rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Thu Apr 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-12 

- Make semanage boolean work on disabled machines and during livecd xguest
- Fix homedir and tmpdir handling in sandbox
Resolves: #587263
This commit is contained in:
Daniel J Walsh 2010-04-29 17:35:00 +00:00
parent 2aa0f1b516
commit 1577e6bdf7
2 changed files with 136 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

207
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.82/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2010-03-22 14:08:29.000000000 -0400
+++ policycoreutils-2.0.82/audit2allow/audit2allow 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/audit2allow/audit2allow 2010-04-28 17:12:19.000000000 -0400
@@ -28,6 +28,7 @@
import sepolgen.defaults as defaults
import sepolgen.module as module
@ -94,7 +94,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
app.main()
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-2.0.82/audit2allow/Makefile
--- nsapolicycoreutils/audit2allow/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.82/audit2allow/Makefile 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/audit2allow/Makefile 2010-04-28 17:12:19.000000000 -0400
@@ -10,7 +10,6 @@
install: all
-mkdir -p $(BINDIR)
@ -198,7 +198,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
- sys.exit(main())
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.82/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.82/Makefile 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/Makefile 2010-04-28 17:12:19.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po gui
@ -207,7 +207,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.82/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2010-02-16 12:33:05.000000000 -0500
+++ policycoreutils-2.0.82/newrole/newrole.c 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/newrole/newrole.c 2010-04-28 17:12:19.000000000 -0400
@@ -1334,6 +1334,9 @@
if (send_audit_message(1, old_context, new_context, ttyn))
@ -220,7 +220,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
goto err_close_pam_session;
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.82/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/Makefile 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/Makefile 2010-04-28 17:12:19.000000000 -0400
@@ -1,17 +1,28 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
@ -269,14 +269,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
/sbin/restorecon $(SBINDIR)/restorecond
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.82/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/restorecond/org.selinux.Restorecond.service 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/org.selinux.Restorecond.service 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.82/restorecond/restorecond.8
--- nsapolicycoreutils/restorecond/restorecond.8 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.8 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.8 2010-04-28 17:12:19.000000000 -0400
@@ -3,7 +3,7 @@
restorecond \- daemon that watches for file creation and then sets the default SELinux file context
@ -313,7 +313,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.BR restorecon (8),
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.82/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.c 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.c 2010-04-28 17:12:19.000000000 -0400
@@ -30,9 +30,11 @@
* and makes sure that there security context matches the systems defaults
*
@ -822,7 +822,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.82/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.conf 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.conf 2010-04-28 17:12:19.000000000 -0400
@@ -4,8 +4,5 @@
/etc/mtab
/var/run/utmp
@ -835,7 +835,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.82/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/restorecond/restorecond.desktop 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.desktop 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=File Context maintainer
@ -846,7 +846,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+StartupNotify=false
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.82/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.h 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.h 2010-04-28 17:12:19.000000000 -0400
@@ -24,7 +24,22 @@
#ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H
@ -874,7 +874,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.82/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.init 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond.init 2010-04-28 17:12:19.000000000 -0400
@@ -26,7 +26,7 @@
# Source function library.
. /etc/rc.d/init.d/functions
@ -905,13 +905,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.82/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/restorecond/restorecond_user.conf 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/restorecond_user.conf 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.82/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/restorecond/user.c 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/user.c 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,239 @@
+/*
+ * restorecond
@ -1154,7 +1154,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.82/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/restorecond/watch.c 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/restorecond/watch.c 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,260 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@ -1418,7 +1418,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.82/sandbox/deliverables/basicwrapper
--- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/deliverables/basicwrapper 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/deliverables/basicwrapper 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,4 @@
+import os, sys
+SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
@ -1426,7 +1426,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.82/sandbox/deliverables/README
--- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/deliverables/README 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/deliverables/README 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,32 @@
+Files:
+run-in-sandbox.py:
@ -1462,7 +1462,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+Chris Pardy
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.82/sandbox/deliverables/run-in-sandbox.py
--- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/deliverables/run-in-sandbox.py 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/deliverables/run-in-sandbox.py 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,49 @@
+import os
+import os.path
@ -1515,7 +1515,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/sandbox policycoreutils-2.0.82/sandbox/deliverables/sandbox
--- nsapolicycoreutils/sandbox/deliverables/sandbox 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/deliverables/sandbox 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/deliverables/sandbox 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,216 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil
@ -1735,7 +1735,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.82/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/Makefile 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/Makefile 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,41 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@ -1780,8 +1780,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.82/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/sandbox 2010-04-23 12:49:42.000000000 -0400
@@ -0,0 +1,411 @@
+++ policycoreutils-2.0.82/sandbox/sandbox 2010-04-29 13:00:36.000000000 -0400
@@ -0,0 +1,416 @@
+#! /usr/bin/python -E
+# Authors: Dan Walsh <dwalsh@redhat.com>
+# Authors: Josh Cogliati
@ -1957,6 +1957,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ def __validdir(self, option, opt, value, parser):
+ if not os.path.isdir(value):
+ raise IOError("Directory "+value+" not found")
+ setattr(parser.values, option.dest, value)
+ self.__mount = True
+
+ def __include(self, option, opt, value, parser):
@ -2031,6 +2032,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+
+ parser.add_option("-S", "--session", action="store_true", dest="session",
+ default=False, help="Run complete desktop session within sandbox")
+
+ parser.add_option("-X", dest="X_ind",
+ action="callback", callback=self.__x_callback,
+ default=False, help="Run X sandbox")
@ -2072,6 +2074,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ self.usage(_("Homedir and tempdir required for session"))
+ if len(cmds) > 0:
+ self.usage(_("Commands not allowed in a session"))
+ self.__options.X_ind = True
+ self.__homedir = self.__options.homedir
+ self.__tmpdir = self.__options.tmpdir
+ else:
+ if len(cmds) == 0:
+ self.usage(_("Command required"))
@ -2119,7 +2124,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ if self.__options.tmpdir:
+ chcon = ("/usr/bin/chcon -R %s %s" % (self.__filecon, self.__options.tmpdir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+ self.__tmpdir = self.__options.homedir
+ self.__tmpdir = self.__options.tmpdir
+ else:
+ selinux.setfscreatecon(self.__filecon)
+ self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
@ -2195,14 +2200,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ sys.exit(rc)
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.82/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/sandbox.8 2010-04-23 12:49:42.000000000 -0400
@@ -0,0 +1,56 @@
+++ policycoreutils-2.0.82/sandbox/sandbox.8 2010-04-29 12:31:33.000000000 -0400
@@ -0,0 +1,57 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
+sandbox \- Run cmd under an SELinux sandbox
+.SH SYNOPSIS
+.B sandbox
+[-l level ] [[-M | -X] -H homedir -T tmpdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
+.br
+.SH DESCRIPTION
+.PP
@ -2255,13 +2261,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.PP
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.config policycoreutils-2.0.82/sandbox/sandbox.config
--- nsapolicycoreutils/sandbox/sandbox.config 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/sandbox.config 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/sandbox.config 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,2 @@
+# Space separate list of homedirs
+HOMEDIRS="/home"
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.82/sandbox/sandbox.init
--- nsapolicycoreutils/sandbox/sandbox.init 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/sandbox.init 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/sandbox.init 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,67 @@
+#!/bin/bash
+## BEGIN INIT INFO
@ -2332,7 +2338,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+esac
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.82/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/sandboxX.sh 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/sandboxX.sh 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,15 @@
+#!/bin/bash
+context=`id -Z | secon -t -l -P`
@ -2351,7 +2357,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+exit 0
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.82/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/seunshare.c 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/seunshare.c 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,290 @@
+#include <signal.h>
+#include <sys/types.h>
@ -2645,7 +2651,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/test_sandbox.py policycoreutils-2.0.82/sandbox/test_sandbox.py
--- nsapolicycoreutils/sandbox/test_sandbox.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/test_sandbox.py 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/test_sandbox.py 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,98 @@
+import unittest, os, shutil
+from tempfile import mkdtemp
@ -2747,12 +2753,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ print "SELinux must be in enforcing mode for this test"
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/test.txt policycoreutils-2.0.82/sandbox/test.txt
--- nsapolicycoreutils/sandbox/test.txt 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sandbox/test.txt 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sandbox/test.txt 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1 @@
+1
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.82/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2009-12-01 15:46:50.000000000 -0500
+++ policycoreutils-2.0.82/scripts/fixfiles 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/scripts/fixfiles 2010-04-28 17:12:19.000000000 -0400
@@ -21,6 +21,17 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -2846,7 +2852,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.82/semanage/default_encoding/default_encoding.c
--- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/semanage/default_encoding/default_encoding.c 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/semanage/default_encoding/default_encoding.c 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,59 @@
+/*
+ * Authors:
@ -2909,7 +2915,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.82/semanage/default_encoding/Makefile
--- nsapolicycoreutils/semanage/default_encoding/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/semanage/default_encoding/Makefile 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/semanage/default_encoding/Makefile 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,8 @@
+all:
+ LDFLAGS="" python setup.py build
@ -2921,7 +2927,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ rm -rf build *~
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.82/semanage/default_encoding/policycoreutils/__init__.py
--- nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/semanage/default_encoding/policycoreutils/__init__.py 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/semanage/default_encoding/policycoreutils/__init__.py 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,17 @@
+#
+# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc.
@ -2942,7 +2948,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+#
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.82/semanage/default_encoding/setup.py
--- nsapolicycoreutils/semanage/default_encoding/setup.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/semanage/default_encoding/setup.py 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/semanage/default_encoding/setup.py 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,38 @@
+# Authors:
+# John Dennis <jdennis@redhat.com>
@ -2984,7 +2990,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+)
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.82/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.82/semanage/semanage 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/semanage/semanage 2010-04-28 17:12:19.000000000 -0400
@@ -20,6 +20,7 @@
# 02111-1307 USA
#
@ -3388,7 +3394,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ errorExit(error.args[1])
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.82/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.82/semanage/semanage.8 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/semanage/semanage.8 2010-04-28 17:12:19.000000000 -0400
@@ -1,27 +1,58 @@
-.TH "semanage" "8" "2005111103" "" ""
+.TH "semanage" "8" "20100223" "" ""
@ -3551,7 +3557,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.82/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-11-20 10:51:25.000000000 -0500
+++ policycoreutils-2.0.82/semanage/seobject.py 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/semanage/seobject.py 2010-04-29 09:54:02.000000000 -0400
@@ -29,47 +29,12 @@
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@ -3604,7 +3610,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
file_types = {}
file_types[""] = SEMANAGE_FCONTEXT_ALL;
@@ -194,45 +159,152 @@
@@ -194,45 +159,154 @@
return trans
else:
return raw
@ -3614,6 +3620,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
- def __init__(self, store):
+ transaction = False
+ handle = None
+ store = None
+
+ def __init__(self, store):
global handle
@ -3635,8 +3642,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ if not handle:
+ raise ValueError(_("Could not create semanage handle"))
+
+ if store != "":
+ if not semanageRecords.transaction and store != "":
+ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
+ semanageRecords.store = store
+
+ if not semanage_is_managed(handle):
+ semanage_handle_destroy(handle)
@ -3771,7 +3779,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
class dontauditClass(semanageRecords):
def __init__(self, store):
semanageRecords.__init__(self, store)
@@ -259,14 +331,23 @@
@@ -259,14 +333,23 @@
name = semanage_module_get_name(mod)
if name and name.startswith("permissive_"):
l.append(name.split("permissive_")[1])
@ -3799,7 +3807,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def add(self, type):
import glob
@@ -343,7 +424,9 @@
@@ -343,7 +426,9 @@
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@ -3810,7 +3818,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if name[0] == '%':
try:
grp.getgrnam(name[1:])
@@ -475,6 +558,16 @@
@@ -475,6 +560,16 @@
mylog.log(1, "delete SELinux user mapping", name);
@ -3827,7 +3835,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist:
@@ -489,6 +582,15 @@
@@ -489,6 +584,15 @@
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
return ddict
@ -3843,7 +3851,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self,heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
@@ -531,7 +633,8 @@
@@ -531,7 +635,8 @@
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@ -3853,7 +3861,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
@@ -682,6 +785,16 @@
@@ -682,6 +787,16 @@
mylog.log(1,"delete SELinux user record", name)
@ -3870,7 +3878,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist:
@@ -702,6 +815,15 @@
@@ -702,6 +817,15 @@
return ddict
@ -3886,7 +3894,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
@@ -740,12 +862,16 @@
@@ -740,12 +864,16 @@
low = int(ports[0])
high = int(ports[1])
@ -3903,7 +3911,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
@@ -808,6 +934,7 @@
@@ -808,6 +936,7 @@
self.commit()
def __modify(self, port, proto, serange, setype):
@ -3911,7 +3919,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if serange == "" and setype == "":
if is_mls_enabled == 1:
raise ValueError(_("Requires setype or serange"))
@@ -942,6 +1069,18 @@
@@ -942,6 +1071,18 @@
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
return ddict
@ -3930,7 +3938,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
@@ -958,7 +1097,8 @@
@@ -958,7 +1099,8 @@
class nodeRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self,store)
@ -3940,7 +3948,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def __add(self, addr, mask, proto, serange, ctype):
if addr == "":
raise ValueError(_("Node Address is required"))
@@ -966,14 +1106,11 @@
@@ -966,14 +1108,11 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@ -3958,7 +3966,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
@@ -991,7 +1128,8 @@
@@ -991,7 +1130,8 @@
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@ -3968,7 +3976,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
@@ -1047,13 +1185,10 @@
@@ -1047,13 +1187,10 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@ -3986,7 +3994,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
@@ -1098,11 +1233,9 @@
@@ -1098,11 +1235,9 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@ -4001,7 +4009,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
raise ValueError(_("Unknown or missing protocol"))
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
@@ -1132,6 +1265,16 @@
@@ -1132,6 +1267,16 @@
self.__delete(addr, mask, proto)
self.commit()
@ -4018,7 +4026,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist :
@@ -1145,15 +1288,20 @@
@@ -1145,15 +1290,20 @@
con = semanage_node_get_con(node)
addr = semanage_node_get_addr(self.sh, node)
mask = semanage_node_get_mask(self.sh, node)
@ -4044,7 +4052,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
if heading:
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
@@ -1193,7 +1341,8 @@
@@ -1193,7 +1343,8 @@
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@ -4054,7 +4062,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
@@ -1307,6 +1456,16 @@
@@ -1307,6 +1458,16 @@
self.__delete(interface)
self.commit()
@ -4071,7 +4079,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist:
@@ -1322,6 +1481,15 @@
@@ -1322,6 +1483,15 @@
return ddict
@ -4087,7 +4095,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
@@ -1338,6 +1506,48 @@
@@ -1338,6 +1508,48 @@
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@ -4136,7 +4144,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
@@ -1364,6 +1574,8 @@
@@ -1364,6 +1576,8 @@
def validate(self, target):
if target == "" or target.find("\n") >= 0:
raise ValueError(_("Invalid file specification"))
@ -4145,7 +4153,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
self.validate(target)
@@ -1388,7 +1600,8 @@
@@ -1388,7 +1602,8 @@
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@ -4155,7 +4163,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
@@ -1504,9 +1717,16 @@
@@ -1504,9 +1719,16 @@
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@ -4172,7 +4180,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
@@ -1561,12 +1781,22 @@
@@ -1561,12 +1783,22 @@
return ddict
@ -4197,7 +4205,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
@@ -1575,6 +1805,12 @@
@@ -1575,6 +1807,12 @@
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
else:
print "%-50s %-18s <<None>>" % (k[0], k[1])
@ -4210,7 +4218,52 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
@@ -1706,6 +1942,16 @@
@@ -1586,7 +1824,14 @@
self.dict["OFF"] = 0
self.dict["1"] = 1
self.dict["0"] = 0
-
+ rc, ptype = selinux.selinux_getpolicytype()
+ rc, self.current_booleans = selinux.security_get_boolean_names()
+ if rc != 0:
+ self.current_booleans = []
+ if self.store == None or (rc == 0 and ptype == self.store):
+ self.modify_local = True
+ else:
+ self.modify_local = False
def __mod(self, name, value):
(rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
@@ -1606,9 +1851,10 @@
else:
raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
- rc = semanage_bool_set_active(self.sh, k, b)
- if rc < 0:
- raise ValueError(_("Could not set active value of boolean %s") % name)
+ if self.modify_local and name in self.current_booleans:
+ rc = semanage_bool_set_active(self.sh, k, b)
+ if rc < 0:
+ raise ValueError(_("Could not set active value of boolean %s") % name)
rc = semanage_bool_modify_local(self.sh, k, b)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
@@ -1691,8 +1937,12 @@
value = []
name = semanage_bool_get_name(boolean)
value.append(semanage_bool_get_value(boolean))
- value.append(selinux.security_get_boolean_pending(name))
- value.append(selinux.security_get_boolean_active(name))
+ if self.modify_local and boolean in self.current_booleans:
+ value.append(selinux.security_get_boolean_pending(name))
+ value.append(selinux.security_get_boolean_active(name))
+ else:
+ value.append(value[0])
+ value.append(value[0])
ddict[name] = value
return ddict
@@ -1706,6 +1956,16 @@
else:
return _("unknown")
@ -4229,7 +4282,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if use_file:
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/Makefile policycoreutils-2.0.82/sepolgen-ifgen/Makefile
--- nsapolicycoreutils/sepolgen-ifgen/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sepolgen-ifgen/Makefile 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sepolgen-ifgen/Makefile 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,26 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@ -4259,7 +4312,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+relabel: ;
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen
--- nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen 2010-04-27 10:10:28.000000000 -0400
+++ policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,131 @@
+#! /usr/bin/python -E
+#
@ -4394,7 +4447,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ sys.exit(main())
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c
--- nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-04-28 17:12:19.000000000 -0400
@@ -0,0 +1,230 @@
+/* Authors: Frank Mayer <mayerf@tresys.com>
+ * and Karl MacMillan <kmacmillan@tresys.com>
@ -4628,7 +4681,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.82/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 2009-11-03 09:21:40.000000000 -0500
+++ policycoreutils-2.0.82/setfiles/restore.c 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/setfiles/restore.c 2010-04-28 17:12:19.000000000 -0400
@@ -1,4 +1,5 @@
#include "restore.h"
+#include <glob.h>
@ -4812,7 +4865,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.82/setfiles/restorecon.8
--- nsapolicycoreutils/setfiles/restorecon.8 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.82/setfiles/restorecon.8 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/setfiles/restorecon.8 2010-04-28 17:12:19.000000000 -0400
@@ -4,10 +4,10 @@
.SH "SYNOPSIS"
@ -4838,7 +4891,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
show changes in file labels.
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.82/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 2009-11-03 09:21:40.000000000 -0500
+++ policycoreutils-2.0.82/setfiles/restore.h 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/setfiles/restore.h 2010-04-28 17:12:19.000000000 -0400
@@ -27,6 +27,7 @@
int hard_links;
int verbose;
@ -4860,7 +4913,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.82/setfiles/setfiles.8
--- nsapolicycoreutils/setfiles/setfiles.8 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.82/setfiles/setfiles.8 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/setfiles/setfiles.8 2010-04-28 17:12:19.000000000 -0400
@@ -31,6 +31,9 @@
.TP
.B \-n
@ -4873,7 +4926,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
suppress non-error output.
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.82/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-11-03 09:21:40.000000000 -0500
+++ policycoreutils-2.0.82/setfiles/setfiles.c 2010-04-23 12:49:42.000000000 -0400
+++ policycoreutils-2.0.82/setfiles/setfiles.c 2010-04-28 17:12:19.000000000 -0400
@@ -5,7 +5,6 @@
#include <ctype.h>
#include <regex.h>

7
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.82
Release: 11%{?dist}
Release: 12%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -306,6 +306,11 @@ fi
exit 0
%changelog
* Thu Apr 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-12
- Make semanage boolean work on disabled machines and during livecd xguest
- Fix homedir and tmpdir handling in sandbox
Resolves: #587263
* Wed Apr 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-11
- Make semanage boolean work on disabled machines