* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-1

- Add /etc/samba/secrets.tdb to restorecond.conf
- Update from upstream
	* Merged semanage prefix support from Russell Coker.
	* Added a test to setfiles to check that the spec file is
	  a regular file.
This commit is contained in:
Daniel J Walsh 2006-04-14 19:47:03 +00:00
parent 177e68282d
commit dd5c47c08b
4 changed files with 33 additions and 142 deletions

View File

@ -97,3 +97,4 @@ policycoreutils-1.30.tgz
policycoreutils-1.30.1.tgz policycoreutils-1.30.1.tgz
policycoreutils-1.30.4.tgz policycoreutils-1.30.4.tgz
policycoreutils-1.30.5.tgz policycoreutils-1.30.5.tgz
policycoreutils-1.30.6.tgz

View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.5/audit2allow/audit2allow diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.6/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2006-03-29 15:35:22.000000000 -0500 --- nsapolicycoreutils/audit2allow/audit2allow 2006-03-29 15:35:22.000000000 -0500
+++ policycoreutils-1.30.5/audit2allow/audit2allow 2006-04-14 07:44:00.000000000 -0400 +++ policycoreutils-1.30.6/audit2allow/audit2allow 2006-04-14 15:07:36.000000000 -0400
@@ -24,431 +24,8 @@ @@ -24,431 +24,8 @@
# 02111-1307 USA # 02111-1307 USA
# #
@ -495,7 +495,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
if o == "-R" or o == "--reference": if o == "-R" or o == "--reference":
ref_ind=True ref_ind=True
@@ -565,25 +144,37 @@ @@ -565,25 +144,38 @@
if o == "-v" or o == "--verbose": if o == "-v" or o == "--verbose":
verbose=1 verbose=1
@ -524,6 +524,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ +
+ if analyze: + if analyze:
+ serules.analyze() + serules.analyze()
+ sys.exit(0)
- if auditlogs: - if auditlogs:
+ if auditlogs and os.path.exists("/var/log/audit/audit.log"): + if auditlogs and os.path.exists("/var/log/audit/audit.log"):
@ -538,9 +539,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
output.flush() output.flush()
if buildPP: if buildPP:
cmd="checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module) cmd="checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.30.5/audit2allow/audit2allow.1 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.30.6/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2006-03-10 09:48:04.000000000 -0500 --- nsapolicycoreutils/audit2allow/audit2allow.1 2006-03-10 09:48:04.000000000 -0500
+++ policycoreutils-1.30.5/audit2allow/audit2allow.1 2006-04-14 07:44:00.000000000 -0400 +++ policycoreutils-1.30.6/audit2allow/audit2allow.1 2006-04-14 13:50:16.000000000 -0400
@@ -98,6 +98,11 @@ @@ -98,6 +98,11 @@
.PP .PP
.SH EXAMPLE .SH EXAMPLE
@ -553,9 +554,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.
.B Using audit2allow to generate monolithic (non-module) policy .B Using audit2allow to generate monolithic (non-module) policy
$ cd /etc/selinux/$SELINUXTYPE/src/policy $ cd /etc/selinux/$SELINUXTYPE/src/policy
$ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te $ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.5/audit2allow/avc.py diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.6/audit2allow/avc.py
--- nsapolicycoreutils/audit2allow/avc.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/audit2allow/avc.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.30.5/audit2allow/avc.py 2006-04-14 07:44:00.000000000 -0400 +++ policycoreutils-1.30.6/audit2allow/avc.py 2006-04-14 15:46:22.000000000 -0400
@@ -0,0 +1,518 @@ @@ -0,0 +1,518 @@
+#! /usr/bin/env python +#! /usr/bin/env python
+# Copyright (C) 2006 Red Hat +# Copyright (C) 2006 Red Hat
@ -989,6 +990,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic
+ self.seRules[key]=serule(key) + self.seRules[key]=serule(key)
+ if "name" not in AVC.keys(): + if "name" not in AVC.keys():
+ AVC["name"]="" + AVC["name"]=""
+ if "comm" not in AVC.keys():
+ AVC["comm"]=""
+ +
+ self.add_avc(AVC) + self.add_avc(AVC)
+ self.seRules[key].add((AVC["access"], AVC["msg"], AVC["comm"], AVC["name"])) + self.seRules[key].add((AVC["access"], AVC["msg"], AVC["comm"], AVC["name"]))
@ -1049,11 +1052,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic
+ +
+ def analyze(self): + def analyze(self):
+ a=Analyze() + a=Analyze()
+ analysys=a.process(self.AVCS) + for i in a.process(self.AVCS):
+ for i in analysys:
+ print i[0][0] + print i[0][0]
+ print "" + print ""
+ sys.exit(0)
+ +
+ def out(self, require=0, module=""): + def out(self, require=0, module=""):
+ rec="" + rec=""
@ -1075,9 +1076,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic
+ rec += self.seRules[i].out(self.verbose)+"\n" + rec += self.seRules[i].out(self.verbose)+"\n"
+ return rec + return rec
+ +
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.5/restorecond/restorecond.conf diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.6/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2006-03-29 11:08:21.000000000 -0500 --- nsapolicycoreutils/restorecond/restorecond.conf 2006-03-29 11:08:21.000000000 -0500
+++ policycoreutils-1.30.5/restorecond/restorecond.conf 2006-04-14 09:40:32.000000000 -0400 +++ policycoreutils-1.30.6/restorecond/restorecond.conf 2006-04-14 13:50:16.000000000 -0400
@@ -1,4 +1,6 @@ @@ -1,4 +1,6 @@
/etc/resolv.conf /etc/resolv.conf
+/etc/samba/secrets.tdb +/etc/samba/secrets.tdb
@ -1085,82 +1086,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.
/var/run/utmp /var/run/utmp
~/public_html ~/public_html
+~/.mozilla/plugins/libflashplayer.so +~/.mozilla/plugins/libflashplayer.so
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.5/semanage/semanage diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.6/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2006-03-29 15:35:22.000000000 -0500 --- nsapolicycoreutils/semanage/semanage 2006-04-14 13:10:51.000000000 -0400
+++ policycoreutils-1.30.5/semanage/semanage 2006-04-14 07:45:07.000000000 -0400 +++ policycoreutils-1.30.6/semanage/semanage 2006-04-14 13:50:16.000000000 -0400
@@ -32,7 +32,7 @@ @@ -292,6 +292,8 @@
print '\
semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\
semanage login -{a|d|m} [-sr] login_name\n\
-semanage user -{a|d|m} [-LrR] selinux_name\n\
+semanage user -{a|d|m} [-LrRP] selinux_name\n\
semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\
semanage interface -{a|d|m} [-tr] interface_spec\n\
semanage fcontext -{a|d|m} [-frst] file_spec\n\
@@ -60,6 +60,7 @@
-p (named pipe) \n\n\
\
-p, --proto Port protocol (tcp or udp)\n\
+ -P, --prefix Prefix for home directory labeling\n\
-L, --level Default SELinux Level (MLS/MCS Systems only)\n\
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")\n\
-T, --trans SELinux Level Translation (MLS/MCS Systems only)\n\n\
@@ -83,7 +84,7 @@
valid_option["login"] = []
valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
valid_option["user"] = []
- valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles' ]
+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
valid_option["port"] = []
valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--protocol' ]
valid_option["interface"] = []
@@ -109,6 +110,7 @@
setrans = ""
roles = ""
seuser = ""
+ prefix = ""
heading=1
add = 0
@@ -126,7 +128,7 @@
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- 'adf:lhmnp:s:R:L:r:t:T:',
+ 'adf:lhmnp:s:R:L:r:t:T:P:',
['add',
'delete',
'ftype=',
@@ -140,7 +142,8 @@
'level=',
'roles=',
'type=',
- 'trans='
+ 'trans=',
+ 'prefix='
])
for o, a in gopts:
if o not in option_dict[object]:
@@ -185,6 +188,9 @@
if o == "-p" or o == '--proto':
proto = a
+ if o == "-P" or o == '--prefix':
+ prefix = a
+
if o == "-R" or o == '--roles':
roles = roles + " " + a
@@ -235,7 +241,7 @@
rlist = roles.split()
if len(rlist) == 0:
raise ValueError("You must specify a role")
- OBJECT.add(target, rlist, selevel, serange)
+ OBJECT.add(target, rlist, selevel, serange, prefix)
if object == "port":
OBJECT.add(target, proto, serange, setype)
@@ -286,6 +292,8 @@
errorExit("Options Error " + error.msg) errorExit("Options Error " + error.msg)
except ValueError, error: except ValueError, error:
errorExit(error.args[0]) errorExit(error.args[0])
@ -1169,49 +1098,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
except IOError, error: except IOError, error:
errorExit(error.args[1]) errorExit(error.args[1])
except KeyboardInterrupt, error: except KeyboardInterrupt, error:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.5/semanage/seobject.py diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.6/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2006-03-29 15:35:22.000000000 -0500 --- nsapolicycoreutils/semanage/seobject.py 2006-04-14 13:10:51.000000000 -0400
+++ policycoreutils-1.30.5/semanage/seobject.py 2006-04-14 07:47:13.000000000 -0400 +++ policycoreutils-1.30.6/semanage/seobject.py 2006-04-14 13:52:19.000000000 -0400
@@ -381,7 +381,7 @@ @@ -455,6 +455,8 @@
def __init__(self):
semanageRecords.__init__(self)
- def add(self, name, roles, selevel, serange):
+ def add(self, name, roles, selevel, serange, prefix):
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
@@ -427,6 +427,9 @@
if rc < 0:
raise ValueError("Could not set MLS level for %s" % name)
+ rc = semanage_user_set_prefix(self.sh, u, prefix)
+ if rc < 0:
+ raise ValueError("Could not add prefix %s for %s" % (r, prefix))
(rc,key) = semanage_user_key_extract(self.sh,u)
if rc < 0:
raise ValueError("Could not extract key for %s" % name)
@@ -451,13 +454,15 @@
semanage_user_key_free(k)
semanage_user_free(u) semanage_user_free(u)
- def modify(self, name, roles = [], selevel = "", serange = ""): def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
+ def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
+ oldroles="" + oldroles=""
+ newroles = string.join(roles, ' '); + newroles = string.join(roles, ' ');
try: try:
- if len(roles) == 0 and serange == "" and selevel == "": if prefix == "" and len(roles) == 0 and serange == "" and selevel == "":
+ if prefix == "" and len(roles) == 0 and serange == "" and selevel == "":
if is_mls_enabled == 1: if is_mls_enabled == 1:
- raise ValueError("Requires roles, level or range") @@ -476,6 +478,13 @@
+ raise ValueError("Requires prefix, roles, level or range")
else:
- raise ValueError("Requires roles")
+ raise ValueError("Requires prefix or roles")
(rc,k) = semanage_user_key_create(self.sh, name)
if rc < 0:
@@ -473,11 +478,21 @@
if rc < 0: if rc < 0:
raise ValueError("Could not query user for %s" % name) raise ValueError("Could not query user for %s" % name)
@ -1225,15 +1124,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
if serange != "": if serange != "":
semanage_user_set_mlsrange(self.sh, u, untranslate(serange)) semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
if selevel != "": if selevel != "":
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel)) @@ -501,10 +510,11 @@
+ if prefix != "":
+ semanage_user_set_prefix(self.sh, u, prefix)
+
if len(roles) != 0:
for r in roles:
semanage_user_add_role(self.sh, u, r)
@@ -495,10 +510,11 @@
raise ValueError("Could not modify SELinux user %s" % name) raise ValueError("Could not modify SELinux user %s" % name)
except ValueError, error: except ValueError, error:
@ -1247,9 +1138,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
semanage_user_key_free(k) semanage_user_key_free(k)
semanage_user_free(u) semanage_user_free(u)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/setsebool.8 policycoreutils-1.30.5/setsebool/setsebool.8 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/setsebool.8 policycoreutils-1.30.6/setsebool/setsebool.8
--- nsapolicycoreutils/setsebool/setsebool.8 2005-11-04 15:37:49.000000000 -0500 --- nsapolicycoreutils/setsebool/setsebool.8 2005-11-04 15:37:49.000000000 -0500
+++ policycoreutils-1.30.5/setsebool/setsebool.8 2006-04-14 07:44:00.000000000 -0400 +++ policycoreutils-1.30.6/setsebool/setsebool.8 2006-04-14 13:50:16.000000000 -0400
@@ -17,7 +17,7 @@ @@ -17,7 +17,7 @@
are not changed. are not changed.

View File

@ -4,8 +4,8 @@
%define libselinuxver 1.30.3-1 %define libselinuxver 1.30.3-1
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.30.5 Version: 1.30.6
Release: 2 Release: 1
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -108,11 +108,10 @@ rm -rf ${RPM_BUILD_ROOT}
/sbin/service restorecond condrestart /sbin/service restorecond condrestart
%changelog %changelog
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-2 * Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-1
- Add /etc/samba/secrets.tdb to restorecond.conf - Add /etc/samba/secrets.tdb to restorecond.conf
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-1
- Update from upstream - Update from upstream
* Merged semanage prefix support from Russell Coker.
* Added a test to setfiles to check that the spec file is * Added a test to setfiles to check that the spec file is
a regular file. a regular file.

View File

@ -1 +1 @@
b3eba7a93507ee2e576c184854d01610 policycoreutils-1.30.5.tgz 8debed023798b5de5252be47d5fd1b1b policycoreutils-1.30.6.tgz