+++ /dev/null
-Index: libselinux/src/get_context_list.c
-===================================================================
-RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/get_context_list.c,v
-retrieving revision 1.8
-retrieving revision 1.10
-diff -u -r1.8 -r1.10
---- libselinux/src/get_context_list.c 1 Dec 2003 19:28:32 -0000 1.8
-+++ libselinux/src/get_context_list.c 14 Jan 2004 14:06:52 -0000 1.10
-@@ -206,26 +206,50 @@
- FILE *config_file; /* The configuration file */
- char *fname = 0; /* The name of the user's configuration file */
- size_t fname_len; /* The length of fname */
-- struct passwd *pwd; /* The user's passwd structure */
-+ struct passwd pwdbuf, *pwd = &pwdbuf;
-+ char *buf;
- int retval; /* The return value */
-+ long buflen;
-
- if (which == USERPRIORITY)
- {
-- /* Get the password structure in order to find the home directory */
-- pwd = getpwnam (user);
-- if (!pwd)
-- {
-- return -1;
-+ /* Get the password structure in order to find the home directory.
-+ Use getpwnam_r to avoid clobbering any existing pwd struct obtained
-+ by the caller. */
-+ buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-+ if (buflen < 0)
-+ return -1;
-+ buf = malloc(buflen);
-+ if (!buf)
-+ return -1;
-+ retval = getpwnam_r (user, pwd, buf, buflen, &pwd );
-+ while (retval < 0 && errno == ERANGE) {
-+ char *newbuf;
-+ errno = 0;
-+ buflen *= 2;
-+ newbuf = realloc (buf, buflen);
-+ if (!newbuf) {
-+ free(buf);
-+ return -1;
-+ }
-+ buf = newbuf;
-+ retval = getpwnam_r (user, pwd, buf, buflen, &pwd );
-+ }
-+ if (retval < 0 || !pwd) {
-+ free(buf);
-+ return -1;
- }
- fname_len = strlen (pwd->pw_dir) + 20;
- fname = malloc (fname_len);
-- if (!fname)
-+ if (!fname)
- {
-+ free(buf);
- return -1;
- }
- sprintf (fname, "%s%s", pwd->pw_dir, "/.default_contexts");
- config_file = fopen (fname, "r");
- free (fname);
-+ free(buf);
- }
- else if (which == SYSTEMPRIORITY)
- {
+++ /dev/null
---- libselinux-1.4/src/check_context.c.mntpoint 2003-04-29 17:09:21.000000000 -0400
-+++ libselinux-1.4/src/check_context.c 2003-12-17 16:37:25.000000000 -0500
-@@ -4,14 +4,18 @@
- #include <stdlib.h>
- #include <errno.h>
- #include <string.h>
-+#include <stdio.h>
- #include <selinux/selinux.h>
- #include "policy.h"
-+#include <limits.h>
-
- int security_check_context(security_context_t con)
- {
-+ char path[PATH_MAX];
- int fd, ret;
-
-- fd = open(SELINUXMNT "context", O_RDWR);
-+ snprintf(path, sizeof path, "%s/context", selinux_mnt);
-+ fd = open(path, O_RDWR);
- if (fd < 0)
- return -1;
-
---- libselinux-1.4/src/compute_av.c.mntpoint 2003-12-01 14:28:32.000000000 -0500
-+++ libselinux-1.4/src/compute_av.c 2003-12-17 16:37:25.000000000 -0500
-@@ -8,6 +8,7 @@
- #include <asm/page.h>
- #include <selinux/selinux.h>
- #include "policy.h"
-+#include <limits.h>
-
- int security_compute_av(security_context_t scon,
- security_context_t tcon,
-@@ -15,11 +16,13 @@
- access_vector_t requested,
- struct av_decision *avd)
- {
-+ char path[PATH_MAX];
- char *buf;
- size_t len;
- int fd, ret;
-
-- fd = open(SELINUXMNT "access", O_RDWR);
-+ snprintf(path, sizeof path, "%s/access", selinux_mnt);
-+ fd = open(path, O_RDWR);
- if (fd < 0)
- return -1;
-
---- libselinux-1.4/src/compute_create.c.mntpoint 2003-07-17 10:38:06.000000000 -0400
-+++ libselinux-1.4/src/compute_create.c 2003-12-17 16:37:25.000000000 -0500
-@@ -8,17 +8,20 @@
- #include <asm/page.h>
- #include <selinux/selinux.h>
- #include "policy.h"
-+#include <limits.h>
-
- int security_compute_create(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t *newcon)
- {
-+ char path[PATH_MAX];
- char *buf;
- size_t size;
- int fd, ret;
-
-- fd = open(SELINUXMNT "create", O_RDWR);
-+ snprintf(path, sizeof path, "%s/create", selinux_mnt);
-+ fd = open(path, O_RDWR);
- if (fd < 0)
- return -1;
-
---- libselinux-1.4/src/compute_relabel.c.mntpoint 2003-07-17 10:38:06.000000000 -0400
-+++ libselinux-1.4/src/compute_relabel.c 2003-12-17 16:37:25.000000000 -0500
-@@ -8,17 +8,20 @@
- #include <asm/page.h>
- #include <selinux/selinux.h>
- #include "policy.h"
-+#include <limits.h>
-
- int security_compute_relabel(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t *newcon)
- {
-+ char path[PATH_MAX];
- char *buf;
- size_t size;
- int fd, ret;
-
-- fd = open(SELINUXMNT "relabel", O_RDWR);
-+ snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
-+ fd = open(path, O_RDWR);
- if (fd < 0)
- return -1;
-
---- libselinux-1.4/src/compute_user.c.mntpoint 2003-12-01 14:28:32.000000000 -0500
-+++ libselinux-1.4/src/compute_user.c 2003-12-17 16:37:25.000000000 -0500
-@@ -8,18 +8,21 @@
- #include <asm/page.h>
- #include <selinux/selinux.h>
- #include "policy.h"
-+#include <limits.h>
-
- int security_compute_user(security_context_t scon,
- const char *user,
- security_context_t **con)
- {
-+ char path[PATH_MAX];
- char **ary;
- char *buf, *ptr;
- size_t size;
- int fd, ret;
- unsigned int i, nel;
-
-- fd = open(SELINUXMNT "user", O_RDWR);
-+ snprintf(path, sizeof path, "%s/user", selinux_mnt);
-+ fd = open(path, O_RDWR);
- if (fd < 0)
- return -1;
-
---- libselinux-1.4/src/getenforce.c.mntpoint 2003-10-21 15:40:40.000000000 -0400
-+++ libselinux-1.4/src/getenforce.c 2003-12-17 16:37:25.000000000 -0500
-@@ -7,13 +7,16 @@
- #include <selinux/selinux.h>
- #include "policy.h"
- #include <stdio.h>
-+#include <limits.h>
-
- int security_getenforce(void)
- {
- int fd, ret, enforce = 0;
-+ char path[PATH_MAX];
- char buf[20];
-
-- fd = open(SELINUXMNT "enforce", O_RDONLY);
-+ snprintf(path, sizeof path, "%s/enforce", selinux_mnt);
-+ fd = open(path, O_RDONLY);
- if (fd < 0)
- return -1;
-
---- /dev/null 2003-09-15 09:40:47.000000000 -0400
-+++ libselinux-1.4/src/init.c 2003-12-17 17:53:47.486020784 -0500
-@@ -0,0 +1,62 @@
-+#include <unistd.h>
-+#include <fcntl.h>
-+#include <string.h>
-+#include <selinux/selinux.h>
-+#include <stdlib.h>
-+#include <errno.h>
-+#include <ctype.h>
-+#include <asm/page.h>
-+
-+char *selinux_mnt = NULL;
-+
-+static void init_selinuxmnt(void) __attribute__ ((constructor));
-+
-+static void init_selinuxmnt(void)
-+{
-+ char *buf, *p;
-+ size_t size;
-+ int fd;
-+ ssize_t ret;
-+
-+ if (selinux_mnt)
-+ return;
-+
-+ fd = open("/proc/mounts", O_RDONLY);
-+ if (fd < 0)
-+ return;
-+
-+ size = PAGE_SIZE;
-+ buf = malloc(size);
-+ if (!buf)
-+ goto out;
-+
-+ memset(buf, 0, size);
-+
-+ ret = read(fd, buf, size - 1);
-+ if (ret < 0)
-+ goto out2;
-+
-+ p = strstr(buf, "selinuxfs");
-+ if (!p)
-+ goto out2;
-+
-+ p--;
-+ *p = 0;
-+ p--;
-+
-+ while (p > buf && !isspace(*p))
-+ p--;
-+
-+ if (isspace(*p))
-+ p++;
-+
-+ selinux_mnt = strdup(p);
-+
-+out2:
-+ free(buf);
-+out:
-+ close(fd);
-+ return;
-+
-+}
-+
---- libselinux-1.4/src/load_policy.c.mntpoint 2003-04-29 17:09:21.000000000 -0400
-+++ libselinux-1.4/src/load_policy.c 2003-12-17 16:37:25.000000000 -0500
-@@ -2,15 +2,19 @@
- #include <sys/types.h>
- #include <fcntl.h>
- #include <stdlib.h>
-+#include <stdio.h>
- #include <errno.h>
- #include <selinux/selinux.h>
- #include "policy.h"
-+#include <limits.h>
-
- int security_load_policy(void *data, size_t len)
- {
-+ char path[PATH_MAX];
- int fd, ret;
-
-- fd = open(SELINUXMNT "load", O_RDWR);
-+ snprintf(path, sizeof path, "%s/load", selinux_mnt);
-+ fd = open(path, O_RDWR);
- if (fd < 0)
- return -1;
-
---- libselinux-1.4/src/policy.h.mntpoint 2003-10-21 15:40:40.000000000 -0400
-+++ libselinux-1.4/src/policy.h 2003-12-17 16:37:25.000000000 -0500
-@@ -9,6 +9,9 @@
- /* Initial length guess for getting contexts. */
- #define INITCONTEXTLEN 255
-
-+/* selinuxfs mount point */
-+extern char *selinux_mnt;
-+
- #endif
-
-
---- libselinux-1.4/src/policyvers.c.mntpoint 2003-10-21 15:40:40.000000000 -0400
-+++ libselinux-1.4/src/policyvers.c 2003-12-17 16:37:25.000000000 -0500
-@@ -7,16 +7,19 @@
- #include <selinux/selinux.h>
- #include <stdio.h>
- #include "policy.h"
-+#include <limits.h>
-
- #define DEFAULT_POLICY_VERSION 15
-
- int security_policyvers(void)
- {
- int fd, ret;
-+ char path[PATH_MAX];
- char buf[20];
- unsigned vers = DEFAULT_POLICY_VERSION;
-
-- fd = open(SELINUXMNT "policyvers", O_RDONLY);
-+ snprintf(path, sizeof path, "%s/policyvers", selinux_mnt);
-+ fd = open(path, O_RDONLY);
- if (fd < 0)
- return vers;
- memset(buf, 0, sizeof buf);
---- libselinux-1.4/src/setenforce.c.mntpoint 2003-10-21 15:40:40.000000000 -0400
-+++ libselinux-1.4/src/setenforce.c 2003-12-17 16:37:25.000000000 -0500
-@@ -7,13 +7,16 @@
- #include <selinux/selinux.h>
- #include "policy.h"
- #include <stdio.h>
-+#include <limits.h>
-
- int security_setenforce(int value)
- {
- int fd, ret;
-+ char path[PATH_MAX];
- char buf[20];
-
-- fd = open(SELINUXMNT "enforce", O_RDWR);
-+ snprintf(path, sizeof path, "%s/enforce", selinux_mnt);
-+ fd = open(path, O_RDWR);
- if (fd < 0)
- return -1;
-
---- libselinux-1.4/src/enabled.c.mntpoint 2003-11-20 09:28:38.000000000 -0500
-+++ libselinux-1.4/src/enabled.c 2003-12-17 16:37:25.000000000 -0500
-@@ -17,18 +17,22 @@
-
- fd = open("/proc/filesystems", O_RDONLY);
- if (fd < 0)
-- return 0;
-+ return -1;
-
- size = PAGE_SIZE;
- buf = malloc(size);
-- if (!buf)
-+ if (!buf) {
-+ enabled = -1;
- goto out;
-+ }
-
- memset(buf, 0, size);
-
- ret = read(fd, buf, size - 1);
-- if (ret < 0)
-+ if (ret < 0) {
-+ enabled = -1;
- goto out2;
-+ }
-
- if (!strstr(buf, "selinuxfs"))
- goto out2;
---- libselinux-1.4/include/selinux/selinux.h.mntpoint 2003-12-17 17:09:17.000000000 -0500
-+++ libselinux-1.4/include/selinux/selinux.h 2003-12-17 17:09:43.000000000 -0500
-@@ -122,6 +122,7 @@
- /* Get the policy version number. */
- extern int security_policyvers(void);
-
-+extern void reinit_selinuxmnt(void);
-
- /* Common helpers */
-
+++ /dev/null
-Index: libselinux/include/selinux/av_perm_to_string.h
-===================================================================
-RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/include/selinux/av_perm_to_string.h,v
-retrieving revision 1.9
-diff -u -r1.9 av_perm_to_string.h
---- libselinux/include/selinux/av_perm_to_string.h 17 Dec 2003 15:47:17 -0000 1.9
-+++ libselinux/include/selinux/av_perm_to_string.h 23 Jan 2004 15:11:24 -0000
-@@ -120,6 +120,7 @@
- { SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" },
- { SECCLASS_PASSWD, PASSWD__CHFN, "chfn" },
- { SECCLASS_PASSWD, PASSWD__CHSH, "chsh" },
-+ { SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok" },
- };
-
-
-Index: libselinux/include/selinux/av_permissions.h
-===================================================================
-RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/include/selinux/av_permissions.h,v
-retrieving revision 1.5
-diff -u -r1.5 av_permissions.h
---- libselinux/include/selinux/av_permissions.h 20 Nov 2003 14:22:43 -0000 1.5
-+++ libselinux/include/selinux/av_permissions.h 23 Jan 2004 15:11:24 -0000
-@@ -551,6 +553,7 @@
- #define PASSWD__PASSWD 0x00000001UL
- #define PASSWD__CHFN 0x00000002UL
- #define PASSWD__CHSH 0x00000004UL
-+#define PASSWD__ROOTOK 0x00000008UL
-
-
- /* FLASK */