From 42466e2b7e18542fad693397b65569ab1e665622 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 30 Aug 2011 16:32:33 -0400 Subject: [PATCH] Update to upstream * policycoreutils * setfiles: Fix process_glob to handle error situations * sandbox: Allow seunshare to run as root * sandbox: trap sigterm to make sure sandbox * sandbox: pass DPI from the desktop * sandbox: seunshare: introduce helper spawn_command * sandbox: seunshare: introduce new filesystem helpers * sandbox: add -C option to not drop * sandbox: split seunshare caps dropping * sandbox: use dbus-launch * sandbox: numerous simple updates to sandbox * sandbox: do not require selinux context * sandbox: Makefile: new man pages * sandbox: rename dir to srcdir * sandbox: allow users specify sandbox window size * sandbox: check for paths up front * sandbox: use defined values for paths rather * sandbox: move seunshare globals to the top * sandbox: whitespace fix * semodule_package: Add semodule_unpackage executable * setfiles: get rid of some stupid globals * setfiles: move exclude_non_seclabel_mounts to a generic location * sepolgen * refparser: include open among valid permissions * refparser: add support for filename_trans rules --- .gitignore | 2 + policycoreutils-rhat.patch | 1434 ++++++++------------------------ policycoreutils-sepolgen.patch | 99 +-- policycoreutils.spec | 44 +- sources | 4 +- 5 files changed, 433 insertions(+), 1150 deletions(-) diff --git a/.gitignore b/.gitignore index 5fae7f7..fd5b9e3 100644 --- a/.gitignore +++ b/.gitignore @@ -225,3 +225,5 @@ policycoreutils-2.0.83.tgz /policycoreutils-2.0.85.tgz /policycoreutils-2.0.86.tgz /policycoreutils-2.1.4.tgz +/policycoreutils-2.1.5.tgz +/sepolgen-1.1.1.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 52f6755..4fbb0d2 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -9,7 +9,7 @@ index 86ed03f..3e95698 100644 INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow -index 5435e9d..c60490b 100644 +index 5435e9d..e9d5882 100644 --- a/policycoreutils/audit2allow/audit2allow +++ b/policycoreutils/audit2allow/audit2allow @@ -1,4 +1,4 @@ @@ -34,6 +34,15 @@ index 5435e9d..c60490b 100644 parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False, help="read input from dmesg - conflicts with --all and --input") parser.add_option("-i", "--input", dest="input", +@@ -102,7 +104,7 @@ class AuditToPolicy: + if name: + options.requires = True + if not module.is_valid_name(name): +- sys.stderr.write("only letters and numbers allowed in module names\n") ++ sys.stderr.write('error: module names must begin with a letter, optionally followed by letters, numbers, "-", "_", "."\n') + sys.exit(2) + + # Make -M and -o conflict @@ -231,29 +233,12 @@ class AuditToPolicy: def __output_audit2why(self): @@ -1486,10 +1495,10 @@ index 9db766c..068e24c 100644 } /* main() */ diff --git a/policycoreutils/sandbox/Makefile b/policycoreutils/sandbox/Makefile -index ff0ee7c..924999d 100644 +index 21df0c4..924999d 100644 --- a/policycoreutils/sandbox/Makefile +++ b/policycoreutils/sandbox/Makefile -@@ -7,10 +7,10 @@ SBINDIR ?= $(PREFIX)/sbin +@@ -7,8 +7,8 @@ SBINDIR ?= $(PREFIX)/sbin MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale SHAREDIR ?= $(PREFIX)/share/sandbox @@ -1498,209 +1507,42 @@ index ff0ee7c..924999d 100644 +override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra +LDLIBS += -lcgroup -lselinux -lcap-ng --all: sandbox seunshare sandboxX.sh -+all: sandbox seunshare sandboxX.sh start + all: sandbox seunshare sandboxX.sh start - seunshare: seunshare.o $(EXTRA_OBJS) - $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) -@@ -20,14 +20,18 @@ install: all - install -m 755 sandbox $(BINDIR) - -mkdir -p $(MANDIR)/man8 +@@ -22,7 +22,7 @@ install: all install -m 644 sandbox.8 $(MANDIR)/man8/ -+ install -m 644 seunshare.8 $(MANDIR)/man8/ -+ -mkdir -p $(MANDIR)/man5 + install -m 644 seunshare.8 $(MANDIR)/man8/ + -mkdir -p $(MANDIR)/man5 +- install -m 644 sandbox.conf.5 $(MANDIR)/man5/ + install -m 644 sandbox.conf.5 $(MANDIR)/man5/sandbox.5 -mkdir -p $(SBINDIR) install -m 4755 seunshare $(SBINDIR)/ -mkdir -p $(SHAREDIR) - install -m 755 sandboxX.sh $(SHAREDIR) -+ install -m 755 start $(SHAREDIR) - -mkdir -p $(INITDIR) - install -m 755 sandbox.init $(INITDIR)/sandbox - -mkdir -p $(SYSCONFDIR) -- install -m 644 sandbox.config $(SYSCONFDIR)/sandbox -+ install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox - - test: - @python test_sandbox.py -v diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox -index 0b89e9a..481034c 100644 +index edae667..486cd4e 100644 --- a/policycoreutils/sandbox/sandbox +++ b/policycoreutils/sandbox/sandbox -@@ -1,5 +1,6 @@ - #! /usr/bin/python -Es - # Authors: Dan Walsh -+# Authors: Thomas Liu - # Authors: Josh Cogliati - # - # Copyright (C) 2009,2010 Red Hat -@@ -19,15 +20,17 @@ - # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - # - --import os, sys, socket, random, fcntl, shutil, re, subprocess -+import os, stat, sys, socket, random, fcntl, shutil, re, subprocess - import selinux - import signal - from tempfile import mkdtemp - import pwd -+import commands -+import setools +@@ -29,7 +29,6 @@ import commands + import setools PROGNAME = "policycoreutils" -HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir -- -+SEUNSHARE = "/usr/sbin/seunshare" -+SANDBOXSH = "/usr/share/sandbox/sandboxX.sh" + SEUNSHARE = "/usr/sbin/seunshare" + SANDBOXSH = "/usr/share/sandbox/sandboxX.sh" import gettext - gettext.bindtextdomain(PROGNAME, "/usr/share/locale") - gettext.textdomain(PROGNAME) -@@ -41,6 +44,7 @@ except IOError: - import __builtin__ - __builtin__.__dict__['_'] = unicode +@@ -258,9 +257,9 @@ Policy defines the following types for use with the -t: + pass -+DEFAULT_WINDOWSIZE = "1000x700" - DEFAULT_TYPE = "sandbox_t" - DEFAULT_X_TYPE = "sandbox_x_t" - SAVE_FILES = {} -@@ -63,15 +67,15 @@ def error_exit(msg): - sys.stderr.flush() - sys.exit(1) - --def copyfile(file, dir, dest): -+def copyfile(file, srcdir, dest): - import re -- if file.startswith(dir): -+ if file.startswith(srcdir): - dname = os.path.dirname(file) - bname = os.path.basename(file) -- if dname == dir: -+ if dname == srcdir: - dest = dest + "/" + bname - else: -- newdir = re.sub(dir, dest, dname) -+ newdir = re.sub(srcdir, dest, dname) - if not os.path.exists(newdir): - os.makedirs(newdir) - dest = newdir + "/" + bname -@@ -81,9 +85,10 @@ def copyfile(file, dir, dest): - shutil.copytree(file, dest) - else: - shutil.copy2(file, dest) -+ - except shutil.Error, elist: -- for e in elist: -- sys.stderr.write(e[1]) -+ for e in elist.message: -+ sys.stderr.write(e[2]) - - SAVE_FILES[file] = (dest, os.path.getmtime(dest)) - -@@ -161,10 +166,10 @@ class Sandbox: - if not self.__options.homedir or not self.__options.tmpdir: - self.usage(_("Homedir and tempdir required for level mounts")) - -- if not os.path.exists("/usr/sbin/seunshare"): -+ if not os.path.exists(SEUNSHARE): - raise ValueError(_(""" --/usr/sbin/seunshare is required for the action you want to perform. --""")) -+%s is required for the action you want to perform. -+""") % SEUNSHARE) - - def __mount_callback(self, option, opt, value, parser): - self.__mount = True -@@ -172,6 +177,15 @@ class Sandbox: - def __x_callback(self, option, opt, value, parser): - self.__mount = True - setattr(parser.values, option.dest, True) -+ if not os.path.exists(SEUNSHARE): -+ raise ValueError(_(""" -+%s is required for the action you want to perform. -+""") % SEUNSHARE) -+ -+ if not os.path.exists(SANDBOXSH): -+ raise ValueError(_(""" -+%s is required for the action you want to perform. -+""") % SANDBOXSH) - - def __validdir(self, option, opt, value, parser): - if not os.path.isdir(value): -@@ -194,6 +208,8 @@ class Sandbox: - self.__include(option, opt, i[:-1], parser) - except IOError, e: - sys.stderr.write(str(e)) -+ except TypeError, e: -+ sys.stderr.write(str(e)) - fd.close() - - def __copyfiles(self): -@@ -212,13 +228,15 @@ class Sandbox: - /etc/gdm/Xsession - """) - else: -- command = " ".join(self.__paths) -+ command = self.__paths[0] + " " -+ for p in self.__paths[1:]: -+ command += "'%s' " % p - fd.write("""#! /bin/sh - #TITLE: %s - /usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap - %s & - WM_PID=$! --%s -+dbus-launch --exit-with-session %s - kill -TERM $WM_PID 2> /dev/null - """ % (command, wm, command)) - fd.close() -@@ -229,11 +247,22 @@ kill -TERM $WM_PID 2> /dev/null - - def __parse_options(self): - from optparse import OptionParser -+ types = "" -+ try: -+ types = _(""" -+Policy defines the following types for use with the -t: -+\t%s -+""") % "\n\t".join(setools.seinfo(setools.ATTRIBUTE, "sandbox_type")[0]['types']) -+ except RuntimeError: -+ pass -+ usage = _(""" --sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command +-sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command +sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command -+ + +-sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S +sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S -+%s -+""") % types + %s + """) % types --sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S --""") - - parser = OptionParser(version=self.VERSION, usage=usage) - parser.disable_interspersed_args() -@@ -260,14 +289,18 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- - parser.add_option("-H", "--homedir", - action="callback", callback=self.__validdir, - type="string", -- dest="homedir", -+ dest="homedir", - help=_("alternate home directory to use for mounting")) - -- parser.add_option("-T", "--tmpdir", dest="tmpdir", -+ parser.add_option("-T", "--tmpdir", dest="tmpdir", - type="string", - action="callback", callback=self.__validdir, - help=_("alternate /tmp directory to use for mounting")) - -+ parser.add_option("-w", "--windowsize", dest="windowsize", -+ type="string", default=DEFAULT_WINDOWSIZE, -+ help="size of the sandbox window") -+ - parser.add_option("-W", "--windowmanager", dest="wm", - type="string", - default="/usr/bin/matchbox-window-manager -use_titlebar no", -@@ -276,13 +309,21 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -309,6 +308,10 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- parser.add_option("-l", "--level", dest="level", help=_("MCS/MLS level for the sandbox")) @@ -1708,41 +1550,10 @@ index 0b89e9a..481034c 100644 + action="store_true", dest="usecgroup", default=False, + help=_("Use cgroups to limit this sandbox.")) + -+ parser.add_option("-C", "--capabilities", -+ action="store_true", dest="usecaps", default=False, -+ help="Allow apps requiring capabilities to run within the sandbox.") -+ - self.__parser=parser - - self.__options, cmds = parser.parse_args() - - if self.__options.X_ind: - self.setype = DEFAULT_X_TYPE -- -+ self.dpi=commands.getoutput("xrdb -query | grep dpi | /bin/cut -f 2") - if self.__options.setype: - self.setype = self.__options.setype - -@@ -300,6 +341,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- - self.__homedir = self.__options.homedir - self.__tmpdir = self.__options.tmpdir - else: -+ if self.__options.level: -+ self.__homedir = self.__options.homedir -+ self.__tmpdir = self.__options.tmpdir -+ - if len(cmds) == 0: - self.usage(_("Command required")) - cmds[0] = fullpath(cmds[0]) -@@ -323,50 +368,51 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- - - con = selinux.getcon()[1].split(":") - self.__execcon = "%s:%s:%s:%s" % (con[0], con[1], self.setype, level) -- self.__filecon = "%s:%s:%s:%s" % (con[0], "object_r", -- "%s_file_t" % self.setype[:-2], -+ self.__filecon = "%s:%s:%s:%s" % (con[0], "object_r", -+ "%s_file_t" % self.setype[:-2], - level) + parser.add_option("-C", "--capabilities", + action="store_true", dest="usecaps", default=False, + help="Allow apps requiring capabilities to run within the sandbox.") +@@ -370,30 +373,29 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- def __setup_dir(self): if self.__options.level or self.__options.session: return @@ -1770,97 +1581,41 @@ index 0b89e9a..481034c 100644 def __execute(self): try: -- if self.__options.X_ind: -- xmodmapfile = self.__homedir + "/.xmodmap" -- xd = open(xmodmapfile,"w") -- subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait() -- xd.close() -- -- self.__setup_sandboxrc(self.__options.wm) -- -- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, "/usr/share/sandbox/sandboxX.sh" ] -- rc = subprocess.Popen(cmds).wait() -- return rc -- -+ cmds = [ SEUNSHARE, "-Z", self.__execcon ] + cmds = [ SEUNSHARE, "-Z", self.__execcon ] +- if self.__options.usecaps == True: + if self.__options.usecgroup: + cmds.append('-c') + if self.__options.usecaps: -+ cmds.append('-C') + cmds.append('-C') if self.__mount: -- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon ] + self.__paths -- rc = subprocess.Popen(cmds).wait() -- return rc -+ cmds += [ "-t", self.__tmpdir, "-h", self.__homedir ] -+ -+ if self.__options.X_ind: -+ xmodmapfile = self.__homedir + "/.xmodmap" -+ xd = open(xmodmapfile,"w") -+ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait() -+ xd.close() -+ -+ self.__setup_sandboxrc(self.__options.wm) -+ -+ cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.dpi ] -+ else: -+ cmds += [ "--" ] + self.__paths -+ return subprocess.Popen(cmds).wait() - - selinux.setexeccon(self.__execcon) - rc = subprocess.Popen(self.__cmds).wait() -@@ -404,7 +450,7 @@ if __name__ == '__main__': - sandbox = Sandbox() - rc = sandbox.main() - except OSError, error: -- error_exit(error.args[1]) -+ error_exit(error) - except ValueError, error: - error_exit(error.args[0]) - except KeyError, error: + cmds += [ "-t", self.__tmpdir, "-h", self.__homedir ] diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8 -index 1479364..2b37e63 100644 +index e3b7ea7..2b37e63 100644 --- a/policycoreutils/sandbox/sandbox.8 +++ b/policycoreutils/sandbox/sandbox.8 -@@ -1,10 +1,13 @@ --.TH SANDBOX "8" "May 2009" "chcat" "User Commands" -+.TH SANDBOX "8" "May 2010" "sandbox" "User Commands" - .SH NAME +@@ -3,11 +3,11 @@ sandbox \- Run cmd under an SELinux sandbox .SH SYNOPSIS .B sandbox --[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd --[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S +-[-C] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd +[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd -+ -+.br -+.B sandbox + + .br + .B sandbox +-[-C] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S +[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S .br .SH DESCRIPTION .PP -@@ -42,6 +45,12 @@ Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X. - \fB\-T\ tmpdir - Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M. - .TP -+\fB\-S -+Run a full desktop session, Requires level, and home and tmpdir. -+.TP -+\fB\-w windowsize\fR -+Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700. -+.TP - \fB\-W windowmanager\fR - Select alternative window manager to run within - .B sandbox -X. -@@ -50,8 +59,20 @@ Default to /usr/bin/matchbox-window-manager. - \fB\-X\fR +@@ -60,10 +60,19 @@ Default to /usr/bin/matchbox-window-manager. Create an X based Sandbox for gui apps, temporary files for $HOME and /tmp, secondary Xserver, defaults to sandbox_x_t -+.TP + .TP +\fB\-c\fR +Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc. +.TP -+\fB\-C\fR -+Use capabilities within the sandbox. By default applications executed within the sandbox will not be allowed to use capabilities (setuid apps), with the -C flag, you can use programs requiring capabilities. + \fB\-C\fR + Use capabilities within the sandbox. By default applications executed within the sandbox will not be allowed to use capabilities (setuid apps), with the -C flag, you can use programs requiring capabilities. .PP .SH "SEE ALSO" .TP @@ -1873,65 +1628,6 @@ index 1479364..2b37e63 100644 +.I Dan Walsh +and +.I Thomas Liu -diff --git a/policycoreutils/sandbox/sandbox.conf b/policycoreutils/sandbox/sandbox.conf -new file mode 100644 -index 0000000..7c35808 ---- /dev/null -+++ b/policycoreutils/sandbox/sandbox.conf -@@ -0,0 +1,7 @@ -+# Space separate list of homedirs -+HOMEDIRS="/home" -+# Control group configuration -+NAME=sandbox -+CPUAFFINITY=ALL -+MEMUSAGE=80% -+CPUUSAGE=80% -diff --git a/policycoreutils/sandbox/sandbox.conf.5 b/policycoreutils/sandbox/sandbox.conf.5 -new file mode 100644 -index 0000000..b3ee67d ---- /dev/null -+++ b/policycoreutils/sandbox/sandbox.conf.5 -@@ -0,0 +1,40 @@ -+.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration" -+.SH NAME -+sandbox.conf \- user config file for the SELinux sandbox -+.SH DESCRIPTION -+.PP -+When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined. -+ -+.PP -+Everything after "#" is ignored, as are empty lines. All arguments should be separated by and equals sign ("="). -+ -+.PP -+These keywords are allowed. -+ -+.RS -+.TP -+.B NAME -+The name of the sandbox control group. Default is "sandbox". -+ -+.TP -+.B CPUAFFINITY -+Which cpus to assign sandbox to. The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges. Ex: 0-2,5 -+ -+.TP -+.B MEMUSAGE -+How much memory to allow sandbox to use. The default is 80%. Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively. Ex: 50% or 100M -+ -+.TP -+.B CPUUSAGE -+Percentage of cpu sandbox should be allowed to use. The default is 80%. Specify a value followed by a percent sign ("%"). Ex: 50% -+ -+ -+ -+.SH "SEE ALSO" -+.TP -+sandbox(8) -+.PP -+ -+.SH AUTHOR -+This manual page was written by -+.I Thomas Liu diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init index ff8b3ef..66aadfd 100644 --- a/policycoreutils/sandbox/sandbox.init @@ -1976,89 +1672,40 @@ index ff8b3ef..66aadfd 100644 return 0 } -diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh -index 8338203..88ebfee 100644 ---- a/policycoreutils/sandbox/sandboxX.sh -+++ b/policycoreutils/sandbox/sandboxX.sh -@@ -1,15 +1,21 @@ --#!/bin/bash -+#!/bin/bash -+trap "" TERM - context=`id -Z | secon -t -l -P` - export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`" --export SCREENSIZE="1000x700" --#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'` -+[ -z $1 ] && export SCREENSIZE="1000x700" || export SCREENSIZE="$1" -+[ -z $2 ] && export DPI="96" || export DPI="$2" - trap "exit 0" HUP - --(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do -+(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -displayfd 5 5>&1 2>/dev/null) | while read D; do - export DISPLAY=:$D -- python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])' -+ cat > ~/seremote << __EOF -+#!/bin/sh -+DISPLAY=$DISPLAY "\$@" -+__EOF -+ chmod +x ~/seremote -+ /usr/share/sandbox/start $HOME/.sandboxrc - export EXITCODE=$? -- kill -HUP 0 -+ kill -TERM 0 - break - done - exit 0 diff --git a/policycoreutils/sandbox/seunshare.8 b/policycoreutils/sandbox/seunshare.8 -new file mode 100644 -index 0000000..06610c0 ---- /dev/null +index a9b846b..06610c0 100644 +--- a/policycoreutils/sandbox/seunshare.8 +++ b/policycoreutils/sandbox/seunshare.8 -@@ -0,0 +1,43 @@ -+.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands" -+.SH NAME -+seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context -+.SH SYNOPSIS -+.B seunshare +@@ -3,7 +3,7 @@ + seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context + .SH SYNOPSIS + .B seunshare +-[ -v ] [ -c ] [ -C ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args] +[ -v ] [ -c ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args] -+.br -+.SH DESCRIPTION -+.PP -+Run the -+.I executable -+within the specified context, using the alternate home directory and /tmp directory. The seunshare command unshares from the default namespace, then mounts the specified homedir and tmpdir over the default homedir and /tmp. Finally it tells the kernel to execute the application under the specified SELinux context. -+ -+.TP -+\fB\-h homedir\fR -+Alternate homedir to be used by the application. Homedir must be owned by the user. -+.TP -+\fB\-t\ tmpdir + .br + .SH DESCRIPTION + .PP +@@ -16,7 +16,7 @@ within the specified context, using the alternate home directory and /tmp direct + Alternate homedir to be used by the application. Homedir must be owned by the user. + .TP + \fB\-t\ tmpdir +-Use alternate temporary directory to mount on /tmp. tmpdir must be owned by the user. +Use alternate tempory directory to mount on /tmp. tmpdir must be owned by the user. -+.TP -+\fB\-c --cgroups\fR -+Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc. -+.TP -+\fB\-C --capabilities\fR -+Allow apps executed within the namespace to use capabilities. Default is no capabilities. -+.TP + .TP + \fB\-c --cgroups\fR + Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc. +@@ -24,6 +24,9 @@ Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysco + \fB\-C --capabilities\fR + Allow apps executed within the namespace to use capabilities. Default is no capabilities. + .TP +\fB\-k --kill\fR +Kill all processes with matching MCS level. +.TP -+\fB\-Z\ context -+Use alternate SELinux context while runing the executable. -+.TP -+\fB\-v\fR -+Verbose output -+.SH "SEE ALSO" -+.TP -+runcon(1), sandbox(8), selinux(8) -+.PP -+.SH AUTHOR -+This manual page was written by -+.I Dan Walsh -+and -+.I Thomas Liu + \fB\-Z\ context + Use alternate SELinux context while runing the executable. + .TP diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c -index e713b74..1a0a488 100644 +index f9bf12c..671d97c 100644 --- a/policycoreutils/sandbox/seunshare.c +++ b/policycoreutils/sandbox/seunshare.c @@ -1,27 +1,35 @@ @@ -2101,7 +1748,7 @@ index e713b74..1a0a488 100644 #ifdef USE_NLS #include /* for setlocale() */ -@@ -39,29 +47,55 @@ +@@ -39,10 +47,16 @@ #define MS_PRIVATE 1<<18 #endif @@ -2110,67 +1757,30 @@ index e713b74..1a0a488 100644 +#endif + +#define BUF_SIZE 1024 -+#define DEFAULT_PATH "/usr/bin:/bin" -+#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -c ] [ -k ] [ -C ] [ -t tmpdir] [ -h homedir ] [ -Z context ] -- executable [args]") -+ -+static int verbose = 0; + #define DEFAULT_PATH "/usr/bin:/bin" +-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -C ] [-t tmpdir] [-h homedir] [-Z context] -- executable [args]") ++#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -C ] [ -c ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z CONTEXT ] -- executable [args] ") + + static int verbose = 0; +static int child = 0; -+ -+static capng_select_t cap_set = CAPNG_SELECT_BOTH; -+ - /** -- * This function will drop all capabilities -- * Returns zero on success, non-zero otherwise -+ * This function will drop all capabilities. - */ --static int drop_capabilities(uid_t uid) -+static int drop_caps() - { -- capng_clear(CAPNG_SELECT_BOTH); -- -- if (capng_lock() < 0) -+ if (capng_have_capabilities(cap_set) == CAPNG_NONE) -+ return 0; -+ capng_clear(cap_set); -+ if (capng_lock() == -1 || capng_apply(cap_set) == -1) { -+ fprintf(stderr, _("Failed to drop all capabilities\n")); - return -1; -- /* Change uid */ -- if (setresuid(uid, uid, uid)) { -- fprintf(stderr, _("Error changing uid, aborting.\n")); -+ } -+ return 0; -+} -+ -+/** -+ * This function will drop all privileges. -+ */ -+static int drop_privs(uid_t uid) -+{ -+ if (drop_caps() == -1 || setresuid(uid, uid, uid) == -1) { -+ fprintf(stderr, _("Failed to drop privileges\n")); - return -1; - } -- return capng_apply(CAPNG_SELECT_BOTH); -+ return 0; + + static capng_select_t cap_set = CAPNG_SELECT_BOTH; + +@@ -74,6 +88,13 @@ static int drop_privs(uid_t uid) } --#define DEFAULT_PATH "/usr/bin:/bin" --static int verbose = 0; -+/** + /** + * If the user sends a siginto to seunshare, kill the child's session + */ +void handler(int sig) { + if (child > 0) kill(-child,sig); +} - - /** -- * Take care of any signal setup -+ * Take care of any signal setup. ++ ++/** + * Take care of any signal setup. */ static int set_signal_handles(void) - { -@@ -75,32 +109,117 @@ static int set_signal_handles(void) +@@ -88,12 +109,17 @@ static int set_signal_handles(void) (void)sigprocmask(SIG_SETMASK, &empty, NULL); @@ -2186,120 +1796,37 @@ index e713b74..1a0a488 100644 + return -1; + } + -+ return 0; -+} -+ -+#define status_to_retval(status,retval) do { \ -+ if ((status) == -1) \ -+ retval = -1; \ -+ else if (WIFEXITED((status))) \ -+ retval = WEXITSTATUS((status)); \ -+ else if (WIFSIGNALED((status))) \ -+ retval = 128 + WTERMSIG((status)); \ -+ else \ -+ retval = -1; \ -+ } while(0) -+ -+/** -+ * Spawn external command using system() with dropped privileges. -+ * TODO: avoid system() and use exec*() instead -+ */ -+static int spawn_command(const char *cmd, uid_t uid){ -+ int child; -+ int status = -1; -+ -+ if (verbose > 1) -+ printf("spawn_command: %s\n", cmd); -+ -+ child = fork(); -+ if (child == -1) { -+ perror(_("Unable to fork")); -+ return status; -+ } -+ -+ if (child == 0) { -+ if (drop_privs(uid) != 0) exit(-1); -+ -+ status = system(cmd); -+ status_to_retval(status, status); -+ exit(status); -+ } -+ -+ waitpid(child, &status, 0); -+ status_to_retval(status, status); -+ return status; -+} -+ -+/** -+ * Check file/directory ownership, struct stat * must be passed to the -+ * functions. -+ */ -+static int check_owner_uid(uid_t uid, const char *file, struct stat *st) { -+ if (S_ISLNK(st->st_mode)) { -+ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file); -+ return -1; -+ } -+ if (st->st_uid != uid) { -+ fprintf(stderr, _("Error: %s not owned by UID %d\n"), file, uid); -+ return -1; -+ } -+ return 0; -+} -+ -+static int check_owner_gid(gid_t gid, const char *file, struct stat *st) { -+ if (S_ISLNK(st->st_mode)) { -+ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file); -+ return -1; -+ } -+ if (st->st_gid != gid) { -+ fprintf(stderr, _("Error: %s not owned by GID %d\n"), file, gid); -+ return -1; -+ } return 0; } -+#define equal_stats(one,two) \ -+ ((one)->st_dev == (two)->st_dev && (one)->st_ino == (two)->st_ino && \ -+ (one)->st_uid == (two)->st_uid && (one)->st_gid == (two)->st_gid && \ -+ (one)->st_mode == (two)->st_mode) -+ +@@ -139,26 +165,6 @@ static int spawn_command(const char *cmd, uid_t uid){ + } + /** - * This function makes sure the mounted directory is owned by the user executing - * seunshare. - * If so, it returns 0. If it can not figure this out or they are different, it returns -1. -+ * Sanity check specified directory. Store stat info for future comparison, or -+ * compare with previously saved info to detect replaced directories. -+ * Note: This function does not perform owner checks. - */ +- */ -static int verify_mount(const char *mntdir, struct passwd *pwd) { -+static int verify_directory(const char *dir, struct stat *st_in, struct stat *st_out) { - struct stat sb; +- struct stat sb; - if (stat(mntdir, &sb) == -1) { - fprintf(stderr, _("Invalid mount point %s: %s\n"), mntdir, strerror(errno)); -+ -+ if (st_out == NULL) st_out = &sb; -+ -+ if (lstat(dir, st_out) == -1) { -+ fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno)); -+ return -1; -+ } -+ if (! S_ISDIR(st_out->st_mode)) { -+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno)); - return -1; - } +- return -1; +- } - if (sb.st_uid != pwd->pw_uid) { - errno = EPERM; - syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir); - perror(_("Invalid mount point, reporting to administrator")); -+ if (st_in && !equal_stats(st_in, st_out)) { -+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir); - return -1; - } -+ - return 0; - } - -@@ -123,7 +242,7 @@ static int verify_shell(const char *shell_name) +- return -1; +- } +- return 0; +-} +- +-/** + * Check file/directory ownership, struct stat * must be passed to the + * functions. + */ +@@ -236,7 +242,7 @@ static int verify_shell(const char *shell_name) /* check the shell skipping newline char */ if (!strcmp(shell_name, buf)) { @@ -2308,7 +1835,7 @@ index e713b74..1a0a488 100644 break; } } -@@ -131,54 +250,618 @@ static int verify_shell(const char *shell_name) +@@ -244,43 +250,600 @@ static int verify_shell(const char *shell_name) return rc; } @@ -2826,9 +2353,8 @@ index e713b74..1a0a488 100644 + if (fd_t >= 0) close(fd_t); + if (fd_s >= 0) close(fd_s); + return tmpdir; - } - --#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ") ++} ++ +#define PROC_BASE "/proc" + +static int @@ -2891,14 +2417,14 @@ index e713b74..1a0a488 100644 + context_free(con); + free(pid_table); + return running; -+} + } int main(int argc, char **argv) { - int rc; int status = -1; + security_context_t execcon = NULL; -- security_context_t scontext; +- security_context_t scontext = NULL; - - int flag_index; /* flag index in argv[] */ int clflag; /* holds codes for command line flags */ @@ -2920,29 +2446,23 @@ index e713b74..1a0a488 100644 + {"kill", 1, 0, 'k'}, {"verbose", 1, 0, 'v'}, + {"cgroups", 1, 0, 'c'}, -+ {"context", 1, 0, 'Z'}, -+ {"capabilities", 1, 0, 'C'}, + {"context", 1, 0, 'Z'}, + {"capabilities", 1, 0, 'C'}, {NULL, 0, 0, 0} - }; - - uid_t uid = getuid(); -- -+/* - if (!uid) { - fprintf(stderr, _("Must not be root")); - return -1; +@@ -294,6 +857,12 @@ int main(int argc, char **argv) { } -+*/ -+ + */ + +#ifdef USE_NLS + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); +#endif - ++ struct passwd *pwd=getpwuid(uid); if (!pwd) { -@@ -187,34 +870,36 @@ int main(int argc, char **argv) { + perror(_("getpwduid failed")); +@@ -301,7 +870,7 @@ int main(int argc, char **argv) { } if (verify_shell(pwd->pw_shell) < 0) { @@ -2951,12 +2471,7 @@ index e713b74..1a0a488 100644 return -1; } - while (1) { -- clflag = getopt_long(argc, argv, "h:t:", long_options, -- &flag_index); -+ clflag = getopt_long(argc, argv, "Ccvh:t:Z:", long_options, NULL); - if (clflag == -1) - break; +@@ -312,28 +881,25 @@ int main(int argc, char **argv) { switch (clflag) { case 't': @@ -2985,16 +2500,17 @@ index e713b74..1a0a488 100644 + break; + case 'c': + usecgroups = 1; -+ break; -+ case 'C': -+ cap_set = CAPNG_SELECT_CAPS; -+ break; -+ case 'Z': + break; + case 'C': + cap_set = CAPNG_SELECT_CAPS; + break; + case 'Z': +- scontext = strdup(optarg); + execcon = optarg; break; default: fprintf(stderr, "%s\n", USAGE_STRING); -@@ -223,99 +908,131 @@ int main(int argc, char **argv) { +@@ -342,97 +908,131 @@ int main(int argc, char **argv) { } if (! homedir_s && ! tmpdir_s) { @@ -3004,16 +2520,12 @@ index e713b74..1a0a488 100644 return -1; } -- if (argc - optind < 2) { -- fprintf(stderr, _("Error: context and executable required \n"), -- "%s\n", USAGE_STRING); -+ if (argc - optind < 1) { + if (argc - optind < 1) { +- fprintf(stderr, _("Error: executable required \n %s \n"), USAGE_STRING); + fprintf(stderr, _("Error: executable required\n %s\n"), USAGE_STRING); return -1; } -- scontext = argv[optind++]; -- - if (set_signal_handles()) + if (execcon && is_selinux_enabled() != 1) { + fprintf(stderr, _("Error: execution context specified, but SELinux is not enabled\n")); @@ -3046,9 +2558,7 @@ index e713b74..1a0a488 100644 + * on an NFS mount. It's also desired to avoid leaking info about + * existence of the files not accessible to the user. */ + setfsuid(uid); - -- if (drop_capabilities(uid)) { -- perror(_("Failed to drop all capabilities")); ++ + /* verify homedir and tmpdir */ + if (homedir_s && ( + verify_directory(homedir_s, NULL, &st_homedir) < 0 || @@ -3057,13 +2567,14 @@ index e713b74..1a0a488 100644 + verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 || + check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1; + setfsuid(0); -+ + +- if (drop_privs(uid)) + /* create runtime tmpdir */ + if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s, + &st_tmpdir_r, pwd, execcon)) == NULL) { + fprintf(stderr, _("Failed to create runtime temporary directory\n")); return -1; - } ++ } - int child = fork(); + /* spawn child process */ @@ -3084,19 +2595,26 @@ index e713b74..1a0a488 100644 - perror(_("Out of memory")); - exit(-1); - } +- } + if (child == 0) { + char *display = NULL; + int rc = -1; -+ -+ if (unshare(CLONE_NEWNS) < 0) { -+ perror(_("Failed to unshare")); -+ goto childerr; - } - if ((rc = clearenv())) { - perror(_("Unable to clear environment")); - free(display); - exit(-1); ++ if (unshare(CLONE_NEWNS) < 0) { ++ perror(_("Failed to unshare")); ++ goto childerr; + } + +- if (scontext) { +- if (setexeccon(scontext)) { +- fprintf(stderr, _("Could not set exec context to %s.\n"), +- scontext); +- free(display); +- exit(-1); + /* assume fsuid==ruid after this point */ + setfsuid(uid); + @@ -3113,20 +2631,14 @@ index e713b74..1a0a488 100644 + if ((display = strdup(display)) == NULL) { + perror(_("Out of memory")); + goto childerr; -+ } - } -- -- if (setexeccon(scontext)) { -- fprintf(stderr, _("Could not set exec context to %s.\n"), -- scontext); -- free(display); -- exit(-1); -+ if ((rc = clearenv()) != 0) { -+ perror(_("Failed to clear environment")); -+ goto childerr; + } } - - if (display) ++ if ((rc = clearenv()) != 0) { ++ perror(_("Failed to clear environment")); ++ goto childerr; ++ } + if (display) rc |= setenv("DISPLAY", display, 1); rc |= setenv("HOME", pwd->pw_dir, 1); @@ -3164,6 +2676,7 @@ index e713b74..1a0a488 100644 - free(tmpdir_s); - free(homedir_s); +- free(scontext); + drop_caps(); + + /* parent waits for child exit to do the cleanup */ @@ -3182,21 +2695,6 @@ index e713b74..1a0a488 100644 + free(tmpdir_r); return status; } -diff --git a/policycoreutils/sandbox/start b/policycoreutils/sandbox/start -new file mode 100644 -index 0000000..52950d7 ---- /dev/null -+++ b/policycoreutils/sandbox/start -@@ -0,0 +1,9 @@ -+#! /usr/bin/python -Es -+import gtk, commands, sys -+rc = [-1,''] -+try: -+ rc=commands.getstatusoutput(sys.argv[1]) -+except: -+ pass -+if rc[0] == 0: -+ print rc[1] diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles index e4e5f0d..27dcccf 100755 --- a/policycoreutils/scripts/fixfiles @@ -3487,9 +2985,16 @@ index 0140cd2..656a028 100644 errorExit(error.args[0]) except KeyError, error: diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py -index 6842b07..6742fe9 100644 +index 6842b07..7f11c4e 100644 --- a/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py +@@ -1,5 +1,5 @@ + #! /usr/bin/python -E +-# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat ++# Copyright (C) 2005-2011 2009 Red Hat + # see file 'COPYING' for use and warranty information + # + # semanage is a tool for managing SELinux configuration files @@ -30,11 +30,10 @@ from IPy import IP import gettext gettext.bindtextdomain(PROGNAME, "/usr/share/locale") @@ -3529,7 +3034,22 @@ index 6842b07..6742fe9 100644 if not semanage_is_managed(handle): semanage_handle_destroy(handle) -@@ -328,6 +329,7 @@ class permissiveRecords(semanageRecords): +@@ -253,9 +254,13 @@ class moduleRecords(semanageRecords): + return l + + def list(self, heading = 1, locallist = 0): ++ all = self.get_all() ++ if len(all) == 0: ++ return ++ + if heading: + print "\n%-25s%-10s\n" % (_("Modules Name"), _("Version")) +- for t in self.get_all(): ++ for t in all: + if t[2] == 0: + disabled = _("Disabled") + else: +@@ -328,11 +333,14 @@ class permissiveRecords(semanageRecords): name = semanage_module_get_name(mod) if name and name.startswith("permissive_"): l.append(name.split("permissive_")[1]) @@ -3537,7 +3057,25 @@ index 6842b07..6742fe9 100644 return l def list(self, heading = 1, locallist = 0): -@@ -420,7 +422,9 @@ class loginRecords(semanageRecords): + import setools + all = map(lambda y: y["name"], filter(lambda x: x["permissive"], setools.seinfo(setools.TYPE))) ++ if len(all) == 0: ++ return + + if heading: + print "\n%-25s\n" % (_("Builtin Permissive Types")) +@@ -340,6 +348,10 @@ class permissiveRecords(semanageRecords): + for t in all: + if t not in customized: + print t ++ ++ if len(customized) == 0: ++ return ++ + if heading: + print "\n%-25s\n" % (_("Customized Permissive Types")) + for t in customized: +@@ -420,7 +432,9 @@ class loginRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if login mapping for %s is defined") % name) if exists: @@ -3548,7 +3086,18 @@ index 6842b07..6742fe9 100644 if name[0] == '%': try: grp.getgrnam(name[1:]) -@@ -627,7 +631,8 @@ class seluserRecords(semanageRecords): +@@ -588,7 +602,10 @@ class loginRecords(semanageRecords): + def list(self,heading = 1, locallist = 0): + ddict = self.get_all(locallist) + keys = ddict.keys() ++ if len(keys) == 0: ++ return + keys.sort() ++ + if is_mls_enabled == 1: + if heading: + print "\n%-25s %-25s %-25s\n" % (_("Login Name"), _("SELinux User"), _("MLS/MCS Range")) +@@ -627,7 +644,8 @@ class seluserRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if SELinux user %s is defined") % name) if exists: @@ -3558,7 +3107,18 @@ index 6842b07..6742fe9 100644 (rc, u) = semanage_user_create(self.sh) if rc < 0: -@@ -864,6 +869,7 @@ class portRecords(semanageRecords): +@@ -820,7 +838,10 @@ class seluserRecords(semanageRecords): + def list(self, heading = 1, locallist = 0): + ddict = self.get_all(locallist) + keys = ddict.keys() ++ if len(keys) == 0: ++ return + keys.sort() ++ + if is_mls_enabled == 1: + if heading: + print "\n%-15s %-10s %-10s %-30s" % ("", _("Labeling"), _("MLS/"), _("MLS/")) +@@ -864,6 +885,7 @@ class portRecords(semanageRecords): return ( k, proto_d, low, high ) def __add(self, port, proto, serange, type): @@ -3566,7 +3126,7 @@ index 6842b07..6742fe9 100644 if is_mls_enabled == 1: if serange == "": serange = "s0" -@@ -926,6 +932,7 @@ class portRecords(semanageRecords): +@@ -926,6 +948,7 @@ class portRecords(semanageRecords): self.commit() def __modify(self, port, proto, serange, setype): @@ -3574,7 +3134,24 @@ index 6842b07..6742fe9 100644 if serange == "" and setype == "": if is_mls_enabled == 1: raise ValueError(_("Requires setype or serange")) -@@ -1136,7 +1143,8 @@ class nodeRecords(semanageRecords): +@@ -1073,11 +1096,14 @@ class portRecords(semanageRecords): + return l + + def list(self, heading = 1, locallist = 0): +- if heading: +- print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number")) + ddict = self.get_all_by_type(locallist) + keys = ddict.keys() ++ if len(keys) == 0: ++ return + keys.sort() ++ ++ if heading: ++ print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number")) + for i in keys: + rec = "%-30s %-8s " % i + rec += "%s" % ddict[i][0] +@@ -1136,7 +1162,8 @@ class nodeRecords(semanageRecords): (rc, exists) = semanage_node_exists(self.sh, k) if exists: @@ -3584,7 +3161,7 @@ index 6842b07..6742fe9 100644 (rc, node) = semanage_node_create(self.sh) if rc < 0: -@@ -1152,7 +1160,6 @@ class nodeRecords(semanageRecords): +@@ -1152,7 +1179,6 @@ class nodeRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not set mask for %s") % addr) @@ -3592,7 +3169,7 @@ index 6842b07..6742fe9 100644 rc = semanage_context_set_user(self.sh, con, "system_u") if rc < 0: raise ValueError(_("Could not set user in addr context for %s") % addr) -@@ -1204,12 +1211,11 @@ class nodeRecords(semanageRecords): +@@ -1204,12 +1230,11 @@ class nodeRecords(semanageRecords): if not exists: raise ValueError(_("Addr %s is not defined") % addr) @@ -3606,7 +3183,24 @@ index 6842b07..6742fe9 100644 if serange != "": semanage_context_set_mls(self.sh, con, untranslate(serange)) if setype != "": -@@ -1334,7 +1340,8 @@ class interfaceRecords(semanageRecords): +@@ -1296,11 +1321,14 @@ class nodeRecords(semanageRecords): + return l + + def list(self, heading = 1, locallist = 0): +- if heading: +- print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context") + ddict = self.get_all(locallist) + keys = ddict.keys() ++ if len(keys) == 0: ++ return + keys.sort() ++ ++ if heading: ++ print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context") + if is_mls_enabled: + for k in keys: + val = '' +@@ -1334,7 +1362,8 @@ class interfaceRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if interface %s is defined") % interface) if exists: @@ -3616,7 +3210,24 @@ index 6842b07..6742fe9 100644 (rc, iface) = semanage_iface_create(self.sh) if rc < 0: -@@ -1592,7 +1599,8 @@ class fcontextRecords(semanageRecords): +@@ -1483,11 +1512,14 @@ class interfaceRecords(semanageRecords): + return l + + def list(self, heading = 1, locallist = 0): +- if heading: +- print "%-30s %s\n" % (_("SELinux Interface"), _("Context")) + ddict = self.get_all(locallist) + keys = ddict.keys() ++ if len(keys) == 0: ++ return + keys.sort() ++ ++ if heading: ++ print "%-30s %s\n" % (_("SELinux Interface"), _("Context")) + if is_mls_enabled: + for k in keys: + print "%-30s %s:%s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2], translate(ddict[k][3], False)) +@@ -1592,7 +1624,8 @@ class fcontextRecords(semanageRecords): raise ValueError(_("Could not check if file context for %s is defined") % target) if exists: @@ -3626,7 +3237,7 @@ index 6842b07..6742fe9 100644 (rc, fcontext) = semanage_fcontext_create(self.sh) if rc < 0: -@@ -1783,11 +1791,11 @@ class fcontextRecords(semanageRecords): +@@ -1783,11 +1816,14 @@ class fcontextRecords(semanageRecords): return l def list(self, heading = 1, locallist = 0 ): @@ -3634,13 +3245,16 @@ index 6842b07..6742fe9 100644 - print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context")) fcon_dict = self.get_all(locallist) keys = fcon_dict.keys() ++ if len(keys) == 0: ++ return keys.sort() -+ if len(keys) > 0 and heading: ++ ++ if heading: + print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context")) for k in keys: if fcon_dict[k]: if is_mls_enabled: -@@ -1814,6 +1822,18 @@ class booleanRecords(semanageRecords): +@@ -1814,6 +1850,18 @@ class booleanRecords(semanageRecords): self.dict["1"] = 1 self.dict["0"] = 0 @@ -3659,7 +3273,7 @@ index 6842b07..6742fe9 100644 def __mod(self, name, value): (rc, k) = semanage_bool_key_create(self.sh, name) if rc < 0: -@@ -1833,9 +1853,10 @@ class booleanRecords(semanageRecords): +@@ -1833,9 +1881,10 @@ class booleanRecords(semanageRecords): else: raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) ) @@ -3673,7 +3287,7 @@ index 6842b07..6742fe9 100644 rc = semanage_bool_modify_local(self.sh, k, b) if rc < 0: raise ValueError(_("Could not modify boolean %s") % name) -@@ -1918,8 +1939,12 @@ class booleanRecords(semanageRecords): +@@ -1918,8 +1967,12 @@ class booleanRecords(semanageRecords): value = [] name = semanage_bool_get_name(boolean) value.append(semanage_bool_get_value(boolean)) @@ -3688,181 +3302,24 @@ index 6842b07..6742fe9 100644 ddict[name] = value return ddict -diff --git a/policycoreutils/semodule_package/Makefile b/policycoreutils/semodule_package/Makefile -index 0a4a3a6..f84cd7e 100644 ---- a/policycoreutils/semodule_package/Makefile -+++ b/policycoreutils/semodule_package/Makefile -@@ -9,15 +9,17 @@ CFLAGS ?= -Werror -Wall -W - override CFLAGS += -I$(INCLUDEDIR) - LDLIBS = -lsepol -lselinux -L$(LIBDIR) - --all: semodule_package -+all: semodule_package semodule_unpackage - - semodule_package: semodule_package.o - - install: all - -mkdir -p $(BINDIR) - install -m 755 semodule_package $(BINDIR) -+ install -m 755 semodule_unpackage $(BINDIR) - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 - install -m 644 semodule_package.8 $(MANDIR)/man8/ -+ install -m 644 semodule_unpackage.8 $(MANDIR)/man8/ - - relabel: - -diff --git a/policycoreutils/semodule_package/semodule_package.8 b/policycoreutils/semodule_package/semodule_package.8 -index 29c9eb2..ddad2d2 100644 ---- a/policycoreutils/semodule_package/semodule_package.8 -+++ b/policycoreutils/semodule_package/semodule_package.8 -@@ -44,7 +44,7 @@ File contexts file for the module (optional). - netfilter context file to be included in the package. - - .SH SEE ALSO --.B checkmodule(8), semodule(8) -+.B checkmodule(8), semodule(8), semodule_unpackage(8) - .SH AUTHORS - .nf - This manual page was written by Dan Walsh . -diff --git a/policycoreutils/semodule_package/semodule_unpackage.8 b/policycoreutils/semodule_package/semodule_unpackage.8 -new file mode 100644 -index 0000000..62dd53e ---- /dev/null -+++ b/policycoreutils/semodule_package/semodule_unpackage.8 -@@ -0,0 +1,24 @@ -+.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA -+.SH NAME -+semodule_unpackage \- Extract polciy module and file context file from an SELinux policy module unpackage. +@@ -1952,11 +2005,13 @@ class booleanRecords(semanageRecords): + if ddict[k]: + print "%s=%s" % (k, ddict[k][2]) + return +- if heading: +- print "%-40s %s\n" % (_("SELinux boolean"), _("Description")) + ddict = self.get_all(locallist) + keys = ddict.keys() ++ if len(keys) == 0: ++ return + -+.SH SYNOPSIS -+.B semodule_unpackage [] -+.br -+.SH DESCRIPTION -+.PP -+semodule_unpackage is the tool used to extract the SELinux policy module -+ and file context file from an SELinux Policy Package. -+ -+.SH EXAMPLE -+.nf -+# Extract the httpd module file from httpd policy package. -+$ semodule_unpackage httpd.pp httpd.mod httpd.fc -+.fi -+ -+.SH SEE ALSO -+.B semodule_package(8) -+.SH AUTHORS -+.nf -+This manual page was written by Dan Walsh . -+The program was written by Stephen Smalley -diff --git a/policycoreutils/semodule_package/semodule_unpackage.c b/policycoreutils/semodule_package/semodule_unpackage.c -new file mode 100644 -index 0000000..0120ee4 ---- /dev/null -+++ b/policycoreutils/semodule_package/semodule_unpackage.c -@@ -0,0 +1,103 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+char *progname = NULL; -+extern char *optarg; -+ -+static void usage(char *progname) -+{ -+ printf("usage: %s ppfile modfile [fcfile]\n", progname); -+ exit(1); -+} -+ -+static int file_to_policy_file(char *filename, struct sepol_policy_file **pf, char *mode) -+{ -+ FILE *f; -+ -+ if (sepol_policy_file_create(pf)) { -+ fprintf(stderr, "%s: Out of memory\n", progname); -+ return -1; -+ } -+ -+ f = fopen(filename, mode); -+ if (!f) { -+ fprintf(stderr, "%s: Could not open file %s: %s\n", progname, strerror(errno), filename); -+ return -1; -+ } -+ sepol_policy_file_set_fp(*pf, f); -+ return 0; -+} -+ -+int main(int argc, char **argv) -+{ -+ struct sepol_module_package *pkg; -+ struct sepol_policy_file *in, *out; -+ FILE *fp; -+ size_t len; -+ char *ppfile, *modfile, *fcfile = NULL, *fcdata; -+ -+ progname = argv[0]; -+ -+ if (argc < 3) { -+ usage(progname); -+ exit(1); -+ } -+ -+ ppfile = argv[1]; -+ modfile = argv[2]; -+ if (argc >= 3) -+ fcfile = argv[3]; -+ -+ if (file_to_policy_file(ppfile, &in, "r")) -+ exit(1); -+ -+ if (sepol_module_package_create(&pkg)) { -+ fprintf(stderr, "%s: Out of memory\n", progname); -+ exit(1); -+ } -+ -+ if (sepol_module_package_read(pkg, in, 0) == -1) { -+ fprintf(stderr, "%s: Error while reading policy module from %s\n", -+ progname, ppfile); -+ exit(1); -+ } -+ -+ if (file_to_policy_file(modfile, &out, "w")) -+ exit(1); -+ -+ if (sepol_policydb_write(sepol_module_package_get_policy(pkg), out)) { -+ fprintf(stderr, "%s: Error while writing module to %s\n", progname, modfile); -+ exit(1); -+ } -+ -+ sepol_policy_file_free(in); -+ sepol_policy_file_free(out); -+ -+ len = sepol_module_package_get_file_contexts_len(pkg); -+ if (fcfile && len) { -+ fp = fopen(fcfile, "w"); -+ if (!fp) { -+ fprintf(stderr, "%s: Could not open file %s: %s\n", progname, strerror(errno), fcfile); -+ exit(1); -+ } -+ fcdata = sepol_module_package_get_file_contexts(pkg); -+ if (fwrite(fcdata, 1, len, fp) != len) { -+ fprintf(stderr, "%s: Could not write file %s: %s\n", progname, strerror(errno), fcfile); -+ exit(1); -+ } -+ fclose(fp); -+ } -+ -+ sepol_module_package_free(pkg); -+ exit(0); -+} ++ if heading: ++ print "%-30s %s %s %s\n" % (_("SELinux boolean"),_("State"), _("Default"), _("Description")) + for k in keys: + if ddict[k]: +- print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k)) +- ++ print "%-30s (%-5s,%5s) %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k)) diff --git a/policycoreutils/sepolgen-ifgen/.gitignore b/policycoreutils/sepolgen-ifgen/.gitignore new file mode 100644 index 0000000..3816d2e @@ -4140,10 +3597,23 @@ index 0000000..1ce37b0 + return 0; +} diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index e05761a..5bcb44a 100644 +index 48ffcad..15f2bf0 100644 --- a/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c -@@ -318,11 +318,16 @@ static int process_one(char *name, int recurse_this_path) +@@ -60,9 +60,10 @@ void restore_init(struct restore_opts *opts) + r_opts = opts; + struct selinux_opt selinux_opts[] = { + { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate }, +- { SELABEL_OPT_PATH, r_opts->selabel_opt_path } ++ { SELABEL_OPT_PATH, r_opts->selabel_opt_path }, ++ { SELABEL_OPT_SUBSET, r_opts->selabel_opt_subset } + }; +- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 2); ++ r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3); + if (!r_opts->hnd) { + perror(r_opts->selabel_opt_path); + exit(1); +@@ -318,11 +319,16 @@ static int process_one(char *name, int recurse_this_path) ftsent = fts_read(fts_handle); @@ -4163,41 +3633,7 @@ index e05761a..5bcb44a 100644 do { rc = 0; /* Skip the post order nodes. */ -@@ -368,19 +373,21 @@ int process_glob(char *name, int recurse) { - int errors; - memset(&globbuf, 0, sizeof(globbuf)); - errors = glob(name, GLOB_TILDE | GLOB_PERIOD, NULL, &globbuf); -- if (errors) -- errors = process_one_realpath(name, recurse); -- else { -- for (i = 0; i < globbuf.gl_pathc; i++) { -- int len = strlen(globbuf.gl_pathv[i]) -2; -- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0) -- continue; -- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) -- continue; -- errors |= process_one_realpath(globbuf.gl_pathv[i], recurse); -- } -- globfree(&globbuf); -+ if (errors == GLOB_NOMATCH) -+ return 0; -+ -+ if (errors) -+ return errors; -+ -+ for (i = 0; i < globbuf.gl_pathc; i++) { -+ int len = strlen(globbuf.gl_pathv[i]) -2; -+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0) -+ continue; -+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) -+ continue; -+ errors |= process_one_realpath(globbuf.gl_pathv[i], recurse); - } -+ globfree(&globbuf); - return errors; - } - -@@ -388,7 +395,7 @@ int process_one_realpath(char *name, int recurse) +@@ -390,7 +396,7 @@ int process_one_realpath(char *name, int recurse) { int rc = 0; char *p; @@ -4206,7 +3642,7 @@ index e05761a..5bcb44a 100644 if (r_opts == NULL){ fprintf(stderr, -@@ -399,7 +406,7 @@ int process_one_realpath(char *name, int recurse) +@@ -401,7 +407,7 @@ int process_one_realpath(char *name, int recurse) if (!r_opts->expand_realpath) { return process_one(name, recurse); } else { @@ -4215,7 +3651,7 @@ index e05761a..5bcb44a 100644 if (rc < 0) { if (r_opts->ignore_enoent && errno == ENOENT) return 0; -@@ -566,7 +573,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil +@@ -568,7 +574,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil { file_spec_t *prevfl, *fl; int h, ret; @@ -4224,7 +3660,7 @@ index e05761a..5bcb44a 100644 if (!fl_head) { fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS); -@@ -579,7 +586,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil +@@ -581,7 +587,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; prevfl = fl, fl = fl->next) { if (ino == fl->ino) { @@ -4233,214 +3669,38 @@ index e05761a..5bcb44a 100644 if (ret < 0 || sb.st_ino != ino) { freecon(fl->con); free(fl->file); -@@ -631,5 +638,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil - return -1; - } - -+#include -+/* -+ Search /proc/mounts for all file systems that do not support extended -+ attributes and add them to the exclude directory table. File systems -+ that support security labels have the seclabel option. -+*/ -+void exclude_non_seclabel_mounts() -+{ -+ struct utsname uts; -+ FILE *fp; -+ size_t len; -+ ssize_t num; -+ int index = 0, found = 0; -+ char *mount_info[4]; -+ char *buf = NULL, *item; -+ -+ /* Check to see if the kernel supports seclabel */ -+ if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) -+ return; -+ if (is_selinux_enabled() <= 0) -+ return; -+ -+ fp = fopen("/proc/mounts", "r"); -+ if (!fp) -+ return; -+ -+ while ((num = getline(&buf, &len, fp)) != -1) { -+ found = 0; -+ index = 0; -+ item = strtok(buf, " "); -+ while (item != NULL) { -+ mount_info[index] = item; -+ if (index == 3) -+ break; -+ index++; -+ item = strtok(NULL, " "); -+ } -+ if (index < 3) { -+ fprintf(stderr, -+ "/proc/mounts record \"%s\" has incorrect format.\n", -+ buf); -+ continue; -+ } - -+ /* remove pre-existing entry */ -+ remove_exclude(mount_info[1]); -+ -+ item = strtok(mount_info[3], ","); -+ while (item != NULL) { -+ if (strcmp(item, "seclabel") == 0) { -+ found = 1; -+ break; -+ } -+ item = strtok(NULL, ","); -+ } -+ -+ /* exclude mount points without the seclabel option */ -+ if (!found) -+ add_exclude(mount_info[1]); -+ } -+ -+ free(buf); -+} - diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h -index 7e988d5..ac27222 100644 +index ac27222..fb8eaf9 100644 --- a/policycoreutils/setfiles/restore.h +++ b/policycoreutils/setfiles/restore.h -@@ -49,5 +49,6 @@ int exclude(const char *path); - void remove_exclude(const char *directory); - int process_one_realpath(char *name, int recurse); - int process_glob(char *name, int recurse); -+void exclude_non_seclabel_mounts(); +@@ -40,6 +40,7 @@ struct restore_opts { + int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */ + const char *selabel_opt_validate; + const char *selabel_opt_path; ++ const char *selabel_opt_subset; + }; - #endif + void restore_init(struct restore_opts *opts); diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c -index d320e9f..fa0cd6a 100644 +index fa0cd6a..81c6c13 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c -@@ -5,7 +5,6 @@ - #include - #include - #include --#include - #define __USE_XOPEN_EXTENDED 1 /* nftw */ - #include - #ifdef USE_AUDIT -@@ -15,8 +14,6 @@ - #define AUDIT_FS_RELABEL 2309 - #endif - #endif --static int mass_relabel; --static int mass_relabel_errs; +@@ -217,7 +217,7 @@ int main(int argc, char **argv) + exclude_non_seclabel_mounts(); - - /* cmdline opts*/ -@@ -24,7 +21,6 @@ static int mass_relabel_errs; - static char *policyfile = NULL; - static int warn_no_match = 0; - static int null_terminated = 0; --static int errors; - static struct restore_opts r_opts; - - #define STAT_BLOCK_SIZE 1 -@@ -108,10 +104,11 @@ int canoncon(char **contextp) - } - - #ifndef USE_AUDIT --static void maybe_audit_mass_relabel(void) -+static void maybe_audit_mass_relabel(int mass_relabel __attribute__((unused)), -+ int mass_relabel_errs __attribute__((unused))) - { - #else --static void maybe_audit_mass_relabel(void) -+static void maybe_audit_mass_relabel(int mass_relabel, int mass_relabel_errs) - { - int audit_fd = -1; - int rc = 0; -@@ -137,69 +134,6 @@ static void maybe_audit_mass_relabel(void) - #endif - } - --/* -- Search /proc/mounts for all file systems that do not support extended -- attributes and add them to the exclude directory table. File systems -- that support security labels have the seclabel option. --*/ --static void exclude_non_seclabel_mounts() --{ -- struct utsname uts; -- FILE *fp; -- size_t len; -- ssize_t num; -- int index = 0, found = 0; -- char *mount_info[4]; -- char *buf = NULL, *item; -- -- /* Check to see if the kernel supports seclabel */ -- if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) -- return; -- if (is_selinux_enabled() <= 0) -- return; -- -- fp = fopen("/proc/mounts", "r"); -- if (!fp) -- return; -- -- while ((num = getline(&buf, &len, fp)) != -1) { -- found = 0; -- index = 0; -- item = strtok(buf, " "); -- while (item != NULL) { -- mount_info[index] = item; -- if (index == 3) -- break; -- index++; -- item = strtok(NULL, " "); -- } -- if (index < 3) { -- fprintf(stderr, -- "/proc/mounts record \"%s\" has incorrect format.\n", -- buf); -- continue; -- } -- -- /* remove pre-existing entry */ -- remove_exclude(mount_info[1]); -- -- item = strtok(mount_info[3], ","); -- while (item != NULL) { -- if (strcmp(item, "seclabel") == 0) { -- found = 1; -- break; -- } -- item = strtok(NULL, ","); -- } -- -- /* exclude mount points without the seclabel option */ -- if (!found) -- add_exclude(mount_info[1]); -- } -- -- free(buf); --} -- - int main(int argc, char **argv) - { - struct stat sb; -@@ -210,6 +144,7 @@ int main(int argc, char **argv) - size_t buf_len; - int recurse; /* Recursive descent. */ - char *base; -+ int mass_relabel = 0, errors = 0; - - memset(&r_opts, 0, sizeof(r_opts)); - -@@ -487,9 +422,7 @@ int main(int argc, char **argv) - } - } - -- if (mass_relabel) -- mass_relabel_errs = errors; -- maybe_audit_mass_relabel(); -+ maybe_audit_mass_relabel(mass_relabel, errors); - - if (warn_no_match) - selabel_stats(r_opts.hnd); + /* Process any options. */ +- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) { ++ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:S:FRW0")) > 0) { + switch (opt) { + case 'c': + { +@@ -280,6 +280,9 @@ int main(int argc, char **argv) + case 'n': + r_opts.change = 0; + break; ++ case 'S': ++ r_opts.selabel_opt_subset = optarg; ++ break; + case 'o': + if (strcmp(optarg, "-") == 0) { + r_opts.outfile = stdout; diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch index a504f05..3ca80c7 100644 --- a/policycoreutils-sepolgen.patch +++ b/policycoreutils-sepolgen.patch @@ -1,7 +1,8 @@ -diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py ---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen 2010-03-24 15:57:20.000000000 -0400 -+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py 2011-05-25 16:11:58.150628048 -0400 -@@ -32,6 +32,7 @@ in a variety of ways, but they are the f +diff --git a/sepolgen/src/sepolgen/access.py b/sepolgen/src/sepolgen/access.py +index 3eda2fd..649735f 100644 +--- a/sepolgen/src/sepolgen/access.py ++++ b/sepolgen/src/sepolgen/access.py +@@ -32,6 +32,7 @@ in a variety of ways, but they are the fundamental representation of access. """ import refpolicy @@ -45,9 +46,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen access.perms.update(perms) if audit_msg: -diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py ---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen 2010-03-24 15:57:20.000000000 -0400 -+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py 2011-05-25 16:11:58.150628048 -0400 +diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py +index 24e308e..e23725f 100644 +--- a/sepolgen/src/sepolgen/audit.py ++++ b/sepolgen/src/sepolgen/audit.py @@ -68,6 +68,17 @@ def get_dmesg_msgs(): stdout=subprocess.PIPE).communicate()[0] return output @@ -131,9 +133,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen p return av_set class AVCTypeFilter: -diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py ---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen 2010-03-24 15:57:20.000000000 -0400 -+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py 2011-05-25 16:11:58.150628048 -0400 +diff --git a/sepolgen/src/sepolgen/defaults.py b/sepolgen/src/sepolgen/defaults.py +index 45ce61a..6d511c3 100644 +--- a/sepolgen/src/sepolgen/defaults.py ++++ b/sepolgen/src/sepolgen/defaults.py @@ -30,6 +30,9 @@ def perm_map(): def interface_info(): return data_dir() + "/interface_info" @@ -144,9 +147,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolge def refpolicy_devel(): return "/usr/share/selinux/devel" -diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py ---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen 2010-03-24 15:57:20.000000000 -0400 -+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py 2011-05-25 16:11:58.151628058 -0400 +diff --git a/sepolgen/src/sepolgen/interfaces.py b/sepolgen/src/sepolgen/interfaces.py +index d8b3e34..ae1c9c5 100644 +--- a/sepolgen/src/sepolgen/interfaces.py ++++ b/sepolgen/src/sepolgen/interfaces.py @@ -29,6 +29,8 @@ import matching from sepolgeni18n import _ @@ -156,7 +160,7 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepol class Param: """ Object representing a paramater for an interface. -@@ -197,10 +199,48 @@ def ifcall_extract_params(ifcall, params +@@ -197,10 +199,48 @@ def ifcall_extract_params(ifcall, params): ret = 1 return ret @@ -262,9 +266,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepol self.expand_ifcalls(headers) self.index() -diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py ---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen 2010-03-24 15:57:20.000000000 -0400 -+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py 2011-05-25 16:11:58.151628058 -0400 +diff --git a/sepolgen/src/sepolgen/matching.py b/sepolgen/src/sepolgen/matching.py +index 1a9a3e5..d56dd92 100644 +--- a/sepolgen/src/sepolgen/matching.py ++++ b/sepolgen/src/sepolgen/matching.py @@ -50,7 +50,7 @@ class Match: return 1 @@ -293,9 +298,25 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolge def __iter__(self): return iter(self.children) -diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py ---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen 2010-03-24 15:57:20.000000000 -0400 -+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py 2011-05-25 16:11:58.151628058 -0400 +diff --git a/sepolgen/src/sepolgen/module.py b/sepolgen/src/sepolgen/module.py +index edd24c6..5818cec 100644 +--- a/sepolgen/src/sepolgen/module.py ++++ b/sepolgen/src/sepolgen/module.py +@@ -37,8 +37,8 @@ import shutil + def is_valid_name(modname): + """Check that a module name is valid. + """ +- m = re.findall("[^a-zA-Z0-9]", modname) +- if len(m) == 0: ++ m = re.findall("[^a-zA-Z0-9_\-\.]", modname) ++ if len(m) == 0 and modname[0].isalpha(): + return True + else: + return False +diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py +index 0e6b502..6ce892c 100644 +--- a/sepolgen/src/sepolgen/policygen.py ++++ b/sepolgen/src/sepolgen/policygen.py @@ -29,6 +29,8 @@ import objectmodel import access import interfaces @@ -334,7 +355,7 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolg + + if av.type == audit2why.CONSTRAINT: + rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n" -+ rule.comment += "#Contraint rule: " ++ rule.comment += "#Constraint rule: " + + if av.type == audit2why.TERULE: + if "write" in av.perms: @@ -356,38 +377,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolg self.module.children.append(rule) -diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py ---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen 2010-03-24 15:57:20.000000000 -0400 -+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py 2011-05-25 16:18:20.911964611 -0400 -@@ -243,7 +243,7 @@ def t_refpolicywarn(t): - t.lexer.lineno += 1 - - def t_IDENTIFIER(t): -- r'[a-zA-Z_\$][a-zA-Z0-9_\-\.\$\*]*' -+ r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*' - # Handle any keywords - t.type = reserved.get(t.value,'IDENTIFIER') - return t -@@ -768,6 +768,7 @@ def p_avrule_def(p): - - def p_typerule_def(p): - '''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI -+ | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI - | TYPE_CHANGE names names COLON names IDENTIFIER SEMI - | TYPE_MEMBER names names COLON names IDENTIFIER SEMI - ''' -@@ -1044,7 +1045,7 @@ def parse_headers(root, output=None, exp - # of misc_macros. We are just going to pretend that this is an interface - # to make the expansion work correctly. - can_exec = refpolicy.Interface("can_exec") -- av = access.AccessVector(["$1","$2","file","execute_no_trans","read", -+ av = access.AccessVector(["$1","$2","file","execute_no_trans","open", "read", - "getattr","lock","execute","ioctl"]) - - can_exec.children.append(refpolicy.AVRule(av)) -diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map ---- policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen 2010-03-24 15:57:20.000000000 -0400 -+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map 2011-05-25 16:11:58.152628068 -0400 +diff --git a/sepolgen/src/share/perm_map b/sepolgen/src/share/perm_map +index eb2e23b..ca4fa4d 100644 +--- a/sepolgen/src/share/perm_map ++++ b/sepolgen/src/share/perm_map @@ -124,7 +124,7 @@ class filesystem 10 quotamod w 1 quotaget r 1 diff --git a/policycoreutils.spec b/policycoreutils.spec index 10dff19..6ace70d 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,13 +1,13 @@ %define libauditver 1.4.2-1 -%define libsepolver 2.1.0-1 -%define libsemanagever 2.1.0-0 -%define libselinuxver 2.1.0-1 -%define sepolgenver 1.0.23 +%define libsepolver 2.1.2-1 +%define libsemanagever 2.1.2-1 +%define libselinuxver 2.1.5-1 +%define sepolgenver 1.1.1 Summary: SELinux policy core utilities Name: policycoreutils -Version: 2.1.4 -Release: 2%{?dist} +Version: 2.1.5 +Release: 1%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -66,10 +66,10 @@ context. %patch -p2 -b .rhat %patch1 -p1 -b .rhatpo %patch3 -p1 -b .gui -%patch4 -p1 -b .sepolgen +%patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver} %build -make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE " LDFLAGS="-pie -Wl,-z,relro" all +make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all make -C sepolgen-%{sepolgenver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all %install @@ -352,6 +352,34 @@ fi /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Tue Aug 30 2011 Dan Walsh - 2.1.5-1 +-Update to upstream + * policycoreutils + * setfiles: Fix process_glob to handle error situations + * sandbox: Allow seunshare to run as root + * sandbox: trap sigterm to make sure sandbox + * sandbox: pass DPI from the desktop + * sandbox: seunshare: introduce helper spawn_command + * sandbox: seunshare: introduce new filesystem helpers + * sandbox: add -C option to not drop + * sandbox: split seunshare caps dropping + * sandbox: use dbus-launch + * sandbox: numerous simple updates to sandbox + * sandbox: do not require selinux context + * sandbox: Makefile: new man pages + * sandbox: rename dir to srcdir + * sandbox: allow users specify sandbox window size + * sandbox: check for paths up front + * sandbox: use defined values for paths rather + * sandbox: move seunshare globals to the top + * sandbox: whitespace fix + * semodule_package: Add semodule_unpackage executable + * setfiles: get rid of some stupid globals + * setfiles: move exclude_non_seclabel_mounts to a generic location + * sepolgen + * refparser: include open among valid permissions + * refparser: add support for filename_trans rules + * Thu Aug 18 2011 Dan Walsh - 2.1.4-2 - Fix bug in glob handling for restorecon diff --git a/sources b/sources index 53b109d..69b7e4a 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz 59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2 -7e1e18c09798ffb44913bce3d60c667d policycoreutils-2.1.4.tgz +fcff0d994c5106e04190432304b1e8c6 sepolgen-1.1.1.tgz +a84ec479bf09e8d2a912fd32532853e9 policycoreutils-2.1.5.tgz