rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Thu Jan 24 2008 Dan Walsh <dwalsh@redhat.com> 2.0.38-1 

- Update to upstream
  * Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
  * Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
  * Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
This commit is contained in:
Daniel J Walsh 2008-01-24 19:45:03 +00:00
parent 1392cbabd2
commit 375c226ef2
4 changed files with 9 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -170,3 +170,4 @@ policycoreutils-2.0.35.tgz
policycoreutils-2.0.36.tgz
policycoreutils-2.0.37.tgz
sepolgen-1.0.11.tgz
policycoreutils-2.0.38.tgz

221
policycoreutils-rhat.patch
View File

@ -1,72 +1,3 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.37/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2008-01-23 16:47:07.000000000 -0500
+++ policycoreutils-2.0.37/audit2allow/audit2allow 2008-01-23 17:15:21.000000000 -0500
@@ -19,7 +19,6 @@
#
import sys
-import tempfile
import sepolgen.audit as audit
import sepolgen.policygen as policygen
@@ -153,9 +152,9 @@
def __process_input(self):
if self.__options.type:
- filter = audit.TypeFilter(self.__options.type)
- self.__avs = self.__parser.to_access(filter)
- self.__selinux_errs = self.__parser.to_role(filter)
+ avcfilter = audit.TypeFilter(self.__options.type)
+ self.__avs = self.__parser.to_access(avcfilter)
+ self.__selinux_errs = self.__parser.to_role(avcfilter)
else:
self.__avs = self.__parser.to_access()
self.__selinux_errs = self.__parser.to_role()
@@ -221,13 +220,14 @@
def __output_audit2why(self):
import selinux
import selinux.audit2why as audit2why
+ import seobject
audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
for i in self.__parser.avc_msgs:
rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
if rc >= 0:
print "%s\n\tWas caused by:" % i.message
if rc == audit2why.NOPOLICY:
- raise "Must call policy_init first"
+ raise RuntimeError("Must call policy_init first")
if rc == audit2why.BADTCON:
print "Invalid Target Context %s\n" % i.tcontext
continue
@@ -241,7 +241,7 @@
print "Invalid permission %s\n" % i.accesses
continue
if rc == audit2why. BADCOMPUTE:
- raise "Error during access vector computation"
+ raise RuntimeError("Error during access vector computation")
if rc == audit2why.ALLOW:
print "\t\tUnknown - would be allowed by active policy\n",
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
@@ -251,12 +251,14 @@
if len(bools) > 1:
print "\tOne of the following booleans was set incorrectly."
for b in bools:
- print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
- print "\t# setsebool -P %s %d" % (b[0], b[1])
+ print "\n\tBoolean %s is %d." % (b[0], not b[1])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
else:
- print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0]
- print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
-
+ print "\tThe boolean %s set incorrectly. " % (bools[0][0])
+ print "\n\tBoolean %s is %d." % (bools[0][0], bools[0][1])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
continue
if rc == audit2why.TERULE:
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.37/Makefile
--- nsapolicycoreutils/Makefile 2007-12-19 06:02:52.000000000 -0500
+++ policycoreutils-2.0.37/Makefile 2008-01-23 17:13:45.000000000 -0500
@ -105,59 +36,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
}
free(scontext);
close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.37/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2008-01-23 14:36:28.000000000 -0500
+++ policycoreutils-2.0.37/scripts/fixfiles 2008-01-23 17:13:45.000000000 -0500
@@ -36,8 +36,8 @@
LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(rw/{print $3}';`
-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(ro/{print $3}';`
+FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';`
+FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';`
FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then
@@ -88,11 +88,11 @@
esac; \
fi; \
done | \
- while read pattern ; do sh -c "find $pattern" \
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
- \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
+ while read pattern ; do sh -c "find $pattern \
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \
+ \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
done 2> /dev/null | \
- ${RESTORECON} $2 -f -
+ ${RESTORECON} $2 -0 -f -
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
fi
}
@@ -129,8 +129,8 @@
if [ ! -z "$FILEPATH" ]; then
if [ -x /usr/bin/find ]; then
/usr/bin/find "$FILEPATH" \
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o -print0 | \
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
else
${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
fi
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.37/scripts/fixfiles.8
--- nsapolicycoreutils/scripts/fixfiles.8 2007-07-16 14:20:41.000000000 -0400
+++ policycoreutils-2.0.37/scripts/fixfiles.8 2008-01-23 17:13:45.000000000 -0500
@@ -35,7 +35,7 @@
.TP
.B -f
-Don't prompt for removal of /tmp directory.
+Clear /tmp directory with out prompt for removal.
.TP
.B -R rpmpackagename[,rpmpackagename...]
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.37/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-01-23 14:36:28.000000000 -0500
+++ policycoreutils-2.0.37/semanage/semanage 2008-01-23 17:13:45.000000000 -0500
@ -209,102 +87,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
if object == "login":
OBJECT = seobject.loginRecords(store)
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.37/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2007-12-10 21:42:27.000000000 -0500
+++ policycoreutils-2.0.37/semanage/seobject.py 2008-01-23 17:13:45.000000000 -0500
@@ -117,6 +117,12 @@
#print _("Failed to translate booleans.\n%s") % e
pass
+def boolean_desc(boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][2])
+ else:
+ return boolean
+
def validate_level(raw):
sensitivity = "s[0-9]*"
category = "c[0-9]*"
@@ -1456,10 +1462,7 @@
return ddict
def get_desc(self, boolean):
- if boolean in booleans_dict:
- return _(booleans_dict[boolean][2])
- else:
- return boolean
+ return boolean_desc(boolean)
def get_category(self, boolean):
if boolean in booleans_dict:
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.37/setfiles/setfiles.8
--- nsapolicycoreutils/setfiles/setfiles.8 2007-07-16 14:20:43.000000000 -0400
+++ policycoreutils-2.0.37/setfiles/setfiles.8 2008-01-23 17:13:45.000000000 -0500
@@ -59,6 +59,9 @@
.TP
.B \-W
display warnings about entries that had no matching files.
+.TP
+.B \-0
+Input items are terminated by a null character instead of by whitespace, and the quotes and backslash are not special (every character is taken literally). Disables the end of file string, which is treated like any other argument. Useful when input items might contain white space, quote marks, or backslashes.The GNU find -print0 option produces input suitable for this mode.
.SH "ARGUMENTS"
.B spec_file
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.37/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2008-01-11 10:52:37.000000000 -0500
+++ policycoreutils-2.0.37/setfiles/setfiles.c 2008-01-23 17:13:45.000000000 -0500
@@ -55,6 +55,7 @@
static int verbose = 0;
static int logging = 0;
static int warn_no_match = 0;
+static int null_terminated = 0;
static char *rootpath = NULL;
static int rootpathlen = 0;
static int recurse; /* Recursive descent. */
@@ -384,7 +385,7 @@
{
if (iamrestorecon) {
fprintf(stderr,
- "usage: %s [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ "usage: %s [-iFnrRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
name);
} else {
fprintf(stderr,
@@ -805,7 +806,7 @@
}
/* Process any options. */
- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW")) > 0) {
+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
switch (opt) {
case 'c':
{
@@ -927,6 +928,9 @@
case 'W':
warn_no_match = 1;
break;
+ case '0':
+ null_terminated = 1;
+ break;
case '?':
usage(argv[0]);
}
@@ -983,6 +987,7 @@
if (use_input_file) {
FILE *f = stdin;
ssize_t len;
+ int delim;
if (strcmp(input_filename, "-") != 0)
f = fopen(input_filename, "r");
if (f == NULL) {
@@ -991,7 +996,9 @@
usage(argv[0]);
}
__fsetlocking(f, FSETLOCKING_BYCALLER);
- while ((len = getline(&buf, &buf_len, f)) > 0) {
+
+ delim = (null_terminated != 0) ? '\0' : '\n';
+ while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
buf[len - 1] = 0;
errors |= process_one(buf);
}

8
policycoreutils.spec
View File

@ -5,7 +5,7 @@
%define sepolgenver 1.0.11
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.37
Version: 2.0.38
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
@ -193,6 +193,12 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Thu Jan 24 2008 Dan Walsh <dwalsh@redhat.com> 2.0.38-1
- Update to upstream
* Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
* Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
* Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.37-1
- Update to upstream
* Merged replacement for audit2why from Dan Walsh.

2
sources
View File

@ -1,2 +1,2 @@
f450ab5a14db31051869cc22a4e532a3 policycoreutils-2.0.37.tgz
3fed5cd04ee67c0f86e3cc6825261819 sepolgen-1.0.11.tgz
221516276ea4930b6c88689c00210e10 policycoreutils-2.0.38.tgz