Change sepolgen-ifgen to search all available policy files
Exit in restorecond if it can not find a UID in the passwd database
This commit is contained in:
parent
b6d72dd04b
commit
65350da6d3
@ -192,7 +192,7 @@ index 6178cc8..b6f386d 100644
|
|||||||
.PP
|
.PP
|
||||||
.SH AUTHOR
|
.SH AUTHOR
|
||||||
diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen
|
diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen
|
||||||
index 03f95a1..5986b23 100644
|
index 03f95a1..dda432e 100644
|
||||||
--- a/policycoreutils/audit2allow/sepolgen-ifgen
|
--- a/policycoreutils/audit2allow/sepolgen-ifgen
|
||||||
+++ b/policycoreutils/audit2allow/sepolgen-ifgen
|
+++ b/policycoreutils/audit2allow/sepolgen-ifgen
|
||||||
@@ -1,4 +1,4 @@
|
@@ -1,4 +1,4 @@
|
||||||
@ -220,7 +220,7 @@ index 03f95a1..5986b23 100644
|
|||||||
|
|
||||||
def parse_options():
|
def parse_options():
|
||||||
from optparse import OptionParser
|
from optparse import OptionParser
|
||||||
@@ -44,14 +49,43 @@ def parse_options():
|
@@ -44,14 +49,55 @@ def parse_options():
|
||||||
help="filename to store output")
|
help="filename to store output")
|
||||||
parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),
|
parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),
|
||||||
help="location of the interface header files")
|
help="location of the interface header files")
|
||||||
@ -235,9 +235,21 @@ index 03f95a1..5986b23 100644
|
|||||||
|
|
||||||
return options
|
return options
|
||||||
|
|
||||||
|
+def get_policy():
|
||||||
|
+ p = selinux.selinux_binary_policy_path() + "." + str(i)
|
||||||
|
+ while i > 0 and not os.path.exists(p):
|
||||||
|
+ i = i - 1
|
||||||
|
+ p = selinux.selinux_binary_policy_path() + "." + str(i)
|
||||||
|
+ if i > 0:
|
||||||
|
+ return p
|
||||||
|
+ return None
|
||||||
|
+
|
||||||
+def get_attrs():
|
+def get_attrs():
|
||||||
+ try:
|
+ try:
|
||||||
+ policy_path = selinux.selinux_binary_policy_path() + "." + str(selinux.security_policyvers())
|
+ policy_path = get_policy()
|
||||||
|
+ if not policy_path:
|
||||||
|
+ sys.stderr.write("No installed policy to check\n")
|
||||||
|
+ return None
|
||||||
+ outfile = tempfile.NamedTemporaryFile()
|
+ outfile = tempfile.NamedTemporaryFile()
|
||||||
+ except IOError, e:
|
+ except IOError, e:
|
||||||
+ sys.stderr.write("could not open attribute output file\n")
|
+ sys.stderr.write("could not open attribute output file\n")
|
||||||
@ -264,7 +276,7 @@ index 03f95a1..5986b23 100644
|
|||||||
|
|
||||||
def main():
|
def main():
|
||||||
options = parse_options()
|
options = parse_options()
|
||||||
@@ -68,6 +102,14 @@ def main():
|
@@ -68,6 +114,14 @@ def main():
|
||||||
else:
|
else:
|
||||||
log = None
|
log = None
|
||||||
|
|
||||||
@ -279,7 +291,7 @@ index 03f95a1..5986b23 100644
|
|||||||
try:
|
try:
|
||||||
headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
|
headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
|
||||||
except ValueError, e:
|
except ValueError, e:
|
||||||
@@ -76,7 +118,7 @@ def main():
|
@@ -76,7 +130,7 @@ def main():
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
if_set = interfaces.InterfaceSet(output=log)
|
if_set = interfaces.InterfaceSet(output=log)
|
||||||
@ -414,7 +426,7 @@ index b149dcb..0c14c94 100644
|
|||||||
.SH "SEE ALSO"
|
.SH "SEE ALSO"
|
||||||
.BR restorecon (8),
|
.BR restorecon (8),
|
||||||
diff --git a/policycoreutils/restorecond/restorecond.c b/policycoreutils/restorecond/restorecond.c
|
diff --git a/policycoreutils/restorecond/restorecond.c b/policycoreutils/restorecond/restorecond.c
|
||||||
index 58774e6..77c8013 100644
|
index 58774e6..a588e5e 100644
|
||||||
--- a/policycoreutils/restorecond/restorecond.c
|
--- a/policycoreutils/restorecond/restorecond.c
|
||||||
+++ b/policycoreutils/restorecond/restorecond.c
|
+++ b/policycoreutils/restorecond/restorecond.c
|
||||||
@@ -30,9 +30,11 @@
|
@@ -30,9 +30,11 @@
|
||||||
@ -853,7 +865,7 @@ index 58774e6..77c8013 100644
|
|||||||
|
|
||||||
/* Register sighandlers */
|
/* Register sighandlers */
|
||||||
sa.sa_flags = 0;
|
sa.sa_flags = 0;
|
||||||
@@ -467,36 +174,56 @@ int main(int argc, char **argv)
|
@@ -467,36 +174,59 @@ int main(int argc, char **argv)
|
||||||
|
|
||||||
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
|
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
|
||||||
|
|
||||||
@ -891,6 +903,9 @@ index 58774e6..77c8013 100644
|
|||||||
+
|
+
|
||||||
+ uid_t uid = getuid();
|
+ uid_t uid = getuid();
|
||||||
+ struct passwd *pwd = getpwuid(uid);
|
+ struct passwd *pwd = getpwuid(uid);
|
||||||
|
+ if (!pwd)
|
||||||
|
+ exitApp("getpwuid");
|
||||||
|
+
|
||||||
+ homedir = pwd->pw_dir;
|
+ homedir = pwd->pw_dir;
|
||||||
+ if (uid != 0) {
|
+ if (uid != 0) {
|
||||||
+ if (run_as_user)
|
+ if (run_as_user)
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.85
|
Version: 2.0.85
|
||||||
Release: 19%{?dist}
|
Release: 20%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -331,7 +331,11 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-19
|
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-20
|
||||||
|
- Change sepolgen-ifgen to search all available policy files
|
||||||
|
- Exit in restorecond if it can not find a UID in the passwd database
|
||||||
|
|
||||||
|
* Wed Mar 9 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-19
|
||||||
- Fix portspage in system-config-selinux to not crash
|
- Fix portspage in system-config-selinux to not crash
|
||||||
- More fixes for seunshare from Tomas Hoger
|
- More fixes for seunshare from Tomas Hoger
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user