08:15 -0400
-Subject: [PATCH] libsemanage: Add file_contexts and seusers to the store
-
-This patch writes file_contexts and seusers to the policy store as well as
-/etc/selinux/. Additionally, file_contexts and seusers are now parsed from the
-store rather than the final directory which was the old behavior. This allows
-all policy related files to be kept in the policy store.
-
-Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
----
- libsemanage/src/direct_api.c | 69 +++++++++++++++++++++++++-------
- libsemanage/src/semanage_store.c | 49 ++++-------------------
- libsemanage/src/semanage_store.h | 5 ++-
- libsemanage/utils/semanage_migrate_store | 3 +-
- 4 files changed, 66 insertions(+), 60 deletions(-)
-
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
-index 3c6b168..b11f2ba 100644
---- a/libsemanage/src/direct_api.c
-+++ b/libsemanage/src/direct_api.c
-@@ -248,18 +248,14 @@ int semanage_direct_connect(semanage_handle_t * sh)
- goto err;
-
- if (fcontext_file_dbase_init(sh,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_FC),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_FC),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
- semanage_fcontext_dbase_policy(sh)) < 0)
- goto err;
-
- if (seuser_file_dbase_init(sh,
-- semanage_final_path(SEMANAGE_FINAL_SELINUX,
-- SEMANAGE_SEUSERS),
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_SEUSERS),
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_SEUSERS),
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
- semanage_seuser_dbase_policy(sh)) < 0)
- goto err;
-
-@@ -602,7 +598,7 @@ static int semanage_direct_update_seuser(semanage_handle_t * sh, cil_db_t *cildb
- }
-
- if (size > 0) {
-- ofilename = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS);
-+ ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
- if (ofilename == NULL) {
- return -1;
- }
-@@ -1039,7 +1035,8 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- size_t fc_buffer_len = 0;
- const char *ofilename = NULL;
- const char *path;
-- int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0;
-+ int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0,
-+ missing_seusers = 0, missing_fc = 0, missing = 0;
- sepol_policydb_t *out = NULL;
- struct cil_db *cildb = NULL;
- semanage_module_info_t *modinfos = NULL;
-@@ -1151,10 +1148,26 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- if (access(path, F_OK) != 0) {
- missing_policy_kern = 1;
- }
-+
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
-+
-+ if (access(path, F_OK) != 0) {
-+ missing_fc = 1;
-+ }
-+
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
-+
-+ if (access(path, F_OK) != 0) {
-+ missing_seusers = 1;
-+ }
- }
-
-+ missing |= missing_policy_kern;
-+ missing |= missing_fc;
-+ missing |= missing_seusers;
-+
- /* If there were policy changes, or explicitly requested, rebuild the policy */
-- if (sh->do_rebuild || modified || missing_policy_kern) {
-+ if (sh->do_rebuild || modified || missing) {
- /* =================== Module expansion =============== */
-
- retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos);
-@@ -1312,15 +1325,41 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- if (retval < 0)
- goto cleanup;
-
-- retval = semanage_copy_policydb(sh);
-- if (retval < 0)
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL),
-+ sh->conf->file_mode);
-+ if (retval < 0) {
- goto cleanup;
-+ }
-
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
- if (access(path, F_OK) == 0) {
-- retval = semanage_copy_fc_local(sh);
-- if (retval < 0)
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
-+ sh->conf->file_mode);
-+ if (retval < 0) {
- goto cleanup;
-+ }
-+ }
-+
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
-+ if (access(path, F_OK) == 0) {
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
-+ sh->conf->file_mode);
-+ if (retval < 0) {
-+ goto cleanup;
-+ }
-+ }
-+
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
-+ if (access(path, F_OK) == 0) {
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
-+ sh->conf->file_mode);
-+ if (retval < 0) {
-+ goto cleanup;
-+ }
- }
-
- /* run genhomedircon if its enabled, this should be the last operation
-diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
-index 2856aaf..fa0876f 100644
---- a/libsemanage/src/semanage_store.c
-+++ b/libsemanage/src/semanage_store.c
-@@ -111,7 +111,9 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
- "/preserve_tunables",
- "/modules/disabled",
- "/policy.kern",
-- "/file_contexts.local"
-+ "/file_contexts.local",
-+ "/file_contexts",
-+ "/seusers"
- };
-
- static char const * const semanage_final_prefix[SEMANAGE_FINAL_NUM] = {
-@@ -666,7 +668,7 @@ static int semanage_filename_select(const struct dirent *d)
-
- /* Copies a file from src to dst. If dst already exists then
- * overwrite it. Returns 0 on success, -1 on error. */
--static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
-+int semanage_copy_file(const char *src, const char *dst, mode_t mode)
- {
- int in, out, retval = 0, amount_read, n, errsv = errno;
- char tmp[PATH_MAX];
-@@ -1425,11 +1427,11 @@ int semanage_split_fc(semanage_handle_t * sh)
- goto cleanup;
- }
-
-- fc = open(semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
-+ fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
- O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
- if (fc < 0) {
- ERR(sh, "Could not open %s for writing.",
-- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC));
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC));
- goto cleanup;
- }
- hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL),
-@@ -1454,8 +1456,7 @@ int semanage_split_fc(semanage_handle_t * sh)
- } else {
- if (write(fc, buf, strlen(buf)) < 0) {
- ERR(sh, "Write to %s failed.",
-- semanage_final_path(SEMANAGE_FINAL_TMP,
-- SEMANAGE_FC));
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC));
- goto cleanup;
- }
- }
-@@ -2914,39 +2915,3 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
-
- return 0;
- }
--
--int semanage_copy_policydb(semanage_handle_t *sh)
--{
-- const char *src = NULL;
-- const char *dst = NULL;
-- int rc = -1;
--
-- src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
-- dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL);
--
-- rc = semanage_copy_file(src, dst, sh->conf->file_mode);
-- if (rc != 0) {
-- goto cleanup;
-- }
--
--cleanup:
-- return rc;
--}
--
--int semanage_copy_fc_local(semanage_handle_t *sh)
--{
-- const char *src = NULL;
-- const char *dst = NULL;
-- int rc = -1;
--
-- src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
-- dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL);
--
-- rc = semanage_copy_file(src, dst, sh->conf->file_mode);
-- if (rc != 0) {
-- goto cleanup;
-- }
--
--cleanup:
-- return rc;
--}
-diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
-index ade43f2..acb6e3f 100644
---- a/libsemanage/src/semanage_store.h
-+++ b/libsemanage/src/semanage_store.h
-@@ -57,6 +57,8 @@ enum semanage_sandbox_defs {
- SEMANAGE_MODULES_DISABLED,
- SEMANAGE_STORE_KERNEL,
- SEMANAGE_STORE_FC_LOCAL,
-+ SEMANAGE_STORE_FC,
-+ SEMANAGE_STORE_SEUSERS,
- SEMANAGE_STORE_NUM_PATHS
- };
-
-@@ -150,7 +152,6 @@ int semanage_nc_sort(semanage_handle_t * sh,
- size_t buf_len,
- char **sorted_buf, size_t * sorted_buf_len);
-
--int semanage_copy_policydb(semanage_handle_t *sh);
--int semanage_copy_fc_local(semanage_handle_t *sh);
-+int semanage_copy_file(const char *src, const char *dst, mode_t mode);
-
- #endif
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
-index b170eda..6443002 100755
---- a/libsemanage/utils/semanage_migrate_store
-+++ b/libsemanage/utils/semanage_migrate_store
-@@ -244,7 +244,8 @@ if __name__ == "__main__":
- "users_extra.local",
- "disable_dontaudit",
- "preserve_tunables",
-- "policy.kern" ]
-+ "policy.kern",
-+ "file_contexts"]
-
-
- create_dir(newroot_path(), 0o755)
---
-2.4.6
-
diff --git a/sys-libs/libsemanage/files/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch b/sys-libs/libsemanage/files/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch
deleted file mode 100644
index 3bc1370..00000000
--- a/sys-libs/libsemanage/files/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 75dd8c062d1f6f0e0a7a9f1856c0957b423e8a02 Mon Sep 17 00:00:00 2001
-From: Steve Lawrence <slawrence@tresys.com>
-Date: Thu, 3 Sep 2015 09:28:08 -0400
-Subject: [PATCH 1/3] libsemanage: save homedir_template in the policy store
- for genhomedircon
-
-We don't currently store homedir_template in the policy store, which
-means genhomedircon only has a template file to use if the
-homedir_template was generated from the file contexts in the same
-transaction. But homedir_template isn't always generated, as in the
-case with setsebool -P. In this and other cases, genhomedircon will not
-have a template file resulting in an empty file_contexts.homedir file.
-
-This commit changes this so that homedir_template is always stored in
-the policy store so it can be used by genhomedircon regardless of how
-policy was built. Also add the homedir_template file to the migration
-script.
-
-Signed-off by: Steve Lawrence <slawrence@tresys.com>
-Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
----
- libsemanage/src/direct_api.c | 1 -
- libsemanage/utils/semanage_migrate_store | 3 ++-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
-index 90a7b22..6e49cae 100644
---- a/libsemanage/src/direct_api.c
-+++ b/libsemanage/src/direct_api.c
-@@ -1415,7 +1415,6 @@ static int semanage_direct_commit(semanage_handle_t * sh)
-
- /* remove files that are automatically generated and no longer needed */
- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
-- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL));
- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA));
-
- if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) {
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
-index 539f469..297c71b 100755
---- a/libsemanage/utils/semanage_migrate_store
-+++ b/libsemanage/utils/semanage_migrate_store
-@@ -251,7 +251,8 @@ if __name__ == "__main__":
- "disable_dontaudit",
- "preserve_tunables",
- "policy.kern",
-- "file_contexts"]
-+ "file_contexts",
-+ "homedir_template"]
-
-
- create_dir(newroot_path(), 0o755)
---
-2.4.6
-
diff --git a/sys-libs/libsemanage/files/0005-libsemanage-store-users_extra-in-the-policy-store.patch b/sys-libs/libsemanage/files/0005-libsemanage-store-users_extra-in-the-policy-store.patch
deleted file mode 100644
index 1aca2ad..00000000
--- a/sys-libs/libsemanage/files/0005-libsemanage-store-users_extra-in-the-policy-store.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From dbc639a35af71eec1a1b386b74a822d794bb59df Mon Sep 17 00:00:00 2001
-From: Steve Lawrence <slawrence@tresys.com>
-Date: Thu, 3 Sep 2015 13:07:36 -0400
-Subject: [PATCH 2/3] libsemanage: store users_extra in the policy store
-
-users_extra is needed by genhomedircon and when listing seusers, so it
-must be kept in the policy store. Also move the FC_TMPL unlink() closer
-to where the FC_TMPL is created; not a functional change, but eaiser to
-follow.
-
-Signed-off-by: Steve Lawrence <slawrence@tresys.com>
-Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
----
- libsemanage/src/direct_api.c | 7 +++----
- libsemanage/utils/semanage_migrate_store | 1 +
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
-index 6e49cae..68dd0d1 100644
---- a/libsemanage/src/direct_api.c
-+++ b/libsemanage/src/direct_api.c
-@@ -1272,6 +1272,9 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- if (retval < 0)
- goto cleanup;
-
-+ /* remove FC_TMPL now that it is now longer needed */
-+ unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
-+
- pfcontexts->dtable->drop_cache(pfcontexts->dbase);
-
- /* SEUsers */
-@@ -1413,10 +1416,6 @@ static int semanage_direct_commit(semanage_handle_t * sh)
- sepol_policydb_free(out);
- out = NULL;
-
-- /* remove files that are automatically generated and no longer needed */
-- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
-- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA));
--
- if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) {
- retval = semanage_install_sandbox(sh);
- }
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
-index 297c71b..b5eefaa 100755
---- a/libsemanage/utils/semanage_migrate_store
-+++ b/libsemanage/utils/semanage_migrate_store
-@@ -247,6 +247,7 @@ if __name__ == "__main__":
- "file_contexts.local",
- "seusers",
- "users.local",
-+ "users_extra",
- "users_extra.local",
- "disable_dontaudit",
- "preserve_tunables",
---
-2.4.6
-
diff --git a/sys-libs/libsemanage/libsemanage-2.2-r2.ebuild b/sys-libs/libsemanage/libsemanage-2.2-r2.ebuild
deleted file mode 100644
index 2d6bc07..00000000
--- a/sys-libs/libsemanage/libsemanage-2.2-r2.ebuild
+++ /dev/null
@@ -1,91 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-PYTHON_COMPAT=( python2_7 python3_3 )
-
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
-
-SEPOL_VER="2.2"
-SELNX_VER="2.2.2-r1"
-
-DESCRIPTION="SELinux kernel and policy management library"
-HOMEPAGE="http://userspace.selinuxproject.org"
-SRC_URI="http://userspace.selinuxproject.org/releases/20131030/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="python"
-
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}
- >=sys-libs/libselinux-${SELNX_VER}
- dev-libs/ustr
- sys-process/audit"
-DEPEND="${RDEPEND}
- sys-devel/bison
- sys-devel/flex
- python? (
- >=dev-lang/swig-2.0.4-r1
- virtual/pkgconfig
- ${PYTHON_DEPS}
- )"
-
-# tests are not meant to be run outside of the
-# full SELinux userland repo
-RESTRICT="test"
-
-src_prepare() {
- echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
- echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
- echo "# or debugging of policy." >> "${S}/src/semanage.conf"
- echo "save-linked=false" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf"
- echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf"
- echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf"
- echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf"
- echo "# would catch." >> "${S}/src/semanage.conf"
- echo "expand-check=1" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf"
- echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf"
- echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf"
- echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf"
- echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf"
- echo "bzip-blocksize=0" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
- echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
- echo "bzip-small=true" >> "${S}/src/semanage.conf"
-
- epatch_user
-
- multilib_copy_sources
-}
-
-multilib_src_compile() {
- emake AR="$(tc-getAR)" CC="$(tc-getCC)" all || die
-
- if multilib_is_native_abi && use python; then
- building() {
- python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
- emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@"
- }
- python_foreach_impl building swigify
- python_foreach_impl building pywrap
- fi
-}
-
-multilib_src_install() {
- LIBDIR="\$(PREFIX)/$(get_libdir)" SHLIBDIR="\$(PREFIX)/$(get_libdir)" \
- emake DESTDIR="${D}" install
-
- if multilib_is_native_abi && use python; then
- installation() {
- emake DESTDIR="${D}" install-pywrap
- }
- python_foreach_impl installation
- fi
-}
diff --git a/sys-libs/libsemanage/libsemanage-2.3-r4.ebuild b/sys-libs/libsemanage/libsemanage-2.3-r4.ebuild
deleted file mode 100644
index 3e52b94..00000000
--- a/sys-libs/libsemanage/libsemanage-2.3-r4.ebuild
+++ /dev/null
@@ -1,104 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
-
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
-
-MY_P="${P//_/-}"
-
-SEPOL_VER="2.3"
-SELNX_VER="2.3"
-
-DESCRIPTION="SELinux kernel and policy management library"
-HOMEPAGE="http://userspace.selinuxproject.org"
-SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20140506/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="python"
-
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
- >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}]
- >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
- >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}]
- "
-DEPEND="${RDEPEND}
- sys-devel/bison
- sys-devel/flex
- python? (
- >=dev-lang/swig-2.0.4-r1
- virtual/pkgconfig
- ${PYTHON_DEPS}
- )"
-
-# tests are not meant to be run outside of the
-# full SELinux userland repo
-RESTRICT="test"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
- echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
- echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
- echo "# or debugging of policy." >> "${S}/src/semanage.conf"
- echo "save-linked=false" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf"
- echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf"
- echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf"
- echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf"
- echo "# would catch." >> "${S}/src/semanage.conf"
- echo "expand-check=1" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf"
- echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf"
- echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf"
- echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf"
- echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf"
- echo "bzip-blocksize=0" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
- echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
- echo "bzip-small=true" >> "${S}/src/semanage.conf"
-
- epatch_user
-
- multilib_copy_sources
-}
-
-multilib_src_compile() {
- emake \
- AR="$(tc-getAR)" \
- CC="$(tc-getCC)" \
- LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
- all
-
- if multilib_is_native_abi && use python; then
- building_py() {
- python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
- emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@"
- python_optimize # bug 531638
- }
- python_foreach_impl building_py swigify
- python_foreach_impl building_py pywrap
- fi
-}
-
-multilib_src_install() {
- emake \
- LIBDIR="${ED}/usr/$(get_libdir)" \
- SHLIBDIR="${ED}/usr/$(get_libdir)" \
- DESTDIR="${ED}" install
-
- if multilib_is_native_abi && use python; then
- installation_py() {
- emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \
- SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap
- }
- python_foreach_impl installation_py
- fi
-}
diff --git a/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild b/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild
deleted file mode 100644
index f28af4c..00000000
--- a/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
-
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
-
-MY_P="${P//_/-}"
-
-SEPOL_VER="${PV}"
-SELNX_VER="${PV}"
-
-DESCRIPTION="SELinux kernel and policy management library"
-HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
-SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="python"
-
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
- >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}]
- >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
- >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}]
- "
-DEPEND="${RDEPEND}
- sys-devel/bison
- sys-devel/flex
- python? (
- >=dev-lang/swig-2.0.4-r1
- virtual/pkgconfig
- ${PYTHON_DEPS}
- )"
-
-# tests are not meant to be run outside of the
-# full SELinux userland repo
-RESTRICT="test"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
- echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
- echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
- echo "# or debugging of policy." >> "${S}/src/semanage.conf"
- echo "save-linked=false" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf"
- echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf"
- echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf"
- echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf"
- echo "# would catch." >> "${S}/src/semanage.conf"
- echo "expand-check=1" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf"
- echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf"
- echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf"
- echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf"
- echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf"
- echo "bzip-blocksize=0" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
- echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
- echo "bzip-small=true" >> "${S}/src/semanage.conf"
-
- epatch "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch"
-
- epatch_user
-
- multilib_copy_sources
-}
-
-multilib_src_compile() {
- emake \
- AR="$(tc-getAR)" \
- CC="$(tc-getCC)" \
- LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
- all
-
- if multilib_is_native_abi && use python; then
- building_py() {
- python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
- emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@"
- }
- python_foreach_impl building_py swigify
- python_foreach_impl building_py pywrap
- fi
-}
-
-multilib_src_install() {
- emake \
- LIBDIR="${ED}/usr/$(get_libdir)" \
- SHLIBDIR="${ED}/usr/$(get_libdir)" \
- DESTDIR="${ED}" install
-
- if multilib_is_native_abi && use python; then
- installation_py() {
- emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \
- SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap
- python_optimize # bug 531638
- }
- python_foreach_impl installation_py
- fi
-}
-
-pkg_postinst() {
- # Migrate the SELinux semanage configuration store if not done already
- local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' /etc/selinux/config);
- if [ -n "${selinuxtype}" ] && [ ! -d /var/lib/selinux/${mcs}/active ] ; then
- ewarn "Since the 2.4 SELinux userspace, the policy module store is moved"
- ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now."
- ewarn "If there are any issues, it can be done manually by running:"
- ewarn "/usr/libexec/selinux/semanage_migrate_store"
- ewarn "For more information, please see"
- ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration"
- fi
-
- # Run the store migration without rebuilds
- for POLICY_TYPE in ${POLICY_TYPES} ; do
- if [ ! -d "${ROOT}/var/lib/selinux/${POLICY_TYPE}/active" ] ; then
- einfo "Migrating store ${POLICY_TYPE} (without policy rebuild)."
- /usr/libexec/selinux/semanage_migrate_store -n -s "${POLICY_TYPE}" || die "Failed to migrate store ${POLICY_TYPE}"
- fi
- done
-}
diff --git a/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild b/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild
deleted file mode 100644
index 9e0890f..00000000
--- a/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild
+++ /dev/null
@@ -1,132 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
-
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
-
-MY_P="${P//_/-}"
-
-SEPOL_VER="${PV}"
-SELNX_VER="${PV}"
-
-DESCRIPTION="SELinux kernel and policy management library"
-HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
-SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~mips x86"
-IUSE="python"
-
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
- >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}]
- >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
- >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}]
- "
-DEPEND="${RDEPEND}
- sys-devel/bison
- sys-devel/flex
- python? (
- >=dev-lang/swig-2.0.4-r1
- virtual/pkgconfig
- ${PYTHON_DEPS}
- )"
-
-# tests are not meant to be run outside of the
-# full SELinux userland repo
-RESTRICT="test"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
- echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
- echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
- echo "# or debugging of policy." >> "${S}/src/semanage.conf"
- echo "save-linked=false" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf"
- echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf"
- echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf"
- echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf"
- echo "# would catch." >> "${S}/src/semanage.conf"
- echo "expand-check=1" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf"
- echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf"
- echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf"
- echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf"
- echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf"
- echo "bzip-blocksize=0" >> "${S}/src/semanage.conf"
- echo >> "${S}/src/semanage.conf"
- echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
- echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
- echo "bzip-small=true" >> "${S}/src/semanage.conf"
-
- epatch "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch" \
- "${FILESDIR}/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch" \
- "${FILESDIR}/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch" \
- "${FILESDIR}/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch" \
- "${FILESDIR}/0005-libsemanage-store-users_extra-in-the-policy-store.patch"
- epatch "${FILESDIR}"/${PN}-2.4-build-paths.patch
-
- epatch_user
-
- multilib_copy_sources
-}
-
-multilib_src_compile() {
- emake \
- AR="$(tc-getAR)" \
- CC="$(tc-getCC)" \
- LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
- all
-
- if multilib_is_native_abi && use python; then
- building_py() {
- python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
- emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@"
- }
- python_foreach_impl building_py swigify
- python_foreach_impl building_py pywrap
- fi
-}
-
-multilib_src_install() {
- emake \
- LIBDIR="${ED}/usr/$(get_libdir)" \
- SHLIBDIR="${ED}/usr/$(get_libdir)" \
- DESTDIR="${ED}" install
-
- if multilib_is_native_abi && use python; then
- installation_py() {
- emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \
- SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap
- python_optimize # bug 531638
- }
- python_foreach_impl installation_py
- fi
-}
-
-pkg_postinst() {
- # Migrate the SELinux semanage configuration store if not done already
- local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' "${EROOT}"/etc/selinux/config 2>/dev/null)
- if [ -n "${selinuxtype}" ] && [ ! -d "${EROOT}"/var/lib/selinux/${mcs}/active ] ; then
- ewarn "Since the 2.4 SELinux userspace, the policy module store is moved"
- ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now."
- ewarn "If there are any issues, it can be done manually by running:"
- ewarn "/usr/libexec/selinux/semanage_migrate_store"
- ewarn "For more information, please see"
- ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration"
- fi
-
- # Run the store migration without rebuilds
- for POLICY_TYPE in ${POLICY_TYPES} ; do
- if [ ! -d "${EROOT}/var/lib/selinux/${POLICY_TYPE}/active" ] ; then
- einfo "Migrating store ${POLICY_TYPE} (without policy rebuild)."
- /usr/libexec/selinux/semanage_migrate_store -n -s "${POLICY_TYPE}" || die "Failed to migrate store ${POLICY_TYPE}"
- fi
- done
-}
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-libs/libsemanage/files/, sys-libs/libsemanage/
@ 2016-10-24 15:39 Jason Zaman
0 siblings, 0 replies; 5+ messages in thread
From: Jason Zaman @ 2016-10-24 15:39 UTC (permalink / raw
To: gentoo-commits
commit: ca6d84ff0bfc15606079d88358f5cf924bcdb3a1
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 23 10:24:19 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 15:38:14 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca6d84ff
sys-libs/libsemanage: bump to 2.6 final release
Also include patch for genhomedircon non-MLS issue
Package-Manager: portage-2.3.0
sys-libs/libsemanage/Manifest | 2 +-
...-genhomedircon-only-set-MLS-level-if-MLS-.patch | 38 ++++++++++++++++++++++
...anage-2.6_rc2.ebuild => libsemanage-2.6.ebuild} | 3 +-
sys-libs/libsemanage/libsemanage-9999.ebuild | 2 +-
4 files changed, 42 insertions(+), 3 deletions(-)
diff --git a/sys-libs/libsemanage/Manifest b/sys-libs/libsemanage/Manifest
index 90e4450..6f2acf6 100644
--- a/sys-libs/libsemanage/Manifest
+++ b/sys-libs/libsemanage/Manifest
@@ -1,2 +1,2 @@
DIST libsemanage-2.5.tar.gz 152884 SHA256 46e2f36254369b6e91d1eea0460c262b139361b055a3a67d3ceea2d8ef72e006 SHA512 cf644b77d8a24f76c630ece582df1b49a0c5f48f1c9f79b1caee0df10372008954406974472a072360dbe6de5ebc19b1b21bb247084d75b7186f61b32f33b8ec WHIRLPOOL 397b7fd2e9b2c00dbc2f58bdc023501dcd7ecf1212fef9ad7993b4763a041068416ef06552c0abf0beef8c69f4704933feca36951866c43d867181332971f6be
-DIST libsemanage-2.6-rc2.tar.gz 155934 SHA256 672bd1c3c6faeca483d90515a03ac9b65b6596064f49cd4cfbbb53c186d08a47 SHA512 fb794738d7497709441248b1ba3abe35aac7bbfaf7dc875d0c50733f871e5e90b209aefe912584f1e08d3aba596dd569caad749c236440662ba16b1c64727511 WHIRLPOOL afd746fca0b4d2a616996ca7346242f50ab35591df050ede9805a9e8aa958a4c8b474a62fd10aea99971f0bf7507a1d0d9d6e4e7b79b8095eea32feeaba1a2d6
+DIST libsemanage-2.6.tar.gz 155897 SHA256 4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce SHA512 38741d6e6f7a2669bfeee362e42d6bfd720cceeaf61331e329b2210fdc070444e529656ce86dd82e94aa248eafcfaea4c5d013d9cce76c1039be6fc6a6b2c790 WHIRLPOOL 9fb781c637c4725dd48fa07898fd5db4b2f1e47264e80468e3c9b48fd8afc6bcb6494a44ccbfb0e48dec10dc5db461ab8e1941251d625854ebbebdbfdacb971c
diff --git a/sys-libs/libsemanage/files/libsemanage-2.6-0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch b/sys-libs/libsemanage/files/libsemanage-2.6-0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch
new file mode 100644
index 00000000..e3123ed
--- /dev/null
+++ b/sys-libs/libsemanage/files/libsemanage-2.6-0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch
@@ -0,0 +1,38 @@
+From 4cf9b9ce2df06fd5a29e5264a6552c9b02ec0b5b Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Fri, 14 Oct 2016 13:36:37 -0400
+Subject: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is
+ enabled
+
+When a non-MLS policy was used with genhomedircon context_from_record()
+in sepol would report an error because an MLS level was present when MLS
+is disabled. Based on a patch by Gary Tierney, amended to use
+sepol_policydb_mls_enabled rather than semanage_mls_enabled because
+we are testing the temporary working policy, not the active policy.
+
+Reported-by: Jason Zaman <jason@perfinion.com>
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libsemanage/src/genhomedircon.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
+index 6991fff..5e9d722 100644
+--- libsemanage/src/genhomedircon.c
++++ libsemanage/src/genhomedircon.c
+@@ -638,7 +638,11 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
+ goto fail;
+ }
+
+- if (sepol_context_set_user(sepolh, context, user->sename) < 0 ||
++ if (sepol_context_set_user(sepolh, context, user->sename) < 0) {
++ goto fail;
++ }
++
++ if (sepol_policydb_mls_enabled(s->policydb) &&
+ sepol_context_set_mls(sepolh, context, user->level) < 0) {
+ goto fail;
+ }
+--
+2.7.3
+
diff --git a/sys-libs/libsemanage/libsemanage-2.6_rc2.ebuild b/sys-libs/libsemanage/libsemanage-2.6.ebuild
similarity index 97%
rename from sys-libs/libsemanage/libsemanage-2.6_rc2.ebuild
rename to sys-libs/libsemanage/libsemanage-2.6.ebuild
index 2b625f5..9094e96 100644
--- a/sys-libs/libsemanage/libsemanage-2.6_rc2.ebuild
+++ b/sys-libs/libsemanage/libsemanage-2.6.ebuild
@@ -8,7 +8,7 @@ PYTHON_COMPAT=( python{2_7,3_4,3_5} )
inherit multilib python-r1 toolchain-funcs multilib-minimal
MY_P="${P//_/-}"
-MY_RELEASEDATE="20161006"
+MY_RELEASEDATE="20161014"
SEPOL_VER="${PV}"
SELNX_VER="${PV}"
@@ -73,6 +73,7 @@ src_prepare() {
echo "bzip-small=true" >> "${S}/src/semanage.conf"
eapply "${FILESDIR}"/${PN}-2.6-build-paths.patch
+ eapply "${FILESDIR}"/${PN}-2.6-0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch
eapply_user
diff --git a/sys-libs/libsemanage/libsemanage-9999.ebuild b/sys-libs/libsemanage/libsemanage-9999.ebuild
index 2b625f5..ae21297 100644
--- a/sys-libs/libsemanage/libsemanage-9999.ebuild
+++ b/sys-libs/libsemanage/libsemanage-9999.ebuild
@@ -8,7 +8,7 @@ PYTHON_COMPAT=( python{2_7,3_4,3_5} )
inherit multilib python-r1 toolchain-funcs multilib-minimal
MY_P="${P//_/-}"
-MY_RELEASEDATE="20161006"
+MY_RELEASEDATE="20161014"
SEPOL_VER="${PV}"
SELNX_VER="${PV}"
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-libs/libsemanage/files/, sys-libs/libsemanage/
@ 2016-11-20 5:27 Jason Zaman
0 siblings, 0 replies; 5+ messages in thread
From: Jason Zaman @ 2016-11-20 5:27 UTC (permalink / raw
To: gentoo-commits
commit: 13e768af2d8998876b0e25710d2b6453e6844b6b
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 20 05:19:08 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Nov 20 05:26:22 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13e768af
sys-libs/libsemanage: update build paths patch for live ebuild
Package-Manager: portage-2.3.0
.../files/libsemanage-2.7-build-paths.patch | 37 ++++++++++++++++++++++
sys-libs/libsemanage/libsemanage-9999.ebuild | 2 +-
2 files changed, 38 insertions(+), 1 deletion(-)
diff --git a/sys-libs/libsemanage/files/libsemanage-2.7-build-paths.patch b/sys-libs/libsemanage/files/libsemanage-2.7-build-paths.patch
new file mode 100644
index 00000000..0069c96
--- /dev/null
+++ b/sys-libs/libsemanage/files/libsemanage-2.7-build-paths.patch
@@ -0,0 +1,37 @@
+there's no point in using -I/-L flags to the system paths and this breaks
+cross-compiling. just drop them.
+
+diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
+index ef25902..7aad334 100644
+--- libsemanage/src/Makefile
++++ libsemanage/src/Makefile
+@@ -61,7 +61,7 @@ CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-
+ SWIG_CFLAGS += -Wno-error -Wno-unused-but-set-variable -Wno-unused-variable -Wno-shadow \
+ -Wno-unused-parameter
+
+-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE
++override CFLAGS += -I../include -D_GNU_SOURCE
+ RANLIB ?= ranlib
+
+ SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
+@@ -81,17 +81,17 @@ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
+ $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+
+ $(SWIGSO): $(SWIGLOBJ)
+- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage $(PYLIBS) -L$(LIBDIR)
++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage $(PYLIBS)
+
+ $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
+- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage $(RUBYLIBS) -L$(LIBDIR)
++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage $(RUBYLIBS)
+
+ $(LIBA): $(OBJS)
+ $(AR) rcs $@ $^
+ $(RANLIB) $@
+
+ $(LIBSO): $(LOBJS)
+- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+ ln -sf $@ $(TARGET)
+
+ $(LIBPC): $(LIBPC).in ../VERSION
diff --git a/sys-libs/libsemanage/libsemanage-9999.ebuild b/sys-libs/libsemanage/libsemanage-9999.ebuild
index ae21297..5fdf0a0 100644
--- a/sys-libs/libsemanage/libsemanage-9999.ebuild
+++ b/sys-libs/libsemanage/libsemanage-9999.ebuild
@@ -72,7 +72,7 @@ src_prepare() {
echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
echo "bzip-small=true" >> "${S}/src/semanage.conf"
- eapply "${FILESDIR}"/${PN}-2.6-build-paths.patch
+ eapply "${FILESDIR}"/${PN}-2.7-build-paths.patch
eapply_user
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-libs/libsemanage/files/, sys-libs/libsemanage/
@ 2017-02-23 11:22 Jason Zaman
0 siblings, 0 replies; 5+ messages in thread
From: Jason Zaman @ 2017-02-23 11:22 UTC (permalink / raw
To: gentoo-commits
commit: ea01f1ae5c4cdf80bb0b748825661114afa67388
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 23 07:23:47 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Feb 23 11:14:23 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea01f1ae
sys-libs/libsemanage: update live ebuild
python libs and include dir are now properly detected so dont need to pass in
need to pass the path to libsepol.a
Package-Manager: portage-2.3.3
sys-libs/libsemanage/files/libsemanage-2.7-build-paths.patch | 4 ++--
sys-libs/libsemanage/libsemanage-9999.ebuild | 12 +++++++-----
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/sys-libs/libsemanage/files/libsemanage-2.7-build-paths.patch b/sys-libs/libsemanage/files/libsemanage-2.7-build-paths.patch
index 0069c96ebd..4c2ad0d946 100644
--- a/sys-libs/libsemanage/files/libsemanage-2.7-build-paths.patch
+++ b/sys-libs/libsemanage/files/libsemanage-2.7-build-paths.patch
@@ -30,8 +30,8 @@ index ef25902..7aad334 100644
$(RANLIB) $@
$(LIBSO): $(LOBJS)
-- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
-+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
diff --git a/sys-libs/libsemanage/libsemanage-9999.ebuild b/sys-libs/libsemanage/libsemanage-9999.ebuild
index 5fdf0a04c9..53094b8c6e 100644
--- a/sys-libs/libsemanage/libsemanage-9999.ebuild
+++ b/sys-libs/libsemanage/libsemanage-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
@@ -88,8 +88,7 @@ multilib_src_compile() {
if multilib_is_native_abi && use python; then
building_py() {
- python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
- emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@"
+ emake "$@"
}
python_foreach_impl building_py swigify
python_foreach_impl building_py pywrap
@@ -104,8 +103,11 @@ multilib_src_install() {
if multilib_is_native_abi && use python; then
installation_py() {
- emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \
- SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap
+ emake DESTDIR="${ED}" \
+ LIBDIR="${ED}/usr/$(get_libdir)" \
+ SHLIBDIR="${ED}/usr/$(get_libdir)" \
+ LIBSEPOLA="${EPREFIX%/}/usr/$(get_libdir)/libsepol.a" \
+ install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation_py
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-02-23 11:22 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-04 2:55 [gentoo-commits] repo/gentoo:master commit in: sys-libs/libsemanage/files/, sys-libs/libsemanage/ Jason Zaman
-- strict thread matches above, loose matches on Subject: below --
2016-09-01 16:31 Jason Zaman
2016-10-24 15:39 Jason Zaman
2016-11-20 5:27 Jason Zaman
2017-02-23 11:22 Jason Zaman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox