From 6d8189f15073ff562a63aeaf0c0ebebc38e1e93a Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 23 Mar 2011 17:55:22 -0400 Subject: [PATCH] Fix sepolgen-ifgen call, add -p option --- policycoreutils-rhat.patch | 49 ++++++++++++++++++++------------------ policycoreutils.spec | 6 ++--- 2 files changed, 29 insertions(+), 26 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 3520885..99d6c4d 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -192,7 +192,7 @@ index 6178cc8..b6f386d 100644 .PP .SH AUTHOR diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen -index 03f95a1..466e8ea 100644 +index 03f95a1..dad2009 100644 --- a/policycoreutils/audit2allow/sepolgen-ifgen +++ b/policycoreutils/audit2allow/sepolgen-ifgen @@ -1,4 +1,4 @@ @@ -220,11 +220,12 @@ index 03f95a1..466e8ea 100644 def parse_options(): from optparse import OptionParser -@@ -44,14 +49,56 @@ def parse_options(): +@@ -44,14 +49,58 @@ def parse_options(): help="filename to store output") parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(), help="location of the interface header files") + parser.add_option("-a", "--attribute_info", dest="attribute_info") ++ parser.add_option("-p", "--policy", dest="policy_path") parser.add_option("-v", "--verbose", action="store_true", default=False, help="print debuging output") parser.add_option("-d", "--debug", action="store_true", default=False, @@ -245,9 +246,10 @@ index 03f95a1..466e8ea 100644 + return p + return None + -+def get_attrs(): ++def get_attrs(policy_path): + try: -+ policy_path = get_policy() ++ if not policy_path: ++ policy_path = get_policy() + if not policy_path: + sys.stderr.write("No installed policy to check\n") + return None @@ -277,14 +279,14 @@ index 03f95a1..466e8ea 100644 def main(): options = parse_options() -@@ -68,6 +115,14 @@ def main(): +@@ -68,6 +117,14 @@ def main(): else: log = None + # Get the attibutes from the binary + attrs = None + if not options.no_attrs: -+ attrs = get_attrs() ++ attrs = get_attrs(options.policy_path) + if attrs is None: + return 1 + @@ -292,7 +294,7 @@ index 03f95a1..466e8ea 100644 try: headers = refparser.parse_headers(options.headers, output=log, debug=options.debug) except ValueError, e: -@@ -76,7 +131,7 @@ def main(): +@@ -76,7 +133,7 @@ def main(): return 1 if_set = interfaces.InterfaceSet(output=log) @@ -2123,7 +2125,7 @@ index 0000000..e7b8991 +and +.I Thomas Liu diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c -index ec692e7..05a18b3 100644 +index ec692e7..d8171d8 100644 --- a/policycoreutils/sandbox/seunshare.c +++ b/policycoreutils/sandbox/seunshare.c @@ -1,28 +1,35 @@ @@ -2335,20 +2337,20 @@ index ec692e7..05a18b3 100644 + + if (lstat(dir, st_out) == -1) { + fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno)); ++ return -1; ++ } ++ if (! S_ISDIR(st_out->st_mode)) { ++ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno)); return -1; } - if (sb.st_uid != pwd->pw_uid) { - errno = EPERM; - syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir); - perror(_("Invalid mount point, reporting to administrator")); -+ if (! S_ISDIR(st_out->st_mode)) { -+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno)); - return -1; - } + if (st_in && !equal_stats(st_in, st_out)) { + fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir); -+ return -1; -+ } + return -1; + } + return 0; } @@ -2362,7 +2364,7 @@ index ec692e7..05a18b3 100644 break; } } -@@ -131,45 +236,519 @@ static int verify_shell(const char *shell_name) +@@ -131,45 +236,520 @@ static int verify_shell(const char *shell_name) return rc; } @@ -2794,6 +2796,11 @@ index ec692e7..05a18b3 100644 + fprintf(stderr, _("Failed to get context of the directory %s: %s\n"), src, strerror(errno)); + goto err; + } ++ ++ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) { ++ goto err; ++ } ++ + /* ok to not reach this if there is an error */ + setfsuid(0); + } @@ -2846,10 +2853,6 @@ index ec692e7..05a18b3 100644 + } + } + -+ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) { -+ goto err; -+ } -+ + if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) { + fprintf(stderr, _("Failed to populate runtime temporary directory\n")); + cleanup_tmpdir(tmpdir, src, pwd, 0); @@ -2896,7 +2899,7 @@ index ec692e7..05a18b3 100644 {NULL, 0, 0, 0} }; -@@ -180,6 +759,12 @@ int main(int argc, char **argv) { +@@ -180,6 +760,12 @@ int main(int argc, char **argv) { return -1; } @@ -2909,7 +2912,7 @@ index ec692e7..05a18b3 100644 struct passwd *pwd=getpwuid(uid); if (!pwd) { perror(_("getpwduid failed")); -@@ -187,34 +772,30 @@ int main(int argc, char **argv) { +@@ -187,34 +773,30 @@ int main(int argc, char **argv) { } if (verify_shell(pwd->pw_shell) < 0) { @@ -2955,7 +2958,7 @@ index ec692e7..05a18b3 100644 break; default: fprintf(stderr, "%s\n", USAGE_STRING); -@@ -223,76 +804,84 @@ int main(int argc, char **argv) { +@@ -223,76 +805,84 @@ int main(int argc, char **argv) { } if (! homedir_s && ! tmpdir_s) { @@ -3089,7 +3092,7 @@ index ec692e7..05a18b3 100644 if (display) rc |= setenv("DISPLAY", display, 1); rc |= setenv("HOME", pwd->pw_dir, 1); -@@ -300,22 +889,41 @@ int main(int argc, char **argv) { +@@ -300,22 +890,41 @@ int main(int argc, char **argv) { rc |= setenv("USER", pwd->pw_name, 1); rc |= setenv("LOGNAME", pwd->pw_name, 1); rc |= setenv("PATH", DEFAULT_PATH, 1); diff --git a/policycoreutils.spec b/policycoreutils.spec index 623e472..6da2a16 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.85 -Release: 25%{?dist} +Release: 26%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -331,8 +331,8 @@ fi exit 0 %changelog -* Wed Mar 23 2011 Dan Walsh 2.0.85-25 -- Fix sepolgen-ifgen call +* Wed Mar 23 2011 Dan Walsh 2.0.85-26 +- Fix sepolgen-ifgen call, add -p option * Fri Mar 18 2011 Dan Walsh 2.0.85-24 - Fix rsync command to work if the directory is old.