From 93d1c9d780c98facd81972c1f694c235f90314ae Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 11 Feb 2005 01:43:49 +0000 Subject: [PATCH] * Thu Feb 10 2005 Dan Walsh 1.21.15-4 - Trap failure on write - Rewrite genhomedircon to generate file_context.homedirs --- policycoreutils-rhat.patch | 173 ++++++++++++++++++++++--------------- policycoreutils.spec | 6 +- 2 files changed, 106 insertions(+), 73 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 80994d2..6129b01 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,7 +1,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.21.15/scripts/genhomedircon --- nsapolicycoreutils/scripts/genhomedircon 2005-01-28 11:16:36.000000000 -0500 -+++ policycoreutils-1.21.15/scripts/genhomedircon 2005-02-10 17:08:52.000000000 -0500 -@@ -13,38 +13,131 @@ ++++ policycoreutils-1.21.15/scripts/genhomedircon 2005-02-10 20:10:15.000000000 -0500 +@@ -13,38 +13,109 @@ # # ASSUMPTIONS: # @@ -24,8 +24,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po # +# - import commands, sys, os, pwd, string - +-import commands, sys, os, pwd, string ++import commands, sys, os, pwd, string, getopt ++ +rhplPath="/usr/lib/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1]) +if not rhplPath in sys.path: + sys.path.append(rhplPath) @@ -35,17 +36,24 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po + sys.path.append(rhplPath) + +from Conf import * -+ + EXCLUDE_LOGINS=["/sbin/nologin", "/bin/false"] -def getPrefixes(): -+SELINUXDIR="/etc/selinux/" -+SELINUXCONFIG=SELINUXDIR+"config" -+CONTEXTDIR="/contexts" -+FILECONTEXTDIR=CONTEXTDIR+"/files" -+HOMEDIRTEMPLATE="/homedir_template" -+USERSFILE="/users/local.users" -+ +- ulist = pwd.getpwall() +- prefixes = {} +- for u in ulist: +- if u[2] >= STARTING_UID and \ +- not u[6] in EXCLUDE_LOGINS and \ +- u[5] != "/" and \ +- string.count(u[5], "/") > 1: +- prefix = u[5][:string.rfind(u[5], "/")] +- if not prefixes.has_key(prefix): +- prefixes[prefix] = "" +- return prefixes +- +-def getUsers(): +- rc = commands.getstatusoutput("grep ^user %s/users" % FILECONTEXTDIR) +def getStartingUID(): + conf=Conf("/etc/login.defs") + while conf.findnextcodeline(): @@ -62,67 +70,43 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po + else: + return "/home" + -+def getHomeDirs(): - ulist = pwd.getpwall() -- prefixes = {} -+ homedirs = [] -+ homedirs.append(getDefaultHomeDir()) -+ starting_uid=getStartingUID() - for u in ulist: -- if u[2] >= STARTING_UID and \ -+ if u[2] >= starting_uid and \ - not u[6] in EXCLUDE_LOGINS and \ - u[5] != "/" and \ - string.count(u[5], "/") > 1: -- prefix = u[5][:string.rfind(u[5], "/")] -- if not prefixes.has_key(prefix): -- prefixes[prefix] = "" -- return prefixes -+ homedir = u[5][:string.rfind(u[5], "/")] -+ if not homedir in homedirs: -+ homedirs.append(homedir) -+ -+ homedirs.sort() -+ return homedirs - --def getUsers(): -- rc = commands.getstatusoutput("grep ^user %s/users" % FILECONTEXTDIR) +def usage(error = ""): -+ if error != "": -+ sys.stderr.write("%s\n" % (error,)) -+ sys.stderr.write("Usage: %s \n" % sys.argv[0]) -+ sys.stderr.flush() -+ sys.exit(1) -+ ++ if error != "": ++ sys.stderr.write("%s\n" % (error,)) ++ sys.stderr.write("Usage: %s [ -d selinuxdir ] [-n] [-t selinuxtype ]\n" % sys.argv[0]) ++ sys.stderr.flush() ++ sys.exit(1) ++ +def errorExit(error): -+ sys.stderr.write("%s exiting for: " % sys.argv[0]) -+ sys.stderr.write("%s\n" % error) -+ sys.stderr.flush() -+ sys.exit(1) -+ ++ sys.stderr.write("%s exiting for: " % sys.argv[0]) ++ sys.stderr.write("%s\n" % error) ++ sys.stderr.flush() ++ sys.exit(1) ++ +class selinuxConfig: -+ def __init__(self): -+ self.type="targeted" -+ self.types=[] -+ if os.access(SELINUXDIR, os.F_OK) == 0: -+ #File doesn't exist. return -+ return None -+ -+ conf=ConfShellVar(SELINUXCONFIG) -+ if conf.has_key("SELINUXTYPE"): -+ self.type=conf.vars["SELINUXTYPE"] ++ def __init__(self, selinuxdir="/etc/selinux", type="targeted", usepwd=1): ++ self.type=type ++ self.selinuxdir=selinuxdir +"/" ++ self.selinuxconfig=self.selinuxdir+"config" ++ self.contextdir="/contexts" ++ self.filecontextdir=self.contextdir+"/files" ++ self.usepwd=usepwd ++ if os.access(self.selinuxconfig, os.F_OK) == 1: ++ conf=ConfShellVar(self.selinuxconfig) ++ if conf.has_key("SELINUXTYPE"): ++ self.type=conf.vars["SELINUXTYPE"] + + def getSelinuxType(self): + return self.type + + def getFileContextDir(self): -+ return SELINUXDIR+self.getSelinuxType()+FILECONTEXTDIR ++ return self.selinuxdir+self.getSelinuxType()+self.filecontextdir + + def getContextDir(self): -+ return SELINUXDIR+self.getSelinuxType()+CONTEXTDIR ++ return self.selinuxdir+self.getSelinuxType()+self.contextdir + + def getHomeDirTemplate(self): -+ return self.getFileContextDir()+HOMEDIRTEMPLATE ++ return self.getFileContextDir()+"/homedir_template" + + def getHomeRootContext(self): + rc=commands.getstatusoutput("grep HOME_ROOT %s | sed -e \"s|^HOME_ROOT|%s|\"" % ( self.getHomeDirTemplate(), getDefaultHomeDir())) @@ -132,7 +116,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po + errorExit(string.join("sed error ", rc[1])) + + def getUsersFile(self): -+ return SELINUXDIR+self.getSelinuxType()+USERSFILE ++ return self.selinuxdir+self.getSelinuxType()+"/users/local.users" ++ + + def heading(self): + ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0] @@ -146,7 +131,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po if rc[0] == 0: ulist = rc[1].strip().split("\n") for u in ulist: -@@ -68,71 +161,44 @@ +@@ -68,72 +139,90 @@ sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % (user[1],)) return udict @@ -227,10 +212,29 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po + ret += self.getHomeDirContext (u, users[u]["home"], users[u]["role"]) + return ret + ++ def getHomeDirs(self): ++ homedirs = [] ++ homedirs.append(getDefaultHomeDir()) ++ starting_uid=getStartingUID() ++ if self.usepwd==0: ++ return homedirs ++ ulist = pwd.getpwall() ++ for u in ulist: ++ if u[2] >= starting_uid and \ ++ not u[6] in EXCLUDE_LOGINS and \ ++ u[5] != "/" and \ ++ string.count(u[5], "/") > 1: ++ homedir = u[5][:string.rfind(u[5], "/")] ++ if not homedir in homedirs: ++ homedirs.append(homedir) ++ ++ homedirs.sort() ++ return homedirs ++ + def genoutput(self): + ret= self.heading() + ret += self.getHomeRootContext() -+ for h in getHomeDirs(): ++ for h in self.getHomeDirs(): + ret += self.getHomeDirContext ("user_u" , h, "user") + ret += self.genHomeDirContext() + return ret @@ -239,18 +243,47 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po + print self.genoutput() + + def write(self): -+ fd = open(self.getFileContextDir()+"/file_context.homedirs", "w") -+ fd.write(self.genoutput()) -+ fd.close() ++ try: ++ fd = open(self.getFileContextDir()+"/file_contexts.homedirs", "w") ++ fd.write(self.genoutput()) ++ fd.close() ++ except IOError, error: ++ sys.stderr.write("%s: %s\n" % ( sys.argv[0], error )) ++ ++ + +# +# This script will generate home dir file context +# based off the homedir_template file, entries in the password file, and +# +try: -+ selconf=selinuxConfig() -+ selconf.write() ++ usepwd=1 ++ type="targeted" ++ directory="/etc/selinux" ++ gopts, cmds = getopt.getopt(sys.argv[1:], 'nd:t:', ['help', ++ 'type=', ++ 'nopasswd', ++ 'dir=']) ++ for o,a in gopts: ++ if o == '--type' or o == "-t": ++ type=a ++ if o == '--nopasswd' or o == "-n": ++ usepwd=0 ++ if o == '--dir' or o == "-d": ++ directory=a ++ if o == '--help': ++ usage() + ++ ++ selconf=selinuxConfig(directory, type, usepwd) ++ selconf.write() ++ ++except getopt.error, error: ++ errorExit(string.join("Options Error ", error)) ++ except ValueError, error: - errorExit(string.join("ValueError ", error)) +- errorExit(string.join("ValueError ", error)) ++ errorExit(string.join("ValueError ", error)) except IndexError, error: +- errorExit("IndexError") ++ errorExit("IndexError") diff --git a/policycoreutils.spec b/policycoreutils.spec index cc5d78b..38100de 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,8 +1,8 @@ -%define libselinuxver 1.21.5 +%define libselinuxver 1.21.9-2 Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.21.15 -Release: 3 +Release: 4 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -81,7 +81,7 @@ rm -rf ${RPM_BUILD_ROOT} %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog -* Thu Feb 10 2005 Dan Walsh 1.21.15-3 +* Thu Feb 10 2005 Dan Walsh 1.21.15-4 - Trap failure on write - Rewrite genhomedircon to generate file_context.homedirs