Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libselinux for openSUSE:Factory checked in at 2026-02-09 11:42:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libselinux (Old) and /work/SRC/openSUSE:Factory/.libselinux.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libselinux" Mon Feb 9 11:42:51 2026 rev:89 rq:1331575 version:3.10 Changes: -------- --- /work/SRC/openSUSE:Factory/libselinux/libselinux-bindings.changes 2025-10-17 17:25:27.561175901 +0200 +++ /work/SRC/openSUSE:Factory/.libselinux.new.1670/libselinux-bindings.changes 2026-02-09 11:43:14.385443504 +0100 @@ -1,0 +2,15 @@ +Thu Feb 5 16:19:20 UTC 2026 - Cathy Hu <[email protected]> + +- Update to version 3.10 + https://github.com/SELinuxProject/selinux/releases/tag/3.10 + * libselinux: fix parsing of the enforcing kernel cmdline parameter + * libselinux: remove out2 labels + * libselinux: refactor selinux_getenforcemode + * libselinux: load_policy: log using selinux_log instead of fprintf + * libselinux: refactor selinux_check_securetty_context + * libselinux: Ignore files removed during relabeling + * libselinux/src/Makefile: build python module without isolation +- keyring: Add key of Jason Zaman <[email protected]> + * added 63191CE94183098689CAB8DB7EF137EC935B0EAF [expires: 2026-02-08] + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libselinux/libselinux.changes 2025-10-17 17:25:27.577176575 +0200 +++ /work/SRC/openSUSE:Factory/.libselinux.new.1670/libselinux.changes 2026-02-09 11:43:14.409444513 +0100 @@ -1,0 +2,15 @@ +Thu Feb 5 16:16:32 UTC 2026 - Cathy Hu <[email protected]> + +- Update to version 3.10 + https://github.com/SELinuxProject/selinux/releases/tag/3.10 + * libselinux: fix parsing of the enforcing kernel cmdline parameter + * libselinux: remove out2 labels + * libselinux: refactor selinux_getenforcemode + * libselinux: load_policy: log using selinux_log instead of fprintf + * libselinux: refactor selinux_check_securetty_context + * libselinux: Ignore files removed during relabeling + * libselinux/src/Makefile: build python module without isolation +- keyring: Add key of Jason Zaman <[email protected]> + * added 63191CE94183098689CAB8DB7EF137EC935B0EAF [expires: 2026-02-08] + +------------------------------------------------------------------- Old: ---- libselinux-3.9.tar.gz libselinux-3.9.tar.gz.asc New: ---- libselinux-3.10.tar.gz libselinux-3.10.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libselinux-bindings.spec ++++++ --- /var/tmp/diff_new_pack.cJFU1p/_old 2026-02-09 11:43:15.349484061 +0100 +++ /var/tmp/diff_new_pack.cJFU1p/_new 2026-02-09 11:43:15.353484228 +0100 @@ -1,7 +1,7 @@ # # spec file for package libselinux-bindings # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,10 +18,10 @@ %{?sle15allpythons} %define python_subpackage_only 1 -%define libsepol_ver 3.9 +%define libsepol_ver 3.10 %define upname libselinux Name: libselinux-bindings -Version: 3.9 +Version: 3.10 Release: 0 Summary: SELinux runtime library and utilities License: SUSE-Public-Domain ++++++ libselinux.spec ++++++ --- /var/tmp/diff_new_pack.cJFU1p/_old 2026-02-09 11:43:15.381485406 +0100 +++ /var/tmp/diff_new_pack.cJFU1p/_new 2026-02-09 11:43:15.385485575 +0100 @@ -1,7 +1,7 @@ # # spec file for package libselinux # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,9 +16,9 @@ # -%define libsepol_ver 3.9 +%define libsepol_ver 3.10 Name: libselinux -Version: 3.9 +Version: 3.10 Release: 0 Summary: SELinux runtime library and utilities License: SUSE-Public-Domain ++++++ libselinux-3.9.tar.gz -> libselinux-3.10.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/Makefile new/libselinux-3.10/Makefile --- old/libselinux-3.9/Makefile 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/Makefile 2026-02-02 03:01:16.000000000 +0100 @@ -50,7 +50,7 @@ endif export COMPILER -all install relabel clean distclean indent: +all install relabel clean distclean: @for subdir in $(SUBDIRS); do \ (cd $$subdir && $(MAKE) $@) || exit 1; \ done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/VERSION new/libselinux-3.10/VERSION --- old/libselinux-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100 @@ -1 +1 @@ -3.9 +3.10 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/include/Makefile new/libselinux-3.10/include/Makefile --- old/libselinux-3.9/include/Makefile 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/include/Makefile 2026-02-02 03:01:16.000000000 +0100 @@ -10,9 +10,5 @@ relabel: -indent: - ../../scripts/Lindent $(wildcard selinux/*.h) - distclean clean: -rm -f selinux/*~ - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/include/selinux/restorecon.h new/libselinux-3.10/include/selinux/restorecon.h --- old/libselinux-3.9/include/selinux/restorecon.h 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/include/selinux/restorecon.h 2026-02-02 03:01:16.000000000 +0100 @@ -134,6 +134,11 @@ */ #define SELINUX_RESTORECON_SET_USER_ROLE 0x40000 +/* + * Count the number of relabeled files (or would be relabeled if "nochange" was not set). + */ + #define SELINUX_RESTORECON_COUNT_RELABELED 0x80000 + /** * selinux_restorecon_set_sehandle - Set the global fc handle. * @hndl: specifies handle to set as the global fc handle. @@ -228,6 +233,16 @@ */ extern long unsigned selinux_restorecon_get_skipped_errors(void); +/* selinux_restorecon_get_relabeled_files - Get the number of relabeled files + * + * If SELINUX_RESTORECON_COUNT_RELABELED was passed to selinux_restorecon(3) or + * selinux_restorecon_parallel(3), this function returns the number of files + * that were successfully relabeled. + * If the SELINUX_RESTORECON_NOCHANGE flag was set, this function returns + * the number of files that would be relabeled. + */ +extern long unsigned selinux_restorecon_get_relabeled_files(void); + #ifdef __cplusplus } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/man/Makefile new/libselinux-3.10/man/Makefile --- old/libselinux-3.9/man/Makefile 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/man/Makefile 2026-02-02 03:01:16.000000000 +0100 @@ -35,4 +35,4 @@ relabel: -indent distclean clean: +format distclean clean: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/man/man3/context_new.3 new/libselinux-3.10/man/man3/context_new.3 --- old/libselinux-3.9/man/man3/context_new.3 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/man/man3/context_new.3 2026-02-02 03:01:16.000000000 +0100 @@ -71,7 +71,7 @@ .SH "RETURN VALUE" On failure .BR context_*_set () -functions return non-zero and 0 on success. +functions return non-zero on failure and 0 on success. The other functions return NULL on failure and non-NULL on success. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/Makefile new/libselinux-3.10/src/Makefile --- old/libselinux-3.9/src/Makefile 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/Makefile 2026-02-02 03:01:16.000000000 +0100 @@ -198,7 +198,7 @@ endif install-pywrap: pywrap - CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) . + CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --no-build-isolation --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) . install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) @@ -223,7 +223,4 @@ distclean: clean rm -f $(GENERATED) $(SWIGFILES) -indent: - ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) - .PHONY: all clean clean-pywrap clean-rubywrap pywrap rubywrap swigify install install-pywrap install-rubywrap distclean diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/canonicalize_context.c new/libselinux-3.10/src/canonicalize_context.c --- old/libselinux-3.9/src/canonicalize_context.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/canonicalize_context.c 2026-02-02 03:01:16.000000000 +0100 @@ -36,12 +36,12 @@ if (strlcpy(buf, con, size) >= size) { errno = EOVERFLOW; ret = -1; - goto out2; + goto out; } ret = write(fd, buf, strlen(buf) + 1); if (ret < 0) - goto out2; + goto out; memset(buf, 0, size); ret = read(fd, buf, size - 1); @@ -54,12 +54,11 @@ *canoncon = strdup(buf); if (!(*canoncon)) { ret = -1; - goto out2; + goto out; } ret = 0; - out2: - free(buf); out: + free(buf); close(fd); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/compute_av.c new/libselinux-3.10/src/compute_av.c --- old/libselinux-3.9/src/compute_av.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/compute_av.c 2026-02-02 03:01:16.000000000 +0100 @@ -46,17 +46,17 @@ if (ret < 0 || (size_t)ret >= len) { errno = EOVERFLOW; ret = -1; - goto out2; + goto out; } ret = write(fd, buf, strlen(buf)); if (ret < 0) - goto out2; + goto out; memset(buf, 0, len); ret = read(fd, buf, len - 1); if (ret < 0) - goto out2; + goto out; ret = sscanf(buf, "%x %x %x %x %u %x", &avd->allowed, &avd->decided, @@ -64,7 +64,7 @@ &avd->seqno, &avd->flags); if (ret < 5) { ret = -1; - goto out2; + goto out; } else if (ret < 6) avd->flags = 0; @@ -79,9 +79,8 @@ map_decision(tclass, avd); ret = 0; - out2: - free(buf); out: + free(buf); close(fd); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/compute_create.c new/libselinux-3.10/src/compute_create.c --- old/libselinux-3.9/src/compute_create.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/compute_create.c 2026-02-02 03:01:16.000000000 +0100 @@ -81,34 +81,33 @@ if (len < 0 || (size_t)len >= size) { errno = EOVERFLOW; ret = -1; - goto out2; + goto out; } if (objname && object_name_encode(objname, buf + len, size - len) < 0) { errno = ENAMETOOLONG; ret = -1; - goto out2; + goto out; } ret = write(fd, buf, strlen(buf)); if (ret < 0) - goto out2; + goto out; memset(buf, 0, size); ret = read(fd, buf, size - 1); if (ret < 0) - goto out2; + goto out; *newcon = strdup(buf); if (!(*newcon)) { ret = -1; - goto out2; + goto out; } ret = 0; - out2: - free(buf); out: + free(buf); close(fd); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/compute_member.c new/libselinux-3.10/src/compute_member.c --- old/libselinux-3.9/src/compute_member.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/compute_member.c 2026-02-02 03:01:16.000000000 +0100 @@ -41,27 +41,26 @@ if (ret < 0 || (size_t)ret >= size) { errno = EOVERFLOW; ret = -1; - goto out2; + goto out; } ret = write(fd, buf, strlen(buf)); if (ret < 0) - goto out2; + goto out; memset(buf, 0, size); ret = read(fd, buf, size - 1); if (ret < 0) - goto out2; + goto out; *newcon = strdup(buf); if (!(*newcon)) { ret = -1; - goto out2; + goto out; } ret = 0; - out2: - free(buf); out: + free(buf); close(fd); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/compute_relabel.c new/libselinux-3.10/src/compute_relabel.c --- old/libselinux-3.9/src/compute_relabel.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/compute_relabel.c 2026-02-02 03:01:16.000000000 +0100 @@ -41,27 +41,26 @@ if (ret < 0 || (size_t)ret >= size) { errno = EOVERFLOW; ret = -1; - goto out2; + goto out; } ret = write(fd, buf, strlen(buf)); if (ret < 0) - goto out2; + goto out; memset(buf, 0, size); ret = read(fd, buf, size - 1); if (ret < 0) - goto out2; + goto out; *newcon = strdup(buf); if (!*newcon) { ret = -1; - goto out2; + goto out; } ret = 0; - out2: - free(buf); out: + free(buf); close(fd); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/compute_user.c new/libselinux-3.10/src/compute_user.c --- old/libselinux-3.9/src/compute_user.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/compute_user.c 2026-02-02 03:01:16.000000000 +0100 @@ -43,27 +43,27 @@ if (ret < 0 || (size_t)ret >= size) { errno = EOVERFLOW; ret = -1; - goto out2; + goto out; } ret = write(fd, buf, strlen(buf)); if (ret < 0) - goto out2; + goto out; memset(buf, 0, size); ret = read(fd, buf, size - 1); if (ret < 0) - goto out2; + goto out; if (sscanf(buf, "%u", &nel) != 1) { ret = -1; - goto out2; + goto out; } ary = malloc((nel + 1) * sizeof(char *)); if (!ary) { ret = -1; - goto out2; + goto out; } ptr = buf + strlen(buf) + 1; @@ -72,16 +72,15 @@ if (!ary[i]) { freeconary(ary); ret = -1; - goto out2; + goto out; } ptr += strlen(ptr) + 1; } ary[nel] = NULL; *con = ary; ret = 0; - out2: - free(buf); out: + free(buf); close(fd); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/get_initial_context.c new/libselinux-3.10/src/get_initial_context.c --- old/libselinux-3.9/src/get_initial_context.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/get_initial_context.c 2026-02-02 03:01:16.000000000 +0100 @@ -46,17 +46,16 @@ } ret = read(fd, buf, size - 1); if (ret < 0) - goto out2; + goto out; *con = strdup(buf); if (!(*con)) { ret = -1; - goto out2; + goto out; } ret = 0; - out2: - free(buf); out: + free(buf); close(fd); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/libselinux.map new/libselinux-3.10/src/libselinux.map --- old/libselinux-3.9/src/libselinux.map 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/libselinux.map 2026-02-02 03:01:16.000000000 +0100 @@ -262,3 +262,8 @@ global: context_to_str; } LIBSELINUX_3.8; + +LIBSELINUX_3.10 { + global: + selinux_restorecon_get_relabeled_files; +} LIBSELINUX_3.9; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/load_policy.c new/libselinux-3.10/src/load_policy.c --- old/libselinux-3.9/src/load_policy.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/load_policy.c 2026-02-02 03:01:16.000000000 +0100 @@ -16,6 +16,7 @@ #include <sepol/policydb.h> #endif #include <dlfcn.h> +#include "callbacks.h" #include "policy.h" #include <limits.h> @@ -136,25 +137,25 @@ fd = open(path, O_RDONLY | O_CLOEXEC); } if (fd < 0) { - fprintf(stderr, - "SELinux: Could not open policy file <= %s.%d: %m\n", - selinux_binary_policy_path(), maxvers); + selinux_log(SELINUX_ERROR, + "SELinux: Could not open policy file <= %s.%d: %m\n", + selinux_binary_policy_path(), maxvers); goto dlclose; } if (fstat(fd, &sb) < 0) { - fprintf(stderr, - "SELinux: Could not stat policy file %s: %m\n", - path); + selinux_log(SELINUX_ERROR, + "SELinux: Could not stat policy file %s: %m\n", + path); goto close; } size = sb.st_size; data = map = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0); if (map == MAP_FAILED) { - fprintf(stderr, - "SELinux: Could not map policy file %s: %m\n", - path); + selinux_log(SELINUX_ERROR, + "SELinux: Could not map policy file %s: %m\n", + path); goto close; } @@ -175,9 +176,9 @@ if (policydb_set_vers(policydb, kernvers) || policydb_to_image(NULL, policydb, &data, &size)) { /* Downgrade failed, keep searching. */ - fprintf(stderr, - "SELinux: Could not downgrade policy file %s, searching for an older version.\n", - path); + selinux_log(SELINUX_ERROR, + "SELinux: Could not downgrade policy file %s, searching for an older version.\n", + path); policy_file_free(pf); policydb_free(policydb); munmap(map, sb.st_size); @@ -192,9 +193,9 @@ rc = security_load_policy(data, size); if (rc) - fprintf(stderr, - "SELinux: Could not load policy file %s: %m\n", - path); + selinux_log(SELINUX_ERROR, + "SELinux: Could not load policy file %s: %m\n", + path); unmap: if (data != map) @@ -205,7 +206,7 @@ dlclose: #ifdef SHARED if (errormsg) - fprintf(stderr, "libselinux: %s\n", errormsg); + selinux_log(SELINUX_ERROR, "libselinux: %s\n", errormsg); if (libsepolh) dlclose(libsepolh); #endif @@ -244,17 +245,28 @@ rc = mount("proc", "/proc", "proc", 0, 0); cfg = fopen("/proc/cmdline", "re"); if (cfg) { - char *tmp; buf = malloc(selinux_page_size); if (!buf) { fclose(cfg); return -1; } - if (fgets(buf, selinux_page_size, cfg) && - (tmp = strstr(buf, "enforcing="))) { - if (tmp == buf || isspace((unsigned char)*(tmp - 1))) { - secmdline = - atoi(tmp + sizeof("enforcing=") - 1); + if (fgets(buf, selinux_page_size, cfg)) { + char *search = buf; + char *tmp; + while ((tmp = strstr(search, "enforcing="))) { + if (tmp == buf || isspace((unsigned char)*(tmp - 1))) { + char *valstr = tmp + sizeof("enforcing=") - 1; + char *endptr; + errno = 0; + const long val = strtol(valstr, &endptr, 0); + if (endptr != valstr && errno == 0) { + secmdline = val ? 1 : 0; + } else { + secmdline = 0; + } + } + /* advance past the current substring, latter arguments take precedence */ + search = tmp + sizeof("enforcing=") - 1; } } fclose(cfg); @@ -306,7 +318,7 @@ *enforce = 0; } else { /* Only emit this error if selinux was not disabled */ - fprintf(stderr, "Mount failed for selinuxfs on %s: %m\n", SELINUXMNT); + selinux_log(SELINUX_ERROR, "Mount failed for selinuxfs on %s: %m\n", SELINUXMNT); } if (rc == 0) @@ -354,7 +366,7 @@ if (orig_enforce != *enforce) { rc = security_setenforce(*enforce); if (rc < 0) { - fprintf(stderr, "SELinux: Unable to switch to %s mode: %m\n", (*enforce ? "enforcing" : "permissive")); + selinux_log(SELINUX_ERROR, "SELinux: Unable to switch to %s mode: %m\n", (*enforce ? "enforcing" : "permissive")); if (*enforce) goto noload; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/procattr.c new/libselinux-3.10/src/procattr.c --- old/libselinux-3.9/src/procattr.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/procattr.c 2026-02-02 03:01:16.000000000 +0100 @@ -153,22 +153,21 @@ ret = read(fd, buf, size - 1); } while (ret < 0 && errno == EINTR); if (ret < 0) - goto out2; + goto out; if (ret == 0) { *context = NULL; - goto out2; + goto out; } *context = strdup(buf); if (!(*context)) { ret = -1; - goto out2; + goto out; } ret = 0; - out2: - free(buf); out: + free(buf); errno_hold = errno; close(fd); errno = errno_hold; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/selinux_check_securetty_context.c new/libselinux-3.10/src/selinux_check_securetty_context.c --- old/libselinux-3.9/src/selinux_check_securetty_context.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/selinux_check_securetty_context.c 2026-02-02 03:01:16.000000000 +0100 @@ -8,45 +8,48 @@ int selinux_check_securetty_context(const char * tty_context) { + FILE *fp = fopen(selinux_securetty_types_path(), "re"); + if (!fp) + return -1; + + context_t con = context_new(tty_context); + if (!con) { + fclose(fp); + return -1; + } + + const char *type = context_type_get(con); + char *line = NULL; char *start, *end = NULL; size_t line_len = 0; - ssize_t len; int found = -1; - FILE *fp; - fp = fopen(selinux_securetty_types_path(), "re"); - if (fp) { - context_t con = context_new(tty_context); - if (con) { - const char *type = context_type_get(con); - while ((len = getline(&line, &line_len, fp)) != -1) { - - if (line[len - 1] == '\n') - line[len - 1] = 0; - - /* Skip leading whitespace. */ - start = line; - while (*start && isspace((unsigned char)*start)) - start++; - if (!(*start)) - continue; - - end = start; - while (*end && !isspace((unsigned char)*end)) - end++; - if (*end) - *end++ = 0; - if (!strcmp(type, start)) { - found = 0; - break; - } - } - free(line); - context_free(con); + ssize_t len; + while ((len = getline(&line, &line_len, fp)) != -1) { + if (line[len - 1] == '\n') + line[len - 1] = 0; + + /* Skip leading whitespace. */ + start = line; + while (*start && isspace((unsigned char)*start)) + start++; + if (!(*start)) + continue; + + end = start; + while (*end && !isspace((unsigned char)*end)) + end++; + if (*end) + *end++ = 0; + if (!strcmp(type, start)) { + found = 0; + break; } - fclose(fp); } + free(line); + context_free(con); + fclose(fp); + return found; } - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/selinux_config.c new/libselinux-3.10/src/selinux_config.c --- old/libselinux-3.9/src/selinux_config.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/selinux_config.c 2026-02-02 03:01:16.000000000 +0100 @@ -88,47 +88,46 @@ int selinux_getenforcemode(int *enforce) { - int ret = -1; FILE *cfg = fopen(SELINUXCONFIG, "re"); - if (cfg) { - char *buf; - char *tag; - int len = sizeof(SELINUXTAG) - 1; - buf = malloc(selinux_page_size); - if (!buf) { - fclose(cfg); - return -1; - } - while (fgets_unlocked(buf, selinux_page_size, cfg)) { - if (strncmp(buf, SELINUXTAG, len)) - continue; - tag = buf+len; - while (isspace((unsigned char)*tag)) - tag++; - if (!strncasecmp - (tag, "enforcing", sizeof("enforcing") - 1)) { - *enforce = 1; - ret = 0; - break; - } else - if (!strncasecmp - (tag, "permissive", - sizeof("permissive") - 1)) { - *enforce = 0; - ret = 0; - break; - } else - if (!strncasecmp - (tag, "disabled", - sizeof("disabled") - 1)) { - *enforce = -1; - ret = 0; - break; - } - } + if (!cfg) + return -1; + + char *buf = malloc(selinux_page_size); + if (!buf) { fclose(cfg); - free(buf); + return -1; + } + + int ret = -1; + const int len = sizeof(SELINUXTAG) - 1; + while (fgets_unlocked(buf, selinux_page_size, cfg)) { + if (strncmp(buf, SELINUXTAG, len)) + continue; + + char *tag = buf + len; + while (isspace((unsigned char)*tag)) + tag++; + + if (!strncasecmp(tag, "enforcing", sizeof("enforcing") - 1)) { + *enforce = 1; + ret = 0; + break; + } else if (!strncasecmp(tag, "permissive", + sizeof("permissive") - 1)) { + *enforce = 0; + ret = 0; + break; + } else if (!strncasecmp(tag, "disabled", + sizeof("disabled") - 1)) { + *enforce = -1; + ret = 0; + break; + } } + + fclose(cfg); + free(buf); + return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/selinux_restorecon.c new/libselinux-3.10/src/selinux_restorecon.c --- old/libselinux-3.9/src/selinux_restorecon.c 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/selinux_restorecon.c 2026-02-02 03:01:16.000000000 +0100 @@ -69,6 +69,9 @@ /* Number of errors ignored during the file tree walk. */ static long unsigned skipped_errors; +/* Number of successfully relabeled files or files that would be relabeled */ +static long unsigned relabeled_files; + /* restorecon_flags for passing to restorecon_sb() */ struct rest_flags { bool nochange; @@ -88,6 +91,7 @@ bool warnonnomatch; bool conflicterror; bool count_errors; + bool count_relabeled; }; static void restorecon_init(void) @@ -650,11 +654,12 @@ } static int restorecon_sb(const char *pathname, const struct stat *sb, - const struct rest_flags *flags, bool first) + const struct rest_flags *flags, bool first, bool *updated_out) { char *newcon = NULL; char *curcon = NULL; int rc; + bool updated = false; const char *lookup_path = pathname; if (rootpath) { @@ -726,6 +731,9 @@ pathname, newcon); if (lgetfilecon_raw(pathname, &curcon) < 0) { + /* Ignore files removed during relabeling if ignore_noent is set */ + if (flags->ignore_noent && errno == ENOENT) + goto out; if (errno != ENODATA) goto err; @@ -733,7 +741,6 @@ } if (curcon == NULL || strcmp(curcon, newcon) != 0) { - bool updated = false; if (!flags->set_specctx && curcon && (is_context_customizable(curcon) > 0)) { @@ -765,8 +772,14 @@ } if (!flags->nochange) { - if (lsetfilecon(pathname, newcon) < 0) - goto err; + if (lsetfilecon(pathname, newcon) < 0) { + /* Ignore files removed during relabeling if ignore_noent is set */ + if (flags->ignore_noent && errno == ENOENT) + goto out; + else + goto err; + } + updated = true; } @@ -787,9 +800,14 @@ syslog(LOG_INFO, "labeling %s to %s\n", pathname, newcon); } + + /* Note: relabel counting handled by caller */ + } out: + if (updated_out) + *updated_out = updated; rc = 0; out1: freecon(curcon); @@ -878,6 +896,7 @@ bool abort; int error; long unsigned skipped_errors; + long unsigned relabeled_files; int saved_errno; pthread_mutex_t mutex; }; @@ -932,9 +951,10 @@ case FTS_NS: error = errno; errno = ftsent->fts_errno; - selinux_log(SELINUX_ERROR, - "Could not stat %s: %m.\n", - ftsent->fts_path); + if (!state->flags.ignore_noent || errno != ENOENT) + selinux_log(SELINUX_ERROR, + "Could not stat %s: %m.\n", + ftsent->fts_path); errno = error; fts_set(fts, ftsent, FTS_SKIP); continue; @@ -1000,8 +1020,9 @@ if (state->parallel) pthread_mutex_unlock(&state->mutex); + bool updated = false; error = restorecon_sb(ent_path, &ent_st, &state->flags, - first); + first, &updated); if (state->parallel) { pthread_mutex_lock(&state->mutex); @@ -1020,6 +1041,8 @@ state->skipped_errors++; else state->error = error; + } else if (updated && state->flags.count_relabeled) { + state->relabeled_files++; } break; } @@ -1077,6 +1100,8 @@ SELINUX_RESTORECON_IGNORE_DIGEST) ? true : false; state.flags.count_errors = (restorecon_flags & SELINUX_RESTORECON_COUNT_ERRORS) ? true : false; + state.flags.count_relabeled = (restorecon_flags & + SELINUX_RESTORECON_COUNT_RELABELED) ? true : false; state.setrestorecondigest = true; state.head = NULL; @@ -1084,6 +1109,7 @@ state.abort = false; state.error = 0; state.skipped_errors = 0; + state.relabeled_files = 0; state.saved_errno = 0; struct stat sb; @@ -1205,7 +1231,11 @@ goto cleanup; } - error = restorecon_sb(pathname, &sb, &state.flags, true); + bool updated = false; + error = restorecon_sb(pathname, &sb, &state.flags, true, &updated); + if (updated && state.flags.count_relabeled) { + state.relabeled_files++; + } goto cleanup; } @@ -1331,6 +1361,7 @@ (void) fts_close(state.fts); errno = state.saved_errno; cleanup: + relabeled_files = state.relabeled_files; if (state.flags.add_assoc) { if (state.flags.verbose) filespec_eval(); @@ -1608,3 +1639,8 @@ { return skipped_errors; } + +long unsigned selinux_restorecon_get_relabeled_files(void) +{ + return relabeled_files; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/src/setup.py new/libselinux-3.10/src/setup.py --- old/libselinux-3.9/src/setup.py 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/src/setup.py 2026-02-02 03:01:16.000000000 +0100 @@ -4,7 +4,7 @@ setup( name="selinux", - version="3.9", + version="3.10", description="SELinux python 3 bindings", author="SELinux Project", author_email="[email protected]", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libselinux-3.9/utils/Makefile new/libselinux-3.10/utils/Makefile --- old/libselinux-3.9/utils/Makefile 2025-07-16 12:55:13.000000000 +0200 +++ new/libselinux-3.10/utils/Makefile 2026-02-02 03:01:16.000000000 +0100 @@ -72,8 +72,4 @@ distclean: clean -indent: - ../../scripts/Lindent $(wildcard *.[ch]) - relabel: - ++++++ libselinux.keyring ++++++ ++++ 1396 lines (skipped) ++++ between libselinux.keyring ++++ and /work/SRC/openSUSE:Factory/.libselinux.new.1670/libselinux.keyring
