[libselinux] add db_language support on label_db.c

[libselinux] add db_language support on label_db.c

[KaiGai Kohei]

[-- Attachment #1: Type: text/plain, Size: 228 bytes --]

The attached patch add support db_language object class
to the selabel_lookup(_raw) interfaces.
It is needed to inform object manager initial label of
procedural language object.

Thanks,
-- 
KaiGai Kohei <kaigai@ak.jp.nec.com>

[-- Attachment #2: libselinux-selabel.1.patch --]
[-- Type: text/x-patch, Size: 941 bytes --]

diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
index 0435365..1a54307 100644
--- a/libselinux/include/selinux/label.h
+++ b/libselinux/include/selinux/label.h
@@ -128,6 +128,7 @@ void selabel_stats(struct selabel_handle *handle);
 #define SELABEL_DB_PROCEDURE	7
 #define SELABEL_DB_BLOB		8
 #define SELABEL_DB_TUPLE	9
+#define SELABEL_DB_LANGUAGE	10
 
 #ifdef __cplusplus
 }
diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c
index e1bfab7..7afacf0 100644
--- a/libselinux/src/label_db.c
+++ b/libselinux/src/label_db.c
@@ -138,6 +138,8 @@ process_line(const char *path, char *line_buf, unsigned int line_num,
 		spec->type = SELABEL_DB_BLOB;
 	else if (!strcmp(type, "db_tuple"))
 		spec->type = SELABEL_DB_TUPLE;
+	else if (!strcmp(type, "db_language"))
+		spec->type = SELABEL_DB_LANGUAGE;
 	else {
 		selinux_log(SELINUX_WARNING,
 			    "%s:  line %d has invalid object type %s\n",

Re: [libselinux] add db_language support on label_db.c

[KaiGai Kohei]

How about getting inclusion of this patch?

The db_language class is already merged to refpolicy.
I think it is also necessary to be merged to libselinux.

Thanks,

(2011/01/06 16:14), KaiGai Kohei wrote:
> The attached patch add support db_language object class
> to the selabel_lookup(_raw) interfaces.
> It is needed to inform object manager initial label of
> procedural language object.
> 
> Thanks,

-- 
KaiGai Kohei <kaigai@ak.jp.nec.com>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [libselinux] add db_language support on label_db.c

[Kohei KaiGai]

Without this patch, we will see the following warning message on the initial
setting up of SE-PostgreSQL, however, it is ugly.
Right now, security label on db_language object class is not implemented yet,
but it needs to be supported prior to my implementation.
Please commit this patch.

[kaigai@vmlinux ~]$ postgres --single -F -O -c exit_on_error=true postgres \
        < /usr/local/pgsql/share/contrib/sepgsql.sql > /dev/null
/etc/selinux/targeted/contexts/sepgsql_contexts:  line 33 has invalid
object type db_blobs
/etc/selinux/targeted/contexts/sepgsql_contexts:  line 36 has invalid
object type db_language
/etc/selinux/targeted/contexts/sepgsql_contexts:  line 37 has invalid
object type db_language
/etc/selinux/targeted/contexts/sepgsql_contexts:  line 38 has invalid
object type db_language
/etc/selinux/targeted/contexts/sepgsql_contexts:  line 39 has invalid
object type db_language
/etc/selinux/targeted/contexts/sepgsql_contexts:  line 40 has invalid
object type db_language

2011年1月27日5:19 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> How about getting inclusion of this patch?
>
> The db_language class is already merged to refpolicy.
> I think it is also necessary to be merged to libselinux.
>
> Thanks,
>
> (2011/01/06 16:14), KaiGai Kohei wrote:
>> The attached patch add support db_language object class
>> to the selabel_lookup(_raw) interfaces.
>> It is needed to inform object manager initial label of
>> procedural language object.
>>
>> Thanks,
>
> --
> KaiGai Kohei <kaigai@ak.jp.nec.com>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>



-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [libselinux] add db_language support on label_db.c

[Stephen Smalley]

On Thu, 2011-01-06 at 16:14 +0900, KaiGai Kohei wrote:
> The attached patch add support db_language object class
> to the selabel_lookup(_raw) interfaces.
> It is needed to inform object manager initial label of
> procedural language object.

Thanks, merged as of libselinux 2.0.101.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.