policycoreutils/policycoreutils-rhat.patch

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.1 policycoreutils-1.23.10/audit2why/audit2why.1
--- nsapolicycoreutils/audit2why/audit2why.1	1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.23.10/audit2why/audit2why.1	2005-05-17 08:24:26.000000000 -0400
@@ -0,0 +1,62 @@
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
+.\" Copyright (c) 2005 Dan Walsh <dwalsh@redhat.com>
+.\"
+.\" This is free documentation; you can redistribute it and/or
+.\" modify it under the terms of the GNU General Public License as
+.\" published by the Free Software Foundation; either version 2 of
+.\" the License, or (at your option) any later version.
+.\"
+.\" The GNU General Public License's references to "object code"
+.\" and "executables" are to be interpreted as the output of any
+.\" document formatting or typesetting system, including
+.\" intermediate and printed output.
+.\"
+.\" This manual is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public
+.\" License along with this manual; if not, write to the Free
+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
+.\" USA.
+.\"
+.\"
+.TH AUDIT2ALLOW "1" "May 2005" "Security Enhanced Linux" NSA
+.SH NAME
+audit2why \- Translates auditmessages into a description of why the access was denied
+.SH SYNOPSIS
+.B audit2why
+.RI [ options "] "
+.SH OPTIONS
+.TP
+
+.B "\-\-help"
+Print a short usage message
+.TP
+.B "\-p <policyfile>"
+Specify an alternate policy file.
+.SH DESCRIPTION
+.PP
+This utility scans stdin (logfiles) for messages logged when the 
+system denied permission for operations, and generates a reason why the 
+access was denied
+.PP
+.SH EXAMPLE
+$ /usr/sbin/audit2why < /var/log/audit/audit.log
+
+type=KERNEL msg=audit(1115316525.803:399552): avc:  denied  { getattr } for  path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir
+	Was caused by:
+		Missing TE allow rule for the type pair (use audit2allow).
+
+type=KERNEL msg=audit(1115320071.648:606858): avc:  denied  { append } for  name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+	Was caused by:
+		Constraint violation (add type attribute to domain to satisfy constraints or alter constraint).
+
+
+.PP
+.SH AUTHOR
+This manual page was written by 
+.I Dan Walsh <dwalsh@redhat.com>,
+.B audit2why
+utility was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-1.23.10/audit2why/Makefile
--- nsapolicycoreutils/audit2why/Makefile	2005-05-16 15:40:11.000000000 -0400
+++ policycoreutils-1.23.10/audit2why/Makefile	2005-05-17 08:25:00.000000000 -0400
@@ -17,6 +17,8 @@
 install: all
 	-mkdir -p $(BINDIR)
 	install -m 755 $(TARGETS) $(BINDIR)
+	-mkdir -p $(MANDIR)/man1
+	install -m 644 audit2why.1 $(MANDIR)/man1/
 
 clean:
 	rm -f $(TARGETS) *.o
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.23.10/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles	2005-04-29 14:11:23.000000000 -0400
+++ policycoreutils-1.23.10/scripts/fixfiles	2005-05-17 08:24:26.000000000 -0400
@@ -164,7 +164,7 @@
 fi
 
 # See how we were called.
-while getopts "C:Fo:R:l:" i; do
+while getopts "C:Ffo:R:l:" i; do
     case "$i" in
 	f)
 		fullFlag=1
* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-1 - Update to match NSA * Extended audit2why to incorporate booleans and local user settings when analyzing audit messages. 2005-05-17 12:38:08 +00:00			`diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.1 policycoreutils-1.23.10/audit2why/audit2why.1`
* Fri May 13 2005 Dan Walsh <dwalsh@redhat.com> 1.23.8-1 - Fix fixfiles to accept -f - Update to match NSA * Added audit2why utility. 2005-05-13 19:32:32 +00:00			`--- nsapolicycoreutils/audit2why/audit2why.1 1969-12-31 19:00:00.000000000 -0500`
* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-1 - Update to match NSA * Extended audit2why to incorporate booleans and local user settings when analyzing audit messages. 2005-05-17 12:38:08 +00:00			`+++ policycoreutils-1.23.10/audit2why/audit2why.1 2005-05-17 08:24:26.000000000 -0400`
* Fri May 13 2005 Dan Walsh <dwalsh@redhat.com> 1.23.8-1 - Fix fixfiles to accept -f - Update to match NSA * Added audit2why utility. 2005-05-13 19:32:32 +00:00			`@@ -0,0 +1,62 @@`
			`+.\" Hey, Emacs! This is an -- nroff -- source file.`
			`+.\" Copyright (c) 2005 Dan Walsh <dwalsh@redhat.com>`
			`+.\"`
			`+.\" This is free documentation; you can redistribute it and/or`
			`+.\" modify it under the terms of the GNU General Public License as`
			`+.\" published by the Free Software Foundation; either version 2 of`
			`+.\" the License, or (at your option) any later version.`
			`+.\"`
			`+.\" The GNU General Public License's references to "object code"`
			`+.\" and "executables" are to be interpreted as the output of any`
			`+.\" document formatting or typesetting system, including`
			`+.\" intermediate and printed output.`
			`+.\"`
			`+.\" This manual is distributed in the hope that it will be useful,`
			`+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`+.\" GNU General Public License for more details.`
			`+.\"`
			`+.\" You should have received a copy of the GNU General Public`
			`+.\" License along with this manual; if not, write to the Free`
			`+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,`
			`+.\" USA.`
			`+.\"`
			`+.\"`
			`+.TH AUDIT2ALLOW "1" "May 2005" "Security Enhanced Linux" NSA`
			`+.SH NAME`
			`+audit2why \- Translates auditmessages into a description of why the access was denied`
			`+.SH SYNOPSIS`
			`+.B audit2why`
			`+.RI [ options "] "`
			`+.SH OPTIONS`
			`+.TP`
			`+`
			`+.B "\-\-help"`
			`+Print a short usage message`
			`+.TP`
			`+.B "\-p <policyfile>"`
			`+Specify an alternate policy file.`
			`+.SH DESCRIPTION`
			`+.PP`
			`+This utility scans stdin (logfiles) for messages logged when the`
			`+system denied permission for operations, and generates a reason why the`
			`+access was denied`
			`+.PP`
			`+.SH EXAMPLE`
			`+$ /usr/sbin/audit2why < /var/log/audit/audit.log`
			`+`
			`+type=KERNEL msg=audit(1115316525.803:399552): avc: denied { getattr } for path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir`
			`+ Was caused by:`
			`+ Missing TE allow rule for the type pair (use audit2allow).`
			`+`
			`+type=KERNEL msg=audit(1115320071.648:606858): avc: denied { append } for name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file`
			`+ Was caused by:`
			`+ Constraint violation (add type attribute to domain to satisfy constraints or alter constraint).`
			`+`
			`+`
			`+.PP`
			`+.SH AUTHOR`
			`+This manual page was written by`
			`+.I Dan Walsh <dwalsh@redhat.com>,`
			`+.B audit2why`
			`+utility was written by Stephen Smalley <sds@tycho.nsa.gov>.`
* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-1 - Update to match NSA * Extended audit2why to incorporate booleans and local user settings when analyzing audit messages. 2005-05-17 12:38:08 +00:00			`diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-1.23.10/audit2why/Makefile`
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.23.9-1 - Update to match NSA * Updated audit2why for sepol_ prefixes on Flask types to avoid namespace collision with libselinux, and to include <selinux/selinux.h> now. 2005-05-16 20:32:42 +00:00			`--- nsapolicycoreutils/audit2why/Makefile 2005-05-16 15:40:11.000000000 -0400`
* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-1 - Update to match NSA * Extended audit2why to incorporate booleans and local user settings when analyzing audit messages. 2005-05-17 12:38:08 +00:00			`+++ policycoreutils-1.23.10/audit2why/Makefile 2005-05-17 08:25:00.000000000 -0400`
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.23.9-1 - Update to match NSA * Updated audit2why for sepol_ prefixes on Flask types to avoid namespace collision with libselinux, and to include <selinux/selinux.h> now. 2005-05-16 20:32:42 +00:00			`@@ -17,6 +17,8 @@`
* Fri May 13 2005 Dan Walsh <dwalsh@redhat.com> 1.23.8-1 - Fix fixfiles to accept -f - Update to match NSA * Added audit2why utility. 2005-05-13 19:32:32 +00:00			`install: all`
			`-mkdir -p $(BINDIR)`
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.23.9-1 - Update to match NSA * Updated audit2why for sepol_ prefixes on Flask types to avoid namespace collision with libselinux, and to include <selinux/selinux.h> now. 2005-05-16 20:32:42 +00:00			`install -m 755 $(TARGETS) $(BINDIR)`
* Fri May 13 2005 Dan Walsh <dwalsh@redhat.com> 1.23.8-1 - Fix fixfiles to accept -f - Update to match NSA * Added audit2why utility. 2005-05-13 19:32:32 +00:00			`+ -mkdir -p $(MANDIR)/man1`
			`+ install -m 644 audit2why.1 $(MANDIR)/man1/`

			`clean:`
			`rm -f $(TARGETS) *.o`
* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-1 - Update to match NSA * Extended audit2why to incorporate booleans and local user settings when analyzing audit messages. 2005-05-17 12:38:08 +00:00			`diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.23.10/scripts/fixfiles`
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.7-1 - Change -f flag in fixfiles to remove stuff from /tmp - Change -F flag to pass -F flag to restorecon/fixfiles. (IE Force relabel). 2005-05-13 18:50:07 +00:00			`--- nsapolicycoreutils/scripts/fixfiles 2005-04-29 14:11:23.000000000 -0400`
* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-1 - Update to match NSA * Extended audit2why to incorporate booleans and local user settings when analyzing audit messages. 2005-05-17 12:38:08 +00:00			`+++ policycoreutils-1.23.10/scripts/fixfiles 2005-05-17 08:24:26.000000000 -0400`
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.7-1 - Change -f flag in fixfiles to remove stuff from /tmp - Change -F flag to pass -F flag to restorecon/fixfiles. (IE Force relabel). 2005-05-13 18:50:07 +00:00			`@@ -164,7 +164,7 @@`
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.6-2 - Change -f flag in fixfiles to remove stuff from /tmp - Change -F flag to pass -F flag to restorecon/fixfiles. (IE Force relabel). 2005-04-29 14:55:24 +00:00			`fi`

			`# See how we were called.`
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.7-1 - Change -f flag in fixfiles to remove stuff from /tmp - Change -F flag to pass -F flag to restorecon/fixfiles. (IE Force relabel). 2005-05-13 18:50:07 +00:00			`-while getopts "C:Fo:R:l:" i; do`
			`+while getopts "C:Ffo:R:l:" i; do`
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.6-2 - Change -f flag in fixfiles to remove stuff from /tmp - Change -F flag to pass -F flag to restorecon/fixfiles. (IE Force relabel). 2005-04-29 14:55:24 +00:00			`case "$i" in`
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.7-1 - Change -f flag in fixfiles to remove stuff from /tmp - Change -F flag to pass -F flag to restorecon/fixfiles. (IE Force relabel). 2005-05-13 18:50:07 +00:00			`f)`
			`fullFlag=1`