Update to upstream

* Use correct color range in mcstrand by Richard Haines.
This commit is contained in:
Dan Walsh 2011-04-13 16:52:53 -04:00
parent 5898ea81d9
commit 9f65a26864
4 changed files with 75 additions and 13 deletions

1
.gitignore vendored
View File

@ -223,3 +223,4 @@ sepolgen-1.0.23.tgz
policycoreutils-2.0.83.tgz
/policycoreutils-2.0.84.tgz
/policycoreutils-2.0.85.tgz
/policycoreutils-2.0.86.tgz

View File

@ -3194,10 +3194,10 @@ index 3f9efba..7c6d75a 100644
+/etc/selinux/{SELINUXTYPE}/seusers
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index ae519fc..0890811 100755
index ae519fc..7d21ea3 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -21,6 +21,25 @@
@@ -21,6 +21,44 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
@ -3210,12 +3210,31 @@ index ae519fc..0890811 100755
+ grep --silent "$i ".*seclabel /proc/self/mounts && echo $i
+done
+}
+
+exclude_dirs_from_relabelling() {
+ exclude_from_relabelling=
+ if [ -e /etc/selinux/fixfiles_exclude_dirs ]
+ then
+ while read i
+ do
+ # skip blank line and comment
+ # skip not absolute path
+ # skip not directory
+ [ -z "${i}" ] && continue
+ [[ "${i}" =~ "^[[:blank:]]*#" ]] && continue
+ [[ ! "${i}" =~ ^/.* ]] && continue
+ [[ ! -d "${i}" ]] && continue
+ exclude_from_relabelling="$exclude_from_relabelling -e $i"
+ logit "skipping the directory $i from relabelling"
+ done < /etc/selinux/fixfiles_exclude_dirs
+ fi
+ echo "$exclude_from_relabelling"
+}
+exclude_dirs() {
+ exclude=
+ for i in /var/lib/BackupPC /home /tmp /dev; do
+ [ -e $i ] && exclude="$exclude -e $i";
+ done
+ exclude="$exclude `exclude_dirs_from_relabelling`"
+ echo "$exclude"
+}
+
@ -3223,7 +3242,7 @@ index ae519fc..0890811 100755
# Set global Variables
#
fullFlag=0
@@ -35,9 +54,7 @@ SYSLOGFLAG="-l"
@@ -35,9 +73,7 @@ SYSLOGFLAG="-l"
LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
@ -3234,7 +3253,7 @@ index ae519fc..0890811 100755
SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then
. /etc/selinux/config
@@ -87,23 +104,10 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
@@ -87,23 +123,10 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
esac; \
fi; \
done | \
@ -3259,7 +3278,7 @@ index ae519fc..0890811 100755
rpmlist() {
rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
@@ -121,23 +125,16 @@ if [ ! -z "$PREFC" ]; then
@@ -121,24 +144,34 @@ if [ ! -z "$PREFC" ]; then
fi
if [ ! -z "$RPMFILES" ]; then
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
@ -3282,11 +3301,30 @@ index ae519fc..0890811 100755
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
-LogReadOnly
-${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
-rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+#
+exclude_dirs="`exclude_dirs_from_relabelling`"
+if [ -n "${exclude_dirs}" ]
+then
+ TEMPFCFILE=`mktemp ${FC}.XXXXXXXXXX`
+ test -z "$TEMPFCFILE" && exit
+ /bin/cp -p ${FC} ${TEMPFCFILE} &>/dev/null || exit
+ exclude_dirs=${exclude_dirs//-e/}
+ for p in ${exclude_dirs}
+ do
+ p="${p%/}"
+ p1="${p}(/.*)? -- <<none>>"
+ echo "${p1}" >> $TEMPFCFILE
+ logit "skipping the directory ${p} from relabelling"
+ done
+FC=$TEMPFCFILE
+fi
+${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMS} 2>&1 | cat >> $LOGFILE
rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE
find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
@@ -146,8 +143,7 @@ exit $?
exit $?
@@ -146,8 +179,7 @@ exit $?
fullrelabel() {
logit "Cleaning out /tmp"
@ -3296,6 +3334,19 @@ index ae519fc..0890811 100755
restore
}
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
index dfe8aa9..0b4cbaa 100644
--- a/policycoreutils/scripts/fixfiles.8
+++ b/policycoreutils/scripts/fixfiles.8
@@ -29,6 +29,8 @@ new policy, or just check whether the file contexts are all
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
jfs file systems as long as they do not have a security context mount
option. You can use the -R flag to use rpmpackages as an alternative.
+The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
+excluded from relabelling.
.P
.B fixfiles onboot
will setup the machine to relabel on the next reboot.
diff --git a/policycoreutils/scripts/genhomedircon.8 b/policycoreutils/scripts/genhomedircon.8
new file mode 100644
index 0000000..6331660

View File

@ -1,13 +1,13 @@
%define libauditver 1.4.2-1
%define libsepolver 2.0.42-3
%define libsepolver 2.0.43-2
%define libsemanagever 2.0.43-4
%define libselinuxver 2.0.90-3
%define sepolgenver 1.0.23
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.85
Release: 28%{?dist}
Version: 2.0.86
Release: 1%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@ -163,7 +163,7 @@ Requires(post): /sbin/chkconfig
BuildRequires: libcap-ng-devel
%description sandbox
The policycoreutils-python package contains the scripts to create graphical sandboxes
The policycoreutils-sandbox package contains the scripts to create graphical sandboxes
%files sandbox
%defattr(-,root,root,-)
@ -331,6 +331,16 @@ fi
exit 0
%changelog
* Tue Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-1
- Update to upstream
* Use correct color range in mcstrand by Richard Haines.
* Mon Apr 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-30
- Add Elia Pinto patches to allow user to specify directories to ignore
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-29
- Fix policycoreutils-sandbox description
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-28
- rsynccmd should run outside of execcon

View File

@ -1,3 +1,3 @@
49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
92fa615448d443b22c4ad6ecf89fc974 policycoreutils-2.0.85.tgz
13d864a8a6f8a933ef7aee7baf4a9662 policycoreutils-2.0.86.tgz