From dd5c47c08b51860327de55f18904e156313e4225 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 14 Apr 2006 19:47:03 +0000 Subject: [PATCH] * Fri Apr 14 2006 Dan Walsh 1.30.6-1 - Add /etc/samba/secrets.tdb to restorecond.conf - Update from upstream * Merged semanage prefix support from Russell Coker. * Added a test to setfiles to check that the spec file is a regular file. --- .cvsignore | 1 + policycoreutils-rhat.patch | 163 ++++++------------------------------- policycoreutils.spec | 9 +- sources | 2 +- 4 files changed, 33 insertions(+), 142 deletions(-) diff --git a/.cvsignore b/.cvsignore index 1e42024..36a2486 100644 --- a/.cvsignore +++ b/.cvsignore @@ -97,3 +97,4 @@ policycoreutils-1.30.tgz policycoreutils-1.30.1.tgz policycoreutils-1.30.4.tgz policycoreutils-1.30.5.tgz +policycoreutils-1.30.6.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 317c45e..352dbc7 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.5/audit2allow/audit2allow +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.6/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2006-03-29 15:35:22.000000000 -0500 -+++ policycoreutils-1.30.5/audit2allow/audit2allow 2006-04-14 07:44:00.000000000 -0400 ++++ policycoreutils-1.30.6/audit2allow/audit2allow 2006-04-14 15:07:36.000000000 -0400 @@ -24,431 +24,8 @@ # 02111-1307 USA # @@ -495,7 +495,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow if o == "-R" or o == "--reference": ref_ind=True -@@ -565,25 +144,37 @@ +@@ -565,25 +144,38 @@ if o == "-v" or o == "--verbose": verbose=1 @@ -524,6 +524,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow + + if analyze: + serules.analyze() ++ sys.exit(0) - if auditlogs: + if auditlogs and os.path.exists("/var/log/audit/audit.log"): @@ -538,9 +539,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow output.flush() if buildPP: cmd="checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.30.5/audit2allow/audit2allow.1 +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.30.6/audit2allow/audit2allow.1 --- nsapolicycoreutils/audit2allow/audit2allow.1 2006-03-10 09:48:04.000000000 -0500 -+++ policycoreutils-1.30.5/audit2allow/audit2allow.1 2006-04-14 07:44:00.000000000 -0400 ++++ policycoreutils-1.30.6/audit2allow/audit2allow.1 2006-04-14 13:50:16.000000000 -0400 @@ -98,6 +98,11 @@ .PP .SH EXAMPLE @@ -553,9 +554,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow. .B Using audit2allow to generate monolithic (non-module) policy $ cd /etc/selinux/$SELINUXTYPE/src/policy $ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.5/audit2allow/avc.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.6/audit2allow/avc.py --- nsapolicycoreutils/audit2allow/avc.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.30.5/audit2allow/avc.py 2006-04-14 07:44:00.000000000 -0400 ++++ policycoreutils-1.30.6/audit2allow/avc.py 2006-04-14 15:46:22.000000000 -0400 @@ -0,0 +1,518 @@ +#! /usr/bin/env python +# Copyright (C) 2006 Red Hat @@ -989,6 +990,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic + self.seRules[key]=serule(key) + if "name" not in AVC.keys(): + AVC["name"]="" ++ if "comm" not in AVC.keys(): ++ AVC["comm"]="" + + self.add_avc(AVC) + self.seRules[key].add((AVC["access"], AVC["msg"], AVC["comm"], AVC["name"])) @@ -1049,11 +1052,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic + + def analyze(self): + a=Analyze() -+ analysys=a.process(self.AVCS) -+ for i in analysys: ++ for i in a.process(self.AVCS): + print i[0][0] + print "" -+ sys.exit(0) + + def out(self, require=0, module=""): + rec="" @@ -1075,9 +1076,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic + rec += self.seRules[i].out(self.verbose)+"\n" + return rec + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.5/restorecond/restorecond.conf +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.6/restorecond/restorecond.conf --- nsapolicycoreutils/restorecond/restorecond.conf 2006-03-29 11:08:21.000000000 -0500 -+++ policycoreutils-1.30.5/restorecond/restorecond.conf 2006-04-14 09:40:32.000000000 -0400 ++++ policycoreutils-1.30.6/restorecond/restorecond.conf 2006-04-14 13:50:16.000000000 -0400 @@ -1,4 +1,6 @@ /etc/resolv.conf +/etc/samba/secrets.tdb @@ -1085,82 +1086,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond. /var/run/utmp ~/public_html +~/.mozilla/plugins/libflashplayer.so -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.5/semanage/semanage ---- nsapolicycoreutils/semanage/semanage 2006-03-29 15:35:22.000000000 -0500 -+++ policycoreutils-1.30.5/semanage/semanage 2006-04-14 07:45:07.000000000 -0400 -@@ -32,7 +32,7 @@ - print '\ - semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\ - semanage login -{a|d|m} [-sr] login_name\n\ --semanage user -{a|d|m} [-LrR] selinux_name\n\ -+semanage user -{a|d|m} [-LrRP] selinux_name\n\ - semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\ - semanage interface -{a|d|m} [-tr] interface_spec\n\ - semanage fcontext -{a|d|m} [-frst] file_spec\n\ -@@ -60,6 +60,7 @@ - -p (named pipe) \n\n\ - \ - -p, --proto Port protocol (tcp or udp)\n\ -+ -P, --prefix Prefix for home directory labeling\n\ - -L, --level Default SELinux Level (MLS/MCS Systems only)\n\ - -R, --roles SELinux Roles (ex: "sysadm_r staff_r")\n\ - -T, --trans SELinux Level Translation (MLS/MCS Systems only)\n\n\ -@@ -83,7 +84,7 @@ - valid_option["login"] = [] - valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range'] - valid_option["user"] = [] -- valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles' ] -+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ] - valid_option["port"] = [] - valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--protocol' ] - valid_option["interface"] = [] -@@ -109,6 +110,7 @@ - setrans = "" - roles = "" - seuser = "" -+ prefix = "" - heading=1 - - add = 0 -@@ -126,7 +128,7 @@ - args = sys.argv[2:] - - gopts, cmds = getopt.getopt(args, -- 'adf:lhmnp:s:R:L:r:t:T:', -+ 'adf:lhmnp:s:R:L:r:t:T:P:', - ['add', - 'delete', - 'ftype=', -@@ -140,7 +142,8 @@ - 'level=', - 'roles=', - 'type=', -- 'trans=' -+ 'trans=', -+ 'prefix=' - ]) - for o, a in gopts: - if o not in option_dict[object]: -@@ -185,6 +188,9 @@ - if o == "-p" or o == '--proto': - proto = a - -+ if o == "-P" or o == '--prefix': -+ prefix = a -+ - if o == "-R" or o == '--roles': - roles = roles + " " + a - -@@ -235,7 +241,7 @@ - rlist = roles.split() - if len(rlist) == 0: - raise ValueError("You must specify a role") -- OBJECT.add(target, rlist, selevel, serange) -+ OBJECT.add(target, rlist, selevel, serange, prefix) - - if object == "port": - OBJECT.add(target, proto, serange, setype) -@@ -286,6 +292,8 @@ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.6/semanage/semanage +--- nsapolicycoreutils/semanage/semanage 2006-04-14 13:10:51.000000000 -0400 ++++ policycoreutils-1.30.6/semanage/semanage 2006-04-14 13:50:16.000000000 -0400 +@@ -292,6 +292,8 @@ errorExit("Options Error " + error.msg) except ValueError, error: errorExit(error.args[0]) @@ -1169,49 +1098,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy except IOError, error: errorExit(error.args[1]) except KeyboardInterrupt, error: -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.5/semanage/seobject.py ---- nsapolicycoreutils/semanage/seobject.py 2006-03-29 15:35:22.000000000 -0500 -+++ policycoreutils-1.30.5/semanage/seobject.py 2006-04-14 07:47:13.000000000 -0400 -@@ -381,7 +381,7 @@ - def __init__(self): - semanageRecords.__init__(self) - -- def add(self, name, roles, selevel, serange): -+ def add(self, name, roles, selevel, serange, prefix): - if is_mls_enabled == 1: - if serange == "": - serange = "s0" -@@ -427,6 +427,9 @@ - if rc < 0: - raise ValueError("Could not set MLS level for %s" % name) - -+ rc = semanage_user_set_prefix(self.sh, u, prefix) -+ if rc < 0: -+ raise ValueError("Could not add prefix %s for %s" % (r, prefix)) - (rc,key) = semanage_user_key_extract(self.sh,u) - if rc < 0: - raise ValueError("Could not extract key for %s" % name) -@@ -451,13 +454,15 @@ - semanage_user_key_free(k) +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.6/semanage/seobject.py +--- nsapolicycoreutils/semanage/seobject.py 2006-04-14 13:10:51.000000000 -0400 ++++ policycoreutils-1.30.6/semanage/seobject.py 2006-04-14 13:52:19.000000000 -0400 +@@ -455,6 +455,8 @@ semanage_user_free(u) -- def modify(self, name, roles = [], selevel = "", serange = ""): -+ def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""): + def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""): + oldroles="" + newroles = string.join(roles, ' '); try: -- if len(roles) == 0 and serange == "" and selevel == "": -+ if prefix == "" and len(roles) == 0 and serange == "" and selevel == "": + if prefix == "" and len(roles) == 0 and serange == "" and selevel == "": if is_mls_enabled == 1: -- raise ValueError("Requires roles, level or range") -+ raise ValueError("Requires prefix, roles, level or range") - else: -- raise ValueError("Requires roles") -+ raise ValueError("Requires prefix or roles") - - (rc,k) = semanage_user_key_create(self.sh, name) - if rc < 0: -@@ -473,11 +478,21 @@ +@@ -476,6 +478,13 @@ if rc < 0: raise ValueError("Could not query user for %s" % name) @@ -1225,15 +1124,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol if serange != "": semanage_user_set_mlsrange(self.sh, u, untranslate(serange)) if selevel != "": - semanage_user_set_mlslevel(self.sh, u, untranslate(selevel)) - -+ if prefix != "": -+ semanage_user_set_prefix(self.sh, u, prefix) -+ - if len(roles) != 0: - for r in roles: - semanage_user_add_role(self.sh, u, r) -@@ -495,10 +510,11 @@ +@@ -501,10 +510,11 @@ raise ValueError("Could not modify SELinux user %s" % name) except ValueError, error: @@ -1247,9 +1138,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol semanage_user_key_free(k) semanage_user_free(u) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/setsebool.8 policycoreutils-1.30.5/setsebool/setsebool.8 +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/setsebool.8 policycoreutils-1.30.6/setsebool/setsebool.8 --- nsapolicycoreutils/setsebool/setsebool.8 2005-11-04 15:37:49.000000000 -0500 -+++ policycoreutils-1.30.5/setsebool/setsebool.8 2006-04-14 07:44:00.000000000 -0400 ++++ policycoreutils-1.30.6/setsebool/setsebool.8 2006-04-14 13:50:16.000000000 -0400 @@ -17,7 +17,7 @@ are not changed. diff --git a/policycoreutils.spec b/policycoreutils.spec index 73c7e0a..72d383f 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -4,8 +4,8 @@ %define libselinuxver 1.30.3-1 Summary: SELinux policy core utilities. Name: policycoreutils -Version: 1.30.5 -Release: 2 +Version: 1.30.6 +Release: 1 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -108,11 +108,10 @@ rm -rf ${RPM_BUILD_ROOT} /sbin/service restorecond condrestart %changelog -* Fri Apr 14 2006 Dan Walsh 1.30.5-2 +* Fri Apr 14 2006 Dan Walsh 1.30.6-1 - Add /etc/samba/secrets.tdb to restorecond.conf - -* Fri Apr 14 2006 Dan Walsh 1.30.5-1 - Update from upstream + * Merged semanage prefix support from Russell Coker. * Added a test to setfiles to check that the spec file is a regular file. diff --git a/sources b/sources index 40ede2f..2015067 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b3eba7a93507ee2e576c184854d01610 policycoreutils-1.30.5.tgz +8debed023798b5de5252be47d5fd1b1b policycoreutils-1.30.6.tgz