diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 74fedc8..955d63c 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500 -+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-19 15:01:34.000000000 -0400 ++++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-19 16:30:32.000000000 -0400 @@ -42,6 +42,8 @@ from optparse import OptionParser @@ -40,7 +40,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po f = sys.stdin diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile --- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.71/Makefile 2009-08-19 15:01:34.000000000 -0400 ++++ policycoreutils-2.0.71/Makefile 2009-08-19 16:30:32.000000000 -0400 @@ -1,4 +1,4 @@ -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui @@ -645,14 +645,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po +extern void watch_list_free(int fd); #endif -Binary files nsapolicycoreutils/restorecond/restorecond.o and policycoreutils-2.0.71/restorecond/restorecond.o differ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf --- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-19 12:25:41.000000000 -0400 @@ -0,0 +1,2 @@ +~/* +~/public_html/* -Binary files nsapolicycoreutils/restorecond/stringslist.o and policycoreutils-2.0.71/restorecond/stringslist.o differ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c --- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.71/restorecond/user.c 2009-08-19 12:25:41.000000000 -0400 @@ -877,11 +875,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + return 0; +} + -Binary files nsapolicycoreutils/restorecond/user.o and policycoreutils-2.0.71/restorecond/user.o differ -Binary files nsapolicycoreutils/restorecond/utmpwatcher.o and policycoreutils-2.0.71/restorecond/utmpwatcher.o differ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/walk.c policycoreutils-2.0.71/restorecond/walk.c --- nsapolicycoreutils/restorecond/walk.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.71/restorecond/walk.c 2009-08-19 15:01:34.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/walk.c 2009-08-19 16:30:32.000000000 -0400 @@ -0,0 +1,30 @@ +#define _XOPEN_SOURCE 500 +#include @@ -1170,10 +1166,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + exitApp("Error watching config file."); +} + -Binary files nsapolicycoreutils/restorecond/watch.o and policycoreutils-2.0.71/restorecond/watch.o differ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400 -+++ policycoreutils-2.0.71/scripts/chcat 2009-08-19 15:01:34.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/chcat 2009-08-19 16:30:32.000000000 -0400 @@ -435,6 +435,8 @@ continue except ValueError, e: @@ -1185,7 +1180,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile --- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.71/scripts/Makefile 2009-08-19 15:01:34.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/Makefile 2009-08-19 16:30:32.000000000 -0400 @@ -5,11 +5,12 @@ MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale @@ -1202,7 +1197,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -mkdir -p $(MANDIR)/man8 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.71/scripts/sandbox --- nsapolicycoreutils/scripts/sandbox 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.71/scripts/sandbox 2009-08-19 15:01:34.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/sandbox 2009-08-19 16:30:32.000000000 -0400 @@ -0,0 +1,139 @@ +#!/usr/bin/python -E +import os, sys, getopt, socket, random, fcntl @@ -1345,7 +1340,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + sys.exit(rc) diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.71/scripts/sandbox.8 --- nsapolicycoreutils/scripts/sandbox.8 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.71/scripts/sandbox.8 2009-08-19 15:01:34.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/sandbox.8 2009-08-19 16:30:32.000000000 -0400 @@ -0,0 +1,22 @@ +.TH SANDBOX "8" "May 2009" "chcat" "User Commands" +.SH NAME @@ -1371,7 +1366,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po +.PP diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.py policycoreutils-2.0.71/scripts/sandbox.py --- nsapolicycoreutils/scripts/sandbox.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.71/scripts/sandbox.py 2009-08-19 15:01:34.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/sandbox.py 2009-08-19 16:30:32.000000000 -0400 @@ -0,0 +1,67 @@ +#!/usr/bin/python +import os, sys, getopt, socket, random, fcntl @@ -1441,31 +1436,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + umount(filecon) +os.execvp(cmds[0], cmds) diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage ---- nsapolicycoreutils/semanage/semanage 2009-08-19 16:18:21.000000000 -0400 -+++ policycoreutils-2.0.71/semanage/semanage 2009-08-19 15:01:34.000000000 -0400 -@@ -44,17 +44,17 @@ - text = _(""" - semanage [ -S store ] -i [ input_file | - ] - --semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n] -+semanage {module,boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n] - semanage login -{a|d|m} [-sr] login_name | %groupname - semanage user -{a|d|m} [-LrRP] selinux_name - semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range - semanage interface -{a|d|m} [-tr] interface_spec - semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr --semanage fcontext -{a|d|m} [-frst] file_spec -+semanage fcontext -{a|d|m} [-frst] [-e path ] file_spec - semanage translation -{a|d|m} [-T] level - semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file --semanage permissive -{d|a} type --semanage dontaudit [ on | off ] -+semanage permissive -{a|d} type -+semanage module -{a|d|} module - - Primary Options: - -@@ -69,6 +69,7 @@ +--- nsapolicycoreutils/semanage/semanage 2009-08-19 16:35:03.000000000 -0400 ++++ policycoreutils-2.0.71/semanage/semanage 2009-08-19 16:30:32.000000000 -0400 +@@ -68,6 +68,7 @@ -h, --help Display this message -n, --noheading Do not print heading when listing OBJECTS -S, --store Select and alternate SELinux store to manage @@ -1473,7 +1446,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po Object-specific Options (see above): -@@ -85,6 +86,7 @@ +@@ -84,6 +85,7 @@ -F, --file Treat target as an input file for command, change multiple settings -p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6) -M, --mask Netmask @@ -1481,24 +1454,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -P, --prefix Prefix for home directory labeling -L, --level Default SELinux Level (MLS/MCS Systems only) -R, --roles SELinux Roles (ex: "sysadm_r staff_r") -@@ -116,12 +118,14 @@ - valid_option["node"] = [] - valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol'] - valid_option["fcontext"] = [] -- valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] -- valid_option["dontaudit"] = [ '-S', '--store' ] -+ valid_option["fcontext"] += valid_everyone + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] - valid_option["translation"] = [] - valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] - valid_option["boolean"] = [] - valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"] -+ valid_option["module"] = [] -+ valid_option["module"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '--dontaudit'] -+ - valid_option["permissive"] = [] - valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ] - return valid_option -@@ -194,6 +198,9 @@ +@@ -192,6 +194,9 @@ locallist = False use_file = False store = "" @@ -1508,7 +1464,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po object = argv[0] option_dict=get_options() -@@ -203,10 +210,12 @@ +@@ -201,10 +206,12 @@ args = argv[1:] gopts, cmds = getopt.getopt(args, @@ -1522,7 +1478,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po 'ftype=', 'file', 'help', -@@ -250,9 +259,15 @@ +@@ -248,9 +255,15 @@ if o == "-f" or o == "--ftype": ftype=a @@ -1538,7 +1494,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if o == "-h" or o == "--help": raise ValueError(_("%s bad option") % o) -@@ -326,6 +341,9 @@ +@@ -324,6 +337,9 @@ if object == "boolean": OBJECT = seobject.booleanRecords(store) @@ -1548,32 +1504,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if object == "translation": OBJECT = seobject.setransRecords() -@@ -343,17 +361,18 @@ - OBJECT.deleteall() - return - -+ if dontaudit != "": -+ if object == "module": -+ OBJECT.dontaudit(dontaudit) -+ else: -+ raise ValueError(_("%s bad option") % o) -+ return -+ - if len(cmds) != 1: - raise ValueError(_("%s bad option") % o) - - target = cmds[0] - -- -- if object == "dontaudit": -- OBJECT = seobject.dontauditClass(store) -- OBJECT.toggle(target) -- return -- - if add: - if object == "login": - OBJECT.add(target, seuser, serange) -@@ -370,11 +389,17 @@ +@@ -362,11 +378,17 @@ if object == "interface": OBJECT.add(target, serange, setype) @@ -1592,7 +1523,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if object == "permissive": OBJECT.add(target) -@@ -394,6 +419,9 @@ +@@ -386,6 +408,9 @@ rlist = roles.split() OBJECT.modify(target, rlist, selevel, serange, prefix) @@ -1602,7 +1533,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if object == "port": OBJECT.modify(target, proto, serange, setype) -@@ -404,7 +432,10 @@ +@@ -396,7 +421,10 @@ OBJECT.modify(target, mask, proto, serange, setype) if object == "fcontext": @@ -1614,30 +1545,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po return -diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.71/semanage/semanage.8 ---- nsapolicycoreutils/semanage/semanage.8 2009-08-19 16:20:57.000000000 -0400 -+++ policycoreutils-2.0.71/semanage/semanage.8 2009-08-19 15:01:34.000000000 -0400 -@@ -21,7 +21,7 @@ - .br - .B semanage permissive \-{a|d} type - .br --.B semanage dontaudit [ on | off ] -+.B semanage module \-{a|d} policy_package - .br - .B semanage translation \-{a|d|m} [\-T] level - .P -@@ -119,8 +119,6 @@ - $ semanage port -a -t http_port_t -p tcp 81 - # Change apache to a permissive domain - $ semanage permissive -a httpd_t --# Turn off dontaudit rules --$ semanage dontaudit off - .fi - - .SH "AUTHOR" diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py ---- nsapolicycoreutils/semanage/seobject.py 2009-08-19 16:14:31.000000000 -0400 -+++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-19 15:01:34.000000000 -0400 +--- nsapolicycoreutils/semanage/seobject.py 2009-08-19 16:35:03.000000000 -0400 ++++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-19 16:30:32.000000000 -0400 @@ -1,5 +1,5 @@ #! /usr/bin/python -E -# Copyright (C) 2005, 2006, 2007, 2008 Red Hat @@ -1662,63 +1572,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po os.rename(newfilename, self.filename) os.system("/sbin/service mcstrans reload > /dev/null") -@@ -314,18 +315,49 @@ - self.transaction = False - self.commit() - --class dontauditClass(semanageRecords): -+class moduleRecords(semanageRecords): - def __init__(self, store): - semanageRecords.__init__(self, store) - -- def toggle(self, dontaudit): -- if dontaudit not in [ "on", "off" ]: -- raise ValueError(_("dontaudit requires either 'on' or 'off'")) -+ def get_all(self): -+ l = [] -+ (rc, mlist, number) = semanage_module_list(self.sh) -+ if rc < 0: -+ raise ValueError(_("Could not list SELinux modules")) -+ -+ for i in range(number): -+ mod = semanage_module_list_nth(mlist, i) -+ name = semanage_module_get_name(mod) -+ l.append(name) -+ return l -+ -+ def dontaudit(self, dontaudit = 0): - self.begin() -- rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "on") -+ rc = semanage_set_disable_dontaudit(self.sh, dontaudit) - self.commit() - rc = semanage_reload_policy(self.sh) -- -+ -+ def list(self, heading = 1, locallist = 0): -+ if heading: -+ print "\n%-25s\n" % (_("Modules")) -+ for t in self.get_all(): -+ print t -+ -+ def add(self, modules): -+ import glob -+ for m in modules.split(): -+ rc = semanage_module_install_file(self.sh, m); -+ if rc >= 0: -+ self.commit() -+ -+ def delete(self, modules): -+ for m in modules.split(): -+ rc = semanage_module_remove(self.sh, m) -+ if rc < 0: -+ raise ValueError(_("Could not remove module %s (remove failed)") % name) -+ -+ self.commit() -+ - class permissiveRecords(semanageRecords): - def __init__(self, store): - semanageRecords.__init__(self, store) -@@ -995,7 +1027,7 @@ +@@ -983,7 +984,7 @@ proto_str = semanage_port_get_proto_str(proto) low = semanage_port_get_low(port) high = semanage_port_get_high(port) @@ -1727,7 +1581,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po return ddict def get_all_by_type(self, locallist = 0): -@@ -1420,6 +1452,48 @@ +@@ -1408,6 +1409,48 @@ class fcontextRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self, store) @@ -1776,7 +1630,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def createcon(self, target, seuser = "system_u"): (rc, con) = semanage_context_create(self.sh) -@@ -1586,9 +1660,16 @@ +@@ -1574,9 +1617,16 @@ raise ValueError(_("Could not delete the file context %s") % target) semanage_fcontext_key_free(k) @@ -1793,7 +1647,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) if rc < 0: raise ValueError(_("Could not create a key for %s") % target) -@@ -1644,11 +1725,11 @@ +@@ -1632,11 +1682,11 @@ return ddict def list(self, heading = 1, locallist = 0 ): @@ -1807,7 +1661,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po for k in keys: if fcon_dict[k]: if is_mls_enabled: -@@ -1657,6 +1738,12 @@ +@@ -1645,6 +1695,12 @@ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2]) else: print "%-50s %-18s <>" % (k[0], k[1]) @@ -2376,7 +2230,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + + + -Binary files nsapolicycoreutils/setfiles/restorecon and policycoreutils-2.0.71/setfiles/restorecon differ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h --- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-19 15:42:48.000000000 -0400 @@ -2431,8 +2284,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po +int process_one(char *name, int recurse); + +#endif -Binary files nsapolicycoreutils/setfiles/restore.o and policycoreutils-2.0.71/setfiles/restore.o differ -Binary files nsapolicycoreutils/setfiles/setfiles and policycoreutils-2.0.71/setfiles/setfiles differ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c --- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400 +++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-19 15:42:48.000000000 -0400