* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-1
- Add /etc/samba/secrets.tdb to restorecond.conf - Update from upstream * Merged semanage prefix support from Russell Coker. * Added a test to setfiles to check that the spec file is a regular file.
This commit is contained in:
parent
177e68282d
commit
dd5c47c08b
@ -97,3 +97,4 @@ policycoreutils-1.30.tgz
|
|||||||
policycoreutils-1.30.1.tgz
|
policycoreutils-1.30.1.tgz
|
||||||
policycoreutils-1.30.4.tgz
|
policycoreutils-1.30.4.tgz
|
||||||
policycoreutils-1.30.5.tgz
|
policycoreutils-1.30.5.tgz
|
||||||
|
policycoreutils-1.30.6.tgz
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.5/audit2allow/audit2allow
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.6/audit2allow/audit2allow
|
||||||
--- nsapolicycoreutils/audit2allow/audit2allow 2006-03-29 15:35:22.000000000 -0500
|
--- nsapolicycoreutils/audit2allow/audit2allow 2006-03-29 15:35:22.000000000 -0500
|
||||||
+++ policycoreutils-1.30.5/audit2allow/audit2allow 2006-04-14 07:44:00.000000000 -0400
|
+++ policycoreutils-1.30.6/audit2allow/audit2allow 2006-04-14 15:07:36.000000000 -0400
|
||||||
@@ -24,431 +24,8 @@
|
@@ -24,431 +24,8 @@
|
||||||
# 02111-1307 USA
|
# 02111-1307 USA
|
||||||
#
|
#
|
||||||
@ -495,7 +495,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
|
|||||||
if o == "-R" or o == "--reference":
|
if o == "-R" or o == "--reference":
|
||||||
ref_ind=True
|
ref_ind=True
|
||||||
|
|
||||||
@@ -565,25 +144,37 @@
|
@@ -565,25 +144,38 @@
|
||||||
if o == "-v" or o == "--verbose":
|
if o == "-v" or o == "--verbose":
|
||||||
verbose=1
|
verbose=1
|
||||||
|
|
||||||
@ -524,6 +524,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
|
|||||||
+
|
+
|
||||||
+ if analyze:
|
+ if analyze:
|
||||||
+ serules.analyze()
|
+ serules.analyze()
|
||||||
|
+ sys.exit(0)
|
||||||
|
|
||||||
- if auditlogs:
|
- if auditlogs:
|
||||||
+ if auditlogs and os.path.exists("/var/log/audit/audit.log"):
|
+ if auditlogs and os.path.exists("/var/log/audit/audit.log"):
|
||||||
@ -538,9 +539,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
|
|||||||
output.flush()
|
output.flush()
|
||||||
if buildPP:
|
if buildPP:
|
||||||
cmd="checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
|
cmd="checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.30.5/audit2allow/audit2allow.1
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.30.6/audit2allow/audit2allow.1
|
||||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2006-03-10 09:48:04.000000000 -0500
|
--- nsapolicycoreutils/audit2allow/audit2allow.1 2006-03-10 09:48:04.000000000 -0500
|
||||||
+++ policycoreutils-1.30.5/audit2allow/audit2allow.1 2006-04-14 07:44:00.000000000 -0400
|
+++ policycoreutils-1.30.6/audit2allow/audit2allow.1 2006-04-14 13:50:16.000000000 -0400
|
||||||
@@ -98,6 +98,11 @@
|
@@ -98,6 +98,11 @@
|
||||||
.PP
|
.PP
|
||||||
.SH EXAMPLE
|
.SH EXAMPLE
|
||||||
@ -553,9 +554,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.
|
|||||||
.B Using audit2allow to generate monolithic (non-module) policy
|
.B Using audit2allow to generate monolithic (non-module) policy
|
||||||
$ cd /etc/selinux/$SELINUXTYPE/src/policy
|
$ cd /etc/selinux/$SELINUXTYPE/src/policy
|
||||||
$ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te
|
$ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.5/audit2allow/avc.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.6/audit2allow/avc.py
|
||||||
--- nsapolicycoreutils/audit2allow/avc.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/audit2allow/avc.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-1.30.5/audit2allow/avc.py 2006-04-14 07:44:00.000000000 -0400
|
+++ policycoreutils-1.30.6/audit2allow/avc.py 2006-04-14 15:46:22.000000000 -0400
|
||||||
@@ -0,0 +1,518 @@
|
@@ -0,0 +1,518 @@
|
||||||
+#! /usr/bin/env python
|
+#! /usr/bin/env python
|
||||||
+# Copyright (C) 2006 Red Hat
|
+# Copyright (C) 2006 Red Hat
|
||||||
@ -989,6 +990,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic
|
|||||||
+ self.seRules[key]=serule(key)
|
+ self.seRules[key]=serule(key)
|
||||||
+ if "name" not in AVC.keys():
|
+ if "name" not in AVC.keys():
|
||||||
+ AVC["name"]=""
|
+ AVC["name"]=""
|
||||||
|
+ if "comm" not in AVC.keys():
|
||||||
|
+ AVC["comm"]=""
|
||||||
+
|
+
|
||||||
+ self.add_avc(AVC)
|
+ self.add_avc(AVC)
|
||||||
+ self.seRules[key].add((AVC["access"], AVC["msg"], AVC["comm"], AVC["name"]))
|
+ self.seRules[key].add((AVC["access"], AVC["msg"], AVC["comm"], AVC["name"]))
|
||||||
@ -1049,11 +1052,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic
|
|||||||
+
|
+
|
||||||
+ def analyze(self):
|
+ def analyze(self):
|
||||||
+ a=Analyze()
|
+ a=Analyze()
|
||||||
+ analysys=a.process(self.AVCS)
|
+ for i in a.process(self.AVCS):
|
||||||
+ for i in analysys:
|
|
||||||
+ print i[0][0]
|
+ print i[0][0]
|
||||||
+ print ""
|
+ print ""
|
||||||
+ sys.exit(0)
|
|
||||||
+
|
+
|
||||||
+ def out(self, require=0, module=""):
|
+ def out(self, require=0, module=""):
|
||||||
+ rec=""
|
+ rec=""
|
||||||
@ -1075,9 +1076,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic
|
|||||||
+ rec += self.seRules[i].out(self.verbose)+"\n"
|
+ rec += self.seRules[i].out(self.verbose)+"\n"
|
||||||
+ return rec
|
+ return rec
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.5/restorecond/restorecond.conf
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.6/restorecond/restorecond.conf
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.conf 2006-03-29 11:08:21.000000000 -0500
|
--- nsapolicycoreutils/restorecond/restorecond.conf 2006-03-29 11:08:21.000000000 -0500
|
||||||
+++ policycoreutils-1.30.5/restorecond/restorecond.conf 2006-04-14 09:40:32.000000000 -0400
|
+++ policycoreutils-1.30.6/restorecond/restorecond.conf 2006-04-14 13:50:16.000000000 -0400
|
||||||
@@ -1,4 +1,6 @@
|
@@ -1,4 +1,6 @@
|
||||||
/etc/resolv.conf
|
/etc/resolv.conf
|
||||||
+/etc/samba/secrets.tdb
|
+/etc/samba/secrets.tdb
|
||||||
@ -1085,82 +1086,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.
|
|||||||
/var/run/utmp
|
/var/run/utmp
|
||||||
~/public_html
|
~/public_html
|
||||||
+~/.mozilla/plugins/libflashplayer.so
|
+~/.mozilla/plugins/libflashplayer.so
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.5/semanage/semanage
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.6/semanage/semanage
|
||||||
--- nsapolicycoreutils/semanage/semanage 2006-03-29 15:35:22.000000000 -0500
|
--- nsapolicycoreutils/semanage/semanage 2006-04-14 13:10:51.000000000 -0400
|
||||||
+++ policycoreutils-1.30.5/semanage/semanage 2006-04-14 07:45:07.000000000 -0400
|
+++ policycoreutils-1.30.6/semanage/semanage 2006-04-14 13:50:16.000000000 -0400
|
||||||
@@ -32,7 +32,7 @@
|
@@ -292,6 +292,8 @@
|
||||||
print '\
|
|
||||||
semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\
|
|
||||||
semanage login -{a|d|m} [-sr] login_name\n\
|
|
||||||
-semanage user -{a|d|m} [-LrR] selinux_name\n\
|
|
||||||
+semanage user -{a|d|m} [-LrRP] selinux_name\n\
|
|
||||||
semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\
|
|
||||||
semanage interface -{a|d|m} [-tr] interface_spec\n\
|
|
||||||
semanage fcontext -{a|d|m} [-frst] file_spec\n\
|
|
||||||
@@ -60,6 +60,7 @@
|
|
||||||
-p (named pipe) \n\n\
|
|
||||||
\
|
|
||||||
-p, --proto Port protocol (tcp or udp)\n\
|
|
||||||
+ -P, --prefix Prefix for home directory labeling\n\
|
|
||||||
-L, --level Default SELinux Level (MLS/MCS Systems only)\n\
|
|
||||||
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")\n\
|
|
||||||
-T, --trans SELinux Level Translation (MLS/MCS Systems only)\n\n\
|
|
||||||
@@ -83,7 +84,7 @@
|
|
||||||
valid_option["login"] = []
|
|
||||||
valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
|
|
||||||
valid_option["user"] = []
|
|
||||||
- valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles' ]
|
|
||||||
+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
|
|
||||||
valid_option["port"] = []
|
|
||||||
valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--protocol' ]
|
|
||||||
valid_option["interface"] = []
|
|
||||||
@@ -109,6 +110,7 @@
|
|
||||||
setrans = ""
|
|
||||||
roles = ""
|
|
||||||
seuser = ""
|
|
||||||
+ prefix = ""
|
|
||||||
heading=1
|
|
||||||
|
|
||||||
add = 0
|
|
||||||
@@ -126,7 +128,7 @@
|
|
||||||
args = sys.argv[2:]
|
|
||||||
|
|
||||||
gopts, cmds = getopt.getopt(args,
|
|
||||||
- 'adf:lhmnp:s:R:L:r:t:T:',
|
|
||||||
+ 'adf:lhmnp:s:R:L:r:t:T:P:',
|
|
||||||
['add',
|
|
||||||
'delete',
|
|
||||||
'ftype=',
|
|
||||||
@@ -140,7 +142,8 @@
|
|
||||||
'level=',
|
|
||||||
'roles=',
|
|
||||||
'type=',
|
|
||||||
- 'trans='
|
|
||||||
+ 'trans=',
|
|
||||||
+ 'prefix='
|
|
||||||
])
|
|
||||||
for o, a in gopts:
|
|
||||||
if o not in option_dict[object]:
|
|
||||||
@@ -185,6 +188,9 @@
|
|
||||||
if o == "-p" or o == '--proto':
|
|
||||||
proto = a
|
|
||||||
|
|
||||||
+ if o == "-P" or o == '--prefix':
|
|
||||||
+ prefix = a
|
|
||||||
+
|
|
||||||
if o == "-R" or o == '--roles':
|
|
||||||
roles = roles + " " + a
|
|
||||||
|
|
||||||
@@ -235,7 +241,7 @@
|
|
||||||
rlist = roles.split()
|
|
||||||
if len(rlist) == 0:
|
|
||||||
raise ValueError("You must specify a role")
|
|
||||||
- OBJECT.add(target, rlist, selevel, serange)
|
|
||||||
+ OBJECT.add(target, rlist, selevel, serange, prefix)
|
|
||||||
|
|
||||||
if object == "port":
|
|
||||||
OBJECT.add(target, proto, serange, setype)
|
|
||||||
@@ -286,6 +292,8 @@
|
|
||||||
errorExit("Options Error " + error.msg)
|
errorExit("Options Error " + error.msg)
|
||||||
except ValueError, error:
|
except ValueError, error:
|
||||||
errorExit(error.args[0])
|
errorExit(error.args[0])
|
||||||
@ -1169,49 +1098,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
except IOError, error:
|
except IOError, error:
|
||||||
errorExit(error.args[1])
|
errorExit(error.args[1])
|
||||||
except KeyboardInterrupt, error:
|
except KeyboardInterrupt, error:
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.5/semanage/seobject.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.6/semanage/seobject.py
|
||||||
--- nsapolicycoreutils/semanage/seobject.py 2006-03-29 15:35:22.000000000 -0500
|
--- nsapolicycoreutils/semanage/seobject.py 2006-04-14 13:10:51.000000000 -0400
|
||||||
+++ policycoreutils-1.30.5/semanage/seobject.py 2006-04-14 07:47:13.000000000 -0400
|
+++ policycoreutils-1.30.6/semanage/seobject.py 2006-04-14 13:52:19.000000000 -0400
|
||||||
@@ -381,7 +381,7 @@
|
@@ -455,6 +455,8 @@
|
||||||
def __init__(self):
|
|
||||||
semanageRecords.__init__(self)
|
|
||||||
|
|
||||||
- def add(self, name, roles, selevel, serange):
|
|
||||||
+ def add(self, name, roles, selevel, serange, prefix):
|
|
||||||
if is_mls_enabled == 1:
|
|
||||||
if serange == "":
|
|
||||||
serange = "s0"
|
|
||||||
@@ -427,6 +427,9 @@
|
|
||||||
if rc < 0:
|
|
||||||
raise ValueError("Could not set MLS level for %s" % name)
|
|
||||||
|
|
||||||
+ rc = semanage_user_set_prefix(self.sh, u, prefix)
|
|
||||||
+ if rc < 0:
|
|
||||||
+ raise ValueError("Could not add prefix %s for %s" % (r, prefix))
|
|
||||||
(rc,key) = semanage_user_key_extract(self.sh,u)
|
|
||||||
if rc < 0:
|
|
||||||
raise ValueError("Could not extract key for %s" % name)
|
|
||||||
@@ -451,13 +454,15 @@
|
|
||||||
semanage_user_key_free(k)
|
|
||||||
semanage_user_free(u)
|
semanage_user_free(u)
|
||||||
|
|
||||||
- def modify(self, name, roles = [], selevel = "", serange = ""):
|
def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
|
||||||
+ def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
|
|
||||||
+ oldroles=""
|
+ oldroles=""
|
||||||
+ newroles = string.join(roles, ' ');
|
+ newroles = string.join(roles, ' ');
|
||||||
try:
|
try:
|
||||||
- if len(roles) == 0 and serange == "" and selevel == "":
|
if prefix == "" and len(roles) == 0 and serange == "" and selevel == "":
|
||||||
+ if prefix == "" and len(roles) == 0 and serange == "" and selevel == "":
|
|
||||||
if is_mls_enabled == 1:
|
if is_mls_enabled == 1:
|
||||||
- raise ValueError("Requires roles, level or range")
|
@@ -476,6 +478,13 @@
|
||||||
+ raise ValueError("Requires prefix, roles, level or range")
|
|
||||||
else:
|
|
||||||
- raise ValueError("Requires roles")
|
|
||||||
+ raise ValueError("Requires prefix or roles")
|
|
||||||
|
|
||||||
(rc,k) = semanage_user_key_create(self.sh, name)
|
|
||||||
if rc < 0:
|
|
||||||
@@ -473,11 +478,21 @@
|
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError("Could not query user for %s" % name)
|
raise ValueError("Could not query user for %s" % name)
|
||||||
|
|
||||||
@ -1225,15 +1124,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
|
|||||||
if serange != "":
|
if serange != "":
|
||||||
semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
|
semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
|
||||||
if selevel != "":
|
if selevel != "":
|
||||||
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
|
@@ -501,10 +510,11 @@
|
||||||
|
|
||||||
+ if prefix != "":
|
|
||||||
+ semanage_user_set_prefix(self.sh, u, prefix)
|
|
||||||
+
|
|
||||||
if len(roles) != 0:
|
|
||||||
for r in roles:
|
|
||||||
semanage_user_add_role(self.sh, u, r)
|
|
||||||
@@ -495,10 +510,11 @@
|
|
||||||
raise ValueError("Could not modify SELinux user %s" % name)
|
raise ValueError("Could not modify SELinux user %s" % name)
|
||||||
|
|
||||||
except ValueError, error:
|
except ValueError, error:
|
||||||
@ -1247,9 +1138,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
|
|||||||
semanage_user_key_free(k)
|
semanage_user_key_free(k)
|
||||||
semanage_user_free(u)
|
semanage_user_free(u)
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/setsebool.8 policycoreutils-1.30.5/setsebool/setsebool.8
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/setsebool.8 policycoreutils-1.30.6/setsebool/setsebool.8
|
||||||
--- nsapolicycoreutils/setsebool/setsebool.8 2005-11-04 15:37:49.000000000 -0500
|
--- nsapolicycoreutils/setsebool/setsebool.8 2005-11-04 15:37:49.000000000 -0500
|
||||||
+++ policycoreutils-1.30.5/setsebool/setsebool.8 2006-04-14 07:44:00.000000000 -0400
|
+++ policycoreutils-1.30.6/setsebool/setsebool.8 2006-04-14 13:50:16.000000000 -0400
|
||||||
@@ -17,7 +17,7 @@
|
@@ -17,7 +17,7 @@
|
||||||
are not changed.
|
are not changed.
|
||||||
|
|
||||||
|
@ -4,8 +4,8 @@
|
|||||||
%define libselinuxver 1.30.3-1
|
%define libselinuxver 1.30.3-1
|
||||||
Summary: SELinux policy core utilities.
|
Summary: SELinux policy core utilities.
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 1.30.5
|
Version: 1.30.6
|
||||||
Release: 2
|
Release: 1
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -108,11 +108,10 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
/sbin/service restorecond condrestart
|
/sbin/service restorecond condrestart
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-2
|
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-1
|
||||||
- Add /etc/samba/secrets.tdb to restorecond.conf
|
- Add /etc/samba/secrets.tdb to restorecond.conf
|
||||||
|
|
||||||
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-1
|
|
||||||
- Update from upstream
|
- Update from upstream
|
||||||
|
* Merged semanage prefix support from Russell Coker.
|
||||||
* Added a test to setfiles to check that the spec file is
|
* Added a test to setfiles to check that the spec file is
|
||||||
a regular file.
|
a regular file.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user