* Sun Jul 29 2009 Dan Walsh <dwalsh@redhat.com> 2.0.68-1

- Fix location of man pages
- Update to upstream
	* Modify setfiles to exclude mounts without seclabel option in
	/proc/mounts on kernels >= 2.6.30 from Thomas Liu.
	* Re-enable disable_dontaudit rules upon semodule -B from Christopher
	Pardy and Dan Walsh.
	* setfiles converted to fts from Thomas Liu.
This commit is contained in:
Daniel J Walsh 2009-07-29 13:43:53 +00:00
parent d34f2573e0
commit d03de9fdcd
6 changed files with 208357 additions and 111640 deletions

View File

@ -199,3 +199,6 @@ policycoreutils-2.0.62.tgz
sepolgen-1.0.16.tgz
policycoreutils-2.0.63.tgz
policycoreutils-2.0.64.tgz
policycoreutils-2.0.65.tgz
policycoreutils-2.0.67.tgz
policycoreutils-2.0.68.tgz

File diff suppressed because it is too large Load Diff

View File

@ -1,26 +1,15 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.64/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.64/audit2allow/audit2allow 2009-06-26 14:57:32.000000000 -0400
@@ -126,6 +126,7 @@
elif self.__options.audit:
try:
messages = audit.get_audit_msgs()
+ messages += audit.get_log_msgs()
except OSError, e:
sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
sys.exit(1)
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.64/Makefile
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.68/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.64/Makefile 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/Makefile 2009-07-29 09:34:07.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.64/restorecond/Makefile
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.68/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-02-18 16:44:47.000000000 -0500
+++ policycoreutils-2.0.64/restorecond/Makefile 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/restorecond/Makefile 2009-07-29 09:30:07.000000000 -0400
@@ -2,16 +2,23 @@
PREFIX ?= ${DESTDIR}/usr
SBINDIR ?= $(PREFIX)/sbin
@ -62,16 +51,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
relabel: install
/sbin/restorecon $(SBINDIR)/restorecond
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.64/restorecond/org.selinux.Restorecond.service
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.68/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.64/restorecond/org.selinux.Restorecond.service 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/restorecond/org.selinux.Restorecond.service 2009-07-29 09:30:07.000000000 -0400
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.64/restorecond/restorecond.c
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.68/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-02-18 16:44:47.000000000 -0500
+++ policycoreutils-2.0.64/restorecond/restorecond.c 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/restorecond/restorecond.c 2009-07-29 09:30:07.000000000 -0400
@@ -48,294 +48,37 @@
#include <signal.h>
#include <string.h>
@ -540,9 +529,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
}
+
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.64/restorecond/restorecond.conf
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.68/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-05-18 13:53:14.000000000 -0400
+++ policycoreutils-2.0.64/restorecond/restorecond.conf 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/restorecond/restorecond.conf 2009-07-29 09:30:07.000000000 -0400
@@ -4,8 +4,5 @@
/etc/mtab
/var/run/utmp
@ -553,9 +542,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
/root/.ssh/*
-
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.64/restorecond/restorecond.desktop
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.68/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.64/restorecond/restorecond.desktop 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/restorecond/restorecond.desktop 2009-07-29 09:30:07.000000000 -0400
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=File Context maintainer
@ -564,9 +553,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
+Encoding=UTF-8
+Type=Application
+StartupNotify=false
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.64/restorecond/restorecond.h
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.68/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.64/restorecond/restorecond.h 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/restorecond/restorecond.h 2009-07-29 09:30:07.000000000 -0400
@@ -24,7 +24,22 @@
#ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H
@ -592,15 +581,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
+extern void watch_list_free(int fd);
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.64/restorecond/restorecond_user.conf
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.68/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.64/restorecond/restorecond_user.conf 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/restorecond/restorecond_user.conf 2009-07-29 09:30:07.000000000 -0400
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.64/restorecond/user.c
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.68/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.64/restorecond/user.c 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/restorecond/user.c 2009-07-29 09:30:07.000000000 -0400
@@ -0,0 +1,220 @@
+/*
+ * restorecond
@ -822,9 +811,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
+ return 0;
+}
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/walk.c policycoreutils-2.0.64/restorecond/walk.c
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/walk.c policycoreutils-2.0.68/restorecond/walk.c
--- nsapolicycoreutils/restorecond/walk.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.64/restorecond/walk.c 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/restorecond/walk.c 2009-07-29 09:30:07.000000000 -0400
@@ -0,0 +1,30 @@
+#define _XOPEN_SOURCE 500
+#include <ftw.h>
@ -856,9 +845,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
+ printf("Total Dirs %d\n",ctr);
+ exit(EXIT_SUCCESS);
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.64/restorecond/watch.c
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.68/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.64/restorecond/watch.c 2009-06-26 14:57:32.000000000 -0400
+++ policycoreutils-2.0.68/restorecond/watch.c 2009-07-29 09:30:07.000000000 -0400
@@ -0,0 +1,346 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@ -1206,9 +1195,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
+ exitApp("Error watching config file.");
+}
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.64/scripts/Makefile
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.68/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2009-06-23 15:36:07.000000000 -0400
+++ policycoreutils-2.0.68/scripts/fixfiles 2009-07-29 09:31:44.000000000 -0400
@@ -129,7 +129,7 @@
if [ ! -z "$FILEPATH" ]; then
if [ -x /usr/bin/find ]; then
/usr/bin/find "$FILEPATH" \
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o fstype btrfs \) -prune -o -print0 | \
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o -print0 | \
${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
else
${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.68/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.64/scripts/Makefile 2009-06-26 14:57:40.000000000 -0400
+++ policycoreutils-2.0.68/scripts/Makefile 2009-07-29 09:30:07.000000000 -0400
@@ -5,11 +5,12 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@ -1223,9 +1224,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
install -m 755 fixfiles $(DESTDIR)/sbin
install -m 755 genhomedircon $(SBINDIR)
-mkdir -p $(MANDIR)/man8
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.64/scripts/sandbox
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.68/scripts/sandbox
--- nsapolicycoreutils/scripts/sandbox 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.64/scripts/sandbox 2009-06-26 14:57:40.000000000 -0400
+++ policycoreutils-2.0.68/scripts/sandbox 2009-07-29 09:30:07.000000000 -0400
@@ -0,0 +1,139 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl
@ -1366,9 +1367,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
+ error_exit(error.args[1])
+
+ sys.exit(rc)
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.64/scripts/sandbox.8
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.68/scripts/sandbox.8
--- nsapolicycoreutils/scripts/sandbox.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.64/scripts/sandbox.8 2009-06-26 14:57:40.000000000 -0400
+++ policycoreutils-2.0.68/scripts/sandbox.8 2009-07-29 09:30:07.000000000 -0400
@@ -0,0 +1,22 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
@ -1392,9 +1393,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
+.TP
+runcon(1)
+.PP
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.py policycoreutils-2.0.64/scripts/sandbox.py
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.py policycoreutils-2.0.68/scripts/sandbox.py
--- nsapolicycoreutils/scripts/sandbox.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.64/scripts/sandbox.py 2009-06-26 14:57:40.000000000 -0400
+++ policycoreutils-2.0.68/scripts/sandbox.py 2009-07-29 09:30:07.000000000 -0400
@@ -0,0 +1,67 @@
+#!/usr/bin/python
+import os, sys, getopt, socket, random, fcntl
@ -1463,9 +1464,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
+ mount(mount_src, filecon)
+ umount(filecon)
+os.execvp(cmds[0], cmds)
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.64/semanage/semanage
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.68/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-05-18 13:53:14.000000000 -0400
+++ policycoreutils-2.0.64/semanage/semanage 2009-06-26 14:57:40.000000000 -0400
+++ policycoreutils-2.0.68/semanage/semanage 2009-07-29 09:34:44.000000000 -0400
@@ -44,16 +44,17 @@
text = _("""
semanage [ -S store ] -i [ input_file | - ]
@ -1499,7 +1500,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask Netmask
+ -e, --equil Make target equil to this paths labeling
+ -e, --equal Make target equal to this paths labeling
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
@ -1508,7 +1509,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
valid_option["fcontext"] = []
- valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
+ valid_option["fcontext"] += valid_everyone + [ '-e', '--equil', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
+ valid_option["fcontext"] += valid_everyone + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
valid_option["translation"] = []
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
@ -1523,7 +1524,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
locallist = False
use_file = False
store = ""
+ equil=""
+ equal=""
+ dontaudit = ""
+
@ -1540,7 +1541,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
'delete',
'deleteall',
+ 'dontaudit=',
+ 'equil=',
+ 'equal=',
'ftype=',
'file',
'help',
@ -1558,8 +1559,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
- ftype=a
+ ftype = a
+
+ if o == "-e" or o == "--equil":
+ equil = a
+ if o == "-e" or o == "--equal":
+ equal = a
if o == "-F" or o == "--file":
use_file = True
@ -1606,10 +1607,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
if object == "fcontext":
- OBJECT.add(target, setype, ftype, serange, seuser)
+ if equil == "":
+ if equal == "":
+ OBJECT.add(target, setype, ftype, serange, seuser)
+ else:
+ OBJECT.add_equil(target, equil)
+ OBJECT.add_equal(target, equal)
if object == "permissive":
OBJECT.add(target)
@ -1628,10 +1629,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
if object == "fcontext":
- OBJECT.modify(target, setype, ftype, serange, seuser)
+ if equil == "":
+ if equal == "":
+ OBJECT.modify(target, setype, ftype, serange, seuser)
+ else:
+ OBJECT.modify_equil(target, equil)
+ OBJECT.modify_equal(target, equal)
return
@ -1644,9 +1645,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
elif object == "node":
OBJECT.delete(target, mask, proto)
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.64/semanage/semanage.8
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.68/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.64/semanage/semanage.8 2009-06-26 14:57:40.000000000 -0400
+++ policycoreutils-2.0.68/semanage/semanage.8 2009-07-29 09:30:07.000000000 -0400
@@ -21,6 +21,8 @@
.br
.B semanage permissive \-{a|d} type
@ -1656,9 +1657,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
.B semanage translation \-{a|d|m} [\-T] level
.P
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.64/semanage/seobject.py
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.68/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-05-18 13:53:14.000000000 -0400
+++ policycoreutils-2.0.64/semanage/seobject.py 2009-06-26 14:57:40.000000000 -0400
+++ policycoreutils-2.0.68/semanage/seobject.py 2009-07-29 09:35:07.000000000 -0400
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
@ -2208,7 +2209,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
+ self.equiv = {}
+ self.equil_ind = False
+ self.equal_ind = False
+ try:
+ fd = open(selinux.selinux_file_context_subs_path(), "r")
+ for i in fd.readlines():
@ -2219,7 +2220,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
+ pass
+
+ def commit(self):
+ if self.equil_ind:
+ if self.equal_ind:
+ subs_file = selinux.selinux_file_context_subs_path()
+ tmpfile = "%s.tmp" % subs_file
+ fd = open(tmpfile, "w")
@ -2231,23 +2232,23 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
+ except:
+ pass
+ os.rename(tmpfile,subs_file)
+ self.equil_ind = False
+ self.equal_ind = False
+ semanageRecords.commit(self)
+
+ def add_equil(self, src, dst):
+ def add_equal(self, src, dst):
+ self.begin()
+ if src in self.equiv.keys():
+ raise ValueError(_("Equivalence class for %s already exists") % src)
+ self.equiv[src] = dst
+ self.equil_ind = True
+ self.equal_ind = True
+ self.commit()
+
+ def modify_equil(self, src, dst):
+ def modify_equal(self, src, dst):
+ self.begin()
+ if src not in self.equiv.keys():
+ raise ValueError(_("Equivalence class for %s does not exists") % src)
+ self.equiv[src] = dst
+ self.equil_ind = True
+ self.equal_ind = True
+ self.commit()
def createcon(self, target, seuser = "system_u"):
@ -2323,14 +2324,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
-
+
+ self.equiv = {}
+ self.equil_ind = True
+ self.equal_ind = True
self.commit()
def __delete(self, target, ftype):
- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ if target in self.equiv.keys():
+ self.equiv.pop(target)
+ self.equil_ind = True
+ self.equal_ind = True
+ return
+
+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])

View File

@ -5,8 +5,8 @@
%define sepolgenver 1.0.16
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.64
Release: 3%{?dist}
Version: 2.0.68
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -81,6 +81,7 @@ install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/security/console.apps/selinux-polgengui
tar -jxf %{SOURCE8} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
@ -121,6 +122,17 @@ The policycoreutils-python package contains the management tools use to manage a
%dir /var/lib/sepolgen
%dir /var/lib/selinux
/var/lib/sepolgen/perm_map
%dir %{_datadir}/sandbox
%{_mandir}/man1/audit2allow.1*
%{_mandir}/ru/man1/audit2allow.1*
%{_mandir}/man1/audit2why.1*
%{_mandir}/ru/man1/audit2why.1*
%{_mandir}/man8/chcat.8*
%{_mandir}/ru/man8/chcat.8*
%{_mandir}/man8/semanage.8*
%{_mandir}/ru/man8/semanage.8*
%{_mandir}/man8/fixfiles.8*
%{_mandir}/ru/man8/fixfiles.8*
%post python
[ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen
@ -198,9 +210,6 @@ rm -rf %{buildroot}
%{_bindir}/semodule_expand
%{_bindir}/semodule_link
%{_bindir}/semodule_package
%{_mandir}/man*/*
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
%{_mandir}/ru/
%config(noreplace) %{_sysconfdir}/pam.d/newrole
%config(noreplace) %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
@ -209,6 +218,35 @@ rm -rf %{buildroot}
%config(noreplace) /etc/selinux/restorecond_user.conf
%{_sysconfdir}/xdg/autostart/restorecond.desktop
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
%{_mandir}/man8/load_policy.8*
%{_mandir}/ru/man8/load_policy.8*
%{_mandir}/man8/open_init_pty.8*
%{_mandir}/ru/man8/open_init_pty.8*
%{_mandir}/man8/restorecon.8*
%{_mandir}/ru/man8/restorecon.8*
%{_mandir}/man8/restorecond.8*
%{_mandir}/ru/man8/restorecond.8*
%{_mandir}/man8/run_init.8*
%{_mandir}/ru/man8/run_init.8*
%{_mandir}/man8/semodule.8*
%{_mandir}/ru/man8/semodule.8*
%{_mandir}/man8/semodule_deps.8*
%{_mandir}/ru/man8/semodule_deps.8*
%{_mandir}/man8/semodule_expand.8*
%{_mandir}/ru/man8/semodule_expand.8*
%{_mandir}/man8/semodule_link.8*
%{_mandir}/ru/man8/semodule_link.8*
%{_mandir}/man8/semodule_package.8*
%{_mandir}/ru/man8/semodule_package.8*
%{_mandir}/man8/sestatus.8*
%{_mandir}/ru/man8/sestatus.8*
%{_mandir}/man8/setfiles.8*
%{_mandir}/ru/man8/setfiles.8*
%{_mandir}/man8/setsebool.8*
%{_mandir}/ru/man8/setsebool.8*
%{_mandir}/man1/secon.1*
%{_mandir}/ru/man1/secon.1*
%preun
if [ $1 -eq 0 ]; then
@ -229,6 +267,15 @@ else
fi
%changelog
* Sun Jul 29 2009 Dan Walsh <dwalsh@redhat.com> 2.0.68-1
- Fix location of man pages
- Update to upstream
* Modify setfiles to exclude mounts without seclabel option in
/proc/mounts on kernels >= 2.6.30 from Thomas Liu.
* Re-enable disable_dontaudit rules upon semodule -B from Christopher
Pardy and Dan Walsh.
* setfiles converted to fts from Thomas Liu.
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.64-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

Binary file not shown.

View File

@ -1,2 +1,2 @@
e1b5416c3e0d76e5d702b3f54f4def45 sepolgen-1.0.16.tgz
d70351e2caf19dd096c3329e67f22753 policycoreutils-2.0.64.tgz
aed0ab49649832c19b650e9edefb3c64 policycoreutils-2.0.68.tgz