On Mon, Oct 03, 2016 at 02:41:12PM -0400, James Carter wrote:
> Commit 7a728e46 changed module installation so that a module pp would
> be installed using its module name instead of its filename and a warning
> would be printed if they were different. With this change, base modules
> could no longer be installed because of the way error handling was done.
>
> This change fixes the error handling, so that when a base module is
> installed it will be installed using its filename (since it does not
> have a module name).
>
> Based on bug report by Jason Zaman
Just confirming this fixes the issue for me. :D
I bumped the gentoo package to sys-libs/libsemanage-2.6_rc1-r1
-- Jason
> Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx>
> ---
> libsemanage/src/direct_api.c | 39 ++++++++++++++-------------------------
> 1 file changed, 14 insertions(+), 25 deletions(-)
>
> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
> index 3719cb1..e5c72cd 100644
> --- a/libsemanage/src/direct_api.c
> +++ b/libsemanage/src/direct_api.c
> @@ -368,7 +368,7 @@ static int semanage_direct_begintrans(semanage_handle_t * sh)
> * 'version' to module's version. The caller is responsible for
> * free()ing 'module_name', and 'version'; they will be
> * set to NULL upon entering this function. Returns 0 on success, -1
> - * if out of memory, or -2 if data did not represent a module.
> + * if out of memory.
> */
> static int parse_module_headers(semanage_handle_t * sh, char *module_data,
> size_t data_len, char **module_name,
> @@ -384,23 +384,10 @@ static int parse_module_headers(semanage_handle_t * sh, char *module_data,
> }
> sepol_policy_file_set_mem(pf, module_data, data_len);
> sepol_policy_file_set_handle(pf, sh->sepolh);
> - if (module_data == NULL ||
> - data_len == 0 ||
> + if (module_data != NULL && data_len > 0)
> sepol_module_package_info(pf, &file_type, module_name,
> - version) == -1) {
> - sepol_policy_file_free(pf);
> - ERR(sh, "Could not parse module data.");
> - return -2;
> - }
> + version);
> sepol_policy_file_free(pf);
> - if (file_type != SEPOL_POLICY_MOD) {
> - if (file_type == SEPOL_POLICY_BASE)
> - ERR(sh,
> - "Received a base module, expected a non-base module.");
> - else
> - ERR(sh, "Data did not represent a module.");
> - return -2;
> - }
>
> return 0;
> }
> @@ -1608,22 +1595,24 @@ static int semanage_direct_install_file(semanage_handle_t * sh,
> lang_ext = separator + 1;
> }
>
> - if (strcmp(lang_ext, "pp") != 0) {
> + if (strcmp(lang_ext, "pp") == 0) {
> + retval = parse_module_headers(sh, data, data_len, &module_name, &version);
> + free(version);
> + if (retval != 0)
> + goto cleanup;
> + }
> +
> + if (module_name == NULL) {
> module_name = strdup(filename);
> if (module_name == NULL) {
> ERR(sh, "No memory available for module_name.\n");
> retval = -1;
> goto cleanup;
> }
> - } else {
> - if ((retval = parse_module_headers(sh, data, data_len, &module_name, &version)) != 0)
> - goto cleanup;
> -
> - if (strcmp(module_name, filename) != 0)
> - fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename);
> -
> - free(version);
> + } else if (strcmp(module_name, filename) != 0) {
> + fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename);
> }
> +
> retval = semanage_direct_install(sh, data, data_len, module_name, lang_ext);
>
> cleanup:
> --
> 2.7.4
>
> _______________________________________________
> Selinux mailing list
> Selinux@xxxxxxxxxxxxx
> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
> To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
