2006-09-18 20:02:57 +00:00
|
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.29/audit2allow/avc.py
|
|
|
|
|
--- nsapolicycoreutils/audit2allow/avc.py 2006-09-14 08:07:24.000000000 -0400
|
|
|
|
|
+++ policycoreutils-1.30.29/audit2allow/avc.py 2006-09-18 15:58:50.000000000 -0400
|
|
|
|
|
@@ -357,6 +357,15 @@
|
|
|
|
|
break
|
|
|
|
|
else:
|
|
|
|
|
dict.append(i)
|
|
|
|
|
+
|
|
|
|
|
+ if not found:
|
|
|
|
|
+ regexp = "audit\(\d+\.\d+:\d+\): policy loaded"
|
|
|
|
|
+ m = re.match(regexp, line)
|
|
|
|
|
+ if m !=None:
|
|
|
|
|
+ found =1
|
|
|
|
|
+ dict.append("load_policy")
|
|
|
|
|
+ dict.append("granted")
|
|
|
|
|
+
|
|
|
|
|
if found:
|
|
|
|
|
self.translate(dict)
|
|
|
|
|
found = 0
|
|
|
|
|
Binary files nsapolicycoreutils/restorecon/restorecon and policycoreutils-1.30.29/restorecon/restorecon differ
|
2006-09-14 12:34:54 +00:00
|
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.30.29/restorecon/restorecon.8
|
2006-08-31 15:11:57 +00:00
|
|
|
--- nsapolicycoreutils/restorecon/restorecon.8 2006-08-28 16:58:19.000000000 -0400
|
2006-09-16 11:50:44 +00:00
|
|
|
+++ policycoreutils-1.30.29/restorecon/restorecon.8 2006-09-15 09:19:49.000000000 -0400
|
2006-08-31 15:11:57 +00:00
|
|
|
@@ -23,6 +23,9 @@
|
|
|
|
|
|
|
|
|
|
.SH "OPTIONS"
|
|
|
|
|
.TP
|
|
|
|
|
+.B \-i
|
|
|
|
|
+ignore files that do not exist
|
|
|
|
|
+.TP
|
|
|
|
|
.B \-f infilename
|
|
|
|
|
infilename contains a list of files to be processed by application. Use \- for stdin.
|
|
|
|
|
.TP
|
2006-09-14 12:34:54 +00:00
|
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.30.29/restorecon/restorecon.c
|
2006-09-02 02:43:09 +00:00
|
|
|
--- nsapolicycoreutils/restorecon/restorecon.c 2006-09-01 22:32:11.000000000 -0400
|
2006-09-16 11:50:44 +00:00
|
|
|
+++ policycoreutils-1.30.29/restorecon/restorecon.c 2006-09-15 09:19:49.000000000 -0400
|
2006-09-08 14:53:08 +00:00
|
|
|
@@ -11,9 +11,10 @@
|
2006-08-31 15:11:57 +00:00
|
|
|
* restorecon [-Rnv] pathname...
|
|
|
|
|
*
|
|
|
|
|
* -e Specify directory to exclude
|
|
|
|
|
+ * -i Ignore error if file does not exist
|
|
|
|
|
* -n Do not change any file labels.
|
|
|
|
|
* -v Show changes in file labels.
|
2006-09-08 14:53:08 +00:00
|
|
|
- * -o filename save list of files with incorrect context
|
2006-09-16 11:50:44 +00:00
|
|
|
+ * -o filename save list of files with incorrect context
|
2006-09-08 14:53:08 +00:00
|
|
|
* -F Force reset of context to match file_context for customizable files
|
|
|
|
|
*
|
|
|
|
|
* pathname... The file(s) to label
|
2006-09-11 14:29:14 +00:00
|
|
|
@@ -41,12 +42,14 @@
|
|
|
|
|
#include <ftw.h>
|
|
|
|
|
|
2006-09-08 14:53:08 +00:00
|
|
|
static int change = 1;
|
2006-09-11 14:29:14 +00:00
|
|
|
+static int change_ctr = 0;
|
2006-09-08 14:53:08 +00:00
|
|
|
static int verbose = 0;
|
|
|
|
|
static int progress = 0;
|
2006-09-14 12:34:54 +00:00
|
|
|
static FILE *outfile = NULL;
|
2006-08-31 15:11:57 +00:00
|
|
|
static char *progname;
|
|
|
|
|
static int errors = 0;
|
|
|
|
|
static int recurse = 0;
|
|
|
|
|
+static int file_exist = 1;
|
|
|
|
|
static int force = 0;
|
|
|
|
|
#define STAT_BLOCK_SIZE 1
|
|
|
|
|
static int pipe_fds[2] = { -1, -1 };
|
2006-09-11 14:29:14 +00:00
|
|
|
@@ -129,7 +132,7 @@
|
2006-08-31 15:11:57 +00:00
|
|
|
void usage(const char *const name)
|
|
|
|
|
{
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
- "usage: %s [-FnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
|
2006-09-16 11:50:44 +00:00
|
|
|
+ "usage: %s [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
|
2006-08-31 15:11:57 +00:00
|
|
|
name);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
2006-09-16 11:50:44 +00:00
|
|
|
@@ -160,6 +163,8 @@
|
2006-08-31 15:11:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (lstat(filename, &st) != 0) {
|
|
|
|
|
+ if (!file_exist && errno == ENOENT)
|
|
|
|
|
+ return 0;
|
2006-09-16 11:50:44 +00:00
|
|
|
fprintf(stderr, "lstat(%s) failed: %s\n", filename,
|
2006-08-31 15:11:57 +00:00
|
|
|
strerror(errno));
|
|
|
|
|
return 1;
|
2006-09-16 11:50:44 +00:00
|
|
|
@@ -249,7 +254,10 @@
|
2006-09-11 14:29:14 +00:00
|
|
|
freecon(scontext);
|
|
|
|
|
return 1;
|
2006-09-08 14:53:08 +00:00
|
|
|
}
|
2006-09-11 14:29:14 +00:00
|
|
|
- }
|
|
|
|
|
+ }
|
|
|
|
|
+ else
|
|
|
|
|
+ change_ctr++;
|
|
|
|
|
+
|
2006-09-08 14:53:08 +00:00
|
|
|
if (verbose)
|
2006-09-16 11:50:44 +00:00
|
|
|
printf("%s reset %s context %s->%s\n",
|
2006-09-08 14:53:08 +00:00
|
|
|
progname, filename,
|
2006-09-16 11:50:44 +00:00
|
|
|
@@ -322,6 +330,8 @@
|
2006-08-31 15:11:57 +00:00
|
|
|
close(pipe_fds[1]);
|
|
|
|
|
if (rc == -1 || rc > 0) {
|
|
|
|
|
if (nftw(buf, apply_spec, 1024, FTW_PHYS)) {
|
|
|
|
|
+ if (!file_exist && errno == ENOENT)
|
|
|
|
|
+ return;
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"%s: error while labeling files under %s\n",
|
|
|
|
|
progname, buf);
|
2006-09-16 11:50:44 +00:00
|
|
|
@@ -353,11 +363,14 @@
|
2006-08-31 15:11:57 +00:00
|
|
|
exit(0);
|
|
|
|
|
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
|
|
|
|
|
|
|
|
|
|
- while ((opt = getopt(argc, argv, "pFrRnvf:o:e:")) > 0) {
|
2006-09-14 12:34:54 +00:00
|
|
|
+ while ((opt = getopt(argc, argv, "ipFrRnvf:o:e:")) > 0) {
|
2006-08-31 15:11:57 +00:00
|
|
|
switch (opt) {
|
|
|
|
|
case 'n':
|
|
|
|
|
change = 0;
|
|
|
|
|
break;
|
|
|
|
|
+ case 'i':
|
|
|
|
|
+ file_exist = 0;
|
|
|
|
|
+ break;
|
|
|
|
|
case 'r':
|
|
|
|
|
case 'R':
|
|
|
|
|
recurse = 1;
|
2006-09-16 11:50:44 +00:00
|
|
|
@@ -370,13 +383,17 @@
|
2006-09-08 14:53:08 +00:00
|
|
|
exit(1);
|
|
|
|
|
break;
|
|
|
|
|
case 'o':
|
|
|
|
|
- outfile = fopen(optarg, "w");
|
|
|
|
|
- if (!outfile) {
|
|
|
|
|
- fprintf(stderr, "Error opening %s: %s\n",
|
|
|
|
|
- optarg, strerror(errno));
|
|
|
|
|
- usage(argv[0]);
|
2006-09-14 12:34:54 +00:00
|
|
|
+ if (strcmp(optarg,"-") == 0)
|
|
|
|
|
+ outfile=stdout;
|
|
|
|
|
+ else {
|
|
|
|
|
+ outfile = fopen(optarg, "w");
|
|
|
|
|
+ if (!outfile) {
|
|
|
|
|
+ fprintf(stderr, "Error opening %s: %s\n",
|
|
|
|
|
+ optarg, strerror(errno));
|
|
|
|
|
+ usage(argv[0]);
|
|
|
|
|
+ }
|
|
|
|
|
+ __fsetlocking(outfile, FSETLOCKING_BYCALLER);
|
|
|
|
|
}
|
2006-09-08 14:53:08 +00:00
|
|
|
- __fsetlocking(outfile, FSETLOCKING_BYCALLER);
|
|
|
|
|
break;
|
|
|
|
|
case 'v':
|
|
|
|
|
if (progress) {
|
2006-09-16 11:50:44 +00:00
|
|
|
@@ -428,5 +445,7 @@
|
2006-09-14 12:34:54 +00:00
|
|
|
if (outfile)
|
|
|
|
|
fclose(outfile);
|
2006-09-08 14:53:08 +00:00
|
|
|
|
2006-09-14 12:34:54 +00:00
|
|
|
+ if (change) return change_ctr;
|
|
|
|
|
+
|
2006-09-08 14:53:08 +00:00
|
|
|
return errors;
|
|
|
|
|
}
|
2006-09-14 12:34:54 +00:00
|
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.30.29/scripts/fixfiles
|
2006-09-02 02:43:09 +00:00
|
|
|
--- nsapolicycoreutils/scripts/fixfiles 2006-09-01 22:32:11.000000000 -0400
|
2006-09-16 11:50:44 +00:00
|
|
|
+++ policycoreutils-1.30.29/scripts/fixfiles 2006-09-15 09:20:06.000000000 -0400
|
|
|
|
|
@@ -117,7 +117,7 @@
|
2006-09-06 14:54:32 +00:00
|
|
|
exit $?
|
2006-08-31 15:11:57 +00:00
|
|
|
fi
|
|
|
|
|
if [ ! -z "$RPMFILES" ]; then
|
2006-09-06 14:54:32 +00:00
|
|
|
- for i in `echo $RPMFILES | sed 's/,/ /g'`; do
|
|
|
|
|
+ for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
2006-09-16 11:50:44 +00:00
|
|
|
rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* -f - 2>&1 >> $LOGFILE
|
2006-08-31 15:11:57 +00:00
|
|
|
done
|
2006-09-08 14:53:08 +00:00
|
|
|
exit $?
|
2006-09-06 14:54:32 +00:00
|
|
|
@@ -219,7 +219,7 @@
|
|
|
|
|
# check if they specified both DIRS and RPMFILES
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
-if [ ! -z $RPMFILES ]; then
|
|
|
|
|
+if [ ! -z "$RPMFILES" ]; then
|
|
|
|
|
if [ $OPTIND -le $# ]; then
|
|
|
|
|
usage
|
|
|
|
|
fi
|
2006-09-16 11:50:44 +00:00
|
|
|
@@ -236,6 +236,7 @@
|
|
|
|
|
case "$command" in
|
|
|
|
|
restore) restore -p ;;
|
|
|
|
|
check) restore -n -v ;;
|
|
|
|
|
+ verify) restore -n -o -;;
|
|
|
|
|
relabel) relabel;;
|
|
|
|
|
*)
|
|
|
|
|
usage
|
2006-09-18 20:02:57 +00:00
|
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-1.30.29/scripts/fixfiles.8
|
|
|
|
|
--- nsapolicycoreutils/scripts/fixfiles.8 2006-08-28 16:58:19.000000000 -0400
|
|
|
|
|
+++ policycoreutils-1.30.29/scripts/fixfiles.8 2006-09-15 09:23:17.000000000 -0400
|
|
|
|
|
@@ -3,9 +3,9 @@
|
|
|
|
|
fixfiles \- fix file security contexts.
|
|
|
|
|
|
|
|
|
|
.SH "SYNOPSIS"
|
|
|
|
|
-.B fixfiles [-F] [ -R rpmpackagename[,rpmpackagename...] ] [ -C PREVIOUS_FILECONTEXT ] [-l logfile ] [-o outputfile ] { check | restore | [-F] relabel }"
|
|
|
|
|
+.B fixfiles [-F] [ -R rpmpackagename[,rpmpackagename...] ] [ -C PREVIOUS_FILECONTEXT ] [-l logfile ] [-o outputfile ] { check | restore | [-F] relabel | verify }"
|
|
|
|
|
|
|
|
|
|
-.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel } [[dir/file] ... ]
|
|
|
|
|
+.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
|
|
|
|
|
|
|
|
|
|
.SH "DESCRIPTION"
|
|
|
|
|
This manual page describes the
|
|
|
|
|
@@ -48,7 +48,7 @@
|
|
|
|
|
One of:
|
|
|
|
|
.TP
|
|
|
|
|
.B check
|
|
|
|
|
-show any incorrect file context labels but do not change them.
|
|
|
|
|
+print any incorrect file context labels, showing old and new context, but do not change them.
|
|
|
|
|
.TP
|
|
|
|
|
.B restore
|
|
|
|
|
change any incorrect file context labels.
|
|
|
|
|
@@ -56,6 +56,9 @@
|
|
|
|
|
.B relabel
|
|
|
|
|
Prompt for removal of contents of /tmp directory and then change any inccorect file context labels to match the install file_contexts file.
|
|
|
|
|
.TP
|
|
|
|
|
+.B verify
|
|
|
|
|
+List out files with incorrect file context labels, but do not change them.
|
|
|
|
|
+.TP
|
|
|
|
|
.B [[dir/file] ... ]
|
|
|
|
|
List of files or directories trees that you wish to check file context on.
|
|
|
|
|
|
