diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 3e2a565..2a787f3 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -18,17 +18,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -mkdir -p $(MANDIR)/man1 install -m 644 audit2allow.1 $(MANDIR)/man1/ -diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/ChangeLog policycoreutils-2.0.22/ChangeLog ---- nsapolicycoreutils/ChangeLog 2007-07-16 14:20:43.000000000 -0400 -+++ policycoreutils-2.0.22/ChangeLog 2007-06-21 05:17:13.000000000 -0400 -@@ -91,7 +91,6 @@ - 1.33.15 2007-01-17 - * Merged unicode-to-string fix for seobject audit from Dan Walsh. - * Merged man page updates to make "apropos selinux" work from Dan Walsh. -- - 1.33.14 2007-01-16 - * Merged newrole man page patch from Michael Thompson. - diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.22/Makefile --- nsapolicycoreutils/Makefile 2007-07-16 14:20:43.000000000 -0400 +++ policycoreutils-2.0.22/Makefile 2007-07-31 15:45:57.000000000 -0400 @@ -163,7 +152,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po __builtin__.__dict__['_'] = unicode diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.22/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/semanage/seobject.py 2007-08-01 09:23:28.000000000 -0400 ++++ policycoreutils-2.0.22/semanage/seobject.py 2007-08-01 09:54:14.000000000 -0400 @@ -210,6 +210,7 @@ os.write(fd, self.out()) os.close(fd) @@ -172,15 +161,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po class semanageRecords: def __init__(self): -@@ -1024,6 +1025,25 @@ +@@ -1024,14 +1025,31 @@ def __init__(self): semanageRecords.__init__(self) -+ def createcon(self): +- def add(self, target, type, ftype = "", serange = "", seuser = "system_u"): ++ def createcon(self, target, seuser = "system_u"): + (rc, con) = semanage_context_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create context for %s") % target) -+ rc = semanage_context_set_user(self.sh, con, "system_u") + if seuser == "": + seuser = "system_u" ++ ++ rc = semanage_context_set_user(self.sh, con, seuser) + if rc < 0: + raise ValueError(_("Could not set user in file context for %s") % target) + @@ -188,17 +181,24 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po + if rc < 0: + raise ValueError(_("Could not set role in file context for %s") % target) + -+ if is_mls_enabled == 1: + if is_mls_enabled == 1: +- if serange == "": +- serange = "s0" +- else: +- serange = untranslate(serange) + rc = semanage_context_set_mls(self.sh, con, "s0") + if rc < 0: + raise ValueError(_("Could not set mls fields in file context for %s") % target) + + return con + - def add(self, target, type, ftype = "", serange = "", seuser = "system_u"): - if seuser == "": - seuser = "system_u" -@@ -1051,33 +1071,30 @@ ++ def add(self, target, type, ftype = "", serange = "", seuser = "system_u"): ++ if is_mls_enabled == 1: ++ serange = untranslate(serange) + + if type == "": + raise ValueError(_("SELinux Type is required")) +@@ -1051,33 +1069,23 @@ raise ValueError(_("Could not create file context for %s") % target) rc = semanage_fcontext_set_expr(self.sh, fcontext, target) @@ -217,21 +217,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po - rc = semanage_context_set_type(self.sh, con, type) - if rc < 0: - raise ValueError(_("Could not set type in file context for %s") % target) -- ++ if type != "<>": ++ con = self.createcon(target, seuser) + - if serange != "": - rc = semanage_context_set_mls(self.sh, con, serange) - if rc < 0: - raise ValueError(_("Could not set mls fields in file context for %s") % target) -+ if type != "<>": -+ con = self.createcon() -+ rc = semanage_context_set_user(self.sh, con, seuser) -+ if rc < 0: -+ raise ValueError(_("Could not set user in file context for %s") % target) -+ -+ rc = semanage_context_set_role(self.sh, con, "object_r") -+ if rc < 0: -+ raise ValueError(_("Could not set role in file context for %s") % target) -+ + rc = semanage_context_set_type(self.sh, con, type) + if rc < 0: + raise ValueError(_("Could not set type in file context for %s") % target) @@ -253,7 +245,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po rc = semanage_begin_transaction(self.sh) if rc < 0: raise ValueError(_("Could not start semanage transaction")) -@@ -1090,7 +1107,8 @@ +@@ -1090,7 +1098,8 @@ if rc < 0: raise ValueError(_("Could not add file context for %s") % target) @@ -263,13 +255,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po semanage_fcontext_key_free(k) semanage_fcontext_free(fcontext) -@@ -1112,16 +1130,29 @@ +@@ -1112,16 +1121,29 @@ if rc < 0: raise ValueError(_("Could not query file context for %s") % target) - con = semanage_fcontext_get_con(fcontext) + if setype != "<>": -+ print setype + con = semanage_fcontext_get_con(fcontext) - if serange != "": @@ -281,12 +272,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po - - rc = semanage_begin_transaction(self.sh) + if con == None: -+ con = self.createcon() ++ con = self.createcon(target) + + if serange != "": + semanage_context_set_mls(self.sh, con, untranslate(serange)) + if seuser != "": -+ semanage_context_set_user(self.sh, con, seuser) ++ semanage_context_set_user(self.sh, con, seuser) ++ + if setype != "": + semanage_context_set_type(self.sh, con, setype) + @@ -302,7 +294,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not start semanage transaction")) -@@ -1283,9 +1314,12 @@ +@@ -1283,9 +1305,12 @@ raise ValueError(_("Could not list booleans")) for boolean in self.blist: