* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4

- Handle files with spaces in fixfiles
This commit is contained in:
Daniel J Walsh 2007-12-31 16:26:02 +00:00
parent ec80e1ce63
commit 60ad59cab9
2 changed files with 96 additions and 22 deletions

View File

@ -72,8 +72,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
Binary files nsapolicycoreutils/audit2why/audit2why and policycoreutils-2.0.34/audit2why/audit2why differ Binary files nsapolicycoreutils/audit2why/audit2why and policycoreutils-2.0.34/audit2why/audit2why differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.34/audit2why/audit2why.c diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.34/audit2why/audit2why.c
--- nsapolicycoreutils/audit2why/audit2why.c 2007-07-16 14:20:41.000000000 -0400 --- nsapolicycoreutils/audit2why/audit2why.c 2007-07-16 14:20:41.000000000 -0400
+++ policycoreutils-2.0.34/audit2why/audit2why.c 2007-12-20 11:04:10.000000000 -0500 +++ policycoreutils-2.0.34/audit2why/audit2why.c 2007-12-31 11:12:23.000000000 -0500
@@ -22,27 +22,151 @@ @@ -22,27 +22,146 @@
exit(rc); exit(rc);
} }
@ -116,7 +116,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
+ if (!foundlist) { + if (!foundlist) {
+ fprintf(stderr, + fprintf(stderr,
+ "Out of memory.\n"); + "Out of memory.\n");
+ return -1; + return fcnt;
+ } + }
+ for (i=0; i < boolcnt; i++) { + for (i=0; i < boolcnt; i++) {
+ char *name = boollist[i]->name; + char *name = boollist[i]->name;
@ -128,7 +128,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
+ if (rc < 0) { + if (rc < 0) {
+ fprintf(stderr, + fprintf(stderr,
+ "Could not create boolean key.\n"); + "Could not create boolean key.\n");
+ rc = -1;
+ break; + break;
+ } + }
+ sepol_bool_set_value(boolean, !active); + sepol_bool_set_value(boolean, !active);
@ -140,7 +139,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
+ if (rc < 0) { + if (rc < 0) {
+ fprintf(stderr, + fprintf(stderr,
+ "Could not set boolean data %s.\n", name); + "Could not set boolean data %s.\n", name);
+ rc = -1;
+ break; + break;
+ } + }
+ +
@ -149,13 +147,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
+ if (rc < 0) { + if (rc < 0) {
+ fprintf(stderr, + fprintf(stderr,
+ "Error during access vector computation, skipping...\n"); + "Error during access vector computation, skipping...\n");
+ rc = -1;
+ break; + break;
+ } else { + } else {
+ if (!reason) { + if (!reason) {
+ foundlist[fcnt] = i; + foundlist[fcnt] = i;
+ fcnt++; + fcnt++;
+ rc = 0;
+ } + }
+ sepol_bool_set_value((sepol_bool_t*)boolean, active); + sepol_bool_set_value((sepol_bool_t*)boolean, active);
+ rc = sepol_bool_set(access->handle, + rc = sepol_bool_set(access->handle,
@ -165,7 +161,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
+ if (rc < 0) { + if (rc < 0) {
+ fprintf(stderr, + fprintf(stderr,
+ "Could not set boolean data %s.\n", name); + "Could not set boolean data %s.\n", name);
+ rc = -1;
+ break; + break;
+ } + }
+ } + }
@ -187,7 +182,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
+ } + }
+ +
+ free(foundlist); + free(foundlist);
+ return rc; + return fcnt;
+} +}
+ +
+ +
@ -229,7 +224,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
case 'p': case 'p':
set_path = 1; set_path = 1;
strncpy(path, optarg, PATH_MAX); strncpy(path, optarg, PATH_MAX);
@@ -110,7 +234,6 @@ @@ -110,7 +229,6 @@
} }
fclose(fp); fclose(fp);
sepol_set_policydb(&policydb); sepol_set_policydb(&policydb);
@ -237,7 +232,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
if (!set_path) { if (!set_path) {
/* If they didn't specify a full path of a binary policy file, /* If they didn't specify a full path of a binary policy file,
then also try loading any boolean settings and user then also try loading any boolean settings and user
@@ -125,6 +248,30 @@ @@ -125,6 +243,30 @@
(void)sepol_genusers_policydb(&policydb, selinux_users_path()); (void)sepol_genusers_policydb(&policydb, selinux_users_path());
} }
@ -268,7 +263,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
/* Initialize the sidtab for subsequent use by sepol_context_to_sid /* Initialize the sidtab for subsequent use by sepol_context_to_sid
and sepol_compute_av_reason. */ and sepol_compute_av_reason. */
rc = sepol_sidtab_init(&sidtab); rc = sepol_sidtab_init(&sidtab);
@@ -135,8 +282,10 @@ @@ -135,8 +277,10 @@
sepol_set_sidtab(&sidtab); sepol_set_sidtab(&sidtab);
/* Process the audit messages. */ /* Process the audit messages. */
@ -280,7 +275,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
if (buffer[len2 - 1] == '\n') if (buffer[len2 - 1] == '\n')
buffer[len2 - 1] = 0; buffer[len2 - 1] = 0;
@@ -179,6 +328,7 @@ @@ -179,6 +323,7 @@
} }
*p++ = 0; *p++ = 0;
@ -288,7 +283,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
/* Get scontext and convert to SID. */ /* Get scontext and convert to SID. */
while (*p && strncmp(p, SCONTEXT, sizeof(SCONTEXT) - 1)) while (*p && strncmp(p, SCONTEXT, sizeof(SCONTEXT) - 1))
p++; p++;
@@ -188,11 +338,14 @@ @@ -188,11 +333,14 @@
continue; continue;
} }
p += sizeof(SCONTEXT) - 1; p += sizeof(SCONTEXT) - 1;
@ -306,7 +301,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid); rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
if (rc < 0) { if (rc < 0) {
fprintf(stderr, fprintf(stderr,
@@ -201,6 +354,10 @@ @@ -201,6 +349,10 @@
continue; continue;
} }
@ -317,7 +312,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
/* Get tcontext and convert to SID. */ /* Get tcontext and convert to SID. */
while (*p && strncmp(p, TCONTEXT, sizeof(TCONTEXT) - 1)) while (*p && strncmp(p, TCONTEXT, sizeof(TCONTEXT) - 1))
p++; p++;
@@ -210,11 +367,15 @@ @@ -210,11 +362,15 @@
continue; continue;
} }
p += sizeof(TCONTEXT) - 1; p += sizeof(TCONTEXT) - 1;
@ -336,7 +331,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid); rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
if (rc < 0) { if (rc < 0) {
fprintf(stderr, fprintf(stderr,
@@ -222,6 +383,9 @@ @@ -222,6 +378,9 @@
TCONTEXT, tcon, lineno); TCONTEXT, tcon, lineno);
continue; continue;
} }
@ -346,7 +341,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
/* Get tclass= and convert to value. */ /* Get tclass= and convert to value. */
while (*p && strncmp(p, TCLASS, sizeof(TCLASS) - 1)) while (*p && strncmp(p, TCLASS, sizeof(TCLASS) - 1))
@@ -232,12 +396,17 @@ @@ -232,12 +391,17 @@
continue; continue;
} }
p += sizeof(TCLASS) - 1; p += sizeof(TCLASS) - 1;
@ -367,7 +362,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
if (!tclass) { if (!tclass) {
fprintf(stderr, fprintf(stderr,
"Invalid %s%s on line %u, skipping...\n", "Invalid %s%s on line %u, skipping...\n",
@@ -286,11 +455,16 @@ @@ -286,11 +450,16 @@
} }
if (reason & SEPOL_COMPUTEAV_TE) { if (reason & SEPOL_COMPUTEAV_TE) {
@ -381,7 +376,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
+ access.tclass = tclass; + access.tclass = tclass;
+ access.av = av; + access.av = av;
+ +
+ if (check_booleans(&access) < 0) { + if (check_booleans(&access) == 0) {
+ printf("\t\tMissing or disabled TE allow rule.\n"); + printf("\t\tMissing or disabled TE allow rule.\n");
+ printf + printf
+ ("\t\tYou can see the necessary allow rules by running audit2allow with this audit message as input.\n"); + ("\t\tYou can see the necessary allow rules by running audit2allow with this audit message as input.\n");
@ -389,7 +384,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
} }
if (reason & SEPOL_COMPUTEAV_CONS) { if (reason & SEPOL_COMPUTEAV_CONS) {
@@ -309,5 +483,8 @@ @@ -309,5 +478,8 @@
} }
free(buffer); free(buffer);
free(bufcopy); free(bufcopy);
@ -450,6 +445,82 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
try: try:
gettext.install('policycoreutils') gettext.install('policycoreutils')
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.34/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2007-12-10 21:42:28.000000000 -0500
+++ policycoreutils-2.0.34/scripts/fixfiles 2007-12-31 10:54:13.000000000 -0500
@@ -126,17 +126,15 @@
done
exit $?
fi
-if [ ! -z "$DIRS" ]; then
+if [ ! -z "$PATH" ]; then
if [ -x /usr/bin/find ]; then
- for d in ${DIRS} ; do find $d \
+ /usr/bin/find "$PATH" \
! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
- done
else
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>&1 >> $LOGFILE
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $PATH 2>&1 >> $LOGFILE
fi
-
- exit $?
+ return
fi
LogReadOnly
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
@@ -173,6 +171,20 @@
fi
}
+process() {
+#
+# Make sure they specified one of the three valid commands
+#
+case "$1" in
+ restore) restore -p ;;
+ check) restore -n -v;;
+ verify) restore -n -o -;;
+ relabel) relabel;;
+ *)
+ usage
+ exit 1
+esac
+}
usage() {
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
echo or
@@ -229,22 +241,15 @@
shift 1
if [ ! -z "$RPMFILES" ]; then
+ process $command
if [ $# -gt 0 ]; then
usage
fi
else
- DIRS=$*
+ while [ -n "$1" ]; do
+ PATH=$1
+ process $command
+ shift
+ done
fi
-
-#
-# Make sure they specified one of the three valid commands
-#
-case "$command" in
- restore) restore -p ;;
- check) restore -n -v ;;
- verify) restore -n -o -;;
- relabel) relabel;;
- *)
- usage
- exit 1
-esac
+exit $?
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.34/semanage/semanage diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.34/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400 --- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400
+++ policycoreutils-2.0.34/semanage/semanage 2007-12-19 06:05:50.000000000 -0500 +++ policycoreutils-2.0.34/semanage/semanage 2007-12-19 06:05:50.000000000 -0500

View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.0.34 Version: 2.0.34
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -193,6 +193,9 @@ if [ "$1" -ge "1" ]; then
fi fi
%changelog %changelog
* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4
- Handle files with spaces in fixfiles
* Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-3 * Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-3
- Catch SELINUX_ERR with audit2allow and generate policy - Catch SELINUX_ERR with audit2allow and generate policy