diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 9b87cb6..be77b56 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -335141,10 +335141,10 @@ index 0000000..209568c + return out diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py new file mode 100755 -index 0000000..a8db937 +index 0000000..a50ba21 --- /dev/null +++ b/policycoreutils/sepolicy/sepolicy/manpage.py -@@ -0,0 +1,1353 @@ +@@ -0,0 +1,1363 @@ +#! /usr/bin/python -Es +# Copyright (C) 2012 Red Hat +# AUTHOR: Dan Walsh @@ -335313,18 +335313,27 @@ index 0000000..a8db937 + return role_allows + +users = None ++users_range = None +def get_all_users(): + global users -+ if users: -+ return users ++ global users_range ++ if users and users_range: ++ return users, users_range + + users = [] -+ allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER)) ++ users_range ={} ++ allusers = [] ++ allusers_info = sepolicy.info(sepolicy.USER) ++ ++ for d in allusers_info: ++ allusers.append(d['name']) ++ users_range[d['name'].split("_")[0]] = d['range'] ++ + for u in allusers: + if u not in [ "system_u", "root", "unconfined_u" ]: + users.append(u.replace("_u","")) + users.sort() -+ return users ++ return users, users_range + +types = None +def _gen_types(): @@ -335627,7 +335636,8 @@ index 0000000..a8db937 + all_bools = get_all_bools() + all_port_types = get_all_port_types() + all_roles = get_all_roles() -+ all_users = get_all_users() ++ all_users = get_all_users()[0] ++ all_users_range = get_all_users()[1] + all_file_types = get_all_file_types() + types = _gen_types() + modules_dict = None @@ -336247,7 +336257,7 @@ index 0000000..a8db937 + +The SELinux user will usually login to a system with a context that looks like: + -+.B %(user)s_u:%(user)s_r:%(user)s_t:s0-s0:c0.c1023 ++.B %(user)s_u:%(user)s_r:%(user)s_t:%(range)s + +Linux users are automatically assigned an SELinux users at login. +Login programs use the SELinux User to assign initial context to the user's shell. @@ -336266,7 +336276,7 @@ index 0000000..a8db937 + +.B semanage login -m -s %(user)s_u __default__ + -+""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname}) ++""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname,'range':self.all_users_range[self.domainname]}) + + if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes: + self.fd.write(""" @@ -339046,7 +339056,7 @@ index 0000000..1edb4fd + +setup(name = "sepolicy", version="1.1", description="Python SELinux Policy Analyses bindings", author="Daniel Walsh", author_email="dwalsh@redhat.com", ext_modules=[policy], packages=["sepolicy", "sepolicy.templates"]) diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index 4c62b41..a3ce406 100644 +index 4c62b41..a0e5415 100644 --- a/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c @@ -100,20 +100,31 @@ static int match(const char *name, struct stat *sb, char **con) @@ -339061,7 +339071,7 @@ index 4c62b41..a3ce406 100644 security_context_t curcon = NULL, newcon = NULL; + float progress; + if (match(my_file, ftsent->fts_statp, &newcon) < 0) { -+ if ((errno == ENOENT) && (!recurse)) ++ if ((errno == ENOENT) && ((!recurse) || (r_opts->verbose))) + fprintf(stderr, "%s: Warning no default label for %s\n", r_opts->progname, my_file); - if (match(my_file, ftsent->fts_statp, &newcon) < 0) @@ -339214,10 +339224,10 @@ index ac27222..57ae46a 100644 #endif diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 -index ffbb9d1..8659294 100644 +index ffbb9d1..0acf09d 100644 --- a/policycoreutils/setfiles/restorecon.8 +++ b/policycoreutils/setfiles/restorecon.8 -@@ -41,28 +41,31 @@ default file context, changing the user, role, range portion as well as the type +@@ -41,28 +41,27 @@ default file context, changing the user, role, range portion as well as the type .TP .B \-h, \-? display usage information and exit. @@ -339226,12 +339236,9 @@ index ffbb9d1..8659294 100644 .B \-i ignore files that do not exist. -.TP -+.TP - .B \-R, \-r - change files and directories file labels recursively (descend directories). +-.B \-R, \-r +-change files and directories file labels recursively (descend directories). -.TP -+.br -+.B Note: restorecon does not report warnings on paths without default labels, when run recursively. +.TP .B \-n don't change any file labels (passive check). @@ -339243,10 +339250,11 @@ index ffbb9d1..8659294 100644 .B \-p -show progress by printing * every STAR_COUNT files. +show progress by printing * every STAR_COUNT files. (If you relabel the entire OS, this will show you the percentage complete.) -+ .TP .B \-R, \-r change files and directories file labels recursively (descend directories). ++.br ++.B Note: restorecon reports warnings on paths without default labels only when it is non-recursively or in verbose mode. .TP .B \-v show changes in file labels, if type or role are going to be changed. @@ -339255,7 +339263,7 @@ index ffbb9d1..8659294 100644 .B \-0 the separator for the input items is assumed to be the null character (instead of the white space). The quotes and the backslash characters are -@@ -84,7 +87,7 @@ operate recursively on directories. +@@ -84,7 +83,7 @@ operate recursively on directories. .SH "AUTHOR" This man page was written by Dan Walsh . diff --git a/policycoreutils.spec b/policycoreutils.spec index 75131f8..704c914 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.13 -Release: 44%{?dist} +Release: 45%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -338,6 +338,11 @@ The policycoreutils-restorecond package contains the restorecond service. %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Mon Dec 10 2012 Dan Walsh - 2.1.12-45 +- Apply patch from Miroslav to display proper range description in man pages g +- Should print warning on missing default label when run in recusive mode iff +- Remove extra -R description, and fix recursive description + * Thu Dec 6 2012 Dan Walsh - 2.1.12-44 - Additional fixes for disabled SELinux Box - system-config-selinux no longer relies on lokkit for /etc/selinux/config