* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-1
- Update semodule man page * Fix genhomedircon searching for USER from Todd Miller * Install run_init with mode 0755 from Dan Walsh. * Fix chcat from Dan Walsh. * Fix fixfiles pattern expansion and error reporting from Dan Walsh. * Optimize genhomedircon to compile regexes once from Dan Walsh. * Fix semanage gettext call from Dan Walsh.
This commit is contained in:
parent
4bf679be9e
commit
32455f343f
|
@ -155,3 +155,4 @@ policycoreutils-2.0.20.tgz
|
|||
policycoreutils-2.0.21.tgz
|
||||
policycoreutils-2.0.22.tgz
|
||||
policycoreutils-2.0.23.tgz
|
||||
policycoreutils-2.0.25.tgz
|
||||
|
|
|
@ -36,68 +36,151 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
|
|||
}
|
||||
free(scontext);
|
||||
close(fd);
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/run_init/Makefile policycoreutils-2.0.23/run_init/Makefile
|
||||
--- nsapolicycoreutils/run_init/Makefile 2007-07-16 14:20:41.000000000 -0400
|
||||
+++ policycoreutils-2.0.23/run_init/Makefile 2007-08-22 16:29:22.000000000 -0400
|
||||
@@ -34,8 +34,8 @@
|
||||
install: all
|
||||
test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
|
||||
test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
|
||||
- install -m 555 run_init $(SBINDIR)
|
||||
- install -m 555 open_init_pty $(SBINDIR)
|
||||
+ install -m 755 run_init $(SBINDIR)
|
||||
+ install -m 755 open_init_pty $(SBINDIR)
|
||||
install -m 644 run_init.8 $(MANDIR)/man8/
|
||||
install -m 644 open_init_pty.8 $(MANDIR)/man8/
|
||||
ifeq (${PAMH}, /usr/include/security/pam_appl.h)
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.23/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2007-07-16 14:20:41.000000000 -0400
|
||||
+++ policycoreutils-2.0.23/scripts/chcat 2007-08-22 16:29:22.000000000 -0400
|
||||
@@ -77,7 +77,7 @@
|
||||
|
||||
if len(cats) > 0:
|
||||
new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
|
||||
- else
|
||||
+ else:
|
||||
new_serange = "%s-%s" % (serange[0], top[0])
|
||||
|
||||
if add_ind:
|
||||
@@ -155,7 +155,7 @@
|
||||
|
||||
if len(cats) > 0:
|
||||
new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
|
||||
- else
|
||||
+ else:
|
||||
new_serange = "%s-%s" % (serange[0], top[0])
|
||||
|
||||
if add_ind:
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.23/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2007-07-16 14:20:41.000000000 -0400
|
||||
+++ policycoreutils-2.0.23/scripts/fixfiles 2007-08-22 16:29:22.000000000 -0400
|
||||
@@ -88,7 +88,7 @@
|
||||
esac; \
|
||||
fi; \
|
||||
done | \
|
||||
- while read pattern ; do find $pattern \
|
||||
+ while read pattern ; do sh -c "find $pattern" \
|
||||
! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
|
||||
\( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
|
||||
done 2> /dev/null | \
|
||||
@@ -108,6 +108,7 @@
|
||||
|
||||
rpmlist() {
|
||||
rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
|
||||
+[ ${PIPESTATUS[0]} != 0 ] && echo "$1 not found" >/dev/stderr
|
||||
}
|
||||
|
||||
#
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.23/scripts/genhomedircon
|
||||
--- nsapolicycoreutils/scripts/genhomedircon 2007-07-16 14:20:41.000000000 -0400
|
||||
--- nsapolicycoreutils/scripts/genhomedircon 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.23/scripts/genhomedircon 2007-08-23 10:08:04.000000000 -0400
|
||||
@@ -139,7 +139,22 @@
|
||||
self.default_user = "user_u"
|
||||
self.default_prefix = "user"
|
||||
self.users = self.getUsers()
|
||||
@@ -0,0 +1,404 @@
|
||||
+#! /usr/bin/python -E
|
||||
+# Copyright (C) 2004 Tresys Technology, LLC
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# genhomedircon - this script is used to generate file context
|
||||
+# configuration entries for user home directories based on their
|
||||
+# default prefixes and is run when building the policy. Specifically, we
|
||||
+# replace HOME_ROOT, HOME_DIR, and ROLE macros in .fc files with
|
||||
+# generic and user-specific values.
|
||||
+#
|
||||
+# Based off original script by Dan Walsh, <dwalsh@redhat.com>
|
||||
+#
|
||||
+# ASSUMPTIONS:
|
||||
+#
|
||||
+# The file CONTEXTDIR/files/homedir_template exists. This file is used to
|
||||
+# set up the home directory context for each real user.
|
||||
+#
|
||||
+# If a user is not listed in CONTEXTDIR/seusers, he will default to user_u, prefix user
|
||||
+#
|
||||
+# "Real" users (as opposed to system users) are those whose UID is greater than
|
||||
+# or equal STARTING_UID (usually 500) and whose login is not a member of
|
||||
+# EXCLUDE_LOGINS. Users who are explicitly defined in CONTEXTDIR/seusers
|
||||
+# are always "real" (including root, in the default configuration).
|
||||
+#
|
||||
+#
|
||||
+
|
||||
+import sys, os, pwd, string, getopt, re
|
||||
+from semanage import *;
|
||||
+import selinux
|
||||
+import gettext
|
||||
+gettext.install('policycoreutils')
|
||||
+
|
||||
+def grep(file, var):
|
||||
+ ret = ""
|
||||
+ fd = open(file, 'r')
|
||||
+
|
||||
+ for i in fd.readlines():
|
||||
+ if re.search(var, i, 0) != None:
|
||||
+ ret = i
|
||||
+ break
|
||||
+ fd.close()
|
||||
+ return ret
|
||||
+
|
||||
+def findval(file, var, delim = ""):
|
||||
+ val = ""
|
||||
+ try:
|
||||
+ fd = open(file, 'r')
|
||||
+ for i in fd.readlines():
|
||||
+ if i.startswith(var) == 1:
|
||||
+ if delim == "":
|
||||
+ val = i.split()[1]
|
||||
+ else:
|
||||
+ val = i.split(delim)[1]
|
||||
+ val = val.split("#")[0]
|
||||
+ val = val.strip()
|
||||
+ fd.close()
|
||||
+ except:
|
||||
+ val = ""
|
||||
+ return val
|
||||
+
|
||||
+def getStartingUID():
|
||||
+ starting_uid = sys.maxint
|
||||
+ uid_min = findval("/etc/login.defs", "UID_MIN")
|
||||
+ if uid_min != "":
|
||||
+ uid_min = uid_min.split("#")[0]
|
||||
+ uid_min = uid_min.strip()
|
||||
+ if int(uid_min) < starting_uid:
|
||||
+ starting_uid = int(uid_min)
|
||||
+
|
||||
+ uid_min = findval("/etc/libuser.conf", "LU_UIDNUMBER", "=")
|
||||
+ if uid_min != "":
|
||||
+ uid_min = uid_min.split("#")[0]
|
||||
+ uid_min = uid_min.strip()
|
||||
+ if int(uid_min) < starting_uid:
|
||||
+ starting_uid = int(uid_min)
|
||||
+
|
||||
+ if starting_uid == sys.maxint:
|
||||
+ starting_uid = 500
|
||||
+ return starting_uid
|
||||
+
|
||||
+def getDefaultHomeDir():
|
||||
+ ret = []
|
||||
+ homedir = findval("/etc/default/useradd", "HOME", "=")
|
||||
+ if homedir != "" and not homedir in ret:
|
||||
+ ret.append(homedir)
|
||||
+
|
||||
+ homedir = findval("/etc/libuser.conf", "LU_HOMEDIRECTORY", "=")
|
||||
+ if homedir != "" and not homedir in ret:
|
||||
+ ret.append(homedir)
|
||||
+
|
||||
+ if ret == []:
|
||||
+ ret.append("/home")
|
||||
+
|
||||
+ # Add /export/home if it exists
|
||||
+ # Some customers use this for automounted homedirs
|
||||
+ if os.path.exists("/export/home"):
|
||||
+ ret.append("/export/home")
|
||||
+
|
||||
+ return ret
|
||||
+
|
||||
+def getSELinuxType(directory):
|
||||
+ val = findval(directory+"/config", "SELINUXTYPE", "=")
|
||||
+ if val != "":
|
||||
+ return val
|
||||
+ return "targeted"
|
||||
+
|
||||
+def usage(rc=0, error = ""):
|
||||
+ if error != "":
|
||||
+ sys.stderr.write("%s\n" % error)
|
||||
+ rc = 1
|
||||
+ sys.stderr.write("Usage: %s [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ]\n" % sys.argv[0])
|
||||
+ sys.stderr.flush()
|
||||
+ sys.exit(rc)
|
||||
+
|
||||
+def warning(warning = ""):
|
||||
+ sys.stderr.write("%s\n" % warning)
|
||||
+ sys.stderr.flush()
|
||||
+
|
||||
+def errorExit(error):
|
||||
+ sys.stderr.write("%s exiting for: " % sys.argv[0])
|
||||
+ sys.stderr.write("%s\n" % error)
|
||||
+ sys.stderr.flush()
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+class selinuxConfig:
|
||||
+ def __init__(self, selinuxdir = "/etc/selinux", type = "targeted", usepwd = 1):
|
||||
+ self.semanageHandle = semanage_handle_create()
|
||||
+ self.semanaged = semanage_is_managed(self.semanageHandle)
|
||||
+ if self.semanaged:
|
||||
+ rc = semanage_connect(self.semanageHandle)
|
||||
+ if rc:
|
||||
+ errorExit("Unable to connect to semanage")
|
||||
+ (status, self.ulist) = semanage_user_list(self.semanageHandle)
|
||||
+ self.type = type
|
||||
+ self.selinuxdir = selinuxdir +"/"
|
||||
+ self.contextdir = "/contexts"
|
||||
+ self.filecontextdir = self.contextdir+"/files"
|
||||
+ self.usepwd = usepwd
|
||||
+ self.default_user = "user_u"
|
||||
+ self.default_prefix = "user"
|
||||
+ self.users = self.getUsers()
|
||||
+ fd = open(self.getFileContextFile())
|
||||
+ self.fclines=[]
|
||||
+ for i in fd.readlines():
|
||||
|
@ -111,59 +194,365 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
|
|||
+ self.fclines.append(re.compile(regex))
|
||||
+ except:
|
||||
+ continue
|
||||
|
||||
+
|
||||
+ fd.close()
|
||||
+
|
||||
def getFileContextDir(self):
|
||||
return self.selinuxdir+self.type+self.filecontextdir
|
||||
|
||||
@@ -272,7 +287,7 @@
|
||||
ret = ""
|
||||
fd = open(self.getHomeDirTemplate(), 'r')
|
||||
for i in fd.readlines():
|
||||
- if i.find("USER") == 1:
|
||||
+ def getFileContextDir(self):
|
||||
+ return self.selinuxdir+self.type+self.filecontextdir
|
||||
+
|
||||
+ def getFileContextFile(self):
|
||||
+ return self.getFileContextDir()+"/file_contexts"
|
||||
+
|
||||
+ def getContextDir(self):
|
||||
+ return self.selinuxdir+self.type+self.contextdir
|
||||
+
|
||||
+ def getHomeDirTemplate(self):
|
||||
+ return self.getFileContextDir()+"/homedir_template"
|
||||
+
|
||||
+ def getHomeRootContext(self, homedir):
|
||||
+ ret = ""
|
||||
+ fd = open(self.getHomeDirTemplate(), 'r')
|
||||
+
|
||||
+ for i in fd.readlines():
|
||||
+ if i.find("HOME_ROOT") == 0:
|
||||
+ i = i.replace("HOME_ROOT", homedir)
|
||||
+ ret += i
|
||||
+ fd.close()
|
||||
+ if ret == "":
|
||||
+ errorExit("No Home Root Context Found")
|
||||
+ return ret
|
||||
+
|
||||
+ def heading(self):
|
||||
+ ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
|
||||
+ if self.semanaged:
|
||||
+ ret += "# use semanage command to manage system users in order to change the file_context\n#\n#\n"
|
||||
+ else:
|
||||
+ ret += "# edit %s to change file_context\n#\n#\n" % (self.selinuxdir+self.type+"/seusers")
|
||||
+ return ret
|
||||
+
|
||||
+ def get_default_prefix(self, name):
|
||||
+ for user in self.ulist:
|
||||
+ if semanage_user_get_name(user) == name:
|
||||
+ return semanage_user_get_prefix(user)
|
||||
+ return name
|
||||
+
|
||||
+ def get_old_prefix(self, user):
|
||||
+ rc = grep(self.selinuxdir+self.type+"/users/system.users", "^user %s" % user)
|
||||
+ if rc == "":
|
||||
+ rc = grep(self.selinuxdir+self.type+"/users/local.users", "^user %s" % user)
|
||||
+ if rc != "":
|
||||
+ user = rc.split()
|
||||
+ prefix = user[3]
|
||||
+ if prefix == "{":
|
||||
+ prefix = user[4]
|
||||
+ if len(prefix) > 2 and (prefix[-2:] == "_r" or prefix[-2:] == "_u"):
|
||||
+ prefix = prefix[:-2]
|
||||
+ return prefix
|
||||
+
|
||||
+ def adduser(self, udict, user, seuser, prefix):
|
||||
+ if seuser == self.default_user or user == "__default__" or user == "system_u":
|
||||
+ return
|
||||
+ # !!! chooses first prefix in the list to use in the file context !!!
|
||||
+ try:
|
||||
+ home = pwd.getpwnam(user)[5]
|
||||
+ if home == "/":
|
||||
+ # Probably install so hard code to /root
|
||||
+ if user == "root":
|
||||
+ home = "/root"
|
||||
+ else:
|
||||
+ return
|
||||
+ except KeyError:
|
||||
+ if user == "root":
|
||||
+ home = "/root"
|
||||
+ else:
|
||||
+ sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
|
||||
+ return
|
||||
+ prefs = {}
|
||||
+ prefs["seuser"] = seuser
|
||||
+ prefs["prefix"] = prefix
|
||||
+ prefs["home"] = home
|
||||
+ udict[user] = prefs
|
||||
+
|
||||
+ def setDefaultUser(self, user, prefix):
|
||||
+ self.default_user = user
|
||||
+ self.default_prefix = prefix
|
||||
+
|
||||
+ def getUsers(self):
|
||||
+ udict = {}
|
||||
+ if self.semanaged:
|
||||
+ (status, list) = semanage_seuser_list(self.semanageHandle)
|
||||
+ for seuser in list:
|
||||
+ user = []
|
||||
+ seusername = semanage_seuser_get_sename(seuser)
|
||||
+ prefix = self.get_default_prefix(seusername)
|
||||
+ if semanage_seuser_get_name(seuser) == "__default__":
|
||||
+ self.setDefaultUser(seusername, prefix)
|
||||
+
|
||||
+ self.adduser(udict, semanage_seuser_get_name(seuser), seusername, prefix)
|
||||
+
|
||||
+ else:
|
||||
+ try:
|
||||
+ fd = open(self.selinuxdir+self.type+"/seusers")
|
||||
+ for u in fd.readlines():
|
||||
+ u = u.strip()
|
||||
+ if len(u) == 0 or u[0] == "#":
|
||||
+ continue
|
||||
+ user = u.split(":")
|
||||
+ if len(user) < 2:
|
||||
+ continue
|
||||
+
|
||||
+ prefix = self.get_old_prefix(user[1])
|
||||
+ self.adduser(udict, user[0], user[1], prefix)
|
||||
+ fd.close()
|
||||
+ except IOError, error:
|
||||
+ # Must be install so force add of root
|
||||
+ self.adduser(udict, "root", "root", "root")
|
||||
+
|
||||
+ return udict
|
||||
+
|
||||
+ def getHomeDirContext(self, user, seuser, home, prefix):
|
||||
+ ret = "\n\n#\n# Home Context for user %s\n#\n\n" % user
|
||||
+ fd = open(self.getHomeDirTemplate(), 'r')
|
||||
+ for i in fd.readlines():
|
||||
+ if i.startswith("HOME_DIR") == 1:
|
||||
+ i = i.replace("HOME_DIR", home)
|
||||
+ i = i.replace("ROLE", prefix)
|
||||
+ i = i.replace("system_u", seuser)
|
||||
+ # Validate if the generated context exists. Some user types may not exist
|
||||
+ scon = i.split()[-1]
|
||||
+ if selinux.is_selinux_enabled() < 1 or selinux.security_check_context(scon) == 0:
|
||||
+ ret = ret+i
|
||||
+ fd.close()
|
||||
+ return ret
|
||||
+
|
||||
+ def getUserContext(self, user, sel_user, prefix):
|
||||
+ ret = ""
|
||||
+ fd = open(self.getHomeDirTemplate(), 'r')
|
||||
+ for i in fd.readlines():
|
||||
+ if i.find("USER") > 0:
|
||||
i = i.replace("USER", user)
|
||||
i = i.replace("ROLE", prefix)
|
||||
i = i.replace("system_u", sel_user)
|
||||
@@ -289,20 +304,9 @@
|
||||
return ret+"\n"
|
||||
|
||||
def checkExists(self, home):
|
||||
- fd = open(self.getFileContextFile())
|
||||
- for i in fd.readlines():
|
||||
- if len(i) == 0:
|
||||
- continue
|
||||
+ i = i.replace("USER", user)
|
||||
+ i = i.replace("ROLE", prefix)
|
||||
+ i = i.replace("system_u", sel_user)
|
||||
+ ret = ret+i
|
||||
+ fd.close()
|
||||
+ return ret
|
||||
+
|
||||
+ def genHomeDirContext(self):
|
||||
+ ret = ""
|
||||
+ # Fill in HOME and prefix for users that are defined
|
||||
+ for u in self.users.keys():
|
||||
+ ret += self.getHomeDirContext (u, self.users[u]["seuser"], self.users[u]["home"], self.users[u]["prefix"])
|
||||
+ ret += self.getUserContext (u, self.users[u]["seuser"], self.users[u]["prefix"])
|
||||
+ return ret+"\n"
|
||||
+
|
||||
+ def checkExists(self, home):
|
||||
+ for i in self.fclines:
|
||||
try:
|
||||
- regex = i.split()[0]
|
||||
- #match a trailing .+
|
||||
- regex = re.sub("\.+$", "", regex)
|
||||
- regex = re.sub("\.\*$", "", regex)
|
||||
- #strip a (/.*)? which matches anything trailing to a /*$ which matches trailing /'s
|
||||
-
|
||||
- regex = re.sub("\(\/\.\*\)\?", "", regex)
|
||||
- regex = regex + "/*$"
|
||||
- if re.search(regex,home, 0):
|
||||
+ try:
|
||||
+ if i.match(home):
|
||||
return 1
|
||||
except:
|
||||
continue
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.23/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2007-07-16 14:20:41.000000000 -0400
|
||||
+++ policycoreutils-2.0.23/semanage/semanage 2007-08-22 16:29:22.000000000 -0400
|
||||
@@ -34,7 +34,10 @@
|
||||
sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
|
||||
+ return 1
|
||||
+ except:
|
||||
+ continue
|
||||
+ return 0
|
||||
+
|
||||
+ def getHomeDirs(self):
|
||||
+ homedirs = getDefaultHomeDir()
|
||||
+ starting_uid = getStartingUID()
|
||||
+ if self.usepwd == 0:
|
||||
+ return homedirs
|
||||
+ ulist = pwd.getpwall()
|
||||
+ for u in ulist:
|
||||
+ if u[2] >= starting_uid and \
|
||||
+ u[6] in VALID_SHELLS and \
|
||||
+ u[5] != "/" and \
|
||||
+ string.count(u[5], "/") > 1:
|
||||
+ homedir = u[5][:string.rfind(u[5], "/")]
|
||||
+ if not homedir in homedirs:
|
||||
+ if self.checkExists(homedir) == 1:
|
||||
+ warning("%s homedir %s or its parent directory conflicts with a\ndefined context in %s,\n%s will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))
|
||||
+ else:
|
||||
+ homedirs.append(homedir)
|
||||
+
|
||||
+ homedirs.sort()
|
||||
+ return homedirs
|
||||
+
|
||||
+ def genoutput(self):
|
||||
+ ret = self.heading()
|
||||
+ for h in self.getHomeDirs():
|
||||
+ ret += self.getHomeDirContext (self.default_user, self.default_user, h+'/[^/]*', self.default_prefix)
|
||||
+ ret += self.getHomeRootContext(h)
|
||||
+ ret += self.getUserContext(".*", self.default_user, self.default_prefix) + "\n"
|
||||
+ ret += self.genHomeDirContext()
|
||||
+ return ret
|
||||
+
|
||||
+ def printout(self):
|
||||
+ print self.genoutput()
|
||||
+
|
||||
+ def write(self):
|
||||
+ fd = open(self.getFileContextDir()+"/file_contexts.homedirs", "w")
|
||||
+ fd.write(self.genoutput())
|
||||
+ fd.close()
|
||||
+
|
||||
+if os.getuid() > 0 or os.geteuid() > 0:
|
||||
+ print _("You must be root to run %s.") % sys.argv[0]
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+try:
|
||||
+ fd = open("/etc/shells", 'r')
|
||||
+ VALID_SHELLS = fd.read().split("\n")
|
||||
+ fd.close()
|
||||
+ if "/sbin/nologin" in VALID_SHELLS:
|
||||
+ VALID_SHELLS.remove("/sbin/nologin")
|
||||
+ if "" in VALID_SHELLS:
|
||||
+ VALID_SHELLS.remove("")
|
||||
+except:
|
||||
+ VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']
|
||||
+
|
||||
+#
|
||||
+# This script will generate home dir file context
|
||||
+# based off the homedir_template file, entries in the password file, and
|
||||
+#
|
||||
+try:
|
||||
+ usepwd = 1
|
||||
+ directory = "/etc/selinux"
|
||||
+ type = None
|
||||
+ gopts, cmds = getopt.getopt(sys.argv[1:], 'hnd:t:', ['help',
|
||||
+ 'type=',
|
||||
+ 'nopasswd',
|
||||
+ 'dir='])
|
||||
+ for o,a in gopts:
|
||||
+ if o == '--type' or o == "-t":
|
||||
+ type = a
|
||||
+ if o == '--nopasswd' or o == "-n":
|
||||
+ usepwd = 0
|
||||
+ if o == '--dir' or o == "-d":
|
||||
+ directory = a
|
||||
+ if o == '--help' or o == "-h":
|
||||
+ usage()
|
||||
+except getopt.error, error:
|
||||
+ errorExit(_("Options Error %s ") % error)
|
||||
+
|
||||
+if type == None:
|
||||
+ type = getSELinuxType(directory)
|
||||
+
|
||||
+if len(cmds) != 0:
|
||||
+ usage(1)
|
||||
+
|
||||
+selconf = selinuxConfig(directory, type, usepwd)
|
||||
+try:
|
||||
+ selconf.write()
|
||||
+except IOError, error:
|
||||
+ sys.stderr.write("%s: %s\n" % ( sys.argv[0], error ))
|
||||
+ sys.exit(1)
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-2.0.23/scripts/genhomedircon.8
|
||||
--- nsapolicycoreutils/scripts/genhomedircon.8 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.23/scripts/genhomedircon.8 2007-08-20 19:16:35.000000000 -0400
|
||||
@@ -0,0 +1,82 @@
|
||||
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
|
||||
+.\" Copyright (c) 2005 Manoj Srivastava <srivasta@debian.org>
|
||||
+.\"
|
||||
+.\" This is free documentation; you can redistribute it and/or
|
||||
+.\" modify it under the terms of the GNU General Public License as
|
||||
+.\" published by the Free Software Foundation; either version 2 of
|
||||
+.\" the License, or (at your option) any later version.
|
||||
+.\"
|
||||
+.\" The GNU General Public License's references to "object code"
|
||||
+.\" and "executables" are to be interpreted as the output of any
|
||||
+.\" document formatting or typesetting system, including
|
||||
+.\" intermediate and printed output.
|
||||
+.\"
|
||||
+.\" This manual is distributed in the hope that it will be useful,
|
||||
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+.\" GNU General Public License for more details.
|
||||
+.\"
|
||||
+.\" You should have received a copy of the GNU General Public
|
||||
+.\" License along with this manual; if not, write to the Free
|
||||
+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
|
||||
+.\" USA.
|
||||
+.\"
|
||||
+.\"
|
||||
+.TH GENHOMEDIRCON "8" "January 2005" "Security Enhanced Linux" ""
|
||||
+.SH NAME
|
||||
+genhomedircon \- generate SELinux file context configuration entries for user home directories
|
||||
+.SH SYNOPSIS
|
||||
+.B genhomedircon [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ] [-h]
|
||||
+
|
||||
+.SH OPTIONS
|
||||
+.TP
|
||||
+.B "\-h"
|
||||
+Print a short usage message
|
||||
+.TP
|
||||
+.B "\-d selinuxdir (\-\-directory)"
|
||||
+Directory where selinux files are installed defaults to /etc/selinux
|
||||
+.TP
|
||||
+.B
|
||||
+\-n \-\-nopasswd
|
||||
+Indicates to the utility not to read homedirectories out of the password database.
|
||||
+.TP
|
||||
+\-t selinuxtype (\-\-type)
|
||||
+Indicates the selinux type of this install. Defaults to "targeted".
|
||||
+.SH DESCRIPTION
|
||||
+.PP
|
||||
+This utility is used to generate file context configuration entries for
|
||||
+user home directories based on their
|
||||
+.B prefix
|
||||
+entry in the the
|
||||
+.B semanage user record.
|
||||
+genhomedircon is run when building
|
||||
+the policy. It is also run automaticaly when ever the
|
||||
+.B semanage
|
||||
+utility modifies
|
||||
+.B user
|
||||
+or
|
||||
+.B login
|
||||
+records.
|
||||
+Specifically, we replace HOME_ROOT, HOME_DIR, and ROLE macros in the
|
||||
+.I /etc/selinux/<<SELINUXTYPE>>/contexts/files/homedir_template
|
||||
+file with generic and user-specific values. HOME_ROOT and HOME_DIR is replaced with each distinct location where login users homedirectories are located. Defaults to /home. ROLE is replaced based on the prefix entry in the
|
||||
+.B user
|
||||
+record.
|
||||
+.PP
|
||||
+genhomedircon searches through all password entires for all "login" user home directories, (as opposed
|
||||
+to system users). Login users are those whose UID is greater than or equal
|
||||
+.I STARTING_UID
|
||||
+(default 500) and whose login shell is not "/sbin/nologin", or
|
||||
+"/bin/false".
|
||||
+.PP
|
||||
+.SH AUTHOR
|
||||
+This manual page was originally written by
|
||||
+.I Manoj Srivastava <srivasta@debian.org>,
|
||||
+for the Debian GNU/Linux system, based on the comments and the code
|
||||
+in the utility, and then updated by Dan Walsh of Red Hat. The
|
||||
+.B genhomedircon
|
||||
+utility was originally written by
|
||||
+.I Dan Walsh of Red Hat
|
||||
+with some modifications by
|
||||
+.I Tresys Technology, LLC.
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.23/scripts/Makefile
|
||||
--- nsapolicycoreutils/scripts/Makefile 2007-08-23 16:52:26.000000000 -0400
|
||||
+++ policycoreutils-2.0.23/scripts/Makefile 2007-08-20 19:16:35.000000000 -0400
|
||||
@@ -5,14 +5,18 @@
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
LOCALEDIR ?= /usr/share/locale
|
||||
|
||||
try:
|
||||
- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1)
|
||||
+ gettext.install(PROGNAME,
|
||||
+ localedir="/usr/share/locale",
|
||||
+ unicode=False,
|
||||
+ codeset = 'utf-8')
|
||||
except IOError:
|
||||
import __builtin__
|
||||
__builtin__.__dict__['_'] = unicode
|
||||
-all: fixfiles
|
||||
+TARGETS=genhomedircon
|
||||
+
|
||||
+all: $(TARGETS) fixfiles
|
||||
|
||||
install: all
|
||||
-mkdir -p $(BINDIR)
|
||||
+ install -m 755 $(TARGETS) $(SBINDIR)
|
||||
install -m 755 chcat $(BINDIR)
|
||||
install -m 755 fixfiles $(DESTDIR)/sbin
|
||||
-mkdir -p $(MANDIR)/man8
|
||||
install -m 644 fixfiles.8 $(MANDIR)/man8/
|
||||
+ install -m 644 genhomedircon.8 $(MANDIR)/man8/
|
||||
install -m 644 chcat.8 $(MANDIR)/man8/
|
||||
|
||||
clean:
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.23/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2007-07-16 14:20:41.000000000 -0400
|
||||
+++ policycoreutils-2.0.23/semanage/seobject.py 2007-08-22 16:29:22.000000000 -0400
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
%define sepolgenver 1.0.8
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.23
|
||||
Release: 2%{?dist}
|
||||
Version: 2.0.25
|
||||
Release: 1%{?dist}
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
|
@ -193,6 +193,15 @@ if [ "$1" -ge "1" ]; then
|
|||
fi
|
||||
|
||||
%changelog
|
||||
* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-1
|
||||
- Update semodule man page
|
||||
* Fix genhomedircon searching for USER from Todd Miller
|
||||
* Install run_init with mode 0755 from Dan Walsh.
|
||||
* Fix chcat from Dan Walsh.
|
||||
* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
|
||||
* Optimize genhomedircon to compile regexes once from Dan Walsh.
|
||||
* Fix semanage gettext call from Dan Walsh.
|
||||
|
||||
* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.23-2
|
||||
- Update semodule man page
|
||||
|
||||
|
|
Loading…
Reference in New Issue