*** empty log message ***

This commit is contained in:
Daniel J Walsh 2005-12-02 12:25:31 +00:00
parent df624fe500
commit b36bfa063a
4 changed files with 33 additions and 671 deletions

View File

@ -69,3 +69,4 @@ policycoreutils-1.27.28.tgz
policycoreutils-1.27.29.tgz
policycoreutils-1.27.30.tgz
policycoreutils-1.27.31.tgz
policycoreutils-1.27.33.tgz

View File

@ -1,670 +1,23 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.31/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2005-11-29 13:43:42.000000000 -0500
+++ policycoreutils-1.27.31/audit2allow/audit2allow 2005-11-30 14:51:35.000000000 -0500
@@ -25,8 +25,9 @@
#
#
import commands, sys, os, pwd, string, getopt, re, selinux
-class allow:
- def __init__(self, source, target, seclass):
+class serule:
+ def __init__(self, type, source, target, seclass):
+ self.type=type
self.source=source
self.target=target
self.seclass=seclass
@@ -52,7 +53,7 @@
return ret
def out(self, verbose=0):
ret=""
- ret=ret+"allow %s %s:%s %s;" % (self.source, self.gettarget(), self.seclass, self.getAccess())
+ ret=ret+"%s %s %s:%s %s;" % (self.type, self.source, self.gettarget(), self.seclass, self.getAccess())
if verbose:
keys=self.avcinfo.keys()
keys.sort()
@@ -72,38 +73,104 @@
else:
return self.target
-class allowRecords:
- def __init__(self, input, last_reload=0, verbose=0):
+class seruleRecords:
+ def __init__(self, input, last_reload=0, verbose=0, te_ind=0):
self.last_reload=last_reload
- self.allowRules={}
+ self.seRules={}
self.seclasses={}
self.types=[]
self.roles=[]
- self.load(input)
+ self.load(input, te_ind)
def warning(self, error):
sys.stderr.write("%s: " % sys.argv[0])
sys.stderr.write("%s\n" % error)
sys.stderr.flush()
- def load(self, input):
+ def load(self, input, te_ind=0):
+ VALID_CMDS=("allow", "dontaudit", "auditallow", "role")
+
avc=[]
found=0
line = input.readline()
- while line:
- rec=line.split()
- for i in rec:
- if i=="avc:" or i=="message=avc:":
- found=1
- else:
- avc.append(i)
- if found:
- self.add(avc)
- found=0
- avc=[]
- line = input.readline()
+ if te_ind:
+ while line:
+ rec=line.split()
+ if len(rec) and rec[0] in VALID_CMDS:
+ self.add_terule(line)
+ line = input.readline()
+
+ else:
+ while line:
+ rec=line.split()
+ for i in rec:
+ if i=="avc:" or i=="message=avc:":
+ found=1
+ else:
+ avc.append(i)
+ if found:
+ self.add(avc)
+ found=0
+ avc=[]
+ line = input.readline()
+ def get_target(self, i, rule):
+ target=[]
+ if rule[i][0] == "{":
+ for t in rule[i].split("{"):
+ if len(t):
+ target.append(t)
+ i=i+1
+ for s in rule[i:]:
+ if s.find("}") >= 0:
+ for s1 in s.split("}"):
+ if len(s1):
+ target.append(s1)
+ i=i+1
+ return (i, target)
+
+ target.append(s)
+ i=i+1
+ else:
+ if rule[i].find(";") >= 0:
+ for s1 in rule[i].split(";"):
+ if len(s1):
+ target.append(s1)
+ else:
+ target.append(rule[i])
+
+ i=i+1
+ return (i, target)
+
+ def rules_split(self, rules):
+ (idx, target ) = self.get_target(0, rules)
+ (idx, subject) = self.get_target(idx, rules)
+ return (target, subject)
+
+ def add_terule(self, rule):
+ rc = rule.split(":")
+ rules=rc[0].split()
+ type=rules[0]
+ if type == "role":
+ print type
+ (sources, targets) = self.rules_split(rules[1:])
+ rules=rc[1].split()
+ (seclasses, access) = self.rules_split(rules)
+ for scon in sources:
+ for tcon in targets:
+ for seclass in seclasses:
+ self.add_rule(type, scon, tcon, seclass,access)
+
+ def add_rule(self, rule_type, scon, tcon, seclass, access, msg="", comm="", name=""):
+ self.add_seclass(seclass, access)
+ self.add_type(tcon)
+ self.add_type(scon)
+ if (type, scon, tcon, seclass) not in self.seRules.keys():
+ self.seRules[(rule_type, scon, tcon, seclass)]=serule(rule_type, scon, tcon, seclass)
+
+ self.seRules[(rule_type, scon, tcon, seclass)].add((access, msg, comm, name ))
+
def add(self,avc):
scon=""
tcon=""
@@ -117,7 +184,7 @@
if "granted" in avc:
if "load_policy" in avc and self.last_reload:
- self.allowRules={}
+ self.seRules={}
return
try:
for i in range (0, len(avc)):
@@ -160,16 +227,9 @@
self.warning("Bad AVC Line: %s" % avc)
return
- self.add_seclass(seclass, access)
- self.add_type(tcon)
- self.add_type(scon)
self.add_role(srole)
self.add_role(trole)
-
- if (scon, tcon, seclass) not in self.allowRules.keys():
- self.allowRules[(scon, tcon, seclass)]=allow(scon, tcon, seclass)
-
- self.allowRules[(scon, tcon, seclass)].add((access, msg, comm, name ))
+ self.add_rule("allow", scon, tcon, seclass, access, msg, comm, name)
def add_seclass(self,seclass, access):
if seclass not in self.seclasses.keys():
@@ -195,17 +255,23 @@
keys=self.seclasses.keys()
keys.sort()
rec="\n\nrequire {\n"
- for i in self.roles:
- rec += "\trole %s; \n" % i
- rec += "\n\n"
+ if len(self.roles) > 0:
+ for i in self.roles:
+ rec += "\trole %s; \n" % i
+ rec += "\n"
+
for i in keys:
access=self.seclasses[i]
- access.sort()
- rec += "\tclass %s { " % i
- for a in access:
- rec += " %s" % a
- rec += " }; \n"
- rec += "\n\n"
+ if len(access) > 1:
+ access.sort()
+ rec += "\tclass %s {" % i
+ for a in access:
+ rec += " %s" % a
+ rec += " }; \n"
+ else:
+ rec += "\tclass %s %s;\n" % (i, access[0])
+
+ rec += "\n"
for i in self.types:
rec += "\ttype %s; \n" % i
@@ -214,17 +280,19 @@
def out(self, require=0, module=""):
rec=""
- if len(self.allowRules.keys())==0:
+ if len(self.seRules.keys())==0:
raise(ValueError("No AVC messages found."))
- if module!="":
+ if module != "":
rec += self.gen_module(module)
rec += self.gen_requires()
else:
if requires:
rec+=self.gen_requires()
-
- for i in self.allowRules.keys():
- rec += self.allowRules[i].out(verbose)+"\n"
+
+ keys=self.seRules.keys()
+ keys.sort()
+ for i in keys:
+ rec += self.seRules[i].out(verbose)+"\n"
return rec
if __name__ == '__main__':
@@ -235,8 +303,8 @@
else:
return ""
- def usage():
- print 'audit2allow [-adhilrv] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
+ def usage(msg=""):
+ print 'audit2allow [-adhilrv] [-t file ] [ -f fcfile ] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
-a, --all read input from audit and message log, conflicts with -i\n\
-d, --dmesg read input from output of /bin/dmesg\n\
-h, --help display this message\n\
@@ -246,8 +314,12 @@
-M generate loadable module package, conflicts with -o\n\
-o, --output append output to <outputfile>, conflicts with -M\n\
-r, --requires generate require output \n\
+ -t, --tefile Indicates input is Existing Type Enforcement file\n\
+ -f, --fcfile Existing Type Enforcement file, requires -M\n\
-v, --verbose verbose output\n\
'
+ if msg != "":
+ print msg
sys.exit(1)
def errorExit(error):
@@ -270,41 +342,50 @@
buildPP=0
input_ind=0
output_ind=0
+ te_ind=0
+
+ fc_file=""
gopts, cmds = getopt.getopt(sys.argv[1:],
- 'adhi:lm:M:o:rv',
+ 'adf:hi:lm:M:o:rtv',
['all',
'dmesg',
+ 'fcfile=',
'help',
'input=',
'lastreload',
'module=',
'output=',
'requires'
+ 'tefile',
'verbose'
])
for o,a in gopts:
if o == "-a" or o == "--all":
- if input_ind:
+ if input_ind or te_ind:
usage()
input=open("/var/log/messages", "r")
auditlogs=1
if o == "-d" or o == "--dmesg":
input=os.popen("/bin/dmesg", "r")
+ if o == "-f" or o == "--fcfile":
+ if a[0]=="-":
+ usage()
+ fc_file=a
if o == "-h" or o == "--help":
usage()
if o == "-i"or o == "--input":
- if auditlogs:
+ if auditlogs or a[0]=="-":
usage()
input_ind=1
input=open(a, "r")
if o == '--lastreload' or o == "-l":
last_reload=1
if o == "-m" or o == "--module":
- if module != "":
+ if module != "" or a[0]=="-":
usage()
module=a
if o == "-M":
- if module != "" or output_ind:
+ if module != "" or output_ind or a[0]=="-":
usage()
module=a
outfile=a+".te"
@@ -312,19 +393,30 @@
output=open(outfile, "w")
if o == "-r" or o == "--requires":
requires=1
+ if o == "-t" or o == "--tefile":
+ if auditlogs:
+ usage()
+ te_ind=1
if o == "-o" or o == "--output":
- if module != "":
+ if module != "" or a[0]=="-":
usage()
output=open(a, "a")
output_ind=1
if o == "-v" or o == "--verbose":
verbose=1
- if len(cmds) != 0:
- usage()
- out=allowRecords(input, last_reload, verbose)
+
+ if len(cmds) != 0:
+ usage()
+
+ if fc_file != "" and not buildPP:
+ usage("Error %s: Option -fc requires -M" % sys.argv[0])
+
+ out=seruleRecords(input, last_reload, verbose, te_ind)
+
if auditlogs:
- input=open("/var/log/audit/audit.log", "r")
- out.load(input)
+ input=os.popen("ausearch -m avc")
+ out.load(input)
+
if buildPP:
print ("Generating type enforcment file: %s.te" % module)
output.write(out.out(requires, module))
@@ -334,8 +426,13 @@
print "Compiling policy: %s" % cmd
rc=commands.getstatusoutput(cmd)
if rc[0]==0:
- print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module))
- rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module))
+ cmd="semodule_package -o %s.pp -m %s.mod" % (module, module)
+ print cmd
+ if fc_file != "":
+ cmd = "%s -f %s" % (cmd, fc_file)
+
+ print "Building package: %s" % cmd
+ rc=commands.getstatusoutput(cmd)
if rc[0]==0:
print ("\n******************** IMPORTANT ***********************\n")
print ("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n" % module)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.27.31/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2005-11-29 13:43:42.000000000 -0500
+++ policycoreutils-1.27.31/audit2allow/audit2allow.1 2005-11-30 14:53:31.000000000 -0500
@@ -33,37 +33,44 @@
.B "\-a" | "\-\-all"
Read input from audit and message log, conflicts with -i
.TP
-.B "\-h" | "\-\-help"
-Print a short usage message
-.TP
.B "\-d" | "\-\-dmesg"
Read input from output of
.I /bin/dmesg.
-Note that audit messages are not available via dmesg when
-auditd is running; use -i /var/log/audit/audit.log instead.
+Note that all audit messages are not available via dmesg when
+auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
.TP
-.B "\-v" | "\-\-verbose"
-Turn on verbose output
+.B "\-f" | "\-\-fcfile" <File Context File>
+Add File Context File to generated Module Package. Requires -M option.
+.TP
+.B "\-h" | "\-\-help"
+Print a short usage message
+.TP
+.B "\-i <inputfile>" | "\-\-input <inputfile>"
+read input from
+.I <inputfile>
.TP
.B "\-l" | "\-\-lastreload"
read input only after last policy reload
.TP
-.B "\-r" | "\-\-requires"
-Generate require output syntax for loadable modules.
-.TP
.B "\-m <modulename>" | "\-\-module <modulename>"
Generate module/require output <modulename>
.TP
.B "\-M <modulename>"
Generate loadable module package, conflicts with -o
.TP
-.B "\-i <inputfile>" | "\-\-input <inputfile>"
-read input from
-.I <inputfile>
-.TP
.B "\-o <outputfile>" | "\-\-output <outputfile>"
append output to
.I <outputfile>
+.TP
+.B "\-r" | "\-\-requires"
+Generate require output syntax for loadable modules.
+.TP
+.B "\-t " | "\-\-tefile"
+Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
+.TP
+.B "\-v" | "\-\-verbose"
+Turn on verbose output
+
.SH DESCRIPTION
.PP
This utility scans the logs for messages logged when the system denied
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.31/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2005-11-30 13:59:30.000000000 -0500
+++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 14:31:26.000000000 -0500
@@ -32,6 +32,8 @@
fd=open("/etc/shells", 'r')
VALID_SHELLS=fd.read().split('\n')
fd.close()
+if "/sbin/nologin" in VALID_SHELLS:
+ VALID_SHELLS.remove("/sbin/nologin")
--- nsapolicycoreutils/scripts/genhomedircon 2005-12-01 14:18:40.000000000 -0500
+++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 20:19:55.000000000 -0500
@@ -133,7 +133,7 @@
if rc[0] == 0:
return rc[1]+"\n"
else:
- errorExit(string.join("sed error ", rc[1]))
+ errorExit("sed error %s" % rc[1])
def getStartingUID():
starting_uid = sys.maxint
@@ -266,7 +268,7 @@
homedir = u[5][:string.rfind(u[5], "/")]
if not homedir in homedirs:
if self.checkExists(homedir)==0:
- warning("%s is already defined in %s,\n%s will not create a new context." % (homedir, self.getFileContextFile(), sys.argv[0]))
+ warning("%s homedir %s or its parent directoy conflicts with a\ndefined context in %s,\n%s will not create a new context." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))
else:
homedirs.append(homedir)
def heading(self):
ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
@@ -329,8 +329,8 @@
selconf.write()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule/Makefile policycoreutils-1.27.31/semodule/Makefile
--- nsapolicycoreutils/semodule/Makefile 2005-10-10 09:02:48.000000000 -0400
+++ policycoreutils-1.27.31/semodule/Makefile 2005-11-30 14:31:26.000000000 -0500
@@ -17,6 +17,8 @@
install: all
-mkdir -p $(SBINDIR)
install -m 755 semodule $(SBINDIR)
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ install -m 644 semodule.8 $(MANDIR)/man8/
relabel:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-1.27.31/semodule/semodule.8
--- nsapolicycoreutils/semodule/semodule.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.27.31/semodule/semodule.8 2005-11-30 14:31:26.000000000 -0500
@@ -0,0 +1,53 @@
+.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
+.SH NAME
+semodule \- Manage SELinux policy modules.
+
+.SH SYNOPSIS
+.B semodule
+.br
+.SH DESCRIPTION
+.PP
+semodule is the tool used to manage policy, it can call functions to load/replace the policy in the kernel, as well as setup load_able modules.
+
+.SH "OPTIONS"
+.TP
+.B \-R, \-\-reload
+reload policy
+.TP
+.B \-B, \-\-build
+build and reload policy
+.TP
+.B \-i,\-\-install=MODULE_PKG
+install a new module
+.TP
+.B \-u,\-\-upgrade=MODULE_PKG
+upgrade existing module
+.TP
+.B \-b,\-\-base=MODULE_PKG
+install new base module
+.TP
+.B \-r,\-\-remove=MODULE_NAME
+remove existing module
+.TP
+.B \-l,\-\-list-modules
+display list of installed modules
+.TP
+.B \-s,\-\-store
+name of the store to operate on
+.TP
+.B \-n,\-\-noreload
+do not reload policy after commit
+.TP
+.B \-h,\-\-help
+prints help message and quit
+.TP
+.B \-v,\-\-verbose
+be verbose reset the policy boolean values to the saved policy settings.
+
+.SH SEE ALSO
+.B load_policy(8), semodule_package(8), semodule_expand(8), semodule_link(8)
+(8),
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_expand/Makefile policycoreutils-1.27.31/semodule_expand/Makefile
--- nsapolicycoreutils/semodule_expand/Makefile 2005-10-12 15:25:33.000000000 -0400
+++ policycoreutils-1.27.31/semodule_expand/Makefile 2005-11-30 14:31:26.000000000 -0500
@@ -3,6 +3,7 @@
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(INCLUDEDIR)
@@ -15,6 +16,8 @@
install: all
-mkdir -p $(BINDIR)
install -m 755 semodule_expand $(BINDIR)
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ install -m 644 semodule_expand.8 $(MANDIR)/man8/
relabel:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_expand/semodule_expand.8 policycoreutils-1.27.31/semodule_expand/semodule_expand.8
--- nsapolicycoreutils/semodule_expand/semodule_expand.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.27.31/semodule_expand/semodule_expand.8 2005-11-30 14:31:26.000000000 -0500
@@ -0,0 +1,26 @@
+.TH SEMODULE_EXPAND "8" "Nov 2005" "Security Enhanced Linux" NSA
+.SH NAME
+semodule_expand \- Manage SELinux policy modules.
+
+.SH SYNOPSIS
+.B semodule_expand [-V -c [version]] basemodpkg outputfile
+.br
+.SH DESCRIPTION
+.PP
+semodule_expand is the tool used to create a policy file from a base policy module. Tool takes to arguments: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
+
+.SH "OPTIONS"
+.TP
+.B \-V
+verbose mode
+.TP
+.B \-c [version]
+policy version to create
+
+.SH SEE ALSO
+.B load_policy(8), semodule_package(8), semodule(8), semodule_link(8)
+(8),
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_link/Makefile policycoreutils-1.27.31/semodule_link/Makefile
--- nsapolicycoreutils/semodule_link/Makefile 2005-10-12 15:25:33.000000000 -0400
+++ policycoreutils-1.27.31/semodule_link/Makefile 2005-11-30 14:31:26.000000000 -0500
@@ -2,6 +2,7 @@
PREFIX ?= ${DESTDIR}/usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
+MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= ${PREFIX}/lib
CFLAGS ?= -Werror -Wall -W
@@ -15,6 +16,8 @@
install: all
-mkdir -p $(BINDIR)
install -m 755 semodule_link $(BINDIR)
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ install -m 644 semodule_link.8 $(MANDIR)/man8/
relabel:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_link/semodule_link.8 policycoreutils-1.27.31/semodule_link/semodule_link.8
--- nsapolicycoreutils/semodule_link/semodule_link.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.27.31/semodule_link/semodule_link.8 2005-11-30 14:31:26.000000000 -0500
@@ -0,0 +1,27 @@
+.TH SEMODULE_LINK "8" "Nov 2005" "Security Enhanced Linux" NSA
+.SH NAME
+semodule_link \- Link a group of modules together with a base module
+
+.SH SYNOPSIS
+.B semodule_link [-V] [-o outfile] basemodpkg modpkg1 [modpkg2]...
+.br
+.SH DESCRIPTION
+.PP
+semodule_link is the tool used to create a policy file from a base policy module. and one of more loadable policy modules: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
+
+.SH "OPTIONS"
+.TP
+.B \-V
+verbose mode
+.TP
+.B \-o \-\-outfile <output file>
+Loadable package Output file
+
+
+.SH SEE ALSO
+.B load_policy(8), semodule_package(8), semodule(8), semodule_expand(8)
+(8),
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Karl MacMillan <kmacmillan@tresys.com>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_package/Makefile policycoreutils-1.27.31/semodule_package/Makefile
--- nsapolicycoreutils/semodule_package/Makefile 2005-10-12 15:25:33.000000000 -0400
+++ policycoreutils-1.27.31/semodule_package/Makefile 2005-11-30 14:31:26.000000000 -0500
@@ -3,6 +3,7 @@
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(INCLUDEDIR)
@@ -15,6 +16,8 @@
install: all
-mkdir -p $(BINDIR)
install -m 755 semodule_package $(BINDIR)
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ install -m 644 semodule_package.8 $(MANDIR)/man8/
relabel:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_package/semodule_package.8 policycoreutils-1.27.31/semodule_package/semodule_package.8
--- nsapolicycoreutils/semodule_package/semodule_package.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.27.31/semodule_package/semodule_package.8 2005-11-30 14:31:26.000000000 -0500
@@ -0,0 +1,29 @@
+.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
+.SH NAME
+semodule_package \- Create loadable policy modules.
+
+.SH SYNOPSIS
+.B semodule_package -o <output file> -m <module> [-f <file contexts>]
+.br
+.SH DESCRIPTION
+.PP
+semodule_package is the tool used to create a policy file from a base policy module. Tool takes to arguments: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
+
+.SH "OPTIONS"
+.TP
+.B \-o \-\-outfile <output file>
+Loadable package Output file
+.TP
+.B \-m \-\-module <Module file>
+Module file (te file)
+.TP
+.B \-f \-\-fc <File context file>
+Policy File contexts file
+
+.SH SEE ALSO
+.B load_policy(8), semodule(8), semodule_expand(8), semodule_link(8)
+(8),
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Karl MacMillan <kmacmillan@tresys.com>
except getopt.error, error:
- errorExit(string.join("Options Error ", error))
+ errorExit("Options Error %s " % error)
except ValueError, error:
- errorExit(string.join("ValueError ", error))
+ errorExit("ValueError %s" % error)
except IndexError, error:
errorExit("IndexError")

View File

@ -1,16 +1,16 @@
%define libsepolver 1.9.41-1
%define libsemanagever 1.3.61-1
%define libselinuxver 1.27.28-1
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.27.31
Version: 1.27.33
Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
Patch: policycoreutils-rhat.patch
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever}
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}
PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff
Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python
BuildRoot: %{_tmppath}/%{name}-buildroot
@ -95,6 +95,14 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
* Thu Dec 1 2005 Dan Walsh <dwalsh@redhat.com> 1.27.31-1
- Update to match NSA
* Merged audit2allow --tefile and --fcfile support from Dan Walsh.
* Merged genhomedircon fix from Dan Walsh.
* Merged semodule* man pages from Dan Walsh, and edited them.
* Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
retain validation/canonicalization of contexts during init.
* Wed Nov 30 2005 Dan Walsh <dwalsh@redhat.com> 1.27.31-1
- Update to match NSA
* Changed genhomedircon to always use user_r for the role in the

View File

@ -1 +1 @@
baf3d49d7f7b8805aa8bb7b465f54f76 policycoreutils-1.27.31.tgz
d302f9dbd0c9555cdfbfa7629c4c28a9 policycoreutils-1.27.33.tgz