diff --git a/.cvsignore b/.cvsignore index f204379..e245471 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -policycoreutils-1.17.3.tgz +policycoreutils-1.17.4.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 1427f60..dc55c38 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,86 +1,122 @@ ---- policycoreutils-1.17.3/load_policy/load_policy.c.rhat 2004-08-24 09:34:38.000000000 -0400 -+++ policycoreutils-1.17.3/load_policy/load_policy.c 2004-08-25 14:30:46.343767967 -0400 -@@ -19,13 +19,13 @@ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.17.3/scripts/fixfiles +--- nsapolicycoreutils/scripts/fixfiles 2004-08-10 15:45:13.000000000 -0400 ++++ policycoreutils-1.17.3/scripts/fixfiles 2004-08-26 11:39:22.000000000 -0400 +@@ -36,6 +36,7 @@ + FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*\(ro/{print $3}';` + FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO" + SELINUXTYPE="targeted" ++FCFILE=`mktemp /var/tmp/file_contexts.XXXXXXXXXX` - void usage(char *progname) - { -- fprintf(stderr, _("usage: %s [-b] policyfile [booleanfile]\n"), progname); -+ fprintf(stderr, _("usage: %s [-q] [-b] policyfile [booleanfile]\n"), progname); - exit(1); + if [ -e /etc/selinux/config ]; then + . /etc/selinux/config +@@ -55,7 +56,7 @@ + echo "Warning: Skipping the following R/O filesystems:" + echo "$FILESYSTEMSRO" + fi +- ${SETFILES} ${OUTFILES} -n -v ${FC} ${FILESYSTEMSRW} 2>&1 | tee $LOGFILE ++ ${SETFILES} ${OUTFILES} -n -v ${FCFILE} ${FILESYSTEMSRW} 2>&1 | tee $LOGFILE + fi } - int main(int argc, char **argv) - { -- int fd, ret, opt, setbools = 0, *values, len = 0, i; -+ int fd, ret, opt, quiet=0, setbools = 0, *values, len = 0, i; - struct stat sb; - void *map; - char *polpath, *boolpath = NULL, **names; -@@ -34,11 +34,14 @@ - bindtextdomain (PACKAGE, LOCALEDIR); - textdomain (PACKAGE); +@@ -70,7 +71,7 @@ + echo "Warning: Skipping the following R/O filesystems:" + echo "$FILESYSTEMSRO" + fi +- ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE ++ ${SETFILES} ${OUTFILES} -v ${FCFILE} ${FILESYSTEMS} 2>&1 | tee $LOGFILE + fi + } -- while ((opt = getopt(argc, argv, "b")) > 0) { -+ while ((opt = getopt(argc, argv, "qb")) > 0) { - switch (opt) { - case 'b': - setbools = 1; - break; -+ case 'q': -+ quiet = 1; -+ break; - default: - usage(argv[0]); - } -@@ -81,9 +84,10 @@ - if (ret < 0) { - if (errno == ENOENT || errno == EINVAL) { - /* No booleans file or stale booleans in the file; non-fatal. */ -- fprintf(stderr, _("%s: Warning! Error while setting booleans: %s\n"), argv[0], strerror(errno)); -+ if (! quiet) -+ fprintf(stderr, _("%s: Warning! Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno)); - } else { -- fprintf(stderr, _("%s: Error while setting booleans: %s\n"), argv[0], strerror(errno)); -+ fprintf(stderr, _("%s: Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno)); - exit(2); - } - } -@@ -92,7 +96,8 @@ - ret = security_get_boolean_names(&names, &len); - if (ret) { - /* Possibly ok, as there may be no booleans. */ -- fprintf(stderr, _("%s: Warning! Error while getting boolean names: %s\n"), argv[0], strerror(errno)); -+ if (! quiet) -+ fprintf(stderr, _("%s: Warning! Error while getting boolean names: %s\n"), argv[0], strerror(errno)); - goto load; - } - if (!len) -@@ -113,7 +118,8 @@ - if (ret < 0) { - if (errno == EINVAL) { - /* Stale booleans in the file; non-fatal. */ -- fprintf(stderr, _("%s: Warning! Error while setting booleans: %s\n"), argv[0], strerror(errno)); -+ if (! quiet) -+ fprintf(stderr, _("%s: Warning! Error while setting booleans: %s\n"), argv[0], strerror(errno)); - } else { - fprintf(stderr, _("%s: Error while setting booleans: %s\n"), argv[0], strerror(errno)); - exit(2); ---- policycoreutils-1.17.3/load_policy/load_policy.8.rhat 2004-08-24 09:34:38.000000000 -0400 -+++ policycoreutils-1.17.3/load_policy/load_policy.8 2004-08-25 14:26:40.825748466 -0400 -@@ -4,13 +4,15 @@ +@@ -87,22 +88,22 @@ + echo "Warning: Skipping the following R/O filesystems:" + echo "$FILESYSTEMSRO" + fi +- ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE ++ ${SETFILES} ${OUTFILES} -v ${FCFILE} ${FILESYSTEMS} 2>&1 | tee $LOGFILE + fi + } + relabelCheck() { +-echo -n " +-Files in the /tmp directory may be labeled incorrectly, this command +-can remove all files in /tmp. If you choose to remove files from /tmp, +-a reboot will be required after completion. +- +-Do you wish to clean out the /tmp directory [N]? " +-read answer +-if [ "$answer" = y -o "$answer" = Y ]; then +- relabel $1 +-else +- restoreLabels $1 +-fi ++ echo -n " ++ Files in the /tmp directory may be labeled incorrectly, this command ++ can remove all files in /tmp. If you choose to remove files from /tmp, ++ a reboot will be required after completion. ++ ++ Do you wish to clean out the /tmp directory [N]? " ++ read answer ++ if [ "$answer" = y -o "$answer" = Y ]; then ++ relabel $1 ++ else ++ restoreLabels $1 ++ fi - .SH SYNOPSIS - .B load_policy --[-b] policyfile [booleanfile] -+[-q] [-b] policyfile [booleanfile] - .br - .SH DESCRIPTION - .PP - load_policy is the tool used to load/replace the policy in the kernel. - By default, load_policy will maintain the booleans settings from the previous policy. - .TP -+.B -q -+quiet mode. Do not report warning messages. - .B -b - replace the booleans settings with the ones from the [booleanfile] or the default on the system /etc/selinux/$SELINUXTYPE/booleans. (SELINUXTYPE is defined in /etc/selinux/config). + } + +@@ -110,6 +111,11 @@ + echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] |check|restore|[-F] relabel}" + } + ++if [ $# = 0 ]; then ++ usage ++ exit 1 ++fi ++ + # See how we were called. + for i in $@; do + if [ $rpmFlag = 2 ]; then +@@ -127,6 +133,7 @@ + logfileFlag=1 + continue + fi ++ + case "$i" in + check) + checkFlag=1 +@@ -158,15 +165,25 @@ + usage + exit 1 + fi ++ ++cp $FC $FCFILE ++# ++# Check for removable devices ++# ++for i in /proc/ide/hd*/media; do ++ grep -q cdrom $i && echo $i | awk -F / '{ print "/dev/"$4"\t-b\tsystem_u:object_r:removable_device_t"}' >> $FCFILE || true ++done ++ ++if [ $logfileFlag = 0 ]; then ++ LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1 ++fi ++ + if [ $checkFlag = 1 ]; then + checkLabels $rpmFiles + fi + if [ $restoreFlag = 1 ]; then + restoreLabels $rpmFiles + fi +-if [ $logfileFlag = 0 ]; then +- LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1 +-fi + if [ $relabelFlag = 1 ]; then + if [ $fullFlag = 1 ]; then + relabel $rpmFiles +@@ -174,6 +191,8 @@ + relabelCheck $rpmFiles + fi + fi ++ ++rm $FCFILE + exit $? diff --git a/policycoreutils.spec b/policycoreutils.spec index 49d6f33..c6d31cb 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,7 +1,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils -Version: 1.17.3 -Release: 3 +Version: 1.17.4 +Release: 1 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -76,6 +76,14 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Wed Aug 24 2004 Dan Walsh 1.17.4-1 +- Add fix to get cdrom info from /proc/media in fixfiles. + +* Wed Aug 24 2004 Dan Walsh 1.17.3-4 +- Add Steve Grub patches for + * Fix fixfiles.cron MAILTO + * Several problems in sestatus + * Wed Aug 24 2004 Dan Walsh 1.17.3-3 - Add -q (quiet) qualifier to load_policy to not report warnings diff --git a/sources b/sources index 475893e..229fe3e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -88e7ac6796aa4e04478bad9ea6293f5b policycoreutils-1.17.3.tgz +4d69d70f7409101ae144f896cf810575 policycoreutils-1.17.4.tgz