2008-01-23 22:11:23 +00:00
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.36/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2008-01-23 16:47:07.000000000 -0500
+++ policycoreutils-2.0.36/audit2allow/audit2allow 2008-01-23 15:47:45.000000000 -0500
2008-01-15 16:34:45 +00:00
@@ -19,7 +19,6 @@
#
import sys
-import tempfile
import sepolgen.audit as audit
import sepolgen.policygen as policygen
2008-01-23 22:11:23 +00:00
@@ -153,9 +152,9 @@
2008-01-15 16:34:45 +00:00
def __process_input(self):
2007-12-21 07:14:11 +00:00
if self.__options.type:
2008-01-15 16:34:45 +00:00
- filter = audit.TypeFilter(self.__options.type)
- self.__avs = self.__parser.to_access(filter)
2008-01-23 22:11:23 +00:00
- self.__selinux_errs = self.__parser.to_role(filter)
2008-01-15 16:34:45 +00:00
+ avcfilter = audit.TypeFilter(self.__options.type)
+ self.__avs = self.__parser.to_access(avcfilter)
+ self.__selinux_errs = self.__parser.to_role(avcfilter)
2007-12-21 07:14:11 +00:00
else:
self.__avs = self.__parser.to_access()
2008-01-23 22:11:23 +00:00
self.__selinux_errs = self.__parser.to_role()
@@ -221,13 +220,14 @@
def __output_audit2why(self):
import selinux
import selinux.audit2why as audit2why
2008-01-15 16:34:45 +00:00
+ import seobject
2008-01-23 22:11:23 +00:00
audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
for i in self.__parser.avc_msgs:
rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
if rc >= 0:
print "%s\n\tWas caused by:" % i.message
if rc == audit2why.NOPOLICY:
- raise "Must call policy_init first"
2008-01-15 16:34:45 +00:00
+ raise RuntimeError("Must call policy_init first")
2008-01-23 22:11:23 +00:00
if rc == audit2why.BADTCON:
print "Invalid Target Context %s\n" % i.tcontext
continue
@@ -241,7 +241,7 @@
print "Invalid permission %s\n" % i.accesses
continue
if rc == audit2why. BADCOMPUTE:
- raise "Error during access vector computation"
2008-01-15 16:34:45 +00:00
+ raise RuntimeError("Error during access vector computation")
2008-01-23 22:11:23 +00:00
if rc == audit2why.ALLOW:
print "\t\tUnknown - would be allowed by active policy\n",
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
@@ -249,18 +249,20 @@
continue
if rc == audit2why.BOOLEAN:
if len(bools) > 1:
- print "\tOne of the following booleans was set incorrectly."
2008-01-10 19:12:45 +00:00
+ print "\tOne of the following booleans being set incorrectly."
2008-01-23 22:11:23 +00:00
for b in bools:
- print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
- print "\t# setsebool -P %s %d" % (b[0], b[1])
2008-01-15 16:34:45 +00:00
+ print "\n\tBoolean %s is %d." % (b[0], not b[1])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
2008-01-23 22:11:23 +00:00
else:
- print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0]
- print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
-
2008-01-15 16:34:45 +00:00
+ print "\tThe boolean %s set incorrectly. " % (bools[0][0])
+ print "\n\tBoolean %s is %d." % (bools[0][0], bools[0][1])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
2008-01-23 22:11:23 +00:00
continue
2008-01-10 19:12:45 +00:00
2008-01-23 22:11:23 +00:00
if rc == audit2why.TERULE:
- print "\t\tMissing or disabled type enforcing (TE) allow rule.\n"
+ print "\t\tMissing or disabled type enforcingment (TE) allow rule.\n"
print "\t\tYou can use audit2allow to generate the missing allow rules and/or load policy to allow this access.\n"
continue
2008-01-08 13:58:11 +00:00
2008-01-23 22:11:23 +00:00
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.36/Makefile
2007-12-19 17:55:58 +00:00
--- nsapolicycoreutils/Makefile 2007-12-19 06:02:52.000000000 -0500
2008-01-23 22:11:23 +00:00
+++ policycoreutils-2.0.36/Makefile 2008-01-23 15:47:45.000000000 -0500
2006-11-14 16:03:27 +00:00
@@ -1,4 +1,4 @@
2007-12-19 17:55:58 +00:00
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
2006-11-14 16:03:27 +00:00
2007-12-19 17:55:58 +00:00
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
2008-01-23 22:11:23 +00:00
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.36/restorecond/restorecond.c
2007-07-20 16:09:40 +00:00
--- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400
2008-01-23 22:11:23 +00:00
+++ policycoreutils-2.0.36/restorecond/restorecond.c 2008-01-23 15:47:45.000000000 -0500
2006-11-29 17:48:22 +00:00
@@ -210,9 +210,10 @@
}
if (fsetfilecon(fd, scontext) < 0) {
- syslog(LOG_ERR,
- "set context %s->%s failed:'%s'\n",
- filename, scontext, strerror(errno));
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR,
+ "set context %s->%s failed:'%s'\n",
+ filename, scontext, strerror(errno));
if (retcontext >= 0)
free(prev_context);
free(scontext);
@@ -225,8 +226,9 @@
if (retcontext >= 0)
free(prev_context);
} else {
- syslog(LOG_ERR, "get context on %s failed: '%s'\n",
- filename, strerror(errno));
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR, "get context on %s failed: '%s'\n",
+ filename, strerror(errno));
}
free(scontext);
close(fd);
2008-01-23 22:11:23 +00:00
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.36/scripts/fixfiles
2008-01-23 19:44:15 +00:00
--- nsapolicycoreutils/scripts/fixfiles 2008-01-23 14:36:28.000000000 -0500
2008-01-23 22:11:23 +00:00
+++ policycoreutils-2.0.36/scripts/fixfiles 2008-01-23 15:47:45.000000000 -0500
2008-01-22 20:50:27 +00:00
@@ -36,8 +36,8 @@
LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(rw/{print $3}';`
-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(ro/{print $3}';`
+FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';`
+FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';`
FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then
2008-01-23 18:37:06 +00:00
@@ -88,11 +88,11 @@
esac; \
2008-01-22 20:50:27 +00:00
fi; \
2008-01-21 21:04:52 +00:00
done | \
2008-01-23 18:37:06 +00:00
- while read pattern ; do sh -c "find $pattern" \
2008-01-22 20:50:27 +00:00
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
2008-01-21 21:04:52 +00:00
- \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
2008-01-23 18:37:06 +00:00
+ while read pattern ; do sh -c "find $pattern \
2008-01-22 20:50:27 +00:00
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \
2008-01-23 18:37:06 +00:00
+ \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
2008-01-21 21:04:52 +00:00
done 2> /dev/null | \
- ${RESTORECON} $2 -f -
+ ${RESTORECON} $2 -0 -f -
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
fi
}
2008-01-23 19:44:15 +00:00
@@ -129,8 +129,8 @@
if [ ! -z "$FILEPATH" ]; then
2007-12-31 16:26:02 +00:00
if [ -x /usr/bin/find ]; then
2008-01-23 19:44:15 +00:00
/usr/bin/find "$FILEPATH" \
2008-01-21 21:04:52 +00:00
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
2008-01-22 20:50:27 +00:00
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o -print0 | \
2008-01-21 21:04:52 +00:00
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
2007-12-31 16:26:02 +00:00
else
2008-01-23 19:44:15 +00:00
${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
2007-12-31 16:26:02 +00:00
fi
2008-01-23 22:11:23 +00:00
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.36/scripts/fixfiles.8
--- nsapolicycoreutils/scripts/fixfiles.8 2007-07-16 14:20:41.000000000 -0400
+++ policycoreutils-2.0.36/scripts/fixfiles.8 2008-01-23 15:48:52.000000000 -0500
@@ -35,7 +35,7 @@
.TP
.B -f
-Don't prompt for removal of /tmp directory.
+Clear /tmp directory with out prompt for removal.
.TP
.B -R rpmpackagename[,rpmpackagename...]
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.36/semanage/semanage
2008-01-23 19:44:15 +00:00
--- nsapolicycoreutils/semanage/semanage 2008-01-23 14:36:28.000000000 -0500
2008-01-23 22:11:23 +00:00
+++ policycoreutils-2.0.36/semanage/semanage 2008-01-23 15:47:45.000000000 -0500
2008-01-23 19:44:15 +00:00
@@ -111,7 +111,7 @@
2007-11-02 20:27:48 +00:00
valid_option["translation"] = []
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
- valid_option["boolean"] += valid_everyone
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
return valid_option
#
2008-01-23 19:44:15 +00:00
@@ -131,7 +131,7 @@
2007-11-02 20:27:48 +00:00
seuser = ""
prefix = ""
heading=1
-
+ value=0
add = 0
modify = 0
delete = 0
2008-01-23 19:44:15 +00:00
@@ -150,7 +150,7 @@
2007-11-02 20:27:48 +00:00
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- 'adf:lhmnp:s:CDR:L:r:t:T:P:S:',
+ '01adf:lhmnp:s:CDR:L:r:t:T:P:S:',
['add',
'delete',
'deleteall',
2008-01-23 19:44:15 +00:00
@@ -160,6 +160,8 @@
2007-11-02 20:27:48 +00:00
'modify',
'noheading',
'localist',
+ 'off',
+ 'on',
'proto=',
'seuser=',
'store=',
2008-01-23 19:44:15 +00:00
@@ -238,6 +240,11 @@
2007-11-02 20:27:48 +00:00
if o == "-T" or o == "--trans":
setrans = a
+ if o == "--on" or o == "-1":
+ value = 1
+ if o == "-off" or o == "-0":
+ value = 0
+
if object == "login":
OBJECT = seobject.loginRecords(store)
2008-01-23 22:11:23 +00:00
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.36/semanage/seobject.py
2008-01-15 16:34:45 +00:00
--- nsapolicycoreutils/semanage/seobject.py 2007-12-10 21:42:27.000000000 -0500
2008-01-23 22:11:23 +00:00
+++ policycoreutils-2.0.36/semanage/seobject.py 2008-01-23 15:47:45.000000000 -0500
2008-01-15 16:34:45 +00:00
@@ -117,6 +117,12 @@
#print _("Failed to translate booleans.\n%s") % e
pass
+def boolean_desc(boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][2])
+ else:
+ return boolean
+
def validate_level(raw):
sensitivity = "s[0-9]*"
category = "c[0-9]*"
@@ -1456,10 +1462,7 @@
return ddict
def get_desc(self, boolean):
- if boolean in booleans_dict:
- return _(booleans_dict[boolean][2])
- else:
- return boolean
+ return boolean_desc(boolean)
def get_category(self, boolean):
if boolean in booleans_dict:
2008-01-23 22:11:23 +00:00
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.36/setfiles/setfiles.8
2008-01-21 21:04:52 +00:00
--- nsapolicycoreutils/setfiles/setfiles.8 2007-07-16 14:20:43.000000000 -0400
2008-01-23 22:11:23 +00:00
+++ policycoreutils-2.0.36/setfiles/setfiles.8 2008-01-23 15:47:45.000000000 -0500
2008-01-21 21:04:52 +00:00
@@ -59,6 +59,9 @@
.TP
.B \-W
display warnings about entries that had no matching files.
+.TP
+.B \-0
+Input items are terminated by a null character instead of by whitespace, and the quotes and backslash are not special (every character is taken literally). Disables the end of file string, which is treated like any other argument. Useful when input items might contain white space, quote marks, or backslashes.The GNU find -print0 option produces input suitable for this mode.
.SH "ARGUMENTS"
.B spec_file
2008-01-23 22:11:23 +00:00
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.36/setfiles/setfiles.c
2008-01-21 21:04:52 +00:00
--- nsapolicycoreutils/setfiles/setfiles.c 2008-01-11 10:52:37.000000000 -0500
2008-01-23 22:11:23 +00:00
+++ policycoreutils-2.0.36/setfiles/setfiles.c 2008-01-23 15:47:45.000000000 -0500
2008-01-21 21:04:52 +00:00
@@ -55,6 +55,7 @@
static int verbose = 0;
static int logging = 0;
static int warn_no_match = 0;
+static int null_terminated = 0;
static char *rootpath = NULL;
static int rootpathlen = 0;
static int recurse; /* Recursive descent. */
@@ -384,7 +385,7 @@
{
if (iamrestorecon) {
fprintf(stderr,
- "usage: %s [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ "usage: %s [-iFnrRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
name);
} else {
fprintf(stderr,
@@ -805,7 +806,7 @@
}
/* Process any options. */
- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW")) > 0) {
+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
switch (opt) {
case 'c':
{
@@ -927,6 +928,9 @@
case 'W':
warn_no_match = 1;
break;
+ case '0':
+ null_terminated = 1;
+ break;
case '?':
usage(argv[0]);
}
@@ -983,6 +987,7 @@
if (use_input_file) {
FILE *f = stdin;
ssize_t len;
+ int delim;
if (strcmp(input_filename, "-") != 0)
f = fopen(input_filename, "r");
if (f == NULL) {
@@ -991,7 +996,9 @@
usage(argv[0]);
}
__fsetlocking(f, FSETLOCKING_BYCALLER);
- while ((len = getline(&buf, &buf_len, f)) > 0) {
+
+ delim = (null_terminated != 0) ? '\0' : '\n';
+ while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
buf[len - 1] = 0;
errors |= process_one(buf);
}
