diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index c5be15a..295f3c7 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,11 +1,127 @@ ---- policycoreutils-1.20.1/restorecon/restorecon.c.rhat 2005-01-07 09:43:00.000000000 -0500 -+++ policycoreutils-1.20.1/restorecon/restorecon.c 2005-01-10 13:18:06.742707066 -0500 -@@ -146,7 +146,7 @@ - if (verbose > 1 || - !only_changed_user(scontext, prev_context)) - fprintf(stderr,"%s reset context %s:%s->%s\n", -- progname, filename, prev_context, scontext); -+ progname, filename, (retcontext >= 0 ? prev_context : ""), scontext); - } - if (retcontext >= 0) - freecon(prev_context); +Binary files nsapolicycoreutils/load_policy/load_policy and policycoreutils-1.21.1/load_policy/load_policy differ +Binary files nsapolicycoreutils/newrole/newrole and policycoreutils-1.21.1/newrole/newrole differ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.1/restorecon/restorecon.c +--- nsapolicycoreutils/restorecon/restorecon.c 2005-01-20 15:59:21.000000000 -0500 ++++ policycoreutils-1.21.1/restorecon/restorecon.c 2005-01-21 13:21:44.916873000 -0500 +@@ -50,15 +50,12 @@ + static int only_changed_user(const char *a, const char *b) + { + char *rest_a, *rest_b; /* Rest of the context after the user */ +- if (!a || !b) +- return 0; ++ if (force) return 0; ++ if (!a || !b) return 0; + rest_a = strchr(a, ':'); + rest_b = strchr(b, ':'); +- if (!rest_a || !rest_b) +- return 0; +- if (strcmp(rest_a, rest_b) == 0) +- return 1; +- return 0; ++ if (!rest_a || !rest_b) return 0; ++ return (strcmp(rest_a, rest_b) == 0); + } + + void usage(const char * const name) +@@ -75,6 +72,7 @@ + int len=strlen(filename); + struct stat st; + char path[PATH_MAX+1]; ++ int user_only_changed=0; + /* + Eliminate trailing / + */ +@@ -139,7 +137,8 @@ + if (outfile) { + fprintf(outfile, "%s\n", filename); + } +- if (change) { ++ user_only_changed = only_changed_user(scontext, prev_context); ++ if (change && !user_only_changed) { + retval=lsetfilecon(filename,scontext); + } + if (retval<0) { +@@ -151,7 +150,7 @@ + return 1; + } else + if (verbose && +- (verbose > 1 || !only_changed_user(scontext, prev_context))) ++ (verbose > 1 || !user_only_changed)) + fprintf(stderr,"%s reset context %s:%s->%s\n", + progname, filename, (retcontext >= 0 ? prev_context : ""), scontext); + } +Binary files nsapolicycoreutils/run_init/run_init and policycoreutils-1.21.1/run_init/run_init differ +Binary files nsapolicycoreutils/setfiles/setfiles and policycoreutils-1.21.1/setfiles/setfiles differ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.21.1/setfiles/setfiles.c +--- nsapolicycoreutils/setfiles/setfiles.c 2005-01-20 15:59:22.000000000 -0500 ++++ policycoreutils-1.21.1/setfiles/setfiles.c 2005-01-21 13:21:14.438382000 -0500 +@@ -583,13 +583,12 @@ + static int only_changed_user(const char *a, const char *b) + { + char *rest_a, *rest_b; /* Rest of the context after the user */ ++ if (force) return 0; ++ if (!a || !b) return 0; + rest_a = strchr(a, ':'); + rest_b = strchr(b, ':'); +- if (!rest_a || !rest_b) +- return 0; +- if (strcmp(rest_a, rest_b) == 0) +- return 1; +- return 0; ++ if (!rest_a || !rest_b) return 0; ++ return (strcmp(rest_a, rest_b) == 0); + } + + /* +@@ -605,6 +604,7 @@ + struct stat my_sb; + int i, ret; + char *context; ++ int user_only_changed=0; + + /* Skip the extra slash at the beginning, if present. */ + if (file[0] == '/' && file[1] == '/') +@@ -666,6 +666,8 @@ + } + } + ++ user_only_changed=only_changed_user(context, spec_arr[i].context); ++ + /* + * Do not relabel the file if the matching specification is + * <> or the file is already labeled according to the +@@ -690,21 +692,18 @@ + /* If we're just doing "-v", trim out any relabels where + * the user has changed but the role and type are the + * same. For "-vv", emit everything. */ +- if (verbose > 1 || +- !only_changed_user(context, spec_arr[i].context)) { ++ if (verbose > 1 || !user_only_changed) { + printf("%s: relabeling %s from %s to %s\n", progname, + my_file, context, spec_arr[i].context); + } + } + +- if (log && +- !only_changed_user(context, spec_arr[i].context)) { ++ if ( log && !user_only_changed ) { + syslog(LOG_INFO, "relabeling %s from %s to %s\n", + my_file, context, spec_arr[i].context); + } + +- if (outfile && +- !only_changed_user(context, spec_arr[i].context)) ++ if (outfile && !user_only_changed) + fprintf(outfile, "%s\n", my_file); + + freecon(context); +@@ -712,7 +711,7 @@ + /* + * Do not relabel the file if -n was used. + */ +- if (!change) ++ if (!change || user_only_changed) + return 0; + + /* +Binary files nsapolicycoreutils/setfiles/setfiles.o and policycoreutils-1.21.1/setfiles/setfiles.o differ diff --git a/policycoreutils.spec b/policycoreutils.spec index 7de7e95..4f86f07 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,10 +1,11 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.21.1 -Release: 1 +Release: 2 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz +Patch: policycoreutils-rhat.patch Prefix: %{_prefix} BuildRequires: libselinux-devel >= 1.15.3 pam-devel libsepol-devel >= 1.1.1 @@ -31,6 +32,7 @@ context. %prep %setup -q +%patch -p1 -b .rhat %build make CFLAGS="%{optflags}" all @@ -74,6 +76,9 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Fri Jan 20 2005 Dan Walsh 1.21.1-2 +- Don't change user componant if it is all that changed unless forced. + * Thu Jan 20 2005 Dan Walsh 1.21.1-1 - Update to latest from NSA