Update to latest patches from eparis/Upstream

- fixfiles onboot will write any flags handed to it to /.autorelabel. - * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore - * This should allow fixfiles -F onboot, to force a hard relabel. - Add -p to show progress on full relabel.
2013-01-25 18:03:21 -05:00 · 2013-01-25 18:03:21 -05:00 · 3aa7d3a916
commit 3aa7d3a916
parent eef44bd006
2 changed files with 81 additions and 26 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -7651,10 +7651,10 @@ index 0000000..2f0c1cc
 +#!/bin/sh
 +sepolicy generate $*
 diff --git a/policycoreutils/gui/statusPage.py b/policycoreutils/gui/statusPage.py
-index e561de1..2069635 100644
+index e561de1..02685f2 100644
 --- a/policycoreutils/gui/statusPage.py
 +++ b/policycoreutils/gui/statusPage.py
-@@ -158,8 +158,22 @@ class statusPage:
+@@ -158,12 +158,30 @@ class statusPage:
         self.enabled = enabled
 
     def write_selinux_config(self, enforcing, type):
@ -7679,6 +7679,15 @@ index e561de1..2069635 100644
 
     def read_selinux_config(self):
         self.initialtype = selinux.selinux_getpolicytype()[1]
+-        self.initEnabled = selinux.selinux_getenforcemode()[1]
+        try:
+            self.initEnabled = selinux.selinux_getenforcemode()[1]
+        except:
+            self.initEnabled = False
+            pass
+         self.enabled = self.initEnabled
+         self.enabledOptionMenu.set_active(self.enabled + 1 )
+ 
 diff --git a/policycoreutils/gui/system-config-selinux.py b/policycoreutils/gui/system-config-selinux.py
 index 85e8b7f..bc3027e 100644
 --- a/policycoreutils/gui/system-config-selinux.py
@ -336801,8 +336810,20 @@ index 3bb3c4b..d16e331 100644
 			goto childerr;
 		}
 
+diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
+index e08088e..feecbef 100644
+--- a/policycoreutils/scripts/Makefile
+++ b/policycoreutils/scripts/Makefile
+@@ -6,6 +6,7 @@ SBINDIR ?= $(DESTDIR)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+ LOCALEDIR ?= $(PREFIX)/share/locale
+ 
+.PHONY: all genhomedircon
+ all: fixfiles genhomedircon chcat
+ 
+ genhomedircon:
 diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
-index 989b1ae..19a4ff0 100755
+index 989b1ae..23ab94d 100755
 --- a/policycoreutils/scripts/fixfiles
 +++ b/policycoreutils/scripts/fixfiles
@@ -114,6 +114,7 @@ exclude_dirs() {
@ -336837,7 +336858,16 @@ index 989b1ae..19a4ff0 100755
     return
 fi
 [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
-@@ -286,7 +287,7 @@ process() {
+@@ -235,7 +236,7 @@ FC=$TEMPFCFILE
+ fi
+ if [  -n "${FILESYSTEMSRW}" ]; then
+     echo "Relabeling `echo ${FILESYSTEMSRW}`"
+-    ${SETFILES} -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
+    ${SETFILES} ${VERBOSE} -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
+ else
+     echo >&2 "fixfiles: No suitable file systems found"
+ fi
+@@ -286,12 +287,12 @@ process() {
 # Make sure they specified one of the three valid commands
 #
 case "$1" in
@ -336846,6 +336876,12 @@ index 989b1ae..19a4ff0 100755
     check) restore -n -v;;
     verify) restore -n -o -;;
     relabel) relabel;;
+     onboot)
+-	touch /.autorelabel
+	echo $FORCEFLAG > /.autorelabel
+ 	echo "System will relabel on next boot"
+ 	;;
+     *)
@@ -317,11 +318,14 @@ if [ $# = 0 ]; then
 fi
 
@ -336894,15 +336930,6 @@ index 0b4cbaa..9ab7334 100644
 .SH "ARGUMENTS"
 One of:
 .TP 
-diff --git a/policycoreutils/scripts/genhomedircon b/policycoreutils/scripts/genhomedircon
-new file mode 100644
-index 0000000..58b19cd
--- /dev/null
-+++ b/policycoreutils/scripts/genhomedircon
-@@ -0,0 +1,3 @@
-+#!/bin/sh
-+
-+/usr/sbin/semodule -Bn
 diff --git a/policycoreutils/secon/secon.1 b/policycoreutils/secon/secon.1
 index fcffbd8..6c30734 100644
 --- a/policycoreutils/secon/secon.1
@ -337467,7 +337494,7 @@ index 63b11dd..28a9022 100644
 .TP
 .I                \-P, \-\-prefix
 diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index ad7dc8c..64ab96d 100644
+index ad7dc8c..d31bdef 100644
 --- a/policycoreutils/semanage/seobject.py
 +++ b/policycoreutils/semanage/seobject.py
@@ -24,17 +24,18 @@
@ -337566,7 +337593,7 @@ index ad7dc8c..64ab96d 100644
 +	       try:
 +		       import sepolgen.module as module
 +	       except ImportError:
-+		       raise ValueError(_("Additional packages are required to setup permissive domains.\nYou must execute the following:\n# yum install policycoreutils-devel"))
+		       raise ValueError(_("The sepolgen python module is required to setup permissive domains.\nIn some distributions it is included in the policycoreutils-devel patckage.\n# yum install policycoreutils-devel\nOr similar for your distro."))
 +		
                name = "permissive_%s" % type
                dirname = "/var/lib/selinux"
@ -337803,6 +337830,27 @@ index ad7dc8c..64ab96d 100644
 
         def customized(self):
                l = []
+diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile
+index a90babe..4c5243a 100644
+--- a/policycoreutils/semodule/Makefile
+++ b/policycoreutils/semodule/Makefile
+@@ -10,11 +10,14 @@ override CFLAGS += -I$(INCLUDEDIR)
+ LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+ SEMODULE_OBJS = semodule.o
+ 
+-all: semodule
+.PHONY: all semodule_path
+all: semodule semodule_path
+
+semodule_path:
+	@echo -n $(SBINDIR) > ../scripts/semodule_path
+ 
+ semodule: $(SEMODULE_OBJS)
+ 	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+-	@echo -n $(SBINDIR) > ../scripts/semodule_path
+ 
+ install: all
+ 	-mkdir -p $(SBINDIR)
 diff --git a/policycoreutils/sepolicy/.gitignore b/policycoreutils/sepolicy/.gitignore
 new file mode 100644
 index 0000000..378eac2
@ -337812,7 +337860,7 @@ index 0000000..378eac2
 +build
 diff --git a/policycoreutils/sepolicy/Makefile b/policycoreutils/sepolicy/Makefile
 new file mode 100644
-index 0000000..b1bfc5d
+index 0000000..11b534f
 --- /dev/null
 +++ b/policycoreutils/sepolicy/Makefile
@@ -0,0 +1,32 @@
@ -337841,13 +337889,13 @@ index 0000000..b1bfc5d
 +	-rm -rf build *~ \#* *pyc .#*
 +
 +install:
-+	[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
 +	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
 +	[ -d $(BINDIR) ] || mkdir -p $(BINDIR)
 +	install -m 755 sepolicy.py $(BINDIR)/sepolicy
+	-mkdir -p $(MANDIR)/man8
+	install -m 644 *.8 $(MANDIR)/man8
 +	-mkdir -p $(BASHCOMPLETIONDIR)
 +	install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)
-+	install -m 644 *.8 $(MANDIR)/man8
 diff --git a/policycoreutils/sepolicy/common.h b/policycoreutils/sepolicy/common.h
 new file mode 100644
 index 0000000..dc3ce6a
@ -342946,7 +342994,7 @@ index 0000000..8b063ca
 +    return trans_list
 diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
 new file mode 100755
-index 0000000..e196a65
+index 0000000..a321faa
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
@@ -0,0 +1,1432 @@
@ -343754,7 +343802,7 @@ index 0000000..e196a65
 +.SH NSSWITCH DOMAIN
 +""")
 +		for b in nsswitch_booleans:
-+		    nsswitchbooltext += """
+			nsswitchbooltext += """
 +.PP
 +If you want to %s for the %s, you must turn on the %s boolean.
 +
@ -347574,7 +347622,7 @@ index ac27222..57ae46a 100644
 
 #endif
 diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
-index ffbb9d1..0acf09d 100644
+index ffbb9d1..80b6d6e 100644
 --- a/policycoreutils/setfiles/restorecon.8
 +++ b/policycoreutils/setfiles/restorecon.8
@@ -41,28 +41,27 @@ default file context, changing the user, role, range portion as well as the type
@ -347604,7 +347652,7 @@ index ffbb9d1..0acf09d 100644
 .B \-R, \-r
 change files and directories file labels recursively (descend directories).
 +.br
-+.B Note: restorecon reports warnings on paths without default labels only when it is non-recursively or in verbose mode.
+.B Note: restorecon reports warnings on paths without default labels only if called non-recursively or in verbose mode.
 .TP
 .B \-v
 show changes in file labels, if type or role are going to be changed.
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -1,13 +1,13 @@
 %define	libauditver	2.1.3-4
-%define libsepolver 	2.1.8-5
+%define libsepolver 	2.1.8-7
 %define	libsemanagever	2.1.9-1
-%define	libselinuxver	2.1.12-10
+%define	libselinuxver	2.1.12-19
 %define	sepolgenver	1.1.8

 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.13
-Release: 56%{?dist}
+Release: 57%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -338,7 +338,14 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :

 %changelog
-* Mon Jan 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-56
+* Fri Jan 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-57
+- Update to latest patches from eparis/Upstream
+- fixfiles onboot will write any flags handed to it to /.autorelabel. 
+-   * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
+-   * This should allow fixfiles -F onboot, to force a hard relabel.
+- Add -p to show progress on full relabel.
+
+* Tue Jan 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-56
 -  Additional changes for bash completsion and generate man page to match the w
 -  Add newtype as a new qualifier to sepolicy generate.  This new mechanism wil
 -  a policy write to generate types after the initial policy has been written a