]>
Commit | Line | Data |
---|---|---|
b38be7f7 MT |
1 | diff --git a/libselinux/Makefile b/libselinux/Makefile |
2 | index 9feaf94..fd4f0b1 100644 | |
3 | --- a/libselinux/Makefile | |
4 | +++ b/libselinux/Makefile | |
5 | @@ -1,3 +1,5 @@ | |
6 | +SUBDIRS = src include utils man | |
7 | + | |
8 | DISABLE_AVC ?= n | |
9 | DISABLE_SETRANS ?= n | |
10 | DISABLE_RPM ?= n | |
11 | @@ -19,41 +21,24 @@ ifeq ($(DISABLE_SETRANS),y) | |
12 | endif | |
13 | export DISABLE_AVC DISABLE_SETRANS DISABLE_RPM DISABLE_BOOL EMFLAGS | |
14 | ||
15 | -all: | |
16 | - $(MAKE) -C src | |
17 | - $(MAKE) -C utils | |
18 | +all install relabel clean distclean indent: | |
19 | + @for subdir in $(SUBDIRS); do \ | |
20 | + (cd $$subdir && $(MAKE) $@) || exit 1; \ | |
21 | + done | |
22 | ||
23 | swigify: all | |
24 | - $(MAKE) -C src swigify | |
25 | + $(MAKE) -C src swigify $@ | |
26 | ||
27 | pywrap: | |
28 | - $(MAKE) -C src pywrap | |
29 | + $(MAKE) -C src pywrap $@ | |
30 | ||
31 | rubywrap: | |
32 | - $(MAKE) -C src rubywrap | |
33 | - | |
34 | -install: | |
35 | - $(MAKE) -C include install | |
36 | - $(MAKE) -C src install | |
37 | - $(MAKE) -C utils install | |
38 | - $(MAKE) -C man install | |
39 | + $(MAKE) -C src rubywrap $@ | |
40 | ||
41 | install-pywrap: | |
42 | - $(MAKE) -C src install-pywrap | |
43 | + $(MAKE) -C src install-pywrap $@ | |
44 | ||
45 | install-rubywrap: | |
46 | - $(MAKE) -C src install-rubywrap | |
47 | - | |
48 | -relabel: | |
49 | - $(MAKE) -C src relabel | |
50 | - | |
51 | -clean distclean: | |
52 | - $(MAKE) -C src $@ | |
53 | - $(MAKE) -C utils clean | |
54 | - | |
55 | -indent: | |
56 | - $(MAKE) -C src $@ | |
57 | - $(MAKE) -C utils $@ | |
58 | - $(MAKE) -C include $@ | |
59 | + $(MAKE) -C src install-rubywrap $@ | |
60 | ||
61 | test: | |
62 | diff --git a/libselinux/include/Makefile b/libselinux/include/Makefile | |
63 | index 09bcea3..dd264d0 100644 | |
64 | --- a/libselinux/include/Makefile | |
65 | +++ b/libselinux/include/Makefile | |
66 | @@ -11,3 +11,6 @@ install: all | |
67 | indent: | |
68 | ../../scripts/Lindent $(wildcard selinux/*.h) | |
69 | ||
70 | +distclean clean: | |
71 | + -rm -f selinux/*~ | |
72 | + | |
73 | diff --git a/libselinux/include/selinux/avc.h b/libselinux/include/selinux/avc.h | |
74 | index da18e41..87a2b12 100644 | |
75 | --- a/libselinux/include/selinux/avc.h | |
76 | +++ b/libselinux/include/selinux/avc.h | |
77 | @@ -130,7 +130,11 @@ struct avc_memory_callback { | |
78 | ||
79 | struct avc_log_callback { | |
80 | /* log the printf-style format and arguments. */ | |
81 | - void (*func_log) (const char *fmt, ...); | |
82 | + void | |
83 | +#ifdef __GNUC__ | |
84 | +__attribute__ ((format(printf, 1, 2))) | |
85 | +#endif | |
86 | + (*func_log) (const char *fmt, ...); | |
87 | /* store a string representation of auditdata (corresponding | |
88 | to the given security class) into msgbuf. */ | |
89 | void (*func_audit) (void *auditdata, security_class_t cls, | |
02274bb5 SS |
90 | diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h |
91 | index 1a54307..f6eeb21 100644 | |
92 | --- a/libselinux/include/selinux/label.h | |
93 | +++ b/libselinux/include/selinux/label.h | |
94 | @@ -46,8 +46,10 @@ struct selabel_handle; | |
9c27a234 SS |
95 | #define SELABEL_OPT_PATH 3 |
96 | /* select a subset of the search space as an optimization (file backend) */ | |
97 | #define SELABEL_OPT_SUBSET 4 | |
98 | +/* like subset, but an array of subsets */ | |
99 | +#define SELABEL_OPT_PREFIXES 5 | |
100 | /* total number of options */ | |
101 | -#define SELABEL_NOPT 5 | |
102 | +#define SELABEL_NOPT 6 | |
103 | ||
104 | /* | |
105 | * Label operations | |
02274bb5 | 106 | diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h |
b38be7f7 | 107 | index 2985f6f..e0b2dd4 100644 |
02274bb5 SS |
108 | --- a/libselinux/include/selinux/selinux.h |
109 | +++ b/libselinux/include/selinux/selinux.h | |
110 | @@ -139,7 +139,10 @@ struct av_decision { | |
9c27a234 SS |
111 | /* Structure for passing options, used by AVC and label subsystems */ |
112 | struct selinux_opt { | |
113 | int type; | |
114 | - const char *value; | |
115 | + union { | |
116 | + const char *value; | |
117 | + const char **values; | |
118 | + }; | |
119 | }; | |
120 | ||
121 | /* Callback facilities */ | |
02274bb5 | 122 | @@ -410,6 +413,11 @@ extern int matchpathcon_init(const char *path); |
9c27a234 SS |
123 | regexes that have stems that are prefixes of 'prefix'. */ |
124 | extern int matchpathcon_init_prefix(const char *path, const char *prefix); | |
125 | ||
126 | +/* Same as matchpathcon_init, but only load entries with | |
127 | + * regexes that have stems that are prefixes of the 'prefixes' | |
128 | + * array of entries. The last entry must be NULL. */ | |
129 | +extern int matchpathcon_init_prefixes(const char *patch, const char **prefixes); | |
130 | + | |
131 | /* Free the memory allocated by matchpathcon_init. */ | |
132 | extern void matchpathcon_fini(void); | |
133 | ||
b38be7f7 MT |
134 | @@ -537,7 +545,7 @@ extern int selinux_check_securetty_context(const security_context_t tty_context) |
135 | Normally, this is determined automatically during libselinux | |
136 | initialization, but this is not always possible, e.g. for /sbin/init | |
137 | which performs the initial mount of selinuxfs. */ | |
138 | -void set_selinuxmnt(char *mnt); | |
139 | +void set_selinuxmnt(const char *mnt); | |
140 | ||
141 | /* Check if selinuxfs exists as a kernel filesystem */ | |
142 | int selinuxfs_exists(void); | |
143 | diff --git a/libselinux/man/Makefile b/libselinux/man/Makefile | |
144 | index a20a5d1..a53c4ad 100644 | |
145 | --- a/libselinux/man/Makefile | |
146 | +++ b/libselinux/man/Makefile | |
147 | @@ -13,3 +13,4 @@ install: all | |
148 | install -m 644 man5/*.5 $(MAN5DIR) | |
149 | install -m 644 man8/*.8 $(MAN8DIR) | |
150 | ||
151 | +indent distclean clean: | |
02274bb5 SS |
152 | diff --git a/libselinux/man/man3/matchpathcon.3 b/libselinux/man/man3/matchpathcon.3 |
153 | index cdbb252..b6814ed 100644 | |
154 | --- a/libselinux/man/man3/matchpathcon.3 | |
155 | +++ b/libselinux/man/man3/matchpathcon.3 | |
156 | @@ -8,7 +8,9 @@ matchpathcon, matchpathcon_index \- get the default SELinux security context for | |
9c27a234 SS |
157 | |
158 | .BI "int matchpathcon_init(const char *" path ");" | |
159 | ||
160 | -.BI "int matchpathcon_init_prefix(const char *" path ", const char *" subset ");" | |
161 | +.BI "int matchpathcon_init_prefix(const char *" path ", const char *" prefix ");" | |
162 | + | |
163 | +.BI "int matchpathcon_init_prefixes(const char *" path ", const char **" prefixes ");" | |
164 | ||
165 | .BI "int matchpathcon_fini(void);" | |
166 | .sp | |
02274bb5 | 167 | @@ -50,6 +52,14 @@ by |
9c27a234 SS |
168 | .I prefix. |
169 | ||
170 | .sp | |
171 | +.B matchpathcon_init_prefixes | |
172 | +is the same as | |
173 | +.B matchpathcon_init_prefix | |
174 | +but takes an array of | |
175 | +.I prefixes | |
176 | +instead of a single prefix. The last entry in the array must be NULL. | |
177 | + | |
178 | +.sp | |
179 | .B matchpathcon_fini | |
180 | frees the memory allocated by a prior call to | |
181 | .B matchpathcon_init. | |
02274bb5 | 182 | diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3 |
b38be7f7 | 183 | index 8674e37..fc5b120 100644 |
02274bb5 SS |
184 | --- a/libselinux/man/man3/selabel_open.3 |
185 | +++ b/libselinux/man/man3/selabel_open.3 | |
b38be7f7 MT |
186 | @@ -37,8 +37,11 @@ structures of length |
187 | .ta 4n 16n 24n | |
188 | .nf | |
189 | struct selinux_opt { | |
190 | - int type; | |
191 | - const char *value; | |
192 | + int type; | |
193 | + union { | |
194 | + const char *value; | |
195 | + const char **values; | |
196 | + }; | |
197 | }; | |
198 | .fi | |
199 | .ta | |
200 | @@ -66,6 +69,13 @@ A non-null value for this option enables context validation. By default, | |
9c27a234 SS |
201 | is used; a custom validation function can be provided via |
202 | .BR selinux_set_callback (3). | |
203 | Note that an invalid context may not be treated as an error unless it is actually encountered during a lookup operation. | |
204 | +.TP | |
205 | +.B SELABEL_OPT_SUBSET | |
206 | +A ":" separates string of path prefixes that tell the system to only loads entries with regular expressions that could match this strings. For example "/dev:/var/run:/tmp". This option can cause the system to use less memory and work faster, but you should only use paths that begin with a prefix. | |
207 | +.TP | |
208 | +.B SELABEL_OPT_PATH | |
209 | +A string representing an alternate path the the regular expressions. | |
210 | +.sp | |
211 | ||
212 | .SH "BACKENDS" | |
213 | ||
b38be7f7 | 214 | @@ -99,4 +109,3 @@ Eamon Walsh <ewalsh@tycho.nsa.gov> |
9c27a234 SS |
215 | .BR selabel_stats (3), |
216 | .BR selinux_set_callback (3), | |
217 | .BR selinux (8) | |
218 | - | |
b38be7f7 MT |
219 | diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 |
220 | index 1fc5b95..9f16f77 100644 | |
221 | --- a/libselinux/man/man8/selinux.8 | |
222 | +++ b/libselinux/man/man8/selinux.8 | |
223 | @@ -12,7 +12,7 @@ enforcement of many kinds of mandatory access control policies, | |
224 | including those based on the concepts of Type Enforcement®, Role- | |
225 | Based Access Control, and Multi-Level Security. Background | |
226 | information and technical documentation about SELinux can be found at | |
227 | -http://www.nsa.gov/selinux. | |
228 | +http://www.nsa.gov/research/selinux. | |
229 | ||
230 | The | |
231 | .I /etc/selinux/config | |
232 | diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile | |
233 | index 1ddddb0..985842d 100644 | |
234 | --- a/libselinux/src/Makefile | |
235 | +++ b/libselinux/src/Makefile | |
236 | @@ -51,9 +51,29 @@ endif | |
237 | GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i | |
238 | SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c, $(wildcard *.c)) | |
239 | ||
240 | +MAX_STACK_SIZE=32768 | |
241 | + | |
242 | OBJS= $(patsubst %.c,%.o,$(SRCS)) | |
243 | LOBJS= $(patsubst %.c,%.lo,$(SRCS)) | |
244 | -CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute | |
245 | +CFLAGS ?= -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs \ | |
246 | + -Wunused -Wunknown-pragmas -Wstrict-aliasing -Wshadow -Wpointer-arith \ | |
247 | + -Wbad-function-cast -Wcast-align -Wwrite-strings -Wlogical-op -Waggregate-return \ | |
248 | + -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \ | |
249 | + -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \ | |
250 | + -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \ | |
251 | + -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat \ | |
252 | + -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \ | |
253 | + -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \ | |
254 | + -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \ | |
255 | + -Wnormalized=nfc -Woverflow -Wpointer-to-int-cast -Wpragmas -Wsuggest-attribute=const \ | |
256 | + -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines \ | |
257 | + -Wno-missing-field-initializers -Wno-sign-compare -Wjump-misses-init \ | |
258 | + -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE=2 \ | |
259 | + -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \ | |
260 | + -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \ | |
261 | + -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \ | |
262 | + -Werror -Wno-aggregate-return -Wno-redundant-decls | |
263 | + | |
264 | override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS) | |
265 | RANLIB=ranlib | |
266 | ||
267 | diff --git a/libselinux/src/avc_internal.h b/libselinux/src/avc_internal.h | |
268 | index 53610e8..f851659 100644 | |
269 | --- a/libselinux/src/avc_internal.h | |
270 | +++ b/libselinux/src/avc_internal.h | |
271 | @@ -20,7 +20,7 @@ | |
272 | extern void *(*avc_func_malloc) (size_t) hidden; | |
273 | extern void (*avc_func_free) (void *)hidden; | |
274 | ||
275 | -extern void (*avc_func_log) (const char *, ...)hidden; | |
276 | +extern void (*avc_func_log) (const char *, ...) __attribute__((__format__(printf,1,2))) hidden; | |
277 | extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden; | |
278 | ||
279 | extern int avc_using_threads hidden; | |
02274bb5 SS |
280 | diff --git a/libselinux/src/callbacks.c b/libselinux/src/callbacks.c |
281 | index b245364..7c47222 100644 | |
282 | --- a/libselinux/src/callbacks.c | |
283 | +++ b/libselinux/src/callbacks.c | |
284 | @@ -16,6 +16,7 @@ default_selinux_log(int type __attribute__((unused)), const char *fmt, ...) | |
9c27a234 SS |
285 | { |
286 | int rc; | |
287 | va_list ap; | |
288 | + if (is_selinux_enabled() == 0) return 0; | |
289 | va_start(ap, fmt); | |
290 | rc = vfprintf(stderr, fmt, ap); | |
291 | va_end(ap); | |
b38be7f7 MT |
292 | diff --git a/libselinux/src/get_default_type.c b/libselinux/src/get_default_type.c |
293 | index ca3d291..27f2ae5 100644 | |
294 | --- a/libselinux/src/get_default_type.c | |
295 | +++ b/libselinux/src/get_default_type.c | |
296 | @@ -27,7 +27,8 @@ int get_default_type(const char *role, char **type) | |
297 | static int find_default_type(FILE * fp, const char *role, char **type) | |
298 | { | |
299 | char buf[250]; | |
300 | - char *ptr = "", *end, *t; | |
301 | + const char *ptr = "", *end; | |
302 | + char *t; | |
303 | size_t len; | |
304 | int found = 0; | |
305 | ||
306 | diff --git a/libselinux/src/init.c b/libselinux/src/init.c | |
307 | index 00afde7..6d1ef33 100644 | |
308 | --- a/libselinux/src/init.c | |
309 | +++ b/libselinux/src/init.c | |
310 | @@ -28,7 +28,7 @@ int obj_class_compat = 1; | |
311 | * The file system is read/write | |
312 | * then set this as the default file system. | |
313 | */ | |
314 | -static int verify_selinuxmnt(char *mnt) | |
315 | +static int verify_selinuxmnt(const char *mnt) | |
316 | { | |
317 | struct statfs sfbuf; | |
318 | int rc; | |
319 | @@ -139,7 +139,7 @@ void fini_selinuxmnt(void) | |
320 | ||
321 | hidden_def(fini_selinuxmnt) | |
322 | ||
323 | -void set_selinuxmnt(char *mnt) | |
324 | +void set_selinuxmnt(const char *mnt) | |
325 | { | |
326 | selinux_mnt = strdup(mnt); | |
327 | } | |
02274bb5 | 328 | diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c |
b38be7f7 | 329 | index 7bc46cc..82a608c 100644 |
02274bb5 SS |
330 | --- a/libselinux/src/label_file.c |
331 | +++ b/libselinux/src/label_file.c | |
9c27a234 SS |
332 | @@ -27,6 +27,7 @@ |
333 | * Internals, mostly moved over from matchpathcon.c | |
334 | */ | |
335 | ||
336 | +#define MAX_PREFIX 100 | |
337 | /* A file security context specification. */ | |
338 | typedef struct spec { | |
339 | struct selabel_lookup_rec lr; /* holds contexts for lookup result */ | |
02274bb5 | 340 | @@ -276,7 +277,7 @@ static int compile_regex(struct saved_data *data, spec_t *spec, char **errbuf) |
9c27a234 SS |
341 | |
342 | ||
343 | static int process_line(struct selabel_handle *rec, | |
344 | - const char *path, const char *prefix, | |
345 | + const char *path, const char **prefix_array, | |
346 | char *line_buf, int pass, unsigned lineno) | |
347 | { | |
348 | int items, len; | |
02274bb5 | 349 | @@ -310,12 +311,24 @@ static int process_line(struct selabel_handle *rec, |
9c27a234 SS |
350 | } |
351 | ||
352 | len = get_stem_from_spec(regex); | |
353 | - if (len && prefix && strncmp(prefix, regex, len)) { | |
354 | - /* Stem of regex does not match requested prefix, discard. */ | |
355 | - free(regex); | |
356 | - free(type); | |
357 | - free(context); | |
358 | - return 0; | |
359 | + if (len && prefix_array[0]) { | |
360 | + int i = 0; | |
361 | + int found = 0; | |
362 | + while (i < MAX_PREFIX && prefix_array[i]) { | |
363 | + if (strncmp(prefix_array[i], regex, len) == 0) { | |
364 | + found = 1; | |
365 | + break; | |
366 | + } | |
367 | + i++; | |
368 | + } | |
369 | + | |
370 | + if (! found) { | |
371 | + /* Stem of regex does not match requested prefix, discard. */ | |
372 | + free(regex); | |
373 | + free(type); | |
374 | + free(context); | |
375 | + return 0; | |
376 | + } | |
377 | } | |
378 | ||
379 | if (pass == 1) { | |
02274bb5 | 380 | @@ -397,7 +410,8 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts, |
9c27a234 SS |
381 | { |
382 | struct saved_data *data = (struct saved_data *)rec->data; | |
383 | const char *path = NULL; | |
384 | - const char *prefix = NULL; | |
385 | + const char *static_prefix_array[2] = {NULL, }; | |
386 | + const char **prefix_array = static_prefix_array; | |
387 | FILE *fp; | |
388 | FILE *localfp = NULL; | |
389 | FILE *homedirfp = NULL; | |
02274bb5 | 390 | @@ -418,7 +432,10 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts, |
9c27a234 SS |
391 | path = opts[n].value; |
392 | break; | |
393 | case SELABEL_OPT_SUBSET: | |
394 | - prefix = opts[n].value; | |
395 | + static_prefix_array[0] = opts[n].value; | |
396 | + break; | |
397 | + case SELABEL_OPT_PREFIXES: | |
398 | + prefix_array = opts[n].values; | |
399 | break; | |
400 | case SELABEL_OPT_BASEONLY: | |
401 | baseonly = !!opts[n].value; | |
b38be7f7 | 402 | @@ -481,7 +498,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts, |
9c27a234 SS |
403 | while (getline(&line_buf, &line_len, fp) > 0) { |
404 | if (data->nspec >= maxnspec) | |
405 | break; | |
406 | - status = process_line(rec, path, prefix, line_buf, pass, ++lineno); | |
407 | + status = process_line(rec, path, prefix_array, line_buf, pass, ++lineno); | |
408 | if (status) | |
409 | goto finish; | |
410 | } | |
b38be7f7 | 411 | @@ -497,7 +514,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts, |
9c27a234 SS |
412 | while (getline(&line_buf, &line_len, homedirfp) > 0) { |
413 | if (data->nspec >= maxnspec) | |
414 | break; | |
415 | - status = process_line(rec, homedir_path, prefix, line_buf, pass, ++lineno); | |
416 | + status = process_line(rec, homedir_path, prefix_array, line_buf, pass, ++lineno); | |
417 | if (status) | |
418 | goto finish; | |
419 | } | |
b38be7f7 | 420 | @@ -507,7 +524,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts, |
9c27a234 SS |
421 | while (getline(&line_buf, &line_len, localfp) > 0) { |
422 | if (data->nspec >= maxnspec) | |
423 | break; | |
424 | - status = process_line(rec, local_path, prefix, line_buf, pass, ++lineno); | |
425 | + status = process_line(rec, local_path, prefix_array, line_buf, pass, ++lineno); | |
426 | if (status) | |
427 | goto finish; | |
428 | } | |
b38be7f7 MT |
429 | diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c |
430 | index f569664..10e29b9 100644 | |
431 | --- a/libselinux/src/load_policy.c | |
432 | +++ b/libselinux/src/load_policy.c | |
433 | @@ -369,7 +369,7 @@ int selinux_init_load_policy(int *enforce) | |
434 | * Check for the existence of SELinux via selinuxfs, and | |
435 | * mount it if present for use in the calls below. | |
436 | */ | |
437 | - char *mntpoint = NULL; | |
438 | + const char *mntpoint = NULL; | |
439 | if (mount(SELINUXFS, SELINUXMNT, SELINUXFS, 0, 0) == 0 || errno == EBUSY) { | |
440 | mntpoint = SELINUXMNT; | |
441 | } else { | |
02274bb5 | 442 | diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c |
b38be7f7 | 443 | index 48f7a11..ca87bd2 100644 |
02274bb5 SS |
444 | --- a/libselinux/src/matchpathcon.c |
445 | +++ b/libselinux/src/matchpathcon.c | |
9c27a234 SS |
446 | @@ -2,6 +2,7 @@ |
447 | #include <string.h> | |
448 | #include <errno.h> | |
449 | #include <stdio.h> | |
450 | +#include <syslog.h> | |
451 | #include "selinux_internal.h" | |
452 | #include "label_internal.h" | |
453 | #include "callbacks.h" | |
02274bb5 | 454 | @@ -62,7 +63,7 @@ static void |
9c27a234 SS |
455 | { |
456 | va_list ap; | |
457 | va_start(ap, fmt); | |
458 | - vfprintf(stderr, fmt, ap); | |
459 | + vsyslog(LOG_ERR, fmt, ap); | |
460 | va_end(ap); | |
461 | } | |
462 | ||
b38be7f7 MT |
463 | @@ -292,6 +293,8 @@ static void matchpathcon_thread_destructor(void __attribute__((unused)) *ptr) |
464 | matchpathcon_fini(); | |
465 | } | |
466 | ||
467 | +void __attribute__((destructor)) matchpathcon_lib_destructor(void); | |
468 | + | |
469 | void __attribute__((destructor)) matchpathcon_lib_destructor(void) | |
470 | { | |
471 | if (destructor_key_initialized) | |
472 | @@ -304,7 +307,7 @@ static void matchpathcon_init_once(void) | |
9c27a234 SS |
473 | destructor_key_initialized = 1; |
474 | } | |
475 | ||
476 | -int matchpathcon_init_prefix(const char *path, const char *subset) | |
477 | +int matchpathcon_init_prefixes(const char *path, const char **prefixes) | |
478 | { | |
479 | if (!mycanoncon) | |
480 | mycanoncon = default_canoncon; | |
b38be7f7 | 481 | @@ -312,15 +315,22 @@ int matchpathcon_init_prefix(const char *path, const char *subset) |
9c27a234 SS |
482 | __selinux_once(once, matchpathcon_init_once); |
483 | __selinux_setspecific(destructor_key, (void *)1); | |
484 | ||
485 | - options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET; | |
486 | - options[SELABEL_OPT_SUBSET].value = subset; | |
487 | + options[SELABEL_OPT_PREFIXES].type = SELABEL_OPT_PREFIXES; | |
488 | + options[SELABEL_OPT_PREFIXES].values = prefixes; | |
489 | options[SELABEL_OPT_PATH].type = SELABEL_OPT_PATH; | |
490 | options[SELABEL_OPT_PATH].value = path; | |
491 | ||
492 | hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT); | |
493 | return hnd ? 0 : -1; | |
494 | } | |
495 | +hidden_def(matchpathcon_init_prefixes) | |
b38be7f7 | 496 | + |
9c27a234 SS |
497 | +int matchpathcon_init_prefix(const char *path, const char *prefix) |
498 | +{ | |
499 | + const char *prefixes[2] = { prefix, NULL }; | |
b38be7f7 | 500 | |
9c27a234 SS |
501 | + return matchpathcon_init_prefixes(path, prefixes); |
502 | +} | |
503 | hidden_def(matchpathcon_init_prefix) | |
504 | ||
505 | int matchpathcon_init(const char *path) | |
b38be7f7 MT |
506 | diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c |
507 | index f4c33df..f42cb7c 100644 | |
508 | --- a/libselinux/src/selinux_config.c | |
509 | +++ b/libselinux/src/selinux_config.c | |
510 | @@ -246,172 +246,172 @@ static const char *get_path(int idx) | |
511 | return file_paths[idx]; | |
512 | } | |
513 | ||
514 | -const char *selinux_default_type_path() | |
515 | +const char *selinux_default_type_path(void) | |
516 | { | |
517 | return get_path(DEFAULT_TYPE); | |
518 | } | |
519 | ||
520 | hidden_def(selinux_default_type_path) | |
521 | ||
522 | -const char *selinux_policy_root() | |
523 | +const char *selinux_policy_root(void) | |
524 | { | |
525 | __selinux_once(once, init_selinux_config); | |
526 | return selinux_policyroot; | |
527 | } | |
528 | ||
529 | -const char *selinux_path() | |
530 | +const char *selinux_path(void) | |
531 | { | |
532 | return selinux_rootpath; | |
533 | } | |
534 | ||
535 | hidden_def(selinux_path) | |
536 | ||
537 | -const char *selinux_default_context_path() | |
538 | +const char *selinux_default_context_path(void) | |
539 | { | |
540 | return get_path(DEFAULT_CONTEXTS); | |
541 | } | |
542 | ||
543 | hidden_def(selinux_default_context_path) | |
544 | ||
545 | -const char *selinux_securetty_types_path() | |
546 | +const char *selinux_securetty_types_path(void) | |
547 | { | |
548 | return get_path(SECURETTY_TYPES); | |
549 | } | |
550 | ||
551 | hidden_def(selinux_securetty_types_path) | |
552 | ||
553 | -const char *selinux_failsafe_context_path() | |
554 | +const char *selinux_failsafe_context_path(void) | |
555 | { | |
556 | return get_path(FAILSAFE_CONTEXT); | |
557 | } | |
558 | ||
559 | hidden_def(selinux_failsafe_context_path) | |
560 | ||
561 | -const char *selinux_removable_context_path() | |
562 | +const char *selinux_removable_context_path(void) | |
563 | { | |
564 | return get_path(REMOVABLE_CONTEXT); | |
565 | } | |
566 | ||
567 | hidden_def(selinux_removable_context_path) | |
568 | ||
569 | -const char *selinux_binary_policy_path() | |
570 | +const char *selinux_binary_policy_path(void) | |
571 | { | |
572 | return get_path(BINPOLICY); | |
573 | } | |
574 | ||
575 | hidden_def(selinux_binary_policy_path) | |
576 | ||
577 | -const char *selinux_file_context_path() | |
578 | +const char *selinux_file_context_path(void) | |
579 | { | |
580 | return get_path(FILE_CONTEXTS); | |
581 | } | |
582 | ||
583 | hidden_def(selinux_file_context_path) | |
584 | ||
585 | -const char *selinux_homedir_context_path() | |
586 | +const char *selinux_homedir_context_path(void) | |
587 | { | |
588 | return get_path(HOMEDIR_CONTEXTS); | |
589 | } | |
590 | ||
591 | hidden_def(selinux_homedir_context_path) | |
592 | ||
593 | -const char *selinux_media_context_path() | |
594 | +const char *selinux_media_context_path(void) | |
595 | { | |
596 | return get_path(MEDIA_CONTEXTS); | |
597 | } | |
598 | ||
599 | hidden_def(selinux_media_context_path) | |
600 | ||
601 | -const char *selinux_customizable_types_path() | |
602 | +const char *selinux_customizable_types_path(void) | |
603 | { | |
604 | return get_path(CUSTOMIZABLE_TYPES); | |
605 | } | |
606 | ||
607 | hidden_def(selinux_customizable_types_path) | |
608 | ||
609 | -const char *selinux_contexts_path() | |
610 | +const char *selinux_contexts_path(void) | |
611 | { | |
612 | return get_path(CONTEXTS_DIR); | |
613 | } | |
614 | ||
615 | -const char *selinux_user_contexts_path() | |
616 | +const char *selinux_user_contexts_path(void) | |
617 | { | |
618 | return get_path(USER_CONTEXTS); | |
619 | } | |
620 | ||
621 | hidden_def(selinux_user_contexts_path) | |
622 | ||
623 | -const char *selinux_booleans_path() | |
624 | +const char *selinux_booleans_path(void) | |
625 | { | |
626 | return get_path(BOOLEANS); | |
627 | } | |
628 | ||
629 | hidden_def(selinux_booleans_path) | |
630 | ||
631 | -const char *selinux_users_path() | |
632 | +const char *selinux_users_path(void) | |
633 | { | |
634 | return get_path(USERS_DIR); | |
635 | } | |
636 | ||
637 | hidden_def(selinux_users_path) | |
638 | ||
639 | -const char *selinux_usersconf_path() | |
640 | +const char *selinux_usersconf_path(void) | |
641 | { | |
642 | return get_path(SEUSERS); | |
643 | } | |
644 | ||
645 | hidden_def(selinux_usersconf_path) | |
646 | ||
647 | -const char *selinux_translations_path() | |
648 | +const char *selinux_translations_path(void) | |
649 | { | |
650 | return get_path(TRANSLATIONS); | |
651 | } | |
652 | ||
653 | hidden_def(selinux_translations_path) | |
654 | ||
655 | -const char *selinux_colors_path() | |
656 | +const char *selinux_colors_path(void) | |
657 | { | |
658 | return get_path(COLORS); | |
659 | } | |
660 | ||
661 | hidden_def(selinux_colors_path) | |
662 | ||
663 | -const char *selinux_netfilter_context_path() | |
664 | +const char *selinux_netfilter_context_path(void) | |
665 | { | |
666 | return get_path(NETFILTER_CONTEXTS); | |
667 | } | |
668 | ||
669 | hidden_def(selinux_netfilter_context_path) | |
670 | ||
671 | -const char *selinux_file_context_homedir_path() | |
672 | +const char *selinux_file_context_homedir_path(void) | |
673 | { | |
674 | return get_path(FILE_CONTEXTS_HOMEDIR); | |
675 | } | |
676 | ||
677 | hidden_def(selinux_file_context_homedir_path) | |
678 | ||
679 | -const char *selinux_file_context_local_path() | |
680 | +const char *selinux_file_context_local_path(void) | |
681 | { | |
682 | return get_path(FILE_CONTEXTS_LOCAL); | |
683 | } | |
684 | ||
685 | hidden_def(selinux_file_context_local_path) | |
686 | ||
687 | -const char *selinux_x_context_path() | |
688 | +const char *selinux_x_context_path(void) | |
689 | { | |
690 | return get_path(X_CONTEXTS); | |
691 | } | |
692 | ||
693 | hidden_def(selinux_x_context_path) | |
694 | ||
695 | -const char *selinux_virtual_domain_context_path() | |
696 | +const char *selinux_virtual_domain_context_path(void) | |
697 | { | |
698 | return get_path(VIRTUAL_DOMAIN); | |
699 | } | |
700 | ||
701 | hidden_def(selinux_virtual_domain_context_path) | |
702 | ||
703 | -const char *selinux_virtual_image_context_path() | |
704 | +const char *selinux_virtual_image_context_path(void) | |
705 | { | |
706 | return get_path(VIRTUAL_IMAGE); | |
707 | } | |
708 | @@ -430,7 +430,7 @@ const char * selinux_file_context_subs_dist_path(void) { | |
709 | ||
710 | hidden_def(selinux_file_context_subs_dist_path) | |
711 | ||
712 | -const char *selinux_sepgsql_context_path() | |
713 | +const char *selinux_sepgsql_context_path(void) | |
714 | { | |
715 | return get_path(SEPGSQL_CONTEXTS); | |
716 | } | |
02274bb5 SS |
717 | diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h |
718 | index 710396a..9a3fc14 100644 | |
719 | --- a/libselinux/src/selinux_internal.h | |
720 | +++ b/libselinux/src/selinux_internal.h | |
721 | @@ -80,6 +80,7 @@ hidden_proto(selinux_mkload_policy) | |
9c27a234 SS |
722 | hidden_proto(selinux_path) |
723 | hidden_proto(selinux_check_passwd_access) | |
724 | hidden_proto(selinux_check_securetty_context) | |
725 | + hidden_proto(matchpathcon_init_prefixes) | |
726 | hidden_proto(matchpathcon_init_prefix) | |
727 | hidden_proto(selinux_users_path) | |
728 | hidden_proto(selinux_usersconf_path); | |
b38be7f7 MT |
729 | diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c |
730 | index e074142..9432f49 100644 | |
731 | --- a/libselinux/src/setrans_client.c | |
732 | +++ b/libselinux/src/setrans_client.c | |
733 | @@ -253,6 +253,8 @@ static void setrans_thread_destructor(void __attribute__((unused)) *unused) | |
734 | free(prev_r2c_raw); | |
735 | } | |
736 | ||
737 | +void __attribute__((destructor)) setrans_lib_destructor(void); | |
738 | + | |
739 | void __attribute__((destructor)) setrans_lib_destructor(void) | |
740 | { | |
741 | if (destructor_key_initialized) | |
742 | diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c | |
743 | index b653cad..5cdf6c0 100644 | |
744 | --- a/libselinux/src/seusers.c | |
745 | +++ b/libselinux/src/seusers.c | |
746 | @@ -269,9 +269,10 @@ int getseuser(const char *username, const char *service, | |
747 | size_t lineno = 0; | |
748 | char *rec = NULL; | |
749 | char *path=NULL; | |
750 | + FILE *fp = NULL; | |
751 | if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), username) < 0) | |
752 | goto err; | |
753 | - FILE *fp = fopen(path, "r"); | |
754 | + fp = fopen(path, "r"); | |
755 | free(path); | |
756 | if (fp == NULL) goto err; | |
757 | __fsetlocking(fp, FSETLOCKING_BYCALLER); | |
758 | diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c | |
759 | index f0167e7..176ac34 100644 | |
760 | --- a/libselinux/src/stringrep.c | |
761 | +++ b/libselinux/src/stringrep.c | |
762 | @@ -305,28 +305,6 @@ err1: | |
763 | return NULL; | |
764 | } | |
765 | ||
766 | -void flush_class_cache(void) | |
767 | -{ | |
768 | - struct discover_class_node *cur = discover_class_cache, *prev = NULL; | |
769 | - size_t i; | |
770 | - | |
771 | - while (cur != NULL) { | |
772 | - free(cur->name); | |
773 | - | |
774 | - for (i=0 ; i<MAXVECTORS ; i++) | |
775 | - free(cur->perms[i]); | |
776 | - | |
777 | - free(cur->perms); | |
778 | - | |
779 | - prev = cur; | |
780 | - cur = cur->next; | |
781 | - | |
782 | - free(prev); | |
783 | - } | |
784 | - | |
785 | - discover_class_cache = NULL; | |
786 | -} | |
787 | - | |
788 | static security_class_t string_to_security_class_compat(const char *s) | |
789 | { | |
790 | unsigned int val; | |
791 | diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile | |
792 | index 6f5aa52..d76ccfa 100644 | |
793 | --- a/libselinux/utils/Makefile | |
794 | +++ b/libselinux/utils/Makefile | |
795 | @@ -1,10 +1,28 @@ | |
796 | # Installation directories. | |
797 | PREFIX ?= $(DESTDIR)/usr | |
798 | LIBDIR ?= $(PREFIX)/lib | |
799 | -BINDIR ?= $(PREFIX)/sbin | |
800 | -_BINDIR ?= $(DESTDIR)/sbin | |
801 | - | |
802 | -CFLAGS ?= -Werror -Wall -W | |
803 | +USRBINDIR ?= $(PREFIX)/sbin | |
804 | +SBINDIR ?= $(DESTDIR)/sbin | |
805 | + | |
806 | +MAX_STACK_SIZE=8192 | |
807 | +CFLAGS ?= -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs \ | |
808 | + -Wunused -Wunknown-pragmas -Wstrict-aliasing -Wshadow -Wpointer-arith \ | |
809 | + -Wbad-function-cast -Wcast-align -Wwrite-strings -Wlogical-op -Waggregate-return \ | |
810 | + -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \ | |
811 | + -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \ | |
812 | + -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \ | |
813 | + -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat \ | |
814 | + -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \ | |
815 | + -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \ | |
816 | + -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \ | |
817 | + -Wnormalized=nfc -Woverflow -Wpointer-to-int-cast -Wpragmas -Wsuggest-attribute=const \ | |
818 | + -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines \ | |
819 | + -Wno-missing-field-initializers -Wno-sign-compare -Wjump-misses-init \ | |
820 | + -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE=2 \ | |
821 | + -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \ | |
822 | + -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \ | |
823 | + -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \ | |
824 | + -Werror -Wno-aggregate-return -Wno-redundant-decls | |
825 | override CFLAGS += -I../include -D_GNU_SOURCE $(EMFLAGS) | |
826 | LDLIBS += -L../src -lselinux -L$(LIBDIR) | |
827 | ||
828 | @@ -17,18 +35,18 @@ endif | |
829 | ifeq ($(DISABLE_BOOL),y) | |
830 | UNUSED_TARGETS+=getsebool togglesebool | |
831 | endif | |
832 | -TARGETS:= $(filter-out $(UNUSED_TARGETS) matchpathcon, $(TARGETS)) | |
833 | +TARGETS:= $(filter-out $(UNUSED_TARGETS), $(TARGETS)) | |
834 | ||
835 | -all: $(TARGETS) matchpathcon | |
836 | +all: $(TARGETS) | |
837 | ||
838 | install: all | |
839 | - -mkdir -p $(BINDIR) | |
840 | - install -m 755 $(TARGETS) $(BINDIR) | |
841 | - -mkdir -p $(_BINDIR) | |
842 | - install -m 755 matchpathcon $(_BINDIR) | |
843 | - (cd $(BINDIR); ln -fs ../../sbin/matchpathcon) | |
844 | + -mkdir -p $(USRBINDIR) | |
845 | + install -m 755 $(TARGETS) $(USRBINDIR) | |
846 | + -mkdir -p $(SBINDIR) | |
847 | clean: | |
848 | - rm -f $(TARGETS) matchpathcon *.o *~ | |
849 | + rm -f $(TARGETS) *.o *~ | |
850 | + | |
851 | +distclean: clean | |
852 | ||
853 | indent: | |
854 | ../../scripts/Lindent $(wildcard *.[ch]) | |
855 | diff --git a/libselinux/utils/avcstat.c b/libselinux/utils/avcstat.c | |
856 | index 772118a..7239ef2 100644 | |
857 | --- a/libselinux/utils/avcstat.c | |
858 | +++ b/libselinux/utils/avcstat.c | |
859 | @@ -43,7 +43,7 @@ static char buf[DEF_BUF_SIZE]; | |
860 | /* selinuxfs mount point */ | |
861 | extern char *selinux_mnt; | |
862 | ||
863 | -static void die(const char *msg, ...) | |
864 | +static __attribute__((__format__(printf,1,2))) void die(const char *msg, ...) | |
865 | { | |
866 | va_list args; | |
867 | ||
868 | @@ -118,7 +118,7 @@ int main(int argc, char **argv) | |
869 | exit(0); | |
870 | default: | |
871 | usage(); | |
872 | - die("unrecognized parameter", i); | |
873 | + die("unrecognized parameter '%c'", i); | |
874 | } | |
875 | } | |
876 | ||
877 | diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c | |
878 | index 4f473e4..94c9bff 100644 | |
879 | --- a/libselinux/utils/getconlist.c | |
880 | +++ b/libselinux/utils/getconlist.c | |
881 | @@ -9,7 +9,7 @@ | |
882 | #include <selinux/selinux.h> | |
883 | #include <selinux/get_context_list.h> | |
884 | ||
885 | -void usage(char *name, char *detail, int rc) | |
886 | +static void usage(const char *name, const char *detail, int rc) | |
887 | { | |
888 | fprintf(stderr, "usage: %s [-l level] user [context]\n", name); | |
889 | if (detail) | |
890 | diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c | |
891 | index e6eb98b..049e75c 100644 | |
892 | --- a/libselinux/utils/getdefaultcon.c | |
893 | +++ b/libselinux/utils/getdefaultcon.c | |
894 | @@ -9,7 +9,7 @@ | |
895 | #include <selinux/selinux.h> | |
896 | #include <selinux/get_context_list.h> | |
897 | ||
898 | -void usage(char *name, char *detail, int rc) | |
899 | +static void usage(const char *name, const char *detail, int rc) | |
900 | { | |
901 | fprintf(stderr, "usage: %s [-l level] user fromcon\n", name); | |
902 | if (detail) | |
903 | diff --git a/libselinux/utils/getsebool.c b/libselinux/utils/getsebool.c | |
904 | index cab2bb9..3a90449 100644 | |
905 | --- a/libselinux/utils/getsebool.c | |
906 | +++ b/libselinux/utils/getsebool.c | |
907 | @@ -6,7 +6,7 @@ | |
908 | #include <string.h> | |
909 | #include <selinux/selinux.h> | |
910 | ||
911 | -void usage(const char *progname) | |
912 | +static void usage(const char *progname) | |
913 | { | |
914 | fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname); | |
915 | exit(1); | |
916 | diff --git a/libselinux/utils/matchpathcon.c b/libselinux/utils/matchpathcon.c | |
917 | index 5f0a4c2..b1adadd 100644 | |
918 | --- a/libselinux/utils/matchpathcon.c | |
919 | +++ b/libselinux/utils/matchpathcon.c | |
920 | @@ -13,7 +13,7 @@ | |
921 | #include <stdlib.h> | |
922 | ||
923 | ||
924 | -void usage(const char *progname) | |
925 | +static void usage(const char *progname) | |
926 | { | |
927 | fprintf(stderr, | |
928 | "usage: %s [-N] [-n] [-f file_contexts] [-p prefix] [-Vq] path...\n", | |
929 | @@ -21,7 +21,7 @@ void usage(const char *progname) | |
930 | exit(1); | |
931 | } | |
932 | ||
933 | -int printmatchpathcon(char *path, int header, int mode) | |
934 | +static int printmatchpathcon(const char *path, int header, int mode) | |
935 | { | |
936 | char *buf; | |
937 | int rc = matchpathcon(path, mode, &buf); | |
938 | diff --git a/libselinux/utils/selinux_check_securetty_context.c b/libselinux/utils/selinux_check_securetty_context.c | |
939 | index 95bfb7f..b158eb3 100644 | |
940 | --- a/libselinux/utils/selinux_check_securetty_context.c | |
941 | +++ b/libselinux/utils/selinux_check_securetty_context.c | |
942 | @@ -9,7 +9,7 @@ | |
943 | #include <sys/errno.h> | |
944 | #include <selinux/selinux.h> | |
945 | ||
946 | -void usage(const char *progname) | |
947 | +static void usage(const char *progname) | |
948 | { | |
949 | fprintf(stderr, "usage: %s tty_context...\n", progname); | |
950 | exit(1); | |
951 | diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c | |
952 | index c55fde9..476f564 100644 | |
953 | --- a/libselinux/utils/selinuxexeccon.c | |
954 | +++ b/libselinux/utils/selinuxexeccon.c | |
955 | @@ -9,7 +9,7 @@ | |
956 | #include <selinux/flask.h> | |
957 | #include <selinux/selinux.h> | |
958 | ||
959 | -void usage(char *name, char *detail, int rc) | |
960 | +static void usage(const char *name, const char *detail, int rc) | |
961 | { | |
962 | fprintf(stderr, "usage: %s command [ fromcon ]\n", name); | |
963 | if (detail) | |
964 | diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c | |
965 | index e45b804..df58597 100644 | |
966 | --- a/libselinux/utils/setenforce.c | |
967 | +++ b/libselinux/utils/setenforce.c | |
968 | @@ -6,7 +6,7 @@ | |
969 | #include <strings.h> | |
970 | #include <selinux/selinux.h> | |
971 | ||
972 | -void usage(const char *progname) | |
973 | +static void usage(const char *progname) | |
974 | { | |
975 | fprintf(stderr, "usage: %s [ Enforcing | Permissive | 1 | 0 ]\n", | |
976 | progname); | |
977 | diff --git a/libselinux/utils/togglesebool.c b/libselinux/utils/togglesebool.c | |
978 | index 680ed8d..ad0d2a2 100644 | |
979 | --- a/libselinux/utils/togglesebool.c | |
980 | +++ b/libselinux/utils/togglesebool.c | |
981 | @@ -10,7 +10,7 @@ | |
982 | ||
983 | /* Attempt to rollback the transaction. No need to check error | |
984 | codes since this is rolling back something that blew up. */ | |
985 | -void rollback(int argc, char **argv) | |
986 | +static void rollback(int argc, char **argv) | |
987 | { | |
988 | int i; | |
989 |