* Thu May 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-2
- Fix warning message on reload of booleans
This commit is contained in:
Daniel J Walsh
parent
77b3c784ce
commit
6124877e2e
|
|
@ -1,86 +1,38 @@
|
|||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.1 policycoreutils-1.23.10/audit2why/audit2why.1
|
||||
--- nsapolicycoreutils/audit2why/audit2why.1 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-1.23.10/audit2why/audit2why.1 2005-05-17 08:31:39.000000000 -0400
|
||||
@@ -0,0 +1,62 @@
|
||||
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
|
||||
+.\" Copyright (c) 2005 Dan Walsh <dwalsh@redhat.com>
|
||||
+.\"
|
||||
+.\" This is free documentation; you can redistribute it and/or
|
||||
+.\" modify it under the terms of the GNU General Public License as
|
||||
+.\" published by the Free Software Foundation; either version 2 of
|
||||
+.\" the License, or (at your option) any later version.
|
||||
+.\"
|
||||
+.\" The GNU General Public License's references to "object code"
|
||||
+.\" and "executables" are to be interpreted as the output of any
|
||||
+.\" document formatting or typesetting system, including
|
||||
+.\" intermediate and printed output.
|
||||
+.\"
|
||||
+.\" This manual is distributed in the hope that it will be useful,
|
||||
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+.\" GNU General Public License for more details.
|
||||
+.\"
|
||||
+.\" You should have received a copy of the GNU General Public
|
||||
+.\" License along with this manual; if not, write to the Free
|
||||
+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
|
||||
+.\" USA.
|
||||
+.\"
|
||||
+.\"
|
||||
+.TH AUDIT2ALLOW "1" "May 2005" "Security Enhanced Linux" NSA
|
||||
+.SH NAME
|
||||
+audit2why \- Translates auditmessages into a description of why the access was denied
|
||||
+.SH SYNOPSIS
|
||||
+.B audit2why
|
||||
+.RI [ options "] "
|
||||
+.SH OPTIONS
|
||||
+.TP
|
||||
+
|
||||
+.B "\-\-help"
|
||||
+Print a short usage message
|
||||
+.TP
|
||||
+.B "\-p <policyfile>"
|
||||
+Specify an alternate policy file.
|
||||
+.SH DESCRIPTION
|
||||
+.PP
|
||||
+This utility scans stdin (logfiles) for messages logged when the
|
||||
+system denied permission for operations, and generates a reason why the
|
||||
+access was denied
|
||||
+.PP
|
||||
+.SH EXAMPLE
|
||||
+$ /usr/sbin/audit2why < /var/log/audit/audit.log
|
||||
+
|
||||
+type=KERNEL msg=audit(1115316525.803:399552): avc: denied { getattr } for path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir
|
||||
+ Was caused by:
|
||||
+ Missing TE allow rule for the type pair (use audit2allow).
|
||||
+
|
||||
+type=KERNEL msg=audit(1115320071.648:606858): avc: denied { append } for name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file
|
||||
+ Was caused by:
|
||||
+ Constraint violation (add type attribute to domain to satisfy constraints or alter constraint).
|
||||
+
|
||||
+
|
||||
+.PP
|
||||
+.SH AUTHOR
|
||||
+This manual page was written by
|
||||
+.I Dan Walsh <dwalsh@redhat.com>,
|
||||
+.B audit2why
|
||||
+utility was written by Stephen Smalley <sds@tycho.nsa.gov>.
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-1.23.10/audit2why/Makefile
|
||||
--- nsapolicycoreutils/audit2why/Makefile 2005-05-16 15:40:11.000000000 -0400
|
||||
+++ policycoreutils-1.23.10/audit2why/Makefile 2005-05-17 08:31:39.000000000 -0400
|
||||
@@ -17,6 +17,8 @@
|
||||
install: all
|
||||
-mkdir -p $(BINDIR)
|
||||
install -m 755 $(TARGETS) $(BINDIR)
|
||||
+ -mkdir -p $(MANDIR)/man1
|
||||
+ install -m 644 audit2why.1 $(MANDIR)/man1/
|
||||
|
||||
clean:
|
||||
rm -f $(TARGETS) *.o
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.10/newrole/newrole.c
|
||||
--- nsapolicycoreutils/newrole/newrole.c 2005-01-27 10:01:39.000000000 -0500
|
||||
+++ policycoreutils-1.23.10/newrole/newrole.c 2005-05-19 11:51:37.000000000 -0400
|
||||
@@ -193,6 +193,11 @@
|
||||
result = 1; /* user authenticated OK! */
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-1.23.11/load_policy/load_policy.c
|
||||
--- nsapolicycoreutils/load_policy/load_policy.c 2005-04-14 07:22:16.000000000 -0400
|
||||
+++ policycoreutils-1.23.11/load_policy/load_policy.c 2005-05-26 10:49:44.000000000 -0400
|
||||
@@ -103,7 +103,7 @@
|
||||
if (errno == ENOENT || errno == EINVAL) {
|
||||
/* No booleans file or stale booleans in the file; non-fatal. */
|
||||
if (! quiet)
|
||||
- fprintf(stderr, _("%s: Warning! Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
|
||||
+ fprintf(stderr, _("%s: Warning while setting booleans from %s\n"), argv[0], boolpath);
|
||||
} else {
|
||||
fprintf(stderr, _("%s: Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
|
||||
exit(2);
|
||||
@@ -115,7 +115,7 @@
|
||||
if (ret) {
|
||||
/* Possibly ok, as there may be no booleans. */
|
||||
if (! quiet)
|
||||
- fprintf(stderr, _("%s: Warning! Error while getting boolean names: %s\n"), argv[0], strerror(errno));
|
||||
+ fprintf(stderr, _("%s: Warning! unable to get boolean names: %s\n"), argv[0], strerror(errno));
|
||||
goto load;
|
||||
}
|
||||
if (!len)
|
||||
@@ -137,7 +137,7 @@
|
||||
if (errno == EINVAL) {
|
||||
/* Stale booleans in the file; non-fatal. */
|
||||
if (! quiet)
|
||||
- fprintf(stderr, _("%s: Warning! Error while setting booleans: %s\n"), argv[0], strerror(errno));
|
||||
+ fprintf(stderr, _("%s: Warning! Unable to reset all booleans\n"), argv[0]);
|
||||
} else {
|
||||
fprintf(stderr, _("%s: Error while setting booleans: %s\n"), argv[0], strerror(errno));
|
||||
exit(2);
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.11/newrole/newrole.c
|
||||
--- nsapolicycoreutils/newrole/newrole.c 2005-05-20 13:15:12.000000000 -0400
|
||||
+++ policycoreutils-1.23.11/newrole/newrole.c 2005-05-26 08:46:35.000000000 -0400
|
||||
@@ -198,6 +198,11 @@
|
||||
result = 0; /* user authenticated OK! */
|
||||
}
|
||||
|
||||
+ /* Ask PAM to verify acct_mgmt */
|
||||
|
|
@ -91,15 +43,3 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policy
|
|||
/* We're done with PAM. Free `pam_handle'. */
|
||||
pam_end( pam_handle, PAM_SUCCESS );
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.23.10/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2005-04-29 14:11:23.000000000 -0400
|
||||
+++ policycoreutils-1.23.10/scripts/fixfiles 2005-05-17 08:31:39.000000000 -0400
|
||||
@@ -164,7 +164,7 @@
|
||||
fi
|
||||
|
||||
# See how we were called.
|
||||
-while getopts "C:Fo:R:l:" i; do
|
||||
+while getopts "C:Ffo:R:l:" i; do
|
||||
case "$i" in
|
||||
f)
|
||||
fullFlag=1
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
Summary: SELinux policy core utilities.
|
||||
Name: policycoreutils
|
||||
Version: 1.23.11
|
||||
Release: 1
|
||||
Release: 2
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
|
|
@ -84,6 +84,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||
|
||||
%changelog
|
||||
* Thu May 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-2
|
||||
- Fix warning message on reload of booleans
|
||||
|
||||
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1
|
||||
- Update to match NSA
|
||||
* Merged fixfiles and newrole patch from Dan Walsh.
|
||||
|
|
|
|||
Loading…
Reference in New Issue