diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 51f38f5..b52775d 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,153 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.9/scripts/fixfiles +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.21.10/restorecon/restorecon.8 +--- nsapolicycoreutils/restorecon/restorecon.8 2005-01-20 15:59:21.000000000 -0500 ++++ policycoreutils-1.21.10/restorecon/restorecon.8 2005-02-02 12:16:06.000000000 -0500 +@@ -4,10 +4,10 @@ + + .SH "SYNOPSIS" + .B restorecon +-.I [\-o outfilename ] [\-R] [\-n] [\-v] pathname... ++.I [\-o outfilename ] [\-R] [\-n] [\-v] [\-e directory ] pathname... + .P + .B restorecon +-.I \-f infilename [\-o outfilename ] [\-R] [\-n] [\-v] [\-F] ++.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-v] [\-F] + + .SH "DESCRIPTION" + This manual page describes the +@@ -26,6 +26,9 @@ + .B \-f infilename + infilename contains a list of files to be processed by application. Use \- for stdin. + .TP ++.B \-e directory ++directory to exclude (repeat option for more than one directory.) ++.TP + .B \-R + change files and directories file labels recursively + .TP +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.10/restorecon/restorecon.c +--- nsapolicycoreutils/restorecon/restorecon.c 2005-01-31 09:49:15.000000000 -0500 ++++ policycoreutils-1.21.10/restorecon/restorecon.c 2005-02-02 12:16:49.000000000 -0500 +@@ -10,6 +10,7 @@ + * USAGE: + * restorecon [-Rnv] pathname... + * ++ * -e Specify directory to exclude + * -n Do not change any file labels. + * -v Show changes in file labels. + * -o filename save list of files with incorrect context +@@ -45,6 +46,54 @@ + static int recurse=0; + static int force=0; + ++#define MAX_EXCLUDES 100 ++static int excludeCtr=0; ++struct edir { ++ char *directory; ++ int size; ++}; ++static struct edir excludeArray[MAX_EXCLUDES]; ++static int add_exclude(const char *directory) { ++ struct stat sb; ++ if(directory == NULL || directory[0] != '/') { ++ fprintf(stderr, "Full path required for exclude: %s.\n", ++ directory); ++ return 1; ++ } ++ if(lstat(directory, &sb)) { ++ fprintf(stderr, "Directory \"%s\" not found.\n", directory); ++ return 1; ++ } ++ if ((sb.st_mode & S_IFDIR) == 0 ) { ++ fprintf(stderr, "\"%s\" is not a Directory: mode %o\n", directory,sb.st_mode); ++ return 1; ++ } ++ excludeArray[excludeCtr].directory = strdup(directory); ++ if (!excludeArray[excludeCtr].directory) { ++ fprintf(stderr, "Out of memory.\n"); ++ return 1; ++ } ++ excludeArray[excludeCtr++].size = strlen(directory); ++ ++ if (excludeCtr > MAX_EXCLUDES) { ++ fprintf(stderr, "Maximum excludes %d exceeded.\n", MAX_EXCLUDES); ++ return 1; ++ } ++ return 0; ++} ++static int exclude(const char *file) { ++ int i=0; ++ for(i=0; i < excludeCtr; i++) { ++ if (strncmp(file,excludeArray[i].directory,excludeArray[i].size)==0) { ++ if (file[excludeArray[i].size]==0 || ++ file[excludeArray[i].size]=='/') { ++ return 1; ++ } ++ } ++ } ++ return 0; ++} ++ + /* Compare two contexts to see if their differences are "significant", + * or whether the only difference is in the user. */ + static int only_changed_user(const char *a, const char *b) +@@ -61,7 +110,7 @@ + void usage(const char * const name) + { + fprintf(stderr, +- "usage: %s [-Rnv] [-f filename | pathname... ]\n", name); ++ "usage: %s [-Rnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", name); + exit(1); + } + int restore(char *filename) { +@@ -79,6 +128,9 @@ + if (len > 0 && filename[len-1]=='/' && (strcmp(filename,"/") != 0)) { + filename[len-1]=0; + } ++ if (excludeCtr > 0 && exclude(filename)) { ++ return 1; ++ } + if (lstat(filename, &st)!=0) { + fprintf(stderr,"lstat(%s) failed: %s\n", filename,strerror(errno)); + return 1; +@@ -184,7 +236,7 @@ + void process(char *buf) { + if (recurse) { + if (nftw +- (buf, apply_spec, 1024, FTW_PHYS | FTW_MOUNT)) { ++ (buf, apply_spec, 1024, FTW_PHYS)) { + fprintf(stderr, + "%s: error while labeling files under %s\n", + progname, buf); +@@ -202,13 +254,15 @@ + int opt; + char buf[PATH_MAX]; + ++ memset(excludeArray,0, sizeof(excludeArray)); ++ + progname=argv[0]; + if (is_selinux_enabled() <= 0 ) + exit(0); + + memset(buf,0, sizeof(buf)); + +- while ((opt = getopt(argc, argv, "FRnvf:o:")) > 0) { ++ while ((opt = getopt(argc, argv, "FRnvf:o:e:")) > 0) { + switch (opt) { + case 'n': + change = 0; +@@ -219,6 +273,9 @@ + case 'F': + force = 1; + break; ++ case 'e': ++ if ( add_exclude(optarg) ) exit(1); ++ break; + case 'o': + outfile = fopen(optarg,"w"); + if (!outfile) { +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.10/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2005-01-31 09:49:15.000000000 -0500 -+++ policycoreutils-1.21.9/scripts/fixfiles 2005-02-01 14:06:56.000000000 -0500 ++++ policycoreutils-1.21.10/scripts/fixfiles 2005-02-02 12:16:06.000000000 -0500 @@ -60,12 +60,26 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then TEMPFILE=`mktemp ${FC}.XXXXXXXXXX` @@ -10,13 +157,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc - -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \ - while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done | \ + /usr/bin/diff $PREFC $FC | grep '^[<>]'|cut -c3-| grep ^/ | \ -+ sed -r -e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \ ++ sed -r -e 's,[[:blank:]].*,,g' \ ++ -e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \ + -e 's|([/[:alnum:]])\?|{\1,}|g' \ + -e 's|\?.*|*|g' \ + -e 's|\(.*|*|g' \ + -e 's|\[.*|*|g' \ + -e 's|\.\*|*|g' \ -+ -e 's|\.\+|*|g' \ ++ -e 's|\.\+|*|g' | \ + sort -u | \ + while read pattern ; \ + do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null; then \ @@ -26,10 +174,86 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc + esac; \ + fi; \ + done | \ -+ grep -v -e ^/root -e ^/home -e ^/tmp -e ^/var/tmp | \ while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \ - ${RESTORECON} $2 -v -f -R - -+ ${RESTORECON} -R $2 -v -f - ++ ${RESTORECON} -R $2 -v -e /root -e /home -e /tmp -e /var/tmp -f - rm -f ${TEMPFILE} fi } +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.21.10/setfiles/setfiles.c +--- nsapolicycoreutils/setfiles/setfiles.c 2005-01-31 09:49:15.000000000 -0500 ++++ policycoreutils-1.21.10/setfiles/setfiles.c 2005-02-02 12:16:16.000000000 -0500 +@@ -116,6 +116,35 @@ + va_end(ap); + } + ++static int add_exclude(const char *directory) { ++ struct stat sb; ++ if(directory == NULL || directory[0] != '/') { ++ fprintf(stderr, "Full path required for exclude: %s.\n", ++ directory); ++ return 1; ++ } ++ if(lstat(directory, &sb)) { ++ fprintf(stderr, "Directory \"%s\" not found.\n", directory); ++ return 1; ++ } ++ if ((sb.st_mode & S_IFDIR) == 0 ) { ++ fprintf(stderr, "\"%s\" is not a Directory: mode %o\n", directory,sb.st_mode); ++ return 1; ++ } ++ excludeArray[excludeCtr].directory = strdup(directory); ++ if (!excludeArray[excludeCtr].directory) { ++ fprintf(stderr, "Out of memory.\n"); ++ return 1; ++ } ++ excludeArray[excludeCtr++].size = strlen(directory); ++ ++ if (excludeCtr > MAX_EXCLUDES) { ++ fprintf(stderr, "Maximum excludes %d exceeded.\n", MAX_EXCLUDES); ++ return 1; ++ } ++ return 0; ++} ++ + static int exclude(const char *file) { + int i=0; + for(i=0; i < excludeCtr; i++) { +@@ -402,36 +431,8 @@ + break; + } + case 'e': +- { +- int len; +- struct stat sb; +- if(optarg[0] != '/') { +- fprintf(stderr, "Full path required for exclude: %s.\n", +- optarg); +- exit(1); +- } +- if(lstat(optarg, &sb)) { +- fprintf(stderr, "Directory \"%s\" not found.\n", optarg); +- exit(1); +- } +- if ((sb.st_mode & S_IFDIR) == 0 ) { +- fprintf(stderr, "\"%s\" is not a Directory: mode %o\n", optarg,sb.st_mode); +- exit(1); +- } +- len=strlen(optarg); +- excludeArray[excludeCtr].directory = strdup(optarg); +- if (!excludeArray[excludeCtr].directory) { +- fprintf(stderr, "Out of memory.\n"); +- exit(1); +- } +- excludeArray[excludeCtr++].size = len; +- if (excludeCtr > MAX_EXCLUDES) { +- fprintf(stderr, "Maximum excludes %d exceeded.\n", +- MAX_EXCLUDES); +- exit(1); +- } ++ if ( add_exclude(optarg) ) exit(1); + break; +- } + + case 'd': + debug = 1; diff --git a/policycoreutils.spec b/policycoreutils.spec index a31df6e..2c337a5 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -81,7 +81,10 @@ rm -rf ${RPM_BUILD_ROOT} %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog -* Fri Jan 28 2005 Dan Walsh 1.21.10-1 +* Wed Feb 2 2005 Dan Walsh 1.21.10-2 +- More cleanup of fixfiles sed patch + +* Mon Jan 31 2005 Dan Walsh 1.21.10-1 - More cleanup of fixfiles sed patch - Upgrade to latest from NSA * Merged patch for open_init_pty from Manoj Srivastava.