rpms/policycoreutils
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Wed Feb 2 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-2

Browse Source 
- More cleanup of fixfiles sed patch
This commit is contained in:
Daniel J Walsh 2005-02-02 17:58:48 +00:00
parent 829c705f9c
commit 41933ac0b5
2 changed files with 234 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

236
policycoreutils-rhat.patch
View File

@ -1,6 +1,153 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.9/scripts/fixfiles diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.21.10/restorecon/restorecon.8
--- nsapolicycoreutils/restorecon/restorecon.8 2005-01-20 15:59:21.000000000 -0500
+++ policycoreutils-1.21.10/restorecon/restorecon.8 2005-02-02 12:16:06.000000000 -0500
@@ -4,10 +4,10 @@
.SH "SYNOPSIS"
.B restorecon
-.I [\-o outfilename ] [\-R] [\-n] [\-v] pathname...
+.I [\-o outfilename ] [\-R] [\-n] [\-v] [\-e directory ] pathname...
.P
.B restorecon
-.I \-f infilename [\-o outfilename ] [\-R] [\-n] [\-v] [\-F]
+.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-v] [\-F]
.SH "DESCRIPTION"
This manual page describes the
@@ -26,6 +26,9 @@
.B \-f infilename
infilename contains a list of files to be processed by application. Use \- for stdin.
.TP
+.B \-e directory
+directory to exclude (repeat option for more than one directory.)
+.TP
.B \-R
change files and directories file labels recursively
.TP
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.10/restorecon/restorecon.c
--- nsapolicycoreutils/restorecon/restorecon.c 2005-01-31 09:49:15.000000000 -0500
+++ policycoreutils-1.21.10/restorecon/restorecon.c 2005-02-02 12:16:49.000000000 -0500
@@ -10,6 +10,7 @@
* USAGE:
* restorecon [-Rnv] pathname...
*
+ * -e Specify directory to exclude
* -n Do not change any file labels.
* -v Show changes in file labels.
* -o filename save list of files with incorrect context
@@ -45,6 +46,54 @@
static int recurse=0;
static int force=0;
+#define MAX_EXCLUDES 100
+static int excludeCtr=0;
+struct edir {
+ char *directory;
+ int size;
+};
+static struct edir excludeArray[MAX_EXCLUDES];
+static int add_exclude(const char *directory) {
+ struct stat sb;
+ if(directory == NULL || directory[0] != '/') {
+ fprintf(stderr, "Full path required for exclude: %s.\n",
+ directory);
+ return 1;
+ }
+ if(lstat(directory, &sb)) {
+ fprintf(stderr, "Directory \"%s\" not found.\n", directory);
+ return 1;
+ }
+ if ((sb.st_mode & S_IFDIR) == 0 ) {
+ fprintf(stderr, "\"%s\" is not a Directory: mode %o\n", directory,sb.st_mode);
+ return 1;
+ }
+ excludeArray[excludeCtr].directory = strdup(directory);
+ if (!excludeArray[excludeCtr].directory) {
+ fprintf(stderr, "Out of memory.\n");
+ return 1;
+ }
+ excludeArray[excludeCtr++].size = strlen(directory);
+
+ if (excludeCtr > MAX_EXCLUDES) {
+ fprintf(stderr, "Maximum excludes %d exceeded.\n", MAX_EXCLUDES);
+ return 1;
+ }
+ return 0;
+}
+static int exclude(const char *file) {
+ int i=0;
+ for(i=0; i < excludeCtr; i++) {
+ if (strncmp(file,excludeArray[i].directory,excludeArray[i].size)==0) {
+ if (file[excludeArray[i].size]==0 ||
+ file[excludeArray[i].size]=='/') {
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
/* Compare two contexts to see if their differences are "significant",
* or whether the only difference is in the user. */
static int only_changed_user(const char *a, const char *b)
@@ -61,7 +110,7 @@
void usage(const char * const name)
{
fprintf(stderr,
- "usage: %s [-Rnv] [-f filename | pathname... ]\n", name);
+ "usage: %s [-Rnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", name);
exit(1);
}
int restore(char *filename) {
@@ -79,6 +128,9 @@
if (len > 0 && filename[len-1]=='/' && (strcmp(filename,"/") != 0)) {
filename[len-1]=0;
}
+ if (excludeCtr > 0 && exclude(filename)) {
+ return 1;
+ }
if (lstat(filename, &st)!=0) {
fprintf(stderr,"lstat(%s) failed: %s\n", filename,strerror(errno));
return 1;
@@ -184,7 +236,7 @@
void process(char *buf) {
if (recurse) {
if (nftw
- (buf, apply_spec, 1024, FTW_PHYS | FTW_MOUNT)) {
+ (buf, apply_spec, 1024, FTW_PHYS)) {
fprintf(stderr,
"%s: error while labeling files under %s\n",
progname, buf);
@@ -202,13 +254,15 @@
int opt;
char buf[PATH_MAX];
+ memset(excludeArray,0, sizeof(excludeArray));
+
progname=argv[0];
if (is_selinux_enabled() <= 0 )
exit(0);
memset(buf,0, sizeof(buf));
- while ((opt = getopt(argc, argv, "FRnvf:o:")) > 0) {
+ while ((opt = getopt(argc, argv, "FRnvf:o:e:")) > 0) {
switch (opt) {
case 'n':
change = 0;
@@ -219,6 +273,9 @@
case 'F':
force = 1;
break;
+ case 'e':
+ if ( add_exclude(optarg) ) exit(1);
+ break;
case 'o':
outfile = fopen(optarg,"w");
if (!outfile) {
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.10/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2005-01-31 09:49:15.000000000 -0500 --- nsapolicycoreutils/scripts/fixfiles 2005-01-31 09:49:15.000000000 -0500
+++ policycoreutils-1.21.9/scripts/fixfiles 2005-02-01 14:06:56.000000000 -0500 +++ policycoreutils-1.21.10/scripts/fixfiles 2005-02-02 12:16:06.000000000 -0500
@@ -60,12 +60,26 @@ @@ -60,12 +60,26 @@
if [ -f ${PREFC} -a -x /usr/bin/diff ]; then if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
TEMPFILE=`mktemp ${FC}.XXXXXXXXXX` TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
@ -10,13 +157,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
- -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \ - -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \
- while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done | \ - while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done | \
+ /usr/bin/diff $PREFC $FC | grep '^[<>]'|cut -c3-| grep ^/ | \ + /usr/bin/diff $PREFC $FC | grep '^[<>]'|cut -c3-| grep ^/ | \
+ sed -r -e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \ + sed -r -e 's,[[:blank:]].*,,g' \
+ -e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \
+ -e 's|([/[:alnum:]])\?|{\1,}|g' \ + -e 's|([/[:alnum:]])\?|{\1,}|g' \
+ -e 's|\?.*|*|g' \ + -e 's|\?.*|*|g' \
+ -e 's|\(.*|*|g' \ + -e 's|\(.*|*|g' \
+ -e 's|\[.*|*|g' \ + -e 's|\[.*|*|g' \
+ -e 's|\.\*|*|g' \ + -e 's|\.\*|*|g' \
+ -e 's|\.\+|*|g' \ + -e 's|\.\+|*|g' | \
+ sort -u | \ + sort -u | \
+ while read pattern ; \ + while read pattern ; \
+ do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null; then \ + do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null; then \
@ -26,10 +174,86 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
+ esac; \ + esac; \
+ fi; \ + fi; \
+ done | \ + done | \
+ grep -v -e ^/root -e ^/home -e ^/tmp -e ^/var/tmp | \
while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \ while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \
- ${RESTORECON} $2 -v -f -R - - ${RESTORECON} $2 -v -f -R -
+ ${RESTORECON} -R $2 -v -f - + ${RESTORECON} -R $2 -v -e /root -e /home -e /tmp -e /var/tmp -f -
rm -f ${TEMPFILE} rm -f ${TEMPFILE}
fi fi
} }
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.21.10/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2005-01-31 09:49:15.000000000 -0500
+++ policycoreutils-1.21.10/setfiles/setfiles.c 2005-02-02 12:16:16.000000000 -0500
@@ -116,6 +116,35 @@
va_end(ap);
}
+static int add_exclude(const char *directory) {
+ struct stat sb;
+ if(directory == NULL || directory[0] != '/') {
+ fprintf(stderr, "Full path required for exclude: %s.\n",
+ directory);
+ return 1;
+ }
+ if(lstat(directory, &sb)) {
+ fprintf(stderr, "Directory \"%s\" not found.\n", directory);
+ return 1;
+ }
+ if ((sb.st_mode & S_IFDIR) == 0 ) {
+ fprintf(stderr, "\"%s\" is not a Directory: mode %o\n", directory,sb.st_mode);
+ return 1;
+ }
+ excludeArray[excludeCtr].directory = strdup(directory);
+ if (!excludeArray[excludeCtr].directory) {
+ fprintf(stderr, "Out of memory.\n");
+ return 1;
+ }
+ excludeArray[excludeCtr++].size = strlen(directory);
+
+ if (excludeCtr > MAX_EXCLUDES) {
+ fprintf(stderr, "Maximum excludes %d exceeded.\n", MAX_EXCLUDES);
+ return 1;
+ }
+ return 0;
+}
+
static int exclude(const char *file) {
int i=0;
for(i=0; i < excludeCtr; i++) {
@@ -402,36 +431,8 @@
break;
}
case 'e':
- {
- int len;
- struct stat sb;
- if(optarg[0] != '/') {
- fprintf(stderr, "Full path required for exclude: %s.\n",
- optarg);
- exit(1);
- }
- if(lstat(optarg, &sb)) {
- fprintf(stderr, "Directory \"%s\" not found.\n", optarg);
- exit(1);
- }
- if ((sb.st_mode & S_IFDIR) == 0 ) {
- fprintf(stderr, "\"%s\" is not a Directory: mode %o\n", optarg,sb.st_mode);
- exit(1);
- }
- len=strlen(optarg);
- excludeArray[excludeCtr].directory = strdup(optarg);
- if (!excludeArray[excludeCtr].directory) {
- fprintf(stderr, "Out of memory.\n");
- exit(1);
- }
- excludeArray[excludeCtr++].size = len;
- if (excludeCtr > MAX_EXCLUDES) {
- fprintf(stderr, "Maximum excludes %d exceeded.\n",
- MAX_EXCLUDES);
- exit(1);
- }
+ if ( add_exclude(optarg) ) exit(1);
break;
- }
case 'd':
debug = 1;

5
policycoreutils.spec
View File

@ -81,7 +81,10 @@ rm -rf ${RPM_BUILD_ROOT}
%config(noreplace) %{_sysconfdir}/sestatus.conf %config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog %changelog
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-1 * Wed Feb 2 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-2
- More cleanup of fixfiles sed patch
* Mon Jan 31 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-1
- More cleanup of fixfiles sed patch - More cleanup of fixfiles sed patch
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged patch for open_init_pty from Manoj Srivastava. * Merged patch for open_init_pty from Manoj Srivastava.