From aaffbb20bee293c687905a578fbf1d77003b2458 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 24 Apr 2007 14:44:06 +0000 Subject: [PATCH] * Tue Apr 24 2007 Dan Walsh 2.0.10-1 - Updated version of policycoreutils * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh. --- .cvsignore | 1 + policycoreutils-rhat.patch | 111 +++++++------------------------------ policycoreutils.spec | 8 ++- sources | 2 +- 4 files changed, 29 insertions(+), 93 deletions(-) diff --git a/.cvsignore b/.cvsignore index 05644d5..a86b7dc 100644 --- a/.cvsignore +++ b/.cvsignore @@ -145,3 +145,4 @@ sepolgen-1.0.7.tgz policycoreutils-2.0.8.tgz sepolgen-1.0.8.tgz policycoreutils-2.0.9.tgz +policycoreutils-2.0.10.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 48a0975..d362b77 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-2.0.9/audit2allow/Makefile --- nsapolicycoreutils/audit2allow/Makefile 2007-02-07 12:11:49.000000000 -0500 -+++ policycoreutils-2.0.9/audit2allow/Makefile 2007-04-18 14:32:01.000000000 -0400 ++++ policycoreutils-2.0.9/audit2allow/Makefile 2007-04-23 13:08:07.000000000 -0400 @@ -1,6 +1,7 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr @@ -29,6 +29,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po LIBDIR ?= ${PREFIX}/lib MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale +diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/ChangeLog policycoreutils-2.0.9/ChangeLog +--- nsapolicycoreutils/ChangeLog 2007-04-24 10:36:17.000000000 -0400 ++++ policycoreutils-2.0.9/ChangeLog 2007-04-12 12:43:10.000000000 -0400 +@@ -1,6 +1,3 @@ +-2.0.10 2007-04-24 +- * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh. +- + 2.0.9 2007-04-12 + * Merged seobject setransRecords patch to return the first alias from Xavier Toth. + diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.9/Makefile --- nsapolicycoreutils/Makefile 2006-11-16 17:15:00.000000000 -0500 +++ policycoreutils-2.0.9/Makefile 2007-04-16 13:26:34.000000000 -0400 @@ -39,7 +49,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po all install relabel clean indent: @for subdir in $(SUBDIRS); do \ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-2.0.9/restorecon/restorecon.c ---- nsapolicycoreutils/restorecon/restorecon.c 2006-11-16 17:14:26.000000000 -0500 +--- nsapolicycoreutils/restorecon/restorecon.c 2007-04-24 10:36:17.000000000 -0400 +++ policycoreutils-2.0.9/restorecon/restorecon.c 2007-04-18 14:26:39.000000000 -0400 @@ -16,6 +16,7 @@ * -v Show changes in file labels. @@ -57,7 +67,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po #define STAT_BLOCK_SIZE 1 static int pipe_fds[2] = { -1, -1 }; static unsigned long long count = 0; -@@ -326,18 +328,20 @@ +@@ -326,17 +328,19 @@ rc = fork(); if (rc == 0) { close(pipe_fds[0]); @@ -75,13 +85,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po if (!file_exist && errno == ENOENT) return; fprintf(stderr, -- "%s: error while labeling files under %s\n", -- progname, buf); +- "%s: error while traversing %s: %s\n", + "%s: %s: %s\n", -+ progname, buf, strerror(errno)); + progname, buf, strerror(errno)); errors++; } - } @@ -367,11 +371,14 @@ set_matchpathcon_flags(MATCHPATHCON_NOTRANS); @@ -141,75 +149,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po +/etc/lvm/.cache ~/public_html ~/.mozilla/plugins/libflashplayer.so -diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.9/restorecond/restorecond.init ---- nsapolicycoreutils/restorecond/restorecond.init 2007-03-01 17:23:40.000000000 -0500 -+++ policycoreutils-2.0.9/restorecond/restorecond.init 2007-04-16 13:26:34.000000000 -0400 -@@ -73,6 +73,7 @@ - ;; - status) - status restorecond -+ RETVAL=$? - ;; - restart|reload) - restart -diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.9/scripts/chcat ---- nsapolicycoreutils/scripts/chcat 2007-02-22 08:53:22.000000000 -0500 -+++ policycoreutils-2.0.9/scripts/chcat 2007-04-16 13:26:34.000000000 -0400 -@@ -74,9 +74,11 @@ - if i not in cats: - cats.append(i) - -- new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ",")) -- if new_serange[-1:] == ":": -- new_serange = new_serange[:-1] -+ -+ if len(cats) > 0: -+ new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats)) -+ else -+ new_serange = "%s-%s" % (serange[0], top[0]) - - if add_ind: - cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) -@@ -151,10 +153,11 @@ - if i in cats: - cats.remove(i) - -- new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ",")) -- if new_serange[-1:] == ":": -- new_serange = new_serange[:-1] -- -+ if len(cats) > 0: -+ new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats)) -+ else -+ new_serange = "%s-%s" % (serange[0], top[0]) -+ - if add_ind: - cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) - else: -diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.9/scripts/fixfiles ---- nsapolicycoreutils/scripts/fixfiles 2007-01-11 08:56:30.000000000 -0500 -+++ policycoreutils-2.0.9/scripts/fixfiles 2007-04-16 13:26:34.000000000 -0400 -@@ -138,7 +138,7 @@ - exit $? - fi - LogReadOnly --${SETFILES} ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE -+${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE - exit $? - } - diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.9/scripts/genhomedircon ---- nsapolicycoreutils/scripts/genhomedircon 2006-11-28 09:24:33.000000000 -0500 +--- nsapolicycoreutils/scripts/genhomedircon 2007-04-24 10:36:17.000000000 -0400 +++ policycoreutils-2.0.9/scripts/genhomedircon 2007-04-20 13:58:01.000000000 -0400 -@@ -26,6 +26,7 @@ - - import sys, os, pwd, string, getopt, re - from semanage import *; -+import selinux - import gettext - gettext.install('policycoreutils') - -@@ -135,6 +136,9 @@ +@@ -136,6 +136,9 @@ self.contextdir = "/contexts" self.filecontextdir = self.contextdir+"/files" self.usepwd = usepwd @@ -219,7 +162,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po def getFileContextDir(self): return self.selinuxdir+self.type+self.filecontextdir -@@ -211,6 +215,10 @@ +@@ -212,6 +215,10 @@ prefs["prefix"] = prefix prefs["home"] = home udict[user] = prefs @@ -230,7 +173,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po def getUsers(self): udict = {} -@@ -219,7 +227,11 @@ +@@ -220,7 +227,11 @@ for seuser in list: user = [] seusername = semanage_seuser_get_sename(seuser) @@ -243,19 +186,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po else: try: -@@ -249,7 +261,10 @@ - i = i.replace("HOME_DIR", home) - i = i.replace("ROLE", prefix) - i = i.replace("system_u", seuser) -- ret = ret+i -+ # Validate if the generated context exists. Some user types may not exist -+ scon = i.split()[-1] -+ if selinux.security_check_context(scon) == 0: -+ ret = ret+i - fd.close() - return ret - -@@ -266,12 +281,11 @@ +@@ -270,12 +281,11 @@ return ret def genHomeDirContext(self): @@ -271,7 +202,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po return ret+"\n" def checkExists(self, home): -@@ -318,9 +332,9 @@ +@@ -322,9 +332,9 @@ def genoutput(self): ret = self.heading() for h in self.getHomeDirs(): diff --git a/policycoreutils.spec b/policycoreutils.spec index ed06812..559a22d 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -5,8 +5,8 @@ %define sepolgenver 1.0.8 Summary: SELinux policy core utilities. Name: policycoreutils -Version: 2.0.9 -Release: 10%{?dist} +Version: 2.0.10 +Release: 1%{?dist} License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -192,6 +192,10 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Tue Apr 24 2007 Dan Walsh 2.0.10-1 +- Updated version of policycoreutils + * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh. + * Fri Apr 20 2007 Dan Walsh 2.0.9-10 - Fix genhomedircon to handle non user_u for the default user diff --git a/sources b/sources index 8291454..f74c501 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 4d6e57c7fc396efbcf96b7accab4ba30 sepolgen-1.0.8.tgz -daa0a6e388b811b1a64a1504ca37b41d policycoreutils-2.0.9.tgz +6c44f3d0aa3f76efff635669b8d189d3 policycoreutils-2.0.10.tgz