diff --git a/.cvsignore b/.cvsignore index 5c7db9b..f6007dd 100644 --- a/.cvsignore +++ b/.cvsignore @@ -11,3 +11,4 @@ policycoreutils-1.21.3.tgz policycoreutils-1.21.4.tgz policycoreutils-1.21.5.tgz policycoreutils-1.21.7.tgz +policycoreutils-1.21.9.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index ec81f24..dc8b7cc 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,101 +1,28 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.7/restorecon/restorecon.c ---- nsapolicycoreutils/restorecon/restorecon.c 2005-01-25 10:32:01.000000000 -0500 -+++ policycoreutils-1.21.7/restorecon/restorecon.c 2005-01-28 15:37:27.000000000 -0500 -@@ -188,7 +188,7 @@ - fprintf(stderr, - "%s: error while labeling files under %s\n", - progname, buf); -- exit(1); -+ errors++; - } - } - else -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.7/scripts/fixfiles ---- nsapolicycoreutils/scripts/fixfiles 2005-01-26 11:30:57.000000000 -0500 -+++ policycoreutils-1.21.7/scripts/fixfiles 2005-01-28 16:05:01.000000000 -0500 -@@ -37,19 +37,11 @@ - SELINUXTYPE="targeted" - if [ -e /etc/selinux/config ]; then - . /etc/selinux/config -- FC=`mktemp /etc/selinux/${SELINUXTYPE}/contexts/files/file_context.XXXXXX` -- cat /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local > $FC 2> /dev/null -+ FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts - else - FC=/etc/security/selinux/file_contexts - fi - --cleanup() { -- if [ -e /etc/selinux/config -a -f "$FC" ]; then -- rm -f $FC -- fi --} --trap "cleanup" 0 1 2 3 13 15 -- - # - # Log to either syslog or a LOGFILE - # -@@ -60,7 +52,24 @@ - echo $1 >> $LOGFILE - fi - } -- -+# -+# Compare PREVious File Context to currently installed File Context and -+# run restorecon on all files affected by the differences. -+# -+diff_filecontext() { -+if [ -f ${PREFC} -a -x /usr/bin/diff ]; then -+ TEMPFILE=`mktemp ${FC}.XXXXXXXXXX` -+ test -z "$TEMPFILE" && exit -+ /usr/bin/diff $PREFC $FC | egrep '^[<>]'|cut -c3-| grep ^/ | \ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.9/scripts/fixfiles +--- nsapolicycoreutils/scripts/fixfiles 2005-01-31 09:49:15.000000000 -0500 ++++ policycoreutils-1.21.9/scripts/fixfiles 2005-01-31 13:39:27.000000000 -0500 +@@ -60,12 +60,20 @@ + if [ -f ${PREFC} -a -x /usr/bin/diff ]; then + TEMPFILE=`mktemp ${FC}.XXXXXXXXXX` + test -z "$TEMPFILE" && exit +- /usr/bin/diff $PREFC $FC | egrep '^[<>]'|cut -c3-| grep ^/ | \ +- sed -e 's,\\.*,*,g' -e 's,(.*,*,g' -e 's,\[.*,*,g' -e 's,\..*,*,g' \ +- -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \ ++ /usr/bin/diff $PREFC $FC | grep '^[<>]'|cut -c3-| grep ^/ | \ + grep -v -e ^/root -e ^/home -e ^/tmp -e ^/var/tmp | \ -+ sed -e 's,\\.*,*,g' -e 's,(.*,*,g' -e 's,\[.*,*,g' -e 's,\..*,*,g' \ -+ -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \ -+ while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done | \ -+ while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \ ++ sed -r -e 's|\(([/?[:alnum:]]+)\)\?|{\1,}|g' \ ++ -e 's|([[:alnum:]])\?|{\1,}|g' \ ++ -e 's,\(.*,*,g' -e 's,\[.*,*,g' \ ++ -e 's,[[:blank:]].*,,g' \ ++ -e 's,\?.*,*,g' \ ++ -e 's,\.\*,*,g' \ ++ -e 's,\(.*,*,g' \ ++ -e 's,\[.*,*,g' | \ ++ sort -u | \ + while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done | \ + while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \ +- ${RESTORECON} $2 -v -f -R - + ${RESTORECON} -R $2 -v -f - -+ rm -f ${TEMPFILE} -+fi -+} - # - # Log all Read Only file systems - # -@@ -80,6 +89,10 @@ - # if called with -n will only check file context - # - restore () { -+if [ ! -z "$PREFC" ]; then -+ diff_filecontext $1 -+ exit $? -+fi - if [ ! -z "$RPMFILES" ]; then - for i in `echo $RPMFILES | sed 's/,/ /g'`; do - rpmlist $i | ${RESTORECON} ${OUTFILES} -R $1 -v -f - 2>&1 >> $LOGFILE -@@ -128,7 +141,7 @@ - usage() { - echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] " - echo or -- echo $"Usage: $0 -R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] { check | restore }" -+ echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }" - } - - if [ $# = 0 ]; then -@@ -137,7 +150,7 @@ + rm -f ${TEMPFILE} fi - - # See how we were called. --while getopts "Fo:R:l:" i; do -+while getopts "C:Fo:R:l:" i; do - case "$i" in - F) - fullFlag=1 -@@ -151,6 +164,9 @@ - l) - LOGFILE=$OPTARG - ;; -+ C) -+ PREFC=$OPTARG -+ ;; - *) - usage - exit 1 + } diff --git a/policycoreutils.spec b/policycoreutils.spec index 0ff9cc3..3c9ab09 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,15 +1,16 @@ +#define LIBSELINUXVER 1.21.5 Summary: SELinux policy core utilities. Name: policycoreutils -Version: 1.21.7 -Release: 3 +Version: 1.21.9 +Release: 1 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Patch: policycoreutils-rhat.patch Prefix: %{_prefix} -BuildRequires: libselinux-devel >= 1.15.3 pam-devel libsepol-devel >= 1.1.1 -Requires: libselinux >= 1.15.3 libsepol >= 1.1.1 +BuildRequires: libselinux-devel >= %{LIBSELINUXVER} pam-devel libsepol-devel >= 1.1.1 +Requires: libselinux >= %{LIBSELINUXVER} libsepol >= 1.1.1 BuildRoot: %{_tmppath}/%{name}-buildroot @@ -80,6 +81,19 @@ rm -rf ${RPM_BUILD_ROOT} %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog +* Fri Jan 28 2005 Dan Walsh 1.21.9-1 +- More cleanup of sed patch +- Upgrade to latest from NSA + * Merged updated fixfiles script from Dan Walsh. + * Merged updated man page for fixfiles from Dan Walsh and re-added unzipped. + * Reverted fixfiles patch for file_contexts.local; + obsoleted by setfiles rewrite. + * Merged error handling patch for restorecon from Dan Walsh. + * Merged semi raw mode for open_init_pty helper from Manoj Srivastava. + * Rewrote setfiles to use matchpathcon and the new interfaces + exported by libselinux (>= 1.21.5). + + * Fri Jan 28 2005 Dan Walsh 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA diff --git a/sources b/sources index 56f148d..dc17969 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9d03afb93e007c31faf284d88d982883 policycoreutils-1.21.7.tgz +cdab66d56c18037d49c508a021ee5334 policycoreutils-1.21.9.tgz