From: Daniel J Walsh <dwalsh@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: SE Linux <selinux@tycho.nsa.gov>
Subject: Re: load_policy has to be moved to /sbin from /usr/sbin to handle initrd executing load_policy
Date: Wed, 30 Sep 2009 14:16:24 -0400 [thread overview]
Message-ID: <4AC3A078.8040404@redhat.com> (raw)
In-Reply-To: <1254333556.30591.81.camel@moss-pluto.epoch.ncsc.mil>
[-- Attachment #1: Type: text/plain, Size: 633 bytes --]
On 09/30/2009 01:59 PM, Stephen Smalley wrote:
> On Wed, 2009-09-30 at 13:56 -0400, Daniel J Walsh wrote:
>> Ubunto and Fedora have moved to a model where the initrd executes load_policy -i.
>>
>> This means load_policy has to be in /sbin since /usr might not be mounted.
>
> We had a similar change happen for setfiles, and if you look a little
> further down in semanage_conf_init(), you'll see that we call access()
> to check whether setfiles lives in /sbin or /usr/sbin and then set it
> accordingly. You'll want to do the same thing here to avoid breakage on
> systems that still have it in the old location.
>
Fixed patch.
[-- Attachment #2: load_policy.patch --]
[-- Type: text/plain, Size: 14604 bytes --]
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index 23661bf..931448f 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -263,7 +263,13 @@ static int semanage_conf_init(semanage_conf_t * conf)
calloc(1, sizeof(*(current_conf->load_policy)))) == NULL) {
return -1;
}
- if ((conf->load_policy->path = strdup("/usr/sbin/load_policy")) == NULL) {
+
+ if (access("/sbin/load_policy", X_OK) == 0) {
+ conf->load_policy->path = strdup("/sbin/load_policy");
+ } else {
+ conf->load_policy->path = strdup("/usr/sbin/load_policy");
+ }
+ if (conf->load_policy->path == NULL)
return -1;
}
conf->load_policy->args = NULL;
diff --git a/libsemanage/src/semanage.py b/libsemanage/src/semanage.py
index 7c05df9..29208dd 100644
--- a/libsemanage/src/semanage.py
+++ b/libsemanage/src/semanage.py
@@ -1,5 +1,5 @@
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.39
+# Version 1.3.40
#
# Do not make changes to this file unless you know what you are doing--modify
# the SWIG interface file instead.
@@ -21,7 +21,7 @@ if version_info >= (2,6,0):
_mod = imp.load_module('_semanage', fp, pathname, description)
finally:
fp.close()
- return _mod
+ return _mod
_semanage = swig_import_helper()
del swig_import_helper
else:
@@ -184,6 +184,14 @@ def semanage_module_install_base_file(*args):
return _semanage.semanage_module_install_base_file(*args)
semanage_module_install_base_file = _semanage.semanage_module_install_base_file
+def semanage_module_enable(*args):
+ return _semanage.semanage_module_enable(*args)
+semanage_module_enable = _semanage.semanage_module_enable
+
+def semanage_module_disable(*args):
+ return _semanage.semanage_module_disable(*args)
+semanage_module_disable = _semanage.semanage_module_disable
+
def semanage_module_remove(*args):
return _semanage.semanage_module_remove(*args)
semanage_module_remove = _semanage.semanage_module_remove
@@ -208,6 +216,10 @@ def semanage_module_get_version(*args):
return _semanage.semanage_module_get_version(*args)
semanage_module_get_version = _semanage.semanage_module_get_version
+def semanage_module_get_enabled(*args):
+ return _semanage.semanage_module_get_enabled(*args)
+semanage_module_get_enabled = _semanage.semanage_module_get_enabled
+
def semanage_context_get_user(*args):
return _semanage.semanage_context_get_user(*args)
semanage_context_get_user = _semanage.semanage_context_get_user
diff --git a/libsemanage/src/semanageswig_wrap.c b/libsemanage/src/semanageswig_wrap.c
index 09e12aa..2e8946c 100644
--- a/libsemanage/src/semanageswig_wrap.c
+++ b/libsemanage/src/semanageswig_wrap.c
@@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
- * Version 1.3.39
+ * Version 1.3.40
*
* This file is not intended to be easily readable and contains a number of
* coding conventions designed to improve portability and efficiency. Do not make
@@ -725,7 +725,7 @@ SWIG_UnpackDataName(const char *c, void *ptr, size_t sz, const char *name) {
-/* Compatibility marcos for Python 3 */
+/* Compatibility macros for Python 3 */
#if PY_VERSION_HEX >= 0x03000000
#define PyClass_Check(obj) PyObject_IsInstance(obj, (PyObject *)&PyType_Type)
@@ -758,7 +758,7 @@ SWIG_Python_str_AsChar(PyObject *str)
#if PY_VERSION_HEX >= 0x03000000
char *cstr;
char *newstr;
- int len;
+ Py_ssize_t len;
str = PyUnicode_AsUTF8String(str);
PyBytes_AsStringAndSize(str, &cstr, &len);
newstr = (char *) malloc(len+1);
@@ -1448,9 +1448,7 @@ SwigPyObject_repr(SwigPyObject *v, PyObject *args)
#endif
{
const char *name = SWIG_TypePrettyName(v->ty);
- PyObject *hex = SwigPyObject_hex(v);
- PyObject *repr = SWIG_Python_str_FromFormat("<Swig Object of type '%s' at %p>", name, hex);
- Py_DECREF(hex);
+ PyObject *repr = SWIG_Python_str_FromFormat("<Swig Object of type '%s' at %p>", name, v);
if (v->next) {
#ifdef METH_NOARGS
PyObject *nrep = SwigPyObject_repr((SwigPyObject *)v->next);
@@ -1505,7 +1503,7 @@ SwigPyObject_compare(SwigPyObject *v, SwigPyObject *w)
return (i < j) ? -1 : ((i > j) ? 1 : 0);
}
-/* Added for Python 3.x, whould it also useful for Python 2.x? */
+/* Added for Python 3.x, would it also be useful for Python 2.x? */
SWIGRUNTIME PyObject*
SwigPyObject_richcompare(SwigPyObject *v, SwigPyObject *w, int op)
{
@@ -1553,7 +1551,7 @@ SwigPyObject_dealloc(PyObject *v)
/* destroy is always a VARARGS method */
PyObject *res;
if (data->delargs) {
- /* we need to create a temporal object to carry the destroy operation */
+ /* we need to create a temporary object to carry the destroy operation */
PyObject *tmp = SwigPyObject_New(sobj->ptr, ty, 0);
res = SWIG_Python_CallFunctor(destroy, tmp);
Py_DECREF(tmp);
@@ -1754,7 +1752,7 @@ _PySwigObject_type(void) {
if (!type_init) {
const PyTypeObject tmp
= {
- /* PyOjbect header changed in Python 3 */
+ /* PyObject header changed in Python 3 */
#if PY_VERSION_HEX >= 0x03000000
PyVarObject_HEAD_INIT(&PyType_Type, 0)
#else
@@ -1773,7 +1771,7 @@ _PySwigObject_type(void) {
#endif
(setattrfunc)0, /* tp_setattr */
#if PY_VERSION_HEX >= 0x03000000
- 0, /* tp_reserved in 3.0.1 */
+ 0, /* tp_reserved in 3.0.1, tp_compare in 3.0.0 but not used */
#else
(cmpfunc)SwigPyObject_compare, /* tp_compare */
#endif
@@ -1823,7 +1821,7 @@ _PySwigObject_type(void) {
#endif
};
swigpyobject_type = tmp;
- /* for Python 3 we already assigned the ob_type in PyVarObject_HEAD_INIT() */
+ /* for Python 3 we already assigned ob_type in PyVarObject_HEAD_INIT() */
#if PY_VERSION_HEX < 0x03000000
swigpyobject_type.ob_type = &PyType_Type;
#endif
@@ -2230,10 +2228,10 @@ SWIG_Python_ConvertFunctionPtr(PyObject *obj, void **ptr, swig_type_info *ty) {
/* here we get the method pointer for callbacks */
const char *doc = (((PyCFunctionObject *)obj) -> m_ml -> ml_doc);
const char *desc = doc ? strstr(doc, "swig_ptr: ") : 0;
- if (desc) {
+ if (desc)
desc = ty ? SWIG_UnpackVoidPtr(desc + 10, &vptr, ty->name) : 0;
- if (!desc) return SWIG_ERROR;
- }
+ if (!desc)
+ return SWIG_ERROR;
if (ty) {
swig_cast_info *tc = SWIG_TypeCheck(desc,ty);
if (tc) {
@@ -2271,7 +2269,7 @@ SWIG_Python_ConvertPacked(PyObject *obj, void *ptr, size_t sz, swig_type_info *t
* ----------------------------------------------------------------------------- */
/*
- Create a new instance object, whitout calling __init__, and set the
+ Create a new instance object, without calling __init__, and set the
'this' attribute.
*/
@@ -2739,7 +2737,7 @@ static swig_module_info swig_module = {swig_types, 54, 0, 0, 0, 0};
#endif
#define SWIG_name "_semanage"
-#define SWIGVERSION 0x010339
+#define SWIGVERSION 0x010340
#define SWIG_VERSION SWIGVERSION
@@ -3912,6 +3910,74 @@ fail:
}
+SWIGINTERN PyObject *_wrap_semanage_module_enable(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_module_enable",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_enable" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_module_enable" "', argument " "2"" of type '" "char *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)semanage_module_enable(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_module_disable(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_module_disable",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_disable" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_module_disable" "', argument " "2"" of type '" "char *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)semanage_module_disable(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_semanage_module_remove(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
@@ -4082,6 +4148,28 @@ fail:
}
+SWIGINTERN PyObject *_wrap_semanage_module_get_enabled(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_module_info_t *arg1 = (semanage_module_info_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_module_get_enabled",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_module_info, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_get_enabled" "', argument " "1"" of type '" "semanage_module_info_t *""'");
+ }
+ arg1 = (semanage_module_info_t *)(argp1);
+ result = (int)semanage_module_get_enabled(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_semanage_context_get_user(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
semanage_context_t *arg1 = (semanage_context_t *) 0 ;
@@ -11783,12 +11871,15 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"semanage_module_upgrade_file", _wrap_semanage_module_upgrade_file, METH_VARARGS, NULL},
{ (char *)"semanage_module_install_base", _wrap_semanage_module_install_base, METH_VARARGS, NULL},
{ (char *)"semanage_module_install_base_file", _wrap_semanage_module_install_base_file, METH_VARARGS, NULL},
+ { (char *)"semanage_module_enable", _wrap_semanage_module_enable, METH_VARARGS, NULL},
+ { (char *)"semanage_module_disable", _wrap_semanage_module_disable, METH_VARARGS, NULL},
{ (char *)"semanage_module_remove", _wrap_semanage_module_remove, METH_VARARGS, NULL},
{ (char *)"semanage_module_list", _wrap_semanage_module_list, METH_VARARGS, NULL},
{ (char *)"semanage_module_info_datum_destroy", _wrap_semanage_module_info_datum_destroy, METH_VARARGS, NULL},
{ (char *)"semanage_module_list_nth", _wrap_semanage_module_list_nth, METH_VARARGS, NULL},
{ (char *)"semanage_module_get_name", _wrap_semanage_module_get_name, METH_VARARGS, NULL},
{ (char *)"semanage_module_get_version", _wrap_semanage_module_get_version, METH_VARARGS, NULL},
+ { (char *)"semanage_module_get_enabled", _wrap_semanage_module_get_enabled, METH_VARARGS, NULL},
{ (char *)"semanage_context_get_user", _wrap_semanage_context_get_user, METH_VARARGS, NULL},
{ (char *)"semanage_context_set_user", _wrap_semanage_context_set_user, METH_VARARGS, NULL},
{ (char *)"semanage_context_get_role", _wrap_semanage_context_get_role, METH_VARARGS, NULL},
@@ -12631,7 +12722,7 @@ extern "C" {
(char *)"swigvarlink", /* Type name (tp_name) */
sizeof(swig_varlinkobject), /* Basic size (tp_basicsize) */
0, /* Itemsize (tp_itemsize) */
- (destructor) swig_varlink_dealloc, /* Deallocator (tp_dealloc) */
+ (destructor) swig_varlink_dealloc, /* Deallocator (tp_dealloc) */
(printfunc) swig_varlink_print, /* Print (tp_print) */
(getattrfunc) swig_varlink_getattr, /* get attr (tp_getattr) */
(setattrfunc) swig_varlink_setattr, /* Set attr (tp_setattr) */
@@ -12642,7 +12733,7 @@ extern "C" {
0, /* tp_as_mapping */
0, /* tp_hash */
0, /* tp_call */
- (reprfunc)swig_varlink_str, /* tp_str */
+ (reprfunc) swig_varlink_str, /* tp_str */
0, /* tp_getattro */
0, /* tp_setattro */
0, /* tp_as_buffer */
@@ -12663,7 +12754,7 @@ extern "C" {
#endif
};
varlink_type = tmp;
- /* for Python 3 we already assigned the ob_type in PyVarObject_HEAD_INIT() */
+ /* for Python 3 we already assigned ob_type in PyVarObject_HEAD_INIT() */
#if PY_VERSION_HEX < 0x03000000
varlink_type.ob_type = &PyType_Type;
#endif
diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile
index 2dd2943..91dc6c8 100644
--- a/policycoreutils/load_policy/Makefile
+++ b/policycoreutils/load_policy/Makefile
@@ -1,6 +1,7 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
-SBINDIR ?= $(PREFIX)/sbin
+SBINDIR ?= $(DESTDIR)/sbin
+USRSBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@@ -17,6 +18,8 @@ install: all
install -m 755 $(TARGETS) $(SBINDIR)
test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
install -m 644 load_policy.8 $(MANDIR)/man8/
+ -mkdir -p $(USRSBINDIR)
+ ln -s /sbin/load_policy $(USRSBINDIR)/load_policy
clean:
-rm -f $(TARGETS) *.o
next prev parent reply other threads:[~2009-09-30 18:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-30 17:56 load_policy has to be moved to /sbin from /usr/sbin to handle initrd executing load_policy Daniel J Walsh
2009-09-30 17:59 ` Stephen Smalley
2009-09-30 18:16 ` Daniel J Walsh [this message]
2009-11-10 21:16 ` Chad Sellers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AC3A078.8040404@redhat.com \
--to=dwalsh@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.