* Mon May 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-1

- Update to upstream * Remove security_check_context calls for prefix validation from semanage. * Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
2008-05-16 15:16:20 +00:00 · 2008-05-16 15:16:20 +00:00 · 6c5a205c34
parent 3623aa968e
commit 6c5a205c34
4 changed files with 56 additions and 22 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -178,3 +178,4 @@ policycoreutils-2.0.43.tgz
 policycoreutils-2.0.44.tgz
 policycoreutils-2.0.46.tgz
 policycoreutils-2.0.47.tgz
+policycoreutils-2.0.49.tgz
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,6 +1,6 @@
 diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.47/Makefile
 --- nsapolicycoreutils/Makefile	2007-12-19 06:02:52.000000000 -0500
-+++ policycoreutils-2.0.47/Makefile	2008-05-08 16:25:33.277950000 -0400
+++ policycoreutils-2.0.47/Makefile	2008-05-07 11:11:19.000000000 -0400
@@ -1,4 +1,4 @@
 -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@ -9,7 +9,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.47/restorecond/restorecond.c
 --- nsapolicycoreutils/restorecond/restorecond.c	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.47/restorecond/restorecond.c	2008-05-08 16:25:33.306921000 -0400
+++ policycoreutils-2.0.47/restorecond/restorecond.c	2008-05-07 11:11:19.000000000 -0400
@@ -210,9 +210,10 @@
 			}
 
@ -38,7 +38,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
 	close(fd);
 diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.47/restorecond/restorecond.init
 --- nsapolicycoreutils/restorecond/restorecond.init	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.47/restorecond/restorecond.init	2008-05-08 16:25:33.311916000 -0400
+++ policycoreutils-2.0.47/restorecond/restorecond.init	2008-05-07 11:11:19.000000000 -0400
@@ -2,7 +2,7 @@
 #
 # restorecond:		Daemon used to maintain path file context
@ -49,8 +49,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
 # listed in the /etc/selinux/restorecond.conf file, and restores the \
 # correct security context.
 diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.47/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles	2008-02-13 11:16:14.000000000 -0500
-+++ policycoreutils-2.0.47/scripts/fixfiles	2008-05-08 16:25:33.316911000 -0400
+--- nsapolicycoreutils/scripts/fixfiles	2008-05-06 14:33:04.000000000 -0400
+++ policycoreutils-2.0.47/scripts/fixfiles	2008-05-07 11:20:16.000000000 -0400
@@ -151,6 +151,7 @@
 relabel() {
     if [ ! -z "$RPMFILES" ]; then
@ -59,21 +59,50 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
     fi
 
     if [ $fullFlag == 1  ]; then
-diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.47/semanage/semanage
--- nsapolicycoreutils/semanage/semanage	2008-04-08 09:37:20.000000000 -0400
-+++ policycoreutils-2.0.47/semanage/semanage	2008-05-08 16:25:51.445630000 -0400
-@@ -129,7 +129,7 @@
- 		setrans = ""
- 		roles = ""
- 		seuser = ""
-		prefix = ""
-+		prefix = "user"
- 		heading=1
-                 value=0
- 		add = 0
+@@ -180,6 +181,10 @@
+     check) restore -n -v;;
+     verify) restore -n -o -;;
+     relabel) relabel;;
+    onboot)
+	touch /.autorelabel
+	echo "System will relabel on next boot"
+	;;
+     *)
+     usage
+     exit 1
+@@ -189,6 +194,7 @@
+       	echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
+ 	echo or
+       	echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
+      	echo $"Usage: $0 onboot"
+ }
+ 
+ if [ $# = 0 ]; then
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.47/scripts/fixfiles.8
+--- nsapolicycoreutils/scripts/fixfiles.8	2008-05-06 14:33:04.000000000 -0400
+++ policycoreutils-2.0.47/scripts/fixfiles.8	2008-05-07 11:22:34.000000000 -0400
+@@ -7,6 +7,8 @@
+ 
+ .B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ] 
+ 
+.B fixfiles onboot
+
+ .SH "DESCRIPTION"
+ This manual page describes the
+ .BR fixfiles
+@@ -20,6 +22,9 @@
+ as you expect.  By default it will relabel all mounted ext2, ext3, xfs and 
+ jfs file systems as long as they do not have a security context mount 
+ option.  You can use the -R flag to use rpmpackages as an alternative.
+.P
+.B fixfiles onboot 
+will setup the machine to relabel on the next reboot.
+ 
+ .SH "OPTIONS"
+ .TP 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.47/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py	2008-04-22 16:18:44.000000000 -0400
-+++ policycoreutils-2.0.47/semanage/seobject.py	2008-05-08 16:25:33.333894000 -0400
+--- nsapolicycoreutils/semanage/seobject.py	2008-05-16 10:55:38.000000000 -0400
+++ policycoreutils-2.0.47/semanage/seobject.py	2008-05-16 09:08:55.000000000 -0400
@@ -464,7 +464,7 @@
 	def __init__(self, store = ""):
 		semanageRecords.__init__(self, store)
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -5,8 +5,8 @@
 %define	sepolgenver	1.0.11
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
-Version: 2.0.47
-Release: 3%{?dist}
+Version: 2.0.49
+Release: 1%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -192,6 +192,10 @@ if [ "$1" -ge "1" ]; then
 fi

 %changelog
+* Mon May 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-1
+- Update to upstream
+	* Remove security_check_context calls for prefix validation from semanage.
+	* Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.

 * Mon May 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.47-3
 - Remove /usr/share/locale/sr@Latn/LC_MESSAGES/policycoreutils.mo
--- a/2
+++ b/2
@ -1,2 +1,2 @@
 3fed5cd04ee67c0f86e3cc6825261819  sepolgen-1.0.11.tgz
-14e21910c0bee70d2527a52eff6d8928  policycoreutils-2.0.47.tgz
+2a4121369b3d63dddd4cdf8d3fb9ef84  policycoreutils-2.0.49.tgz