From b15395218d7376876d6cf9a4c3fa2848e35424c1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 5 Jan 2007 18:15:38 +0000 Subject: [PATCH] * Fri Jan 5 2007 Dan Walsh 1.33.8-2 - Stop newrole -l from working on non secure ttys Resolves: #200110 --- policycoreutils-rhat.patch | 123 ++++++++++++++++++------------------- policycoreutils.spec | 8 ++- 2 files changed, 65 insertions(+), 66 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 3b0bc9f..7eec794 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-1.33.7/gui/booleansPage.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-1.33.8/gui/booleansPage.py --- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/booleansPage.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/booleansPage.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,199 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel @@ -201,9 +201,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + + setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val) + commands.getstatusoutput(setsebool) -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-1.33.7/gui/fcontextPage.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-1.33.8/gui/fcontextPage.py --- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/fcontextPage.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/fcontextPage.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,158 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -363,9 +363,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + self.store.set_value(iter, 0, fspec) + self.store.set_value(iter, 2, ftype) + self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls)) -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-1.33.7/gui/loginsPage.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-1.33.8/gui/loginsPage.py --- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/loginsPage.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/loginsPage.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,161 @@ +## loginsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -528,9 +528,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + self.store.set_value(iter, 1, seuser) + self.store.set_value(iter, 2, seobject.translate(serange)) + -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-1.33.7/gui/Makefile +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-1.33.8/gui/Makefile --- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/Makefile 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/Makefile 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,30 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr @@ -562,9 +562,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. +indent: + +relabel: -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-1.33.7/gui/mappingsPage.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-1.33.8/gui/mappingsPage.py --- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/mappingsPage.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/mappingsPage.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,54 @@ +## mappingsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -620,9 +620,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + for k in keys: + print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) + -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-1.33.7/gui/modulesPage.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-1.33.8/gui/modulesPage.py --- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/modulesPage.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/modulesPage.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,161 @@ +## modulesPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -785,9 +785,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + + + -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-1.33.7/gui/portsPage.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-1.33.8/gui/portsPage.py --- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/portsPage.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/portsPage.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,214 @@ +## portsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -1003,9 +1003,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + self.store.set_value(iter, MLS_COL, mls) + + -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-1.33.7/gui/selinux.tbl +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-1.33.8/gui/selinux.tbl --- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/selinux.tbl 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/selinux.tbl 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,265 @@ +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon") +allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow") @@ -1272,9 +1272,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. +ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon") +ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon") +zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon") -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-1.33.7/gui/semanagePage.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-1.33.8/gui/semanagePage.py --- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/semanagePage.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/semanagePage.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,109 @@ +## semanagePage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -1385,9 +1385,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + self.dialog.hide() + + -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-1.33.7/gui/statusPage.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-1.33.8/gui/statusPage.py --- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/statusPage.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/statusPage.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,213 @@ +## statusPage.py - show selinux status +## Copyright (C) 2006 Red Hat, Inc. @@ -1602,9 +1602,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + return self.types[self.selinuxTypeOptionMenu.get_active()] + + -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-1.33.7/gui/system-config-selinux.glade +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-1.33.8/gui/system-config-selinux.glade --- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/system-config-selinux.glade 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/system-config-selinux.glade 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,2803 @@ + + @@ -4409,9 +4409,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + + + -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-1.33.7/gui/system-config-selinux.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-1.33.8/gui/system-config-selinux.py --- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/system-config-selinux.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/system-config-selinux.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,156 @@ +#!/usr/bin/python +# @@ -4569,9 +4569,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + + app = childWindow() + app.stand_alone() -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-1.33.7/gui/translationsPage.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-1.33.8/gui/translationsPage.py --- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/translationsPage.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/translationsPage.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,109 @@ +## translationsPage.py - show selinux translations +## Copyright (C) 2006 Red Hat, Inc. @@ -4682,9 +4682,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, level) + self.store.set_value(iter, 1, translation) -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-1.33.7/gui/usersPage.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-1.33.8/gui/usersPage.py --- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.33.7/gui/usersPage.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/gui/usersPage.py 2007-01-04 17:10:20.000000000 -0500 @@ -0,0 +1,155 @@ +## usersPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -4841,18 +4841,19 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. + except ValueError, e: + self.error(e.args[0]) + -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.33.7/Makefile +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.33.8/Makefile --- nsapolicycoreutils/Makefile 2006-11-16 17:15:00.000000000 -0500 -+++ policycoreutils-1.33.7/Makefile 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/Makefile 2007-01-04 17:10:20.000000000 -0500 @@ -1,4 +1,4 @@ -SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui all install relabel clean indent: @for subdir in $(SUBDIRS); do \ -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.33.7/newrole/newrole.c +Binary files nsapolicycoreutils/newrole/newrole and policycoreutils-1.33.8/newrole/newrole differ +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.33.8/newrole/newrole.c --- nsapolicycoreutils/newrole/newrole.c 2007-01-04 17:01:41.000000000 -0500 -+++ policycoreutils-1.33.7/newrole/newrole.c 2007-01-04 16:24:47.000000000 -0500 ++++ policycoreutils-1.33.8/newrole/newrole.c 2007-01-05 11:17:36.000000000 -0500 @@ -67,6 +67,7 @@ #include /* for SELINUX_DEFAULTUSER */ #include @@ -4861,27 +4862,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. #ifdef USE_AUDIT #include #endif -@@ -93,6 +94,19 @@ - - extern char **environ; - -+static int check_isapty(int fd) { -+ struct stat buf; -+ if ((isatty(fd)) && (fstat(fd, &buf) == 0)) { -+ int dev=major(buf.st_rdev); -+ if (dev > 135 && dev < 144) { -+ return 1; -+ } else { -+ return 0; -+ } -+ } -+ return 0; -+} -+ - /** - * Construct from the current range and specified desired level a resulting - * range. If the specified level is a range, return that. If it is not, then -@@ -733,6 +747,7 @@ +@@ -733,6 +734,7 @@ security_context_t *new_context, int *preserve_environment) { @@ -4889,13 +4870,27 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. int flag_index; /* flag index in argv[] */ int clflag; /* holds codes for command line flags */ char *role_s = NULL; /* role spec'd by user in argv[] */ -@@ -793,6 +808,13 @@ +@@ -741,6 +743,8 @@ + char *level_s = NULL; /* level spec'd by user in argv[] */ + char *range_ptr = NULL; + security_context_t new_con = NULL; ++ security_context_t tty_con = NULL; ++ int securetty=0; + context_t context = NULL; /* manipulatable form of new_context */ + const struct option long_options[] = { + {"role", 1, 0, 'r'}, +@@ -793,6 +797,18 @@ "specified\n")); return -1; } + for (i=0; i < 3; i++) { -+ if (check_isapty(i)) { -+ fprintf(stderr, "Error: you are not allowed to change levels on pseudo terminals\n"); ++ securetty=0; ++ if (fgetfilecon(i,&tty_con) >= 0) { ++ securetty = (selinux_check_securetty_context(tty_con) == 1); ++ freecon(tty_con); ++ } ++ if (!securetty) { ++ fprintf(stderr, "Error: you are not allowed to change levels on a non secure terminal\n"); + return -1; + } + } @@ -4903,9 +4898,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. level_s = optarg; break; default: -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-1.33.7/restorecond/restorecond.c +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-1.33.8/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2006-11-16 17:14:28.000000000 -0500 -+++ policycoreutils-1.33.7/restorecond/restorecond.c 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/restorecond/restorecond.c 2007-01-04 17:10:20.000000000 -0500 @@ -210,9 +210,10 @@ } @@ -4932,18 +4927,18 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. } free(scontext); close(fd); -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.33.7/restorecond/restorecond.conf +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.33.8/restorecond/restorecond.conf --- nsapolicycoreutils/restorecond/restorecond.conf 2006-11-20 12:19:55.000000000 -0500 -+++ policycoreutils-1.33.7/restorecond/restorecond.conf 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/restorecond/restorecond.conf 2007-01-04 17:10:20.000000000 -0500 @@ -1,4 +1,5 @@ /etc/resolv.conf +/etc/localtime /etc/samba/secrets.tdb /etc/mtab /var/run/utmp -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.33.7/scripts/fixfiles +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.33.8/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2006-11-16 17:14:27.000000000 -0500 -+++ policycoreutils-1.33.7/scripts/fixfiles 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/scripts/fixfiles 2007-01-04 17:10:20.000000000 -0500 @@ -29,6 +29,9 @@ RPMILES="" OUTFILES="" @@ -4954,9 +4949,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*. SYSLOGFLAG="-l" LOGGER=/usr/sbin/logger SETFILES=/sbin/setfiles -diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.7/semanage/seobject.py +diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.8/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2006-11-16 17:14:26.000000000 -0500 -+++ policycoreutils-1.33.7/semanage/seobject.py 2007-01-04 16:24:30.000000000 -0500 ++++ policycoreutils-1.33.8/semanage/seobject.py 2007-01-04 17:10:20.000000000 -0500 @@ -94,23 +94,25 @@ return re.search("^" + reg +"$",raw) diff --git a/policycoreutils.spec b/policycoreutils.spec index 46fbbd0..2424b07 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,11 +1,11 @@ %define libauditver 1.1.4-3 %define libsepolver 1.12.27-1 %define libsemanagever 1.6.17-1 -%define libselinuxver 1.30.29-2 +%define libselinuxver 1.33.3-2 Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.33.8 -Release: 1{?dist} +Release: 1%{?dist} License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -168,6 +168,10 @@ fi [ -x /sbin/service ] && /sbin/service restorecond condrestart > /dev/null %changelog +* Fri Jan 5 2007 Dan Walsh 1.33.8-2 +- Stop newrole -l from working on non secure ttys +Resolves: #200110 + * Thu Jan 4 2007 Dan Walsh 1.33.8-1 - Update to upstream * Merged patches from Dan Walsh to: