From: Daniel J Walsh <dwalsh@redhat.com>
To: Chad Sellers <csellers@tresys.com>, SE Linux <selinux@tycho.nsa.gov>
Subject: This patch fixes the exception handling in libselinux-python bindings
Date: Wed, 12 Aug 2009 14:34:28 -0400 [thread overview]
Message-ID: <4A830B34.60402@redhat.com> (raw)
In-Reply-To: <C6A74D22.A99BD%csellers@tresys.com>
[-- Attachment #1: Type: text/plain, Size: 120 bytes --]
What do you think of this one. Removed excess swig cruft,
You need to run
make swigify to generate those changes.
[-- Attachment #2: libselinux-rhat.patch --]
[-- Type: text/plain, Size: 4848 bytes --]
--- nsalibselinux/include/selinux/selinux.h 2009-07-07 15:32:32.000000000 -0400
+++ libselinux-2.0.85/include/selinux/selinux.h 2009-08-12 13:36:34.000000000 -0400
@@ -346,7 +347,7 @@
const char *perms[sizeof(access_vector_t) * 8 + 1];
};
-int selinux_set_mapping(struct security_class_mapping *map);
+extern int selinux_set_mapping(struct security_class_mapping *map);
/* Common helpers */
@@ -556,17 +557,17 @@
char **r_seuser, char **r_level);
/* Compare two file contexts, return 0 if equivalent. */
-int selinux_file_context_cmp(const security_context_t a,
+extern int selinux_file_context_cmp(const security_context_t a,
const security_context_t b);
/*
* Verify the context of the file 'path' against policy.
* Return 0 if correct.
*/
-int selinux_file_context_verify(const char *path, mode_t mode);
+extern int selinux_file_context_verify(const char *path, mode_t mode);
/* This function sets the file context on to the system defaults returns 0 on success */
-int selinux_lsetfilecon_default(const char *path);
+extern int selinux_lsetfilecon_default(const char *path);
#ifdef __cplusplus
}
--- nsalibselinux/src/exception.sh 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.85/src/exception.sh 2009-08-12 13:44:21.000000000 -0400
@@ -0,0 +1,21 @@
+function except() {
+case $1 in
+ selinux_file_context_cmp) # ignore
+ ;;
+ *)
+echo "
+%exception $1 {
+ \$action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ return NULL;
+ }
+}
+"
+;;
+esac
+}
+echo '#include "../include/selinux/selinux.h"' > temp.c
+gcc -c temp.c -aux-info temp.aux
+for i in `awk '/..\/include\/selinux\/selinux.h.*extern int/ { print $6 }' temp.aux`; do except $i ; done
+rm -f temp.c temp.aux temp.o
--- nsalibselinux/src/Makefile 2009-07-14 11:16:03.000000000 -0400
+++ libselinux-2.0.85/src/Makefile 2009-08-12 12:08:08.000000000 -0400
@@ -82,6 +82,9 @@
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
+selinuxswig_exception.i: ../include/selinux/selinux.h
+ sh exception.sh > $@
+
audit2why.lo: audit2why.c
$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
@@ -100,8 +103,8 @@
$(SWIGRUBYCOUT): $(SWIGRUBYIF)
$(SWIGRUBY) $^
-swigify: $(SWIGIF)
- $(SWIG) $^
+swigify: $(SWIGIF) selinuxswig_exception.i
+ $(SWIG) $<
install: all
test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
@@ -124,7 +127,7 @@
/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
clean:
- -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~
+ -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~ selinuxswig_exception.i
distclean: clean
rm -f $(GENERATED) $(SWIGFILES)
--- nsalibselinux/src/selinuxswig.i 2009-03-12 08:48:48.000000000 -0400
+++ libselinux-2.0.85/src/selinuxswig.i 2009-07-31 08:29:59.000000000 -0400
@@ -4,11 +4,14 @@
%module selinux
%{
- #include "selinux/selinux.h"
#include "../include/selinux/avc.h"
- #include "../include/selinux/selinux.h"
- #include "../include/selinux/get_default_type.h"
+ #include "../include/selinux/av_permissions.h"
+ #include "../include/selinux/context.h"
+ #include "../include/selinux/flask.h"
#include "../include/selinux/get_context_list.h"
+ #include "../include/selinux/get_default_type.h"
+ #include "../include/selinux/label.h"
+ #include "../include/selinux/selinux.h"
%}
%apply int *OUTPUT { int *enforce };
%apply int *OUTPUT { size_t * };
@@ -55,8 +58,11 @@
%ignore avc_netlink_release_fd;
%ignore avc_netlink_check_nb;
-%include "../include/selinux/selinux.h"
%include "../include/selinux/avc.h"
-%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/av_permissions.h"
+%include "../include/selinux/context.h"
+%include "../include/selinux/flask.h"
%include "../include/selinux/get_context_list.h"
-
+%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/label.h"
+%include "../include/selinux/selinux.h"
--- nsalibselinux/src/selinuxswig_python.i 2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.85/src/selinuxswig_python.i 2009-07-31 08:29:59.000000000 -0400
@@ -21,6 +21,15 @@
map(restorecon, [os.path.join(dirname, fname)
for fname in fnames]), None)
+def copytree(src, dest):
+ """ An SELinux-friendly shutil.copytree method """
+ shutil.copytree(src, dest)
+ restorecon(dest, recursive=True)
+
+def install(src, dest):
+ """ An SELinux-friendly shutil.move method """
+ shutil.move(src, dest)
+ restorecon(dest, recursive=True)
%}
/* security_get_boolean_names() typemap */
@@ -150,4 +159,5 @@
free($1);
}
+%include "selinuxswig_exception.i"
%include "selinuxswig.i"
next parent reply other threads:[~2009-08-12 18:34 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <C6A74D22.A99BD%csellers@tresys.com>
2009-08-12 18:34 ` Daniel J Walsh [this message]
2009-09-16 19:18 ` This patch fixes the exception handling in libselinux-python bindings Joshua Brindle
2009-09-16 19:35 ` Joshua Brindle
[not found] ` <4AB15164.1020507@redhat.com>
2009-09-24 0:56 ` Joshua Brindle
2009-09-24 18:16 ` Joshua Brindle
2009-09-24 19:19 ` Joshua Brindle
2009-09-28 19:07 ` Daniel J Walsh
2009-09-28 20:10 ` Joshua Brindle
2010-01-08 15:32 ` Stephen Smalley
2010-01-08 20:06 ` Stephen Smalley
2010-01-08 20:19 ` Stephen Smalley
2010-01-08 20:40 ` Daniel J Walsh
2010-01-08 20:52 ` Joshua Brindle
2010-02-08 21:10 ` Caleb Case
2010-03-06 23:23 ` Joshua Brindle
2009-05-18 18:10 Daniel J Walsh
2009-05-19 16:16 ` Chad Sellers
2009-05-19 17:35 ` Daniel J Walsh
2009-06-18 14:23 ` Joshua Brindle
2009-06-18 19:41 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A830B34.60402@redhat.com \
--to=dwalsh@redhat.com \
--cc=csellers@tresys.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.