PERFORCE change 108427 for review

Todd Miller millert at FreeBSD.org
Wed Oct 25 13:55:57 PDT 2006 

http://perforce.freebsd.org/chv.cgi?CH=108427

Change 108427 by millert at millert_macbook on 2006/10/25 20:45:14

	Update to libsemanage-1.8 from the NSA web site.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/ChangeLog#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/VERSION#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/conf-parse.y#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/conf-scan.l#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/direct_api.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/private.h#3 delete
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/semanage_store.c#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/ChangeLog#4 (text+ko) ====

@@ -1,3 +1,19 @@
+1.8 2006-10-17
+	* Updated version for release.
+
+1.6.17 2006-09-29
+	* Merged patch to skip reload if no active store exists and
+	  the store path doesn't match the active store path from Dan Walsh.
+	* Merged patch to not destroy sepol handle on error path of
+	  connect from James Athey.
+	* Merged patch to add genhomedircon path to semanage.conf from
+	  James Athey. 
+
+1.6.16 2006-08-14
+	* Make most copy errors fatal, but allow exceptions for
+	  file_contexts.local, seusers, and netfilter_contexts if
+	  the source file does not exist in the store.
+
 1.6.15 2006-08-11
 	* Merged separate local file contexts patch from Chris PeBenito.
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/VERSION#4 (text+ko) ====

@@ -1,1 +1,1 @@
-1.6.15
+1.8

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/conf-parse.y#3 (text+ko) ====

@@ -1,6 +1,7 @@
-/* Author: Jason Tang     <jtang at tresys.com>
+/* Authors: Jason Tang     <jtang at tresys.com>
+ *          James Athey    <jathey at tresys.com>
  *
- * Copyright (C) 2004-2005 Tresys Technology, LLC
+ * Copyright (C) 2004-2006 Tresys Technology, LLC
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -55,7 +56,7 @@
 }
 
 %token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE
-%token LOAD_POLICY_START SETFILES_START
+%token LOAD_POLICY_START SETFILES_START GENHOMEDIRCON_START
 %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
 %token PROG_PATH PROG_ARGS
 %token <s> ARG
@@ -136,6 +137,14 @@
                                 YYABORT;
                         }
                 }
+        |       GENHOMEDIRCON_START {
+                        semanage_conf_external_prog_destroy(current_conf->genhomedircon);
+                        current_conf->genhomedircon = NULL;
+                        if (new_external_prog(&current_conf->genhomedircon) == -1) {
+                                parse_errors++;
+                                YYABORT;
+                        }
+                }
         ;
 
 verify_block:   verify_start external_opts BLOCK_END  {

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/conf-scan.l#3 (text+ko) ====

@@ -1,6 +1,7 @@
-/* Author: Jason Tang     <jtang at tresys.com>
+/* Authors: Jason Tang     <jtang at tresys.com>
+ *          James Athey    <jathey at tresys.com>
  *
- * Copyright (C) 2004-2005 Tresys Technology, LLC
+ * Copyright (C) 2004-2006 Tresys Technology, LLC
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -43,6 +44,7 @@
 file-mode         return FILE_MODE;
 "[load_policy]"   return LOAD_POLICY_START;
 "[setfiles]"      return SETFILES_START;
+"[genhomedircon]" return GENHOMEDIRCON_START;
 "[verify module]" return VERIFY_MOD_START;
 "[verify linked]" return VERIFY_LINKED_START;
 "[verify kernel]" return VERIFY_KERNEL_START;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/direct_api.c#3 (text+ko) ====

@@ -217,7 +217,6 @@
 
       err:
 	ERR(sh, "could not establish direct connection");
-	sepol_handle_destroy(sh->sepolh);
 	return STATUS_ERR;
 }
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsemanage/src/semanage_store.c#4 (text+ko) ====

@@ -1056,37 +1056,38 @@
 
 	snprintf(store_hd, PATH_MAX, "%s%s", storepath, running_hd);
 	if (semanage_copy_file(active_hd, store_hd, sh->conf->file_mode) == -1) {
-		INFO(sh, "Non-fatal error:  Could not copy %s to %s.",
-		     active_hd, store_hd);
-		/* Non-fatal; fall through */
+		ERR(sh, "Could not copy %s to %s.", active_hd, store_hd);
+		goto cleanup;
 	}
 
 	snprintf(store_fc, PATH_MAX, "%s%s", storepath, running_fc);
 	if (semanage_copy_file(active_fc, store_fc, sh->conf->file_mode) == -1) {
-		INFO(sh, "Non-fatal error:  Could not copy %s to %s.",
-		     active_fc, store_fc);
-		/* Non-fatal; fall through */
+		ERR(sh, "Could not copy %s to %s.", active_fc, store_fc);
+		goto cleanup;
 	}
 
 	snprintf(store_fc_loc, PATH_MAX, "%s%s", storepath, running_fc_loc);
-	if (semanage_copy_file(active_fc_loc, store_fc_loc, sh->conf->file_mode) == -1) {
-		INFO(sh, "Non-fatal error:  Could not copy %s to %s.",
-		     active_fc_loc, store_fc_loc);
-		/* Non-fatal; fall through */
+	if (semanage_copy_file(active_fc_loc, store_fc_loc, sh->conf->file_mode)
+	    == -1 && errno != ENOENT) {
+		ERR(sh, "Could not copy %s to %s.", active_fc_loc,
+		    store_fc_loc);
+		goto cleanup;
 	}
 
 	snprintf(store_seusers, PATH_MAX, "%s%s", storepath, running_seusers);
 	if (semanage_copy_file
-	    (active_seusers, store_seusers, sh->conf->file_mode) == -1) {
-		INFO(sh, "Non-fatal error:  Could not copy %s to %s.",
-		     active_seusers, store_seusers);
-		/* Non-fatal; fall through */
+	    (active_seusers, store_seusers, sh->conf->file_mode) == -1
+	    && errno != ENOENT) {
+		ERR(sh, "Could not copy %s to %s.", active_seusers,
+		    store_seusers);
+		goto cleanup;
 	}
 
 	snprintf(store_nc, PATH_MAX, "%s%s", storepath, running_nc);
-	if (semanage_copy_file(active_nc, store_nc, sh->conf->file_mode) == -1) {
-		INFO(sh, "Non-fatal error:  Could not copy %s to %s.", active_nc, store_nc);
-		/* Non-fatal; fall through */
+	if (semanage_copy_file(active_nc, store_nc, sh->conf->file_mode) == -1
+	    && errno != ENOENT) {
+		ERR(sh, "Could not copy %s to %s.", active_nc, store_nc);
+		goto cleanup;
 	}
 
 	if (!sh->do_reload)
@@ -1108,7 +1109,9 @@
 			/* They are not the same store */
 			goto skip_reload;
 		}
-	}
+	} else if (errno == ENOENT &&
+		   strcmp(really_active_store, storepath) != 0)
+		goto skip_reload;
 
 	if (semanage_reload_policy(sh)) {
 		goto cleanup;

More information about the trustedbsd-cvs mailing list