* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5

- Remove recursion from fixfiles -R calls - Fix semanage to verify prefix
2006-09-23 23:35:08 +00:00 · 2006-09-23 23:35:08 +00:00 · 83bf5a4efe
parent e61a924249
commit 83bf5a4efe
2 changed files with 47 additions and 9 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,6 +1,6 @@
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.29/audit2allow/avc.py
 --- nsapolicycoreutils/audit2allow/avc.py	2006-09-14 08:07:24.000000000 -0400
-+++ policycoreutils-1.30.29/audit2allow/avc.py	2006-09-21 17:14:25.000000000 -0400
+++ policycoreutils-1.30.29/audit2allow/avc.py	2006-09-21 17:16:48.000000000 -0400
@@ -357,6 +357,15 @@
                                 break
                             else:
@ -19,7 +19,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2a
                         found = 0
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.30.29/restorecon/restorecon.8
 --- nsapolicycoreutils/restorecon/restorecon.8	2006-08-28 16:58:19.000000000 -0400
-+++ policycoreutils-1.30.29/restorecon/restorecon.8	2006-09-21 17:14:25.000000000 -0400
+++ policycoreutils-1.30.29/restorecon/restorecon.8	2006-09-21 17:16:48.000000000 -0400
@@ -23,6 +23,9 @@
 
 .SH "OPTIONS"
@ -32,7 +32,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restore
 .TP 
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.30.29/restorecon/restorecon.c
 --- nsapolicycoreutils/restorecon/restorecon.c	2006-09-01 22:32:11.000000000 -0400
-+++ policycoreutils-1.30.29/restorecon/restorecon.c	2006-09-21 17:14:25.000000000 -0400
+++ policycoreutils-1.30.29/restorecon/restorecon.c	2006-09-21 17:16:49.000000000 -0400
@@ -11,9 +11,10 @@
  * restorecon [-Rnv] pathname...
  * 
@ -189,7 +189,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restore
 }
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-1.30.29/restorecond/Makefile
 --- nsapolicycoreutils/restorecond/Makefile	2006-08-28 16:58:19.000000000 -0400
-+++ policycoreutils-1.30.29/restorecond/Makefile	2006-09-21 17:16:12.000000000 -0400
+++ policycoreutils-1.30.29/restorecond/Makefile	2006-09-21 17:16:49.000000000 -0400
@@ -5,14 +5,14 @@
 INITDIR = $(DESTDIR)/etc/rc.d/init.d
 SELINUXDIR = $(DESTDIR)/etc/selinux
@ -210,16 +210,18 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restore
 	[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.30.29/scripts/fixfiles
 --- nsapolicycoreutils/scripts/fixfiles	2006-09-01 22:32:11.000000000 -0400
-+++ policycoreutils-1.30.29/scripts/fixfiles	2006-09-21 17:14:25.000000000 -0400
-@@ -117,7 +117,7 @@
+++ policycoreutils-1.30.29/scripts/fixfiles	2006-09-23 19:31:23.000000000 -0400
+@@ -117,8 +117,8 @@
     exit $?
 fi
 if [ ! -z "$RPMFILES" ]; then
 -    for i in `echo $RPMFILES | sed 's/,/ /g'`; do
+-	rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* -f - 2>&1 >> $LOGFILE
 +    for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
- 	rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* -f - 2>&1 >> $LOGFILE
+	rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
     done
     exit $?
+ fi
@@ -219,7 +219,7 @@
 # check if they specified both DIRS and RPMFILES
 #
@ -239,7 +241,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts
     usage
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-1.30.29/scripts/fixfiles.8
 --- nsapolicycoreutils/scripts/fixfiles.8	2006-08-28 16:58:19.000000000 -0400
-+++ policycoreutils-1.30.29/scripts/fixfiles.8	2006-09-21 17:14:25.000000000 -0400
+++ policycoreutils-1.30.29/scripts/fixfiles.8	2006-09-21 17:16:49.000000000 -0400
@@ -3,9 +3,9 @@
 fixfiles \- fix file security contexts.
 
@ -271,3 +273,35 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts
 .B [[dir/file] ... ] 
 List of files or directories trees that you wish to check file context on.
 
+diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.29/semanage/seobject.py
+--- nsapolicycoreutils/semanage/seobject.py	2006-09-14 08:07:24.000000000 -0400
+++ policycoreutils-1.30.29/semanage/seobject.py	2006-09-22 11:24:59.000000000 -0400
+@@ -456,7 +456,9 @@
+ 				rc = semanage_user_set_mlslevel(self.sh, u, selevel)
+ 				if rc < 0:
+ 					raise ValueError(_("Could not set MLS level for %s") % name)
+-
+                        if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
+                               raise ValueError(_("Invalid prefix %s") % prefix)
+ 			rc = semanage_user_set_prefix(self.sh, u, prefix)
+ 			if rc < 0:
+ 				raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
+@@ -486,6 +488,7 @@
+ 
+ 	def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
+ 		oldroles = ""
+		oldserange = ""
+ 		newroles = string.join(roles, ' ');
+ 		try:
+ 			if prefix == "" and len(roles) == 0  and serange == "" and selevel == "":
+@@ -521,7 +524,9 @@
+ 				semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
+ 
+ 			if prefix != "":
+-				semanage_user_set_prefix(self.sh, u, prefix)
+                               if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
+                                      raise ValueError(_("Invalid prefix %s") % prefix)
+                               semanage_user_set_prefix(self.sh, u, prefix)
+ 
+ 			if len(roles) != 0:
+ 				for r in roles:
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -5,7 +5,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.30.29
-Release: 4
+Release: 5
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -122,6 +122,10 @@ fi
 [ -x /sbin/service ] && /sbin/service restorecond condrestart

 %changelog
+* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5
+- Remove recursion from fixfiles -R calls
+- Fix semanage to verify prefix
+
 * Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-4
 - More translations
 - Compile with -pie