* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4

- Handle files with spaces in fixfiles
2007-12-31 16:26:02 +00:00 · 2007-12-31 16:26:02 +00:00 · 60ad59cab9
parent ec80e1ce63
commit 60ad59cab9
2 changed files with 96 additions and 22 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -72,8 +72,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 Binary files nsapolicycoreutils/audit2why/audit2why and policycoreutils-2.0.34/audit2why/audit2why differ
 diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.34/audit2why/audit2why.c
 --- nsapolicycoreutils/audit2why/audit2why.c	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.34/audit2why/audit2why.c	2007-12-20 11:04:10.000000000 -0500
-@@ -22,27 +22,151 @@
+++ policycoreutils-2.0.34/audit2why/audit2why.c	2007-12-31 11:12:23.000000000 -0500
+@@ -22,27 +22,146 @@
 	exit(rc);
 }
 
@ -116,7 +116,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 +	if (!foundlist) {
 +		fprintf(stderr,
 +			"Out of memory.\n");
-+		return -1;
+		return fcnt;
 +	}
 +	for (i=0; i < boolcnt; i++) {
 +		char *name = boollist[i]->name;
@ -128,7 +128,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 +		if (rc < 0) {
 +			fprintf(stderr,
 +				"Could not create boolean key.\n");
-+			rc = -1;
 +			break;
 +		}
 +		sepol_bool_set_value(boolean, !active);
@ -140,7 +139,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 +		if (rc < 0) {
 +			fprintf(stderr,
 +				"Could not set boolean data %s.\n", name);
-+			rc = -1;
 +			break;
 +		}
 +
@ -149,13 +147,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 +		if (rc < 0) {
 +			fprintf(stderr,
 +				"Error during access vector computation, skipping...\n");
-+			rc = -1;
 +			break;
 +		} else {
 +			if (!reason) {
 +				foundlist[fcnt] = i;
 +				fcnt++;
-+				rc = 0;
 +			}
 +			sepol_bool_set_value((sepol_bool_t*)boolean, active);
 +			rc = sepol_bool_set(access->handle,
@ -165,7 +161,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 +			if (rc < 0) {
 +				fprintf(stderr,
 +					"Could not set boolean data %s.\n", name);
-+				rc = -1;
 +				break;
 +			}
 +		}
@ -187,7 +182,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 +	}
 +
 +	free(foundlist);
-+	return rc;
+	return fcnt;
 +}
 +
 +
@ -229,7 +224,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 		case 'p':
 			set_path = 1;
 			strncpy(path, optarg, PATH_MAX);
-@@ -110,7 +234,6 @@
+@@ -110,7 +229,6 @@
 	}
 	fclose(fp);
 	sepol_set_policydb(&policydb);
@ -237,7 +232,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 	if (!set_path) {
 		/* If they didn't specify a full path of a binary policy file,
 		   then also try loading any boolean settings and user
-@@ -125,6 +248,30 @@
+@@ -125,6 +243,30 @@
 		(void)sepol_genusers_policydb(&policydb, selinux_users_path());
 	}
 
@ -268,7 +263,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 	/* Initialize the sidtab for subsequent use by sepol_context_to_sid
 	   and sepol_compute_av_reason. */
 	rc = sepol_sidtab_init(&sidtab);
-@@ -135,8 +282,10 @@
+@@ -135,8 +277,10 @@
 	sepol_set_sidtab(&sidtab);
 
 	/* Process the audit messages. */
@ -280,7 +275,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 
 		if (buffer[len2 - 1] == '\n')
 			buffer[len2 - 1] = 0;
-@@ -179,6 +328,7 @@
+@@ -179,6 +323,7 @@
 		}
 		*p++ = 0;
 
@ -288,7 +283,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 		/* Get scontext and convert to SID. */
 		while (*p && strncmp(p, SCONTEXT, sizeof(SCONTEXT) - 1))
 			p++;
-@@ -188,11 +338,14 @@
+@@ -188,11 +333,14 @@
 			continue;
 		}
 		p += sizeof(SCONTEXT) - 1;
@ -306,7 +301,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 		rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
 		if (rc < 0) {
 			fprintf(stderr,
-@@ -201,6 +354,10 @@
+@@ -201,6 +349,10 @@
 			continue;
 		}
 
@ -317,7 +312,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 		/* Get tcontext and convert to SID. */
 		while (*p && strncmp(p, TCONTEXT, sizeof(TCONTEXT) - 1))
 			p++;
-@@ -210,11 +367,15 @@
+@@ -210,11 +362,15 @@
 			continue;
 		}
 		p += sizeof(TCONTEXT) - 1;
@ -336,7 +331,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 		rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
 		if (rc < 0) {
 			fprintf(stderr,
-@@ -222,6 +383,9 @@
+@@ -222,6 +378,9 @@
 				TCONTEXT, tcon, lineno);
 			continue;
 		}
@ -346,7 +341,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 
 		/* Get tclass= and convert to value. */
 		while (*p && strncmp(p, TCLASS, sizeof(TCLASS) - 1))
-@@ -232,12 +396,17 @@
+@@ -232,12 +391,17 @@
 			continue;
 		}
 		p += sizeof(TCLASS) - 1;
@ -367,7 +362,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 		if (!tclass) {
 			fprintf(stderr,
 				"Invalid %s%s on line %u, skipping...\n",
-@@ -286,11 +455,16 @@
+@@ -286,11 +450,16 @@
 		}
 
 		if (reason & SEPOL_COMPUTEAV_TE) {
@ -381,7 +376,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 +			access.tclass = tclass;
 +			access.av = av;
 +			
-+			if (check_booleans(&access) < 0) {
+			if (check_booleans(&access) == 0) {
 +				printf("\t\tMissing or disabled TE allow rule.\n");
 +				printf
 +					("\t\tYou can see the necessary allow rules by running audit2allow with this audit message as input.\n");
@ -389,7 +384,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 		}
 
 		if (reason & SEPOL_COMPUTEAV_CONS) {
-@@ -309,5 +483,8 @@
+@@ -309,5 +478,8 @@
 	}
 	free(buffer);
 	free(bufcopy);
@ -450,6 +445,82 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 
 try:
     gettext.install('policycoreutils')
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.34/scripts/fixfiles
+--- nsapolicycoreutils/scripts/fixfiles	2007-12-10 21:42:28.000000000 -0500
+++ policycoreutils-2.0.34/scripts/fixfiles	2007-12-31 10:54:13.000000000 -0500
+@@ -126,17 +126,15 @@
+     done
+     exit $?
+ fi
+-if [ ! -z "$DIRS" ]; then
+if [ ! -z "$PATH" ]; then
+     if [ -x /usr/bin/find ]; then
+-	for d in ${DIRS} ; do find $d \
+	/usr/bin/find "$PATH" \
+ 	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune  -o -print | \
+ 	    ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
+-	done
+     else
+-	${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>&1 >> $LOGFILE
+	${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $PATH 2>&1 >> $LOGFILE
+     fi
+-
+-    exit $?
+    return
+ fi
+ LogReadOnly
+ ${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+@@ -173,6 +171,20 @@
+     fi
+ }
+ 
+process() {
+#
+# Make sure they specified one of the three valid commands
+#
+case "$1" in
+    restore) restore -p ;;
+    check) restore -n -v;;
+    verify) restore -n -o -;;
+    relabel) relabel;;
+    *)
+    usage
+    exit 1
+esac
+}
+ usage() {
+       	echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
+ 	echo or
+@@ -229,22 +241,15 @@
+ 
+ shift 1
+ if [ ! -z "$RPMFILES" ]; then
+    process $command
+     if [ $# -gt 0 ]; then
+ 	    usage
+     fi
+ else
+-    DIRS=$*
+    while [ -n "$1" ]; do 
+	PATH=$1
+	process $command 
+	shift
+    done
+ fi
+-
+-#
+-# Make sure they specified one of the three valid commands
+-#
+-case "$command" in
+-    restore) restore -p ;;
+-    check) restore -n -v ;;
+-    verify) restore -n -o -;;
+-    relabel) relabel;;
+-    *)
+-    usage
+-    exit 1
+-esac
+exit $?
 diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.34/semanage/semanage
 --- nsapolicycoreutils/semanage/semanage	2007-10-05 13:09:53.000000000 -0400
 +++ policycoreutils-2.0.34/semanage/semanage	2007-12-19 06:05:50.000000000 -0500
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.34
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -193,6 +193,9 @@ if [ "$1" -ge "1" ]; then
 fi

 %changelog
+* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4
+- Handle files with spaces in fixfiles
+
 * Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-3
 - Catch SELINUX_ERR with audit2allow and generate policy