Fix sepolgen-ifgen call, add -p option
This commit is contained in:
parent
4189d94570
commit
6d8189f150
@ -192,7 +192,7 @@ index 6178cc8..b6f386d 100644
|
||||
.PP
|
||||
.SH AUTHOR
|
||||
diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen
|
||||
index 03f95a1..466e8ea 100644
|
||||
index 03f95a1..dad2009 100644
|
||||
--- a/policycoreutils/audit2allow/sepolgen-ifgen
|
||||
+++ b/policycoreutils/audit2allow/sepolgen-ifgen
|
||||
@@ -1,4 +1,4 @@
|
||||
@ -220,11 +220,12 @@ index 03f95a1..466e8ea 100644
|
||||
|
||||
def parse_options():
|
||||
from optparse import OptionParser
|
||||
@@ -44,14 +49,56 @@ def parse_options():
|
||||
@@ -44,14 +49,58 @@ def parse_options():
|
||||
help="filename to store output")
|
||||
parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),
|
||||
help="location of the interface header files")
|
||||
+ parser.add_option("-a", "--attribute_info", dest="attribute_info")
|
||||
+ parser.add_option("-p", "--policy", dest="policy_path")
|
||||
parser.add_option("-v", "--verbose", action="store_true", default=False,
|
||||
help="print debuging output")
|
||||
parser.add_option("-d", "--debug", action="store_true", default=False,
|
||||
@ -245,9 +246,10 @@ index 03f95a1..466e8ea 100644
|
||||
+ return p
|
||||
+ return None
|
||||
+
|
||||
+def get_attrs():
|
||||
+def get_attrs(policy_path):
|
||||
+ try:
|
||||
+ policy_path = get_policy()
|
||||
+ if not policy_path:
|
||||
+ policy_path = get_policy()
|
||||
+ if not policy_path:
|
||||
+ sys.stderr.write("No installed policy to check\n")
|
||||
+ return None
|
||||
@ -277,14 +279,14 @@ index 03f95a1..466e8ea 100644
|
||||
|
||||
def main():
|
||||
options = parse_options()
|
||||
@@ -68,6 +115,14 @@ def main():
|
||||
@@ -68,6 +117,14 @@ def main():
|
||||
else:
|
||||
log = None
|
||||
|
||||
+ # Get the attibutes from the binary
|
||||
+ attrs = None
|
||||
+ if not options.no_attrs:
|
||||
+ attrs = get_attrs()
|
||||
+ attrs = get_attrs(options.policy_path)
|
||||
+ if attrs is None:
|
||||
+ return 1
|
||||
+
|
||||
@ -292,7 +294,7 @@ index 03f95a1..466e8ea 100644
|
||||
try:
|
||||
headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
|
||||
except ValueError, e:
|
||||
@@ -76,7 +131,7 @@ def main():
|
||||
@@ -76,7 +133,7 @@ def main():
|
||||
return 1
|
||||
|
||||
if_set = interfaces.InterfaceSet(output=log)
|
||||
@ -2123,7 +2125,7 @@ index 0000000..e7b8991
|
||||
+and
|
||||
+.I Thomas Liu <tliu@fedoraproject.org>
|
||||
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
|
||||
index ec692e7..05a18b3 100644
|
||||
index ec692e7..d8171d8 100644
|
||||
--- a/policycoreutils/sandbox/seunshare.c
|
||||
+++ b/policycoreutils/sandbox/seunshare.c
|
||||
@@ -1,28 +1,35 @@
|
||||
@ -2335,20 +2337,20 @@ index ec692e7..05a18b3 100644
|
||||
+
|
||||
+ if (lstat(dir, st_out) == -1) {
|
||||
+ fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if (! S_ISDIR(st_out->st_mode)) {
|
||||
+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
- if (sb.st_uid != pwd->pw_uid) {
|
||||
- errno = EPERM;
|
||||
- syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
|
||||
- perror(_("Invalid mount point, reporting to administrator"));
|
||||
+ if (! S_ISDIR(st_out->st_mode)) {
|
||||
+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
+ if (st_in && !equal_stats(st_in, st_out)) {
|
||||
+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
return -1;
|
||||
}
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
@ -2362,7 +2364,7 @@ index ec692e7..05a18b3 100644
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -131,45 +236,519 @@ static int verify_shell(const char *shell_name)
|
||||
@@ -131,45 +236,520 @@ static int verify_shell(const char *shell_name)
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -2794,6 +2796,11 @@ index ec692e7..05a18b3 100644
|
||||
+ fprintf(stderr, _("Failed to get context of the directory %s: %s\n"), src, strerror(errno));
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ /* ok to not reach this if there is an error */
|
||||
+ setfsuid(0);
|
||||
+ }
|
||||
@ -2846,10 +2853,6 @@ index ec692e7..05a18b3 100644
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
|
||||
+ fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
|
||||
+ cleanup_tmpdir(tmpdir, src, pwd, 0);
|
||||
@ -2896,7 +2899,7 @@ index ec692e7..05a18b3 100644
|
||||
{NULL, 0, 0, 0}
|
||||
};
|
||||
|
||||
@@ -180,6 +759,12 @@ int main(int argc, char **argv) {
|
||||
@@ -180,6 +760,12 @@ int main(int argc, char **argv) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -2909,7 +2912,7 @@ index ec692e7..05a18b3 100644
|
||||
struct passwd *pwd=getpwuid(uid);
|
||||
if (!pwd) {
|
||||
perror(_("getpwduid failed"));
|
||||
@@ -187,34 +772,30 @@ int main(int argc, char **argv) {
|
||||
@@ -187,34 +773,30 @@ int main(int argc, char **argv) {
|
||||
}
|
||||
|
||||
if (verify_shell(pwd->pw_shell) < 0) {
|
||||
@ -2955,7 +2958,7 @@ index ec692e7..05a18b3 100644
|
||||
break;
|
||||
default:
|
||||
fprintf(stderr, "%s\n", USAGE_STRING);
|
||||
@@ -223,76 +804,84 @@ int main(int argc, char **argv) {
|
||||
@@ -223,76 +805,84 @@ int main(int argc, char **argv) {
|
||||
}
|
||||
|
||||
if (! homedir_s && ! tmpdir_s) {
|
||||
@ -3089,7 +3092,7 @@ index ec692e7..05a18b3 100644
|
||||
if (display)
|
||||
rc |= setenv("DISPLAY", display, 1);
|
||||
rc |= setenv("HOME", pwd->pw_dir, 1);
|
||||
@@ -300,22 +889,41 @@ int main(int argc, char **argv) {
|
||||
@@ -300,22 +890,41 @@ int main(int argc, char **argv) {
|
||||
rc |= setenv("USER", pwd->pw_name, 1);
|
||||
rc |= setenv("LOGNAME", pwd->pw_name, 1);
|
||||
rc |= setenv("PATH", DEFAULT_PATH, 1);
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.85
|
||||
Release: 25%{?dist}
|
||||
Release: 26%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -331,8 +331,8 @@ fi
|
||||
exit 0
|
||||
|
||||
%changelog
|
||||
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-25
|
||||
- Fix sepolgen-ifgen call
|
||||
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-26
|
||||
- Fix sepolgen-ifgen call, add -p option
|
||||
|
||||
* Fri Mar 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-24
|
||||
- Fix rsync command to work if the directory is old.
|
||||
|
Loading…
Reference in New Issue
Block a user