rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-1 

- Update to upstream
	* Add btrfs to fixfiles from Dan Walsh.
	* Remove restorecond error for matching globs with multiple hard links
 	  and fix some error messages from Dan Walsh.
	* Make removing a non-existant module a warning rather than an error
	  from Dan Walsh.
	* Man page fixes from Dan Walsh.
This commit is contained in:
Daniel J Walsh 2009-02-18 21:54:32 +00:00
parent b64d03f609
commit badeadc2fc
6 changed files with 2434 additions and 2329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -195,3 +195,5 @@ policycoreutils-2.0.60.tgz
sepolgen-1.0.14.tgz
policycoreutils-2.0.61.tgz
sepolgen-1.0.15.tgz
policycoreutils-2.0.62.tgz
sepolgen-1.0.16.tgz

4515
policycoreutils-po.patch
View File

File diff suppressed because it is too large Load Diff

202
policycoreutils-rhat.patch
View File

@ -1,17 +1,4 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.61/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.61/audit2allow/audit2allow.1 2009-01-20 09:49:03.000000000 -0500
@@ -75,9 +75,6 @@
Generate reference policy using installed macros.
This attempts to match denials against interfaces and may be inaccurate.
.TP
-.B "\-t " | "\-\-tefile"
-Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
-.TP
.B "\-w" | "\-\-why"
Translates SELinux audit messages into a description of why the access was denied
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.61/Makefile
diff --exclude-from=exclude --exclude=sepolgen-1.0.15 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.61/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/Makefile 2009-01-20 09:49:03.000000000 -0500
@@ -1,4 +1,4 @@
@ -20,190 +7,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.61/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/Makefile 2009-01-30 11:22:46.000000000 -0500
@@ -20,7 +20,7 @@
install -m 755 restorecond $(SBINDIR)
install -m 644 restorecond.8 $(MANDIR)/man8
-mkdir -p $(INITDIR)
- install -m 644 restorecond.init $(INITDIR)/restorecond
+ install -m 755 restorecond.init $(INITDIR)/restorecond
-mkdir -p $(SELINUXDIR)
install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.61/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/restorecond.c 2009-01-30 11:21:09.000000000 -0500
@@ -1,7 +1,7 @@
/*
* restorecond
*
- * Copyright (C) 2006 Red Hat
+ * Copyright (C) 2006-2009 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software; you can redistribute it and/or
@@ -75,7 +75,7 @@
static int debug_mode = 0;
static int verbose_mode = 0;
-static void restore(const char *filename);
+static void restore(const char *filename, int exact);
struct watchList {
struct watchList *next;
@@ -113,12 +113,13 @@
printf("%d: File=%s\n", wd, file);
while (ptr != NULL) {
if (ptr->wd == wd) {
- if (strings_list_find(ptr->files, file) == 0) {
+ int exact=0;
+ if (strings_list_find(ptr->files, file, &exact) == 0) {
char *path = NULL;
if (asprintf(&path, "%s/%s", ptr->dir, file) <
0)
exitApp("Error allocating memory.");
- restore(path);
+ restore(path, exact);
free(path);
return 0;
}
@@ -155,7 +156,7 @@
Set the file context to the default file context for this system.
Same as restorecon.
*/
-static void restore(const char *filename)
+static void restore(const char *filename, int exact)
{
int retcontext = 0;
security_context_t scontext = NULL;
@@ -181,9 +182,11 @@
}
if (!(st.st_mode & S_IFDIR) && st.st_nlink > 1) {
- syslog(LOG_ERR,
- "Will not restore a file with more than one hard link (%s) %s\n",
- filename, strerror(errno));
+ if (exact) {
+ syslog(LOG_ERR,
+ "Will not restore a file with more than one hard link (%s) %s\n",
+ filename, strerror(errno));
+ }
close(fd);
return;
}
@@ -283,6 +286,8 @@
inotify_rm_watch(fd, master_wd);
master_wd =
inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
+ if (master_wd == -1)
+ exitApp("Error watching config file.");
}
/*
@@ -396,7 +401,7 @@
char *file = basename(path);
ptr = firstDir;
- restore(path);
+ restore(path, 1);
while (ptr != NULL) {
if (strcmp(dir, ptr->dir) == 0) {
@@ -411,7 +416,14 @@
if (!ptr)
exitApp("Out of Memory");
+
ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
+ if (ptr->wd == -1) {
+ free(ptr);
+ syslog(LOG_ERR, "Unable to watch (%s) %s\n",
+ path, strerror(errno));
+ return;
+ }
ptr->dir = strdup(dir);
if (!ptr->dir)
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.61/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2008-09-12 11:48:15.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/restorecond.conf 2009-01-30 11:10:14.000000000 -0500
@@ -5,4 +5,3 @@
/var/run/utmp
/var/log/wtmp
~/*
-~/.mozilla/plugins/libflashplayer.so
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/stringslist.c policycoreutils-2.0.61/restorecond/stringslist.c
--- nsapolicycoreutils/restorecond/stringslist.c 2008-09-12 11:48:15.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/stringslist.c 2009-01-30 11:20:48.000000000 -0500
@@ -55,9 +55,10 @@
*list = newptr;
}
-int strings_list_find(struct stringsList *ptr, const char *string)
+int strings_list_find(struct stringsList *ptr, const char *string, int *exact)
{
while (ptr) {
+ *exact = strcmp(ptr->string, string) == 0;
int cmp = fnmatch(ptr->string, string, 0);
if (cmp == 0)
return 0; /* Match found */
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/stringslist.h policycoreutils-2.0.61/restorecond/stringslist.h
--- nsapolicycoreutils/restorecond/stringslist.h 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/stringslist.h 2009-01-30 11:27:00.000000000 -0500
@@ -31,7 +31,7 @@
void strings_list_free(struct stringsList *list);
void strings_list_add(struct stringsList **list, const char *string);
void strings_list_print(struct stringsList *list);
-int strings_list_find(struct stringsList *list, const char *string);
+int strings_list_find(struct stringsList *list, const char *string, int *exact);
int strings_list_diff(struct stringsList *from, struct stringsList *to);
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.61/restorecond/utmpwatcher.c
--- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/utmpwatcher.c 2009-01-20 09:49:03.000000000 -0500
@@ -57,7 +57,7 @@
utmp_ptr = NULL;
FILE *cfg = fopen(utmp_path, "r");
if (!cfg)
- exitApp("Error reading config file.");
+ exitApp("Error reading utmp file.");
while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
if (u.ut_type == USER_PROCESS)
@@ -69,6 +69,9 @@
utmp_wd =
inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
+ if (utmp_wd == -1)
+ exitApp("Error watching utmp file.");
+
if (prev_utmp_ptr) {
changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
strings_list_free(prev_utmp_ptr);
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.61/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-11-14 17:10:15.000000000 -0500
+++ policycoreutils-2.0.61/semanage/semanage 2009-01-20 09:49:03.000000000 -0500
@@ -219,6 +219,7 @@
'seuser=',
'store=',
'range=',
+ 'locallist=',
'level=',
'roles=',
'type=',
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.61/semodule/semodule.c
--- nsapolicycoreutils/semodule/semodule.c 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.61/semodule/semodule.c 2009-01-28 16:52:58.000000000 -0500
@@ -359,6 +363,9 @@
mode_arg);
}
result = semanage_module_remove(sh, mode_arg);
+ if ( result == -2 ) {
+ continue;
+ }
break;
}
case LIST_M:{

25
policycoreutils-sepolgen.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.61/sepolgen-1.0.15/src/sepolgen/refparser.py
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/sepolgen-1.0.15/src/sepolgen/refparser.py 2008-12-15 15:34:55.000000000 -0500
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py 2009-02-18 16:52:27.000000000 -0500
@@ -919,7 +919,7 @@
def list_headers(root):
modules = []
@ -10,24 +10,3 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py polic
for dirpath, dirnames, filenames in os.walk(root):
for name in filenames:
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/yacc.py policycoreutils-2.0.61/sepolgen-1.0.15/src/sepolgen/yacc.py
--- nsasepolgen/src/sepolgen/yacc.py 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/sepolgen-1.0.15/src/sepolgen/yacc.py 2008-12-15 15:34:55.000000000 -0500
@@ -67,7 +67,7 @@
error_count = 3 # Number of symbols that must be shifted to leave recovery mode
-import re, types, sys, cStringIO, md5, os.path
+import re, types, sys, cStringIO, hashlib, os.path
# Exception raised for yacc-related errors
class YaccError(Exception): pass
@@ -506,7 +506,7 @@
Errorfunc = None # User defined error handler
- Signature = md5.new() # Digital signature of the grammar rules, precedence
+ Signature = hashlib.md5() # Digital signature of the grammar rules, precedence
# and other information. Used to determined when a
# parsing table needs to be regenerated.

15
policycoreutils.spec
View File

@ -2,11 +2,11 @@
%define libsepolver 2.0.19-1
%define libsemanagever 2.0.28-2
%define libselinuxver 2.0.46-5
%define sepolgenver 1.0.15
%define sepolgenver 1.0.16
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.61
Release: 10%{?dist}
Version: 2.0.62
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -221,6 +221,15 @@ else
fi
%changelog
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-1
- Update to upstream
* Add btrfs to fixfiles from Dan Walsh.
* Remove restorecond error for matching globs with multiple hard links
and fix some error messages from Dan Walsh.
* Make removing a non-existant module a warning rather than an error
from Dan Walsh.
* Man page fixes from Dan Walsh.
* Mon Feb 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-10
- Fix script created by polgengui to not refer to selinux-policy-devel

4
sources
View File

@ -1,2 +1,2 @@
42f7f691dd8798fe7a8a21635f96d5d2 policycoreutils-2.0.61.tgz
a10512e5637e2d9e95278c7cfcdce567 sepolgen-1.0.15.tgz
7163e6b815bb45eb4f6a620cd8240690 policycoreutils-2.0.62.tgz
e1b5416c3e0d76e5d702b3f54f4def45 sepolgen-1.0.16.tgz