packages/libsemanage
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:b308a3df34fb8bfb40a947442e9cf68ede4c33f9
Branches Tags
packages:main
...
compare: packages:1b3ea0db6711ea161bebd9c7e9455beac7c65cb3
Branches Tags
packages:main

10 Commits
b308a3df34 ... 1b3ea0db67

Author SHA1 Message Date
openeuler-ci-bot
1b3ea0db67
!45 [sync] PR-43: backport patchs from upstream 
From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
 2023-12-20 09:36:45 +00:00
zhangruifang2020
217bfbc720 backport patchs from upstream 
(cherry picked from commit 74155eeab04644d3468b7b87eac1ebe0b83a6fe7)
 2023-12-20 11:13:43 +08:00
openeuler-ci-bot
2b1e44add9 !17 Fix use after free in parse_module_store 
From: @HuaxinLuGitee
Reviewed-by: @zhujianwei001
Signed-off-by: @zhujianwei001
 2021-06-21 01:56:59 +00:00
luhuaxin
5dda1dfddb fix use after free in parse_module_store 2021-06-17 21:59:56 +08:00
openeuler-ci-bot
ad119098bc !13 [sync] PR-10: openEuler-20.03-LTS-SP1:enable make test 
From: @openeuler-sync-bot
Reviewed-by: @zhujianwei001
Signed-off-by: @zhujianwei001
 2021-05-25 19:32:54 +08:00
Hugel
5b05d1b575 enabel make test 
(cherry picked from commit 19a10f67dcb3d0d6c4f828ba7334b01d62975002)
 2021-05-25 18:40:45 +08:00
openeuler-ci-bot
3db7396a20 !7 update to 3.1 
Merge pull request !7 from wangchen/wangchen
 2020-08-31 11:31:10 +08:00
wangchen2020
30f1c10f21 update to 3.1 2020-08-31 10:37:37 +08:00
openeuler-ci-bot
84d2c9f769 !6 add release version for update 
Merge pull request !6 from 温占礼/openEuler-20.03-LTS
 2020-08-18 21:19:09 +08:00
jinzhimin369
36e11dde2e add release version for update 2020-08-18 20:57:23 +08:00
6 changed files with 204 additions and 9 deletions
Show Stats Expand all files Collapse all files

55
backport-libsemanage-sync-filesystem-with-sandbox.patch Normal file
View File

@ -0,0 +1,55 @@
From c35919a703302bd571476f245d856174a1fe1926 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 27 Jan 2021 12:00:55 +0100
Subject: [PATCH] libsemanage: sync filesystem with sandbox
Commit 331a109f91ea ("libsemanage: fsync final files before rename")
added fsync() for policy files and improved situation when something
unexpected happens right after rename(). However the module store could
be affected as well. After the following steps module files could be 0
size:
1. Run `semanage fcontext -a -t var_t "/tmp/abc"`
2. Force shutdown the server during the command is run, or right after
it's finished
3. Boot the system and look for empty files:
# find /var/lib/selinux/targeted/ -type f -size 0 | wc -l
1266
It looks like this situation can be avoided if the filesystem with the
sandbox is sync()ed before we start to rename() directories in the
store.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
libsemanage/src/semanage_store.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index cd5e46bb..c6a736fe 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
@@ -1736,6 +1736,19 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
}
close(fd);
+ /* sync changes in sandbox to filesystem */
+ fd = open(sandbox, O_DIRECTORY);
+ if (fd == -1) {
+ ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno);
+ return -1;
+ }
+ if (syncfs(fd) == -1) {
+ ERR(sh, "Error while syncing %s to filesystem: %d", sandbox, errno);
+ close(fd);
+ return -1;
+ }
+ close(fd);
+
retval = commit_number;
if (semanage_get_active_lock(sh) < 0) {
--
2.33.0

84
fix-test-failure-with-secilc.patch Normal file
View File

@ -0,0 +1,84 @@
From b4dff18c54fd666100d10581ce9215c8d5cbde93 Mon Sep 17 00:00:00 2001
From: gengqihu <gengqihu1@huawei.com>
Date: Tue, 11 May 2021 04:28:37 -0400
Subject: [PATCH] fix test failure with secilc
There's no secilc here. The SELinux CIL Compiler is a compiler that
converts the CIL language as described on the CIL design wiki into a
kernel binary policy file.
This patch deletes the testcode related to secilc.
---
tests/Makefile | 12 ++++++------
tests/libsemanage-tests.c | 16 ----------------
2 files changed, 6 insertions(+), 22 deletions(-)
diff --git a/tests/Makefile b/tests/Makefile
index 69f49a3..c98dae0 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -1,6 +1,5 @@
# Add your test source files here:
-SOURCES = $(sort $(wildcard *.c))
-CILS = $(sort $(wildcard *.cil))
+SOURCES = $(sort $(wildcard libsemanage-tests.c test_other.c test_semanage_store.c test_utilities.c utilities.c))
###########################################################################
@@ -10,18 +9,14 @@ override CFLAGS += -I../src -I../include
override LDLIBS += -lcunit -lbz2 -laudit -lselinux -lsepol
OBJECTS = $(SOURCES:.c=.o)
-POLICIES = $(CILS:.cil=.policy)
-all: $(EXECUTABLE) $(POLICIES)
+all: $(EXECUTABLE)
$(EXECUTABLE): $(OBJECTS) ../src/libsemanage.a
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
-
-%.policy: %.cil
- ../../secilc/secilc $*.cil -o $*.policy -f /dev/null
clean distclean:
- rm -rf $(OBJECTS) $(POLICIES) $(EXECUTABLE)
+ rm -rf $(OBJECTS) $(EXECUTABLE)
test: all
./$(EXECUTABLE)
diff --git a/tests/libsemanage-tests.c b/tests/libsemanage-tests.c
index 2ae4a21..df2d5b2 100644
--- a/tests/libsemanage-tests.c
+++ b/tests/libsemanage-tests.c
@@ -21,14 +21,6 @@
#include "test_semanage_store.h"
#include "test_utilities.h"
-#include "test_handle.h"
-#include "test_bool.h"
-#include "test_fcontext.h"
-#include "test_iface.h"
-#include "test_ibendport.h"
-#include "test_node.h"
-#include "test_port.h"
-#include "test_user.h"
#include "test_other.h"
#include <CUnit/Basic.h>
@@ -68,14 +60,6 @@ static bool do_tests(int interactive, int verbose)
DECLARE_SUITE(semanage_store);
DECLARE_SUITE(semanage_utilities);
- DECLARE_SUITE(handle);
- DECLARE_SUITE(bool);
- DECLARE_SUITE(fcontext);
- DECLARE_SUITE(iface);
- DECLARE_SUITE(ibendport);
- DECLARE_SUITE(node);
- DECLARE_SUITE(port);
- DECLARE_SUITE(user);
DECLARE_SUITE(other);
if (verbose)
--
2.19.1

BIN
libsemanage-2.9.tar.gz
View File

Binary file not shown.

BIN
libsemanage-3.1.tar.gz Normal file
View File

Binary file not shown.

34
libsemanage-Fix-use-after-free-in-parse_module_store.patch Normal file
View File

@ -0,0 +1,34 @@
From 58acebb85887cb25d729ac9cab51e63a8f5b7918 Mon Sep 17 00:00:00 2001
From: luhuaxin <1539327763@qq.com>
Date: Wed, 9 Jun 2021 21:32:32 +0800
Subject: [PATCH] libsemanage: Fix use after free in parse_module_store
The passed arg will be freed after this function call.
Signed-off-by: luhuaxin <1539327763@qq.com>
---
src/conf-parse.y | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/conf-parse.y b/src/conf-parse.y
index 9bf9364..eac9134 100644
--- a/src/conf-parse.y
+++ b/src/conf-parse.y
@@ -516,12 +516,12 @@ static int parse_module_store(char *arg)
char *s;
current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
if ((s = strchr(arg, ':')) == NULL) {
- current_conf->store_path = arg;
+ current_conf->store_path = strdup(arg);
current_conf->server_port = 4242;
} else {
char *endptr;
*s = '\0';
- current_conf->store_path = arg;
+ current_conf->store_path = strdup(arg);
current_conf->server_port = strtol(s + 1, &endptr, 10);
if (*(s + 1) == '\0' || *endptr != '\0') {
return -2;
--
1.8.3.1

40
libsemanage.spec
View File

@ -1,18 +1,22 @@
%define libsepol_version 2.8-1
%define libselinux_version 2.8-1
%define libsepol_version 3.1-1
%define libselinux_version 3.1-1
Name: libsemanage
Version: 2.9
Release: 3
Version: 3.1
Release: 4
License: LGPLv2+
Summary: SELinux binary policy manipulation library
URL: https://github.com/SELinuxProject/selinux/wiki
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libsemanage-2.9.tar.gz
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/libsemanage-3.1.tar.gz
Source1: semanage.conf
Patch0: backport-libsemanage-sync-filesystem-with-sandbox.patch
Patch9000: fix-test-failure-with-secilc.patch
Patch9001: libsemanage-Fix-use-after-free-in-parse_module_store.patch
BuildRequires: gcc python3-devel python2-devel bison flex bzip2-devel audit-libs-devel
BuildRequires: libselinux-devel >= %{libselinux_version} swig libsepol-devel >= %{libsepol_version}
BuildRequires: gdb
BuildRequires: gdb CUnit-devel gdb-headless
Requires: bzip2-libs audit-libs
Requires: libselinux >= %{libselinux_version}
@ -26,8 +30,8 @@ file_contexts configuration is valid.
%package devel
Summary: Header files and libraries used to build policy manipulation tools
Requires: %{name} = %{version}-%{release}
Provides: libsemanage-static
Obsoletes: libsemanage-static
Provides: libsemanage-static = %{version}-%{release}
Obsoletes: libsemanage-static < %{version}-%{release}
%description devel
The libsemanage-devel package contains the libraries and header files
@ -82,6 +86,9 @@ ln -sf %{_libdir}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so
%ldconfig_scriptlets
%check
make test
%files
%license COPYING
%dir %{_sysconfdir}/selinux
@ -99,7 +106,7 @@ ln -sf %{_libdir}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so
%{_includedir}/semanage/*.h
%files -n python2-libsemanage
%{python2_sitearch}/_semanage.so
%{python2_sitearch}/_semanage
%{python2_sitearch}/semanage.py*
%files -n python3-libsemanage
@ -115,6 +122,21 @@ ln -sf %{_libdir}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so
%changelog
* Mon Dec 18 2023 zhangruifang <zhangruifang@h-partners.com> - 3.1-4
- backport patchs from upstream
* Thu Jul 17 2021 luhuaxin <1539327763@qq.com> - 3.1-3
- fix use after free in semanage config parse
* Sat May 22 2021 Hugel<gengqihu1@huawei.com> - 3.1-2
- enabel make test
* Fri Aug 28 2020 wangchen<wangchen137@huawei.com> - 3.1-1
- update to 3.1
* Tue Aug 18 2020 wenzhanli<wenzhanli2@huawei.com> - 2.9-4
- add release version for update
* Mon Aug 17 2020 wangchen <wangchen137@huawei.com> - 2.9-3
- remove ustr