diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 02139f7..44dee75 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -4949,9 +4949,111 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. /etc/samba/secrets.tdb /etc/mtab /var/run/utmp +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.33.6/semanage/semanage +--- nsapolicycoreutils/semanage/semanage 2006-11-16 17:14:26.000000000 -0500 ++++ policycoreutils-1.33.6/semanage/semanage 2006-12-19 08:56:35.000000000 -0500 +@@ -65,6 +65,7 @@ + -l (symbolic link) \n\ + -p (named pipe) \n\n\ + \ ++ -e, --exists Check if Linux user exists before adding (login only)\n\ + -p, --proto Port protocol (tcp or udp)\n\ + -P, --prefix Prefix for home directory labeling\n\ + -L, --level Default SELinux Level (MLS/MCS Systems only)\n\ +@@ -88,7 +89,7 @@ + valid_option={} + valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ] + valid_option["login"] = [] +- valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range'] ++ valid_option["login"] += valid_everyone + [ '-e', '--exists', '-s', '--seuser', '-r', '--range'] + valid_option["user"] = [] + valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ] + valid_option["port"] = [] +@@ -118,7 +119,8 @@ + seuser = "" + prefix = "" + heading=1 +- ++ exists = 1 ++ + add = 0 + modify = 0 + delete = 0 +@@ -134,9 +136,10 @@ + args = sys.argv[2:] + + gopts, cmds = getopt.getopt(args, +- 'adf:lhmnp:s:R:L:r:t:T:P:', ++ 'ade:f:lhmnp:s:R:L:r:t:T:P:', + ['add', + 'delete', ++ 'exists=', + 'ftype=', + 'help', + 'list', +@@ -165,13 +168,26 @@ + if modify or add: + usage() + delete = 1 ++ ++ if o == "-e" or o == "--exists": ++ if not add: ++ usage() ++ a = a.upper() ++ if a == "0" or a == "FALSE": ++ exists = False ++ else: ++ if a == "1" or a == "TRUE": ++ exists = True ++ else: ++ usage() + if o == "-f" or o == "--ftype": +- ftype=a ++ ftype = a ++ + if o == "-h" or o == "--help": + usage() + + if o == "-n" or o == "--noheading": +- heading=0 ++ heading = 0 + + if o == "-m"or o == "--modify": + if delete or add: +@@ -238,7 +254,7 @@ + + if add: + if object == "login": +- OBJECT.add(target, seuser, serange) ++ OBJECT.add(target, seuser, serange, exists) + + if object == "translation": + OBJECT.add(target, setrans) +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.33.6/semanage/semanage.8 +--- nsapolicycoreutils/semanage/semanage.8 2006-11-29 17:11:17.000000000 -0500 ++++ policycoreutils-1.33.6/semanage/semanage.8 2006-12-19 08:43:02.000000000 -0500 +@@ -5,7 +5,7 @@ + .SH "SYNOPSIS" + .B semanage {login|user|port|interface|fcontext|translation} \-l [\-n] + .br +-.B semanage login \-{a|d|m} [\-sr] login_name ++.B semanage login \-{a|d|m} [\-esr] login_name + .br + .B semanage user \-{a|d|m} [\-LrRP] selinux_name + .br +@@ -43,6 +43,9 @@ + .I \-d, \-\-delete + Delete a OBJECT record NAME + .TP ++.I \-e, \-\-exists ++Check whether or not the Linux user exists before adding the login mapping. ++.TP + .I \-f, \-\-ftype + File Type. This is used with fcontext. + Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files. diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.6/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2006-11-16 17:14:26.000000000 -0500 -+++ policycoreutils-1.33.6/semanage/seobject.py 2006-12-18 13:59:38.000000000 -0500 ++++ policycoreutils-1.33.6/semanage/seobject.py 2006-12-19 08:31:21.000000000 -0500 @@ -94,23 +94,25 @@ return re.search("^" + reg +"$",raw) @@ -5011,7 +5113,26 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. class semanageRecords: def __init__(self): self.sh = semanage_handle_create() -@@ -456,7 +459,8 @@ +@@ -228,7 +231,7 @@ + def __init__(self): + semanageRecords.__init__(self) + +- def add(self, name, sename, serange): ++ def add(self, name, sename, serange, check_exists = True): + if is_mls_enabled == 1: + if serange == "": + serange = "s0" +@@ -249,7 +252,8 @@ + if exists: + raise ValueError(_("Login mapping for %s is already defined") % name) + try: +- pwd.getpwnam(name) ++ if check_exists: ++ pwd.getpwnam(name) + except: + raise ValueError(_("Linux User %s does not exist") % name) + +@@ -456,7 +460,8 @@ rc = semanage_user_set_mlslevel(self.sh, u, selevel) if rc < 0: raise ValueError(_("Could not set MLS level for %s") % name) @@ -5021,7 +5142,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. rc = semanage_user_set_prefix(self.sh, u, prefix) if rc < 0: raise ValueError(_("Could not add prefix %s for %s") % (r, prefix)) -@@ -522,11 +526,17 @@ +@@ -522,11 +527,17 @@ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel)) if prefix != "": diff --git a/policycoreutils.spec b/policycoreutils.spec index 17429d8..b5b14a6 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -5,7 +5,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.33.6 -Release: 6%{?dist} +Release: 7%{?dist} License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -168,8 +168,14 @@ fi [ -x /sbin/service ] && /sbin/service restorecond condrestart %changelog -* Fri Dec 8 2006 Dan Walsh 1.33.6-6 +* Tue Dec 19 2006 Dan Walsh 1.33.6-7 +- add exists switch to semanage to tell it not to check for existance of Linux user +Resolves: #219421 + +* Mon Dec 18 2006 Dan Walsh 1.33.6-6 - Fix audit2allow generating reference policy +- Fix semanage to manage user roles properly +Resolves: #220071 * Fri Dec 8 2006 Dan Walsh 1.33.6-5 - Update po files