diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index ee6a84d..00a62c0 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,3 +1,15 @@ +--- policycoreutils-1.14.1/setfiles/setfiles.c.rhat 2004-06-30 12:03:27.000000000 -0400 ++++ policycoreutils-1.14.1/setfiles/setfiles.c 2004-07-06 16:44:21.464473808 -0400 +@@ -654,7 +654,8 @@ + + freecon(context); + +- if (outfile) ++ if (outfile && ++ !only_changed_user(context, spec_arr[i].context)) + fprintf(outfile, "%s\n", my_file); + + /* --- policycoreutils-1.14.1/scripts/Makefile.rhat 2004-06-30 12:03:27.000000000 -0400 +++ policycoreutils-1.14.1/scripts/Makefile 2004-06-30 13:14:42.000000000 -0400 @@ -12,6 +12,7 @@ @@ -9,7 +21,7 @@ install -m 644 fixfiles.8.gz $(MANDIR)/man8/ --- policycoreutils-1.14.1/scripts/fixfiles.cron.rhat 2004-06-30 13:12:42.000000000 -0400 -+++ policycoreutils-1.14.1/scripts/fixfiles.cron 2004-07-06 11:35:18.896372632 -0400 ++++ policycoreutils-1.14.1/scripts/fixfiles.cron 2004-07-06 16:12:48.000000000 -0400 @@ -0,0 +1,22 @@ +#!/bin/sh + @@ -27,14 +39,14 @@ +if [ $? -eq 0 ]; then + renice +19 -p $$ >/dev/null 2>&1 + OUTFILE=`mktemp ${INVALIDFILE}.XXXXXXXXXX` || exit 1 -+ /sbin/fixfiles -o $OUTFILE $CRONTYPE ++ /sbin/fixfiles -l /dev/null -o $OUTFILE $CRONTYPE + mv -f $OUTFILE $INVALIDFILE + if [ -s $INVALIDFILE ]; then + mail ${MAILTO} -s "Invalid File Contexts" < $INVALIDFILE + fi +fi --- policycoreutils-1.14.1/scripts/fixfiles.rhat 2004-06-30 13:10:21.000000000 -0400 -+++ policycoreutils-1.14.1/scripts/fixfiles 2004-06-30 13:11:46.000000000 -0400 ++++ policycoreutils-1.14.1/scripts/fixfiles 2004-07-06 16:29:00.000000000 -0400 @@ -19,25 +19,37 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software @@ -50,7 +62,7 @@ +rpmFiles="" +outfileFlag=0 +OUTFILES="" -+LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1 ++logfileFlag=0 +SETFILES=/usr/sbin/setfiles +FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';` SELINUXTYPE="targeted" @@ -87,7 +99,7 @@ done else - ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE -+ ${SETFILES} ${OUTFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE ++ ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE fi } @@ -152,3 +164,13 @@ *) usage exit 1 +@@ -129,6 +150,9 @@ + if [ $restoreFlag = 1 ]; then + restoreLabels $rpmFiles + fi ++if [ $logfileFlag = 0 ]; then ++ LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1 ++fi + if [ $relabelFlag = 1 ]; then + if [ $fullFlag = 1 ]; then + relabelLabels $rpmFiles diff --git a/policycoreutils.spec b/policycoreutils.spec index 93c8a69..4aa6679 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,7 +1,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.14.1 -Release: 2 +Release: 3 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -77,6 +77,7 @@ rm -rf ${RPM_BUILD_ROOT} %changelog * Tue Jul 6 2004 Dan Walsh 1.14.1-2 - Fix fixfiles.cron to not run on non SELinux boxes +- Fix several problems in fixfiles and fixfiles.cron * Wed Jun 30 2004 Dan Walsh 1.14.1-1 - Update from NSA