diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 297562d..7a3b234 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.82/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2010-03-22 14:08:29.000000000 -0400 -+++ policycoreutils-2.0.82/audit2allow/audit2allow 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/audit2allow/audit2allow 2010-04-28 17:12:19.000000000 -0400 @@ -28,6 +28,7 @@ import sepolgen.defaults as defaults import sepolgen.module as module @@ -94,7 +94,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po app.main() diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-2.0.82/audit2allow/Makefile --- nsapolicycoreutils/audit2allow/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.82/audit2allow/Makefile 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/audit2allow/Makefile 2010-04-28 17:12:19.000000000 -0400 @@ -10,7 +10,6 @@ install: all -mkdir -p $(BINDIR) @@ -198,7 +198,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po - sys.exit(main()) diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.82/Makefile --- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.82/Makefile 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/Makefile 2010-04-28 17:12:19.000000000 -0400 @@ -1,4 +1,4 @@ -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po gui @@ -207,7 +207,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.82/newrole/newrole.c --- nsapolicycoreutils/newrole/newrole.c 2010-02-16 12:33:05.000000000 -0500 -+++ policycoreutils-2.0.82/newrole/newrole.c 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/newrole/newrole.c 2010-04-28 17:12:19.000000000 -0400 @@ -1334,6 +1334,9 @@ if (send_audit_message(1, old_context, new_context, ttyn)) @@ -220,7 +220,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po goto err_close_pam_session; diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.82/restorecond/Makefile --- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400 -+++ policycoreutils-2.0.82/restorecond/Makefile 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/Makefile 2010-04-28 17:12:19.000000000 -0400 @@ -1,17 +1,28 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr @@ -269,14 +269,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po /sbin/restorecon $(SBINDIR)/restorecond diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.82/restorecond/org.selinux.Restorecond.service --- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/restorecond/org.selinux.Restorecond.service 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/org.selinux.Restorecond.service 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,3 @@ +[D-BUS Service] +Name=org.selinux.Restorecond +Exec=/usr/sbin/restorecond -u diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.82/restorecond/restorecond.8 --- nsapolicycoreutils/restorecond/restorecond.8 2009-08-20 15:49:21.000000000 -0400 -+++ policycoreutils-2.0.82/restorecond/restorecond.8 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/restorecond.8 2010-04-28 17:12:19.000000000 -0400 @@ -3,7 +3,7 @@ restorecond \- daemon that watches for file creation and then sets the default SELinux file context @@ -313,7 +313,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po .BR restorecon (8), diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.82/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400 -+++ policycoreutils-2.0.82/restorecond/restorecond.c 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/restorecond.c 2010-04-28 17:12:19.000000000 -0400 @@ -30,9 +30,11 @@ * and makes sure that there security context matches the systems defaults * @@ -822,7 +822,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.82/restorecond/restorecond.conf --- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400 -+++ policycoreutils-2.0.82/restorecond/restorecond.conf 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/restorecond.conf 2010-04-28 17:12:19.000000000 -0400 @@ -4,8 +4,5 @@ /etc/mtab /var/run/utmp @@ -835,7 +835,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po - diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.82/restorecond/restorecond.desktop --- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/restorecond/restorecond.desktop 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/restorecond.desktop 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=File Context maintainer @@ -846,7 +846,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +StartupNotify=false diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.82/restorecond/restorecond.h --- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400 -+++ policycoreutils-2.0.82/restorecond/restorecond.h 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/restorecond.h 2010-04-28 17:12:19.000000000 -0400 @@ -24,7 +24,22 @@ #ifndef RESTORED_CONFIG_H #define RESTORED_CONFIG_H @@ -874,7 +874,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po #endif diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.82/restorecond/restorecond.init --- nsapolicycoreutils/restorecond/restorecond.init 2009-08-20 15:49:21.000000000 -0400 -+++ policycoreutils-2.0.82/restorecond/restorecond.init 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/restorecond.init 2010-04-28 17:12:19.000000000 -0400 @@ -26,7 +26,7 @@ # Source function library. . /etc/rc.d/init.d/functions @@ -905,13 +905,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po - diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.82/restorecond/restorecond_user.conf --- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/restorecond/restorecond_user.conf 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/restorecond_user.conf 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,2 @@ +~/* +~/public_html/* diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.82/restorecond/user.c --- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/restorecond/user.c 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/user.c 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,239 @@ +/* + * restorecond @@ -1154,7 +1154,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.82/restorecond/watch.c --- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/restorecond/watch.c 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/restorecond/watch.c 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,260 @@ +#define _GNU_SOURCE +#include @@ -1418,7 +1418,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +} diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.82/sandbox/deliverables/basicwrapper --- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/deliverables/basicwrapper 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/deliverables/basicwrapper 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,4 @@ +import os, sys +SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']] @@ -1426,7 +1426,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +os.execv('/usr/bin/sandbox',SANDBOX_ARGS) diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.82/sandbox/deliverables/README --- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/deliverables/README 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/deliverables/README 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,32 @@ +Files: +run-in-sandbox.py: @@ -1462,7 +1462,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +Chris Pardy diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.82/sandbox/deliverables/run-in-sandbox.py --- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/deliverables/run-in-sandbox.py 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/deliverables/run-in-sandbox.py 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,49 @@ +import os +import os.path @@ -1515,7 +1515,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/sandbox policycoreutils-2.0.82/sandbox/deliverables/sandbox --- nsapolicycoreutils/sandbox/deliverables/sandbox 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/deliverables/sandbox 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/deliverables/sandbox 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,216 @@ +#!/usr/bin/python -E +import os, sys, getopt, socket, random, fcntl, shutil @@ -1735,7 +1735,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.82/sandbox/Makefile --- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/Makefile 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/Makefile 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,41 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr @@ -1780,8 +1780,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +relabel: diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.82/sandbox/sandbox --- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/sandbox 2010-04-23 12:49:42.000000000 -0400 -@@ -0,0 +1,411 @@ ++++ policycoreutils-2.0.82/sandbox/sandbox 2010-04-29 13:00:36.000000000 -0400 +@@ -0,0 +1,416 @@ +#! /usr/bin/python -E +# Authors: Dan Walsh +# Authors: Josh Cogliati @@ -1957,6 +1957,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + def __validdir(self, option, opt, value, parser): + if not os.path.isdir(value): + raise IOError("Directory "+value+" not found") ++ setattr(parser.values, option.dest, value) + self.__mount = True + + def __include(self, option, opt, value, parser): @@ -2031,6 +2032,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + + parser.add_option("-S", "--session", action="store_true", dest="session", + default=False, help="Run complete desktop session within sandbox") ++ + parser.add_option("-X", dest="X_ind", + action="callback", callback=self.__x_callback, + default=False, help="Run X sandbox") @@ -2072,6 +2074,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + self.usage(_("Homedir and tempdir required for session")) + if len(cmds) > 0: + self.usage(_("Commands not allowed in a session")) ++ self.__options.X_ind = True ++ self.__homedir = self.__options.homedir ++ self.__tmpdir = self.__options.tmpdir + else: + if len(cmds) == 0: + self.usage(_("Command required")) @@ -2119,7 +2124,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + if self.__options.tmpdir: + chcon = ("/usr/bin/chcon -R %s %s" % (self.__filecon, self.__options.tmpdir)).split() + rc = os.spawnvp(os.P_WAIT, chcon[0], chcon) -+ self.__tmpdir = self.__options.homedir ++ self.__tmpdir = self.__options.tmpdir + else: + selinux.setfscreatecon(self.__filecon) + self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox") @@ -2195,14 +2200,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + sys.exit(rc) diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.82/sandbox/sandbox.8 --- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/sandbox.8 2010-04-23 12:49:42.000000000 -0400 -@@ -0,0 +1,56 @@ ++++ policycoreutils-2.0.82/sandbox/sandbox.8 2010-04-29 12:31:33.000000000 -0400 +@@ -0,0 +1,57 @@ +.TH SANDBOX "8" "May 2009" "chcat" "User Commands" +.SH NAME +sandbox \- Run cmd under an SELinux sandbox +.SH SYNOPSIS +.B sandbox -+[-l level ] [[-M | -X] -H homedir -T tmpdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd ++[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd ++[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S +.br +.SH DESCRIPTION +.PP @@ -2255,13 +2261,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +.PP diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.config policycoreutils-2.0.82/sandbox/sandbox.config --- nsapolicycoreutils/sandbox/sandbox.config 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/sandbox.config 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/sandbox.config 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,2 @@ +# Space separate list of homedirs +HOMEDIRS="/home" diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.82/sandbox/sandbox.init --- nsapolicycoreutils/sandbox/sandbox.init 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/sandbox.init 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/sandbox.init 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,67 @@ +#!/bin/bash +## BEGIN INIT INFO @@ -2332,7 +2338,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +esac diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.82/sandbox/sandboxX.sh --- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/sandboxX.sh 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/sandboxX.sh 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,15 @@ +#!/bin/bash +context=`id -Z | secon -t -l -P` @@ -2351,7 +2357,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +exit 0 diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.82/sandbox/seunshare.c --- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/seunshare.c 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/seunshare.c 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,290 @@ +#include +#include @@ -2645,7 +2651,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +} diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/test_sandbox.py policycoreutils-2.0.82/sandbox/test_sandbox.py --- nsapolicycoreutils/sandbox/test_sandbox.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/test_sandbox.py 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/test_sandbox.py 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,98 @@ +import unittest, os, shutil +from tempfile import mkdtemp @@ -2747,12 +2753,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + print "SELinux must be in enforcing mode for this test" diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/test.txt policycoreutils-2.0.82/sandbox/test.txt --- nsapolicycoreutils/sandbox/test.txt 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sandbox/test.txt 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sandbox/test.txt 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1 @@ +1 diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.82/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2009-12-01 15:46:50.000000000 -0500 -+++ policycoreutils-2.0.82/scripts/fixfiles 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/scripts/fixfiles 2010-04-28 17:12:19.000000000 -0400 @@ -21,6 +21,17 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA @@ -2846,7 +2852,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.82/semanage/default_encoding/default_encoding.c --- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/semanage/default_encoding/default_encoding.c 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/semanage/default_encoding/default_encoding.c 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,59 @@ +/* + * Authors: @@ -2909,7 +2915,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +} diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.82/semanage/default_encoding/Makefile --- nsapolicycoreutils/semanage/default_encoding/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/semanage/default_encoding/Makefile 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/semanage/default_encoding/Makefile 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,8 @@ +all: + LDFLAGS="" python setup.py build @@ -2921,7 +2927,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + rm -rf build *~ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.82/semanage/default_encoding/policycoreutils/__init__.py --- nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/semanage/default_encoding/policycoreutils/__init__.py 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/semanage/default_encoding/policycoreutils/__init__.py 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,17 @@ +# +# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc. @@ -2942,7 +2948,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +# diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.82/semanage/default_encoding/setup.py --- nsapolicycoreutils/semanage/default_encoding/setup.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/semanage/default_encoding/setup.py 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/semanage/default_encoding/setup.py 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,38 @@ +# Authors: +# John Dennis @@ -2984,7 +2990,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +) diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.82/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500 -+++ policycoreutils-2.0.82/semanage/semanage 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/semanage/semanage 2010-04-28 17:12:19.000000000 -0400 @@ -20,6 +20,7 @@ # 02111-1307 USA # @@ -3388,7 +3394,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + errorExit(error.args[1]) diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.82/semanage/semanage.8 --- nsapolicycoreutils/semanage/semanage.8 2009-11-18 17:06:03.000000000 -0500 -+++ policycoreutils-2.0.82/semanage/semanage.8 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/semanage/semanage.8 2010-04-28 17:12:19.000000000 -0400 @@ -1,27 +1,58 @@ -.TH "semanage" "8" "2005111103" "" "" +.TH "semanage" "8" "20100223" "" "" @@ -3551,7 +3557,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po Examples by Thomas Bleher . diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.82/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2009-11-20 10:51:25.000000000 -0500 -+++ policycoreutils-2.0.82/semanage/seobject.py 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/semanage/seobject.py 2010-04-29 09:54:02.000000000 -0400 @@ -29,47 +29,12 @@ import gettext gettext.bindtextdomain(PROGNAME, "/usr/share/locale") @@ -3604,7 +3610,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po file_types = {} file_types[""] = SEMANAGE_FCONTEXT_ALL; -@@ -194,45 +159,152 @@ +@@ -194,45 +159,154 @@ return trans else: return raw @@ -3614,6 +3620,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po - def __init__(self, store): + transaction = False + handle = None ++ store = None + + def __init__(self, store): global handle @@ -3635,8 +3642,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + if not handle: + raise ValueError(_("Could not create semanage handle")) + -+ if store != "": ++ if not semanageRecords.transaction and store != "": + semanage_select_store(handle, store, SEMANAGE_CON_DIRECT); ++ semanageRecords.store = store + + if not semanage_is_managed(handle): + semanage_handle_destroy(handle) @@ -3771,7 +3779,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po class dontauditClass(semanageRecords): def __init__(self, store): semanageRecords.__init__(self, store) -@@ -259,14 +331,23 @@ +@@ -259,14 +333,23 @@ name = semanage_module_get_name(mod) if name and name.startswith("permissive_"): l.append(name.split("permissive_")[1]) @@ -3799,7 +3807,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def add(self, type): import glob -@@ -343,7 +424,9 @@ +@@ -343,7 +426,9 @@ if rc < 0: raise ValueError(_("Could not check if login mapping for %s is defined") % name) if exists: @@ -3810,7 +3818,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if name[0] == '%': try: grp.getgrnam(name[1:]) -@@ -475,6 +558,16 @@ +@@ -475,6 +560,16 @@ mylog.log(1, "delete SELinux user mapping", name); @@ -3827,7 +3835,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -489,6 +582,15 @@ +@@ -489,6 +584,15 @@ ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) return ddict @@ -3843,7 +3851,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def list(self,heading = 1, locallist = 0): ddict = self.get_all(locallist) keys = ddict.keys() -@@ -531,7 +633,8 @@ +@@ -531,7 +635,8 @@ if rc < 0: raise ValueError(_("Could not check if SELinux user %s is defined") % name) if exists: @@ -3853,7 +3861,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po (rc, u) = semanage_user_create(self.sh) if rc < 0: -@@ -682,6 +785,16 @@ +@@ -682,6 +787,16 @@ mylog.log(1,"delete SELinux user record", name) @@ -3870,7 +3878,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -702,6 +815,15 @@ +@@ -702,6 +817,15 @@ return ddict @@ -3886,7 +3894,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): ddict = self.get_all(locallist) keys = ddict.keys() -@@ -740,12 +862,16 @@ +@@ -740,12 +864,16 @@ low = int(ports[0]) high = int(ports[1]) @@ -3903,7 +3911,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if is_mls_enabled == 1: if serange == "": serange = "s0" -@@ -808,6 +934,7 @@ +@@ -808,6 +936,7 @@ self.commit() def __modify(self, port, proto, serange, setype): @@ -3911,7 +3919,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if serange == "" and setype == "": if is_mls_enabled == 1: raise ValueError(_("Requires setype or serange")) -@@ -942,6 +1069,18 @@ +@@ -942,6 +1071,18 @@ ddict[(ctype,proto_str)].append("%d-%d" % (low, high)) return ddict @@ -3930,7 +3938,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): if heading: print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number")) -@@ -958,7 +1097,8 @@ +@@ -958,7 +1099,8 @@ class nodeRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self,store) @@ -3940,7 +3948,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def __add(self, addr, mask, proto, serange, ctype): if addr == "": raise ValueError(_("Node Address is required")) -@@ -966,14 +1106,11 @@ +@@ -966,14 +1108,11 @@ if mask == "": raise ValueError(_("Node Netmask is required")) @@ -3958,7 +3966,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if is_mls_enabled == 1: if serange == "": serange = "s0" -@@ -991,7 +1128,8 @@ +@@ -991,7 +1130,8 @@ (rc, exists) = semanage_node_exists(self.sh, k) if exists: @@ -3968,7 +3976,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po (rc, node) = semanage_node_create(self.sh) if rc < 0: -@@ -1047,13 +1185,10 @@ +@@ -1047,13 +1187,10 @@ if mask == "": raise ValueError(_("Node Netmask is required")) @@ -3986,7 +3994,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if serange == "" and setype == "": raise ValueError(_("Requires setype or serange")) -@@ -1098,11 +1233,9 @@ +@@ -1098,11 +1235,9 @@ if mask == "": raise ValueError(_("Node Netmask is required")) @@ -4001,7 +4009,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po raise ValueError(_("Unknown or missing protocol")) (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) -@@ -1132,6 +1265,16 @@ +@@ -1132,6 +1267,16 @@ self.__delete(addr, mask, proto) self.commit() @@ -4018,7 +4026,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist : -@@ -1145,15 +1288,20 @@ +@@ -1145,15 +1290,20 @@ con = semanage_node_get_con(node) addr = semanage_node_get_addr(self.sh, node) mask = semanage_node_get_mask(self.sh, node) @@ -4044,7 +4052,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): if heading: print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context") -@@ -1193,7 +1341,8 @@ +@@ -1193,7 +1343,8 @@ if rc < 0: raise ValueError(_("Could not check if interface %s is defined") % interface) if exists: @@ -4054,7 +4062,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po (rc, iface) = semanage_iface_create(self.sh) if rc < 0: -@@ -1307,6 +1456,16 @@ +@@ -1307,6 +1458,16 @@ self.__delete(interface) self.commit() @@ -4071,7 +4079,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -1322,6 +1481,15 @@ +@@ -1322,6 +1483,15 @@ return ddict @@ -4087,7 +4095,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): if heading: print "%-30s %s\n" % (_("SELinux Interface"), _("Context")) -@@ -1338,6 +1506,48 @@ +@@ -1338,6 +1508,48 @@ class fcontextRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self, store) @@ -4136,7 +4144,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def createcon(self, target, seuser = "system_u"): (rc, con) = semanage_context_create(self.sh) -@@ -1364,6 +1574,8 @@ +@@ -1364,6 +1576,8 @@ def validate(self, target): if target == "" or target.find("\n") >= 0: raise ValueError(_("Invalid file specification")) @@ -4145,7 +4153,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"): self.validate(target) -@@ -1388,7 +1600,8 @@ +@@ -1388,7 +1602,8 @@ raise ValueError(_("Could not check if file context for %s is defined") % target) if exists: @@ -4155,7 +4163,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po (rc, fcontext) = semanage_fcontext_create(self.sh) if rc < 0: -@@ -1504,9 +1717,16 @@ +@@ -1504,9 +1719,16 @@ raise ValueError(_("Could not delete the file context %s") % target) semanage_fcontext_key_free(k) @@ -4172,7 +4180,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) if rc < 0: raise ValueError(_("Could not create a key for %s") % target) -@@ -1561,12 +1781,22 @@ +@@ -1561,12 +1783,22 @@ return ddict @@ -4197,7 +4205,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po for k in keys: if fcon_dict[k]: if is_mls_enabled: -@@ -1575,6 +1805,12 @@ +@@ -1575,6 +1807,12 @@ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2]) else: print "%-50s %-18s <>" % (k[0], k[1]) @@ -4210,7 +4218,52 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po class booleanRecords(semanageRecords): def __init__(self, store = ""): -@@ -1706,6 +1942,16 @@ +@@ -1586,7 +1824,14 @@ + self.dict["OFF"] = 0 + self.dict["1"] = 1 + self.dict["0"] = 0 +- ++ rc, ptype = selinux.selinux_getpolicytype() ++ rc, self.current_booleans = selinux.security_get_boolean_names() ++ if rc != 0: ++ self.current_booleans = [] ++ if self.store == None or (rc == 0 and ptype == self.store): ++ self.modify_local = True ++ else: ++ self.modify_local = False + def __mod(self, name, value): + (rc, k) = semanage_bool_key_create(self.sh, name) + if rc < 0: +@@ -1606,9 +1851,10 @@ + else: + raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) ) + +- rc = semanage_bool_set_active(self.sh, k, b) +- if rc < 0: +- raise ValueError(_("Could not set active value of boolean %s") % name) ++ if self.modify_local and name in self.current_booleans: ++ rc = semanage_bool_set_active(self.sh, k, b) ++ if rc < 0: ++ raise ValueError(_("Could not set active value of boolean %s") % name) + rc = semanage_bool_modify_local(self.sh, k, b) + if rc < 0: + raise ValueError(_("Could not modify boolean %s") % name) +@@ -1691,8 +1937,12 @@ + value = [] + name = semanage_bool_get_name(boolean) + value.append(semanage_bool_get_value(boolean)) +- value.append(selinux.security_get_boolean_pending(name)) +- value.append(selinux.security_get_boolean_active(name)) ++ if self.modify_local and boolean in self.current_booleans: ++ value.append(selinux.security_get_boolean_pending(name)) ++ value.append(selinux.security_get_boolean_active(name)) ++ else: ++ value.append(value[0]) ++ value.append(value[0]) + ddict[name] = value + + return ddict +@@ -1706,6 +1956,16 @@ else: return _("unknown") @@ -4229,7 +4282,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if use_file: diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/Makefile policycoreutils-2.0.82/sepolgen-ifgen/Makefile --- nsapolicycoreutils/sepolgen-ifgen/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sepolgen-ifgen/Makefile 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sepolgen-ifgen/Makefile 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,26 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr @@ -4259,7 +4312,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +relabel: ; diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen --- nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen 2010-04-27 10:10:28.000000000 -0400 ++++ policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,131 @@ +#! /usr/bin/python -E +# @@ -4394,7 +4447,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + sys.exit(main()) diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c --- nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-04-28 17:12:19.000000000 -0400 @@ -0,0 +1,230 @@ +/* Authors: Frank Mayer + * and Karl MacMillan @@ -4628,7 +4681,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +} diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.82/setfiles/restore.c --- nsapolicycoreutils/setfiles/restore.c 2009-11-03 09:21:40.000000000 -0500 -+++ policycoreutils-2.0.82/setfiles/restore.c 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/setfiles/restore.c 2010-04-28 17:12:19.000000000 -0400 @@ -1,4 +1,5 @@ #include "restore.h" +#include @@ -4812,7 +4865,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.82/setfiles/restorecon.8 --- nsapolicycoreutils/setfiles/restorecon.8 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.82/setfiles/restorecon.8 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/setfiles/restorecon.8 2010-04-28 17:12:19.000000000 -0400 @@ -4,10 +4,10 @@ .SH "SYNOPSIS" @@ -4838,7 +4891,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po show changes in file labels. diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.82/setfiles/restore.h --- nsapolicycoreutils/setfiles/restore.h 2009-11-03 09:21:40.000000000 -0500 -+++ policycoreutils-2.0.82/setfiles/restore.h 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/setfiles/restore.h 2010-04-28 17:12:19.000000000 -0400 @@ -27,6 +27,7 @@ int hard_links; int verbose; @@ -4860,7 +4913,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po #endif diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.82/setfiles/setfiles.8 --- nsapolicycoreutils/setfiles/setfiles.8 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.82/setfiles/setfiles.8 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/setfiles/setfiles.8 2010-04-28 17:12:19.000000000 -0400 @@ -31,6 +31,9 @@ .TP .B \-n @@ -4873,7 +4926,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po suppress non-error output. diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.82/setfiles/setfiles.c --- nsapolicycoreutils/setfiles/setfiles.c 2009-11-03 09:21:40.000000000 -0500 -+++ policycoreutils-2.0.82/setfiles/setfiles.c 2010-04-23 12:49:42.000000000 -0400 ++++ policycoreutils-2.0.82/setfiles/setfiles.c 2010-04-28 17:12:19.000000000 -0400 @@ -5,7 +5,6 @@ #include #include diff --git a/policycoreutils.spec b/policycoreutils.spec index 39e0f81..3e8142f 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.82 -Release: 11%{?dist} +Release: 12%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -306,6 +306,11 @@ fi exit 0 %changelog +* Thu Apr 29 2010 Dan Walsh 2.0.82-12 +- Make semanage boolean work on disabled machines and during livecd xguest +- Fix homedir and tmpdir handling in sandbox +Resolves: #587263 + * Wed Apr 28 2010 Dan Walsh 2.0.82-11 - Make semanage boolean work on disabled machines