rpms/policycoreutils
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Mon Dec 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12

Browse Source 
- Fix audit2allow getopt calls
- Fix audit2allow error message
- Fix chcat to not crash on large number of categories
This commit is contained in:
Daniel J Walsh 2008-12-01 20:28:00 +00:00
parent 7da1477333
commit e94935d28d
5 changed files with 88 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -189,3 +189,4 @@ policycoreutils-2.0.54.tgz
policycoreutils-2.0.55.tgz
policycoreutils-2.0.56.tgz
policycoreutils-2.0.57.tgz
sepolgen-1.0.14.tgz

78
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.57/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.57/Makefile 2008-10-10 16:04:46.000000000 -0400
--- nsapolicycoreutils/Makefile 2008-09-22 13:25:07.000000000 -0400
+++ policycoreutils-2.0.57/Makefile 2008-12-01 15:20:08.000000000 -0500
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@ -8,8 +8,42 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.57/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.57/audit2allow/audit2allow 2008-10-30 14:21:33.000000000 -0400
--- nsapolicycoreutils/audit2allow/audit2allow 2008-09-22 13:25:08.000000000 -0400
+++ policycoreutils-2.0.57/audit2allow/audit2allow 2008-12-01 15:22:30.000000000 -0500
@@ -42,10 +42,10 @@
from optparse import OptionParser
parser = OptionParser(version=self.VERSION)
- parser.add_option("-a", "--audit", action="store_true", dest="audit", default=False,
+ parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
help="read input from audit log - conflicts with -i")
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
- help="read input from dmesg - conflicts with --audit and --input")
+ help="read input from dmesg - conflicts with --all and --input")
parser.add_option("-i", "--input", dest="input",
help="read input from <input> - conflicts with -a")
parser.add_option("-l", "--lastreload", action="store_true", dest="lastreload", default=False,
@@ -82,9 +82,9 @@
# Make -d, -a, and -i conflict
if options.audit is True:
if options.input is not None:
- sys.stderr.write("error: --audit conflicts with --input\n")
+ sys.stderr.write("error: --all conflicts with --input\n")
if options.dmesg is True:
- sys.stderr.write("error: --audit conflicts with --dmesg\n")
+ sys.stderr.write("error: --all conflicts with --dmesg\n")
if options.input is not None and options.dmesg is True:
sys.stderr.write("error: --input conflicts with --dmesg\n")
@@ -200,7 +200,7 @@
try:
fd = open(filename, "w")
except IOError, e:
- sys.stderr.write("could not write output file: %s\n", str(e))
+ sys.stderr.write("could not write output file: %s\n" % str(e))
sys.exit(1)
writer.write(generator.get_module(), fd)
@@ -287,7 +287,11 @@
def __output(self):
@ -24,9 +58,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
g = policygen.PolicyGenerator()
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.57/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2008-10-29 09:44:41.000000000 -0400
@@ -82,7 +82,7 @@
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-09-22 13:25:08.000000000 -0400
+++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2008-12-01 15:22:34.000000000 -0500
@@ -44,9 +44,6 @@
Note that all audit messages are not available via dmesg when
auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
.TP
-.B "\-f" | "\-\-fcfile" <File Context File>
-Add File Context File to generated Module Package. Requires -M option.
-.TP
.B "\-h" | "\-\-help"
Print a short usage message
.TP
@@ -82,7 +79,7 @@
Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
.TP
.B "\-w" | "\-\-why"
@ -36,8 +80,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
.TP
.B "\-v" | "\-\-verbose"
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.57/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.57/newrole/newrole.c 2008-10-17 16:43:52.000000000 -0400
--- nsapolicycoreutils/newrole/newrole.c 2008-09-22 13:25:08.000000000 -0400
+++ policycoreutils-2.0.57/newrole/newrole.c 2008-12-01 15:20:08.000000000 -0500
@@ -553,7 +553,7 @@
new_caps = cap_init();
tmp_caps = cap_init();
@ -56,9 +100,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
return -1;
}
rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET);
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.57/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2008-09-22 13:25:08.000000000 -0400
+++ policycoreutils-2.0.57/scripts/chcat 2008-12-01 15:23:46.000000000 -0500
@@ -291,6 +291,8 @@
for i in c.split(","):
if i not in newcats:
newcats.append(i)
+ if len(newcats) > 25:
+ return cats
return newcats
def translate(cats):
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.57/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2008-09-12 11:48:15.000000000 -0400
+++ policycoreutils-2.0.57/semanage/seobject.py 2008-10-28 15:48:14.000000000 -0400
--- nsapolicycoreutils/semanage/seobject.py 2008-09-22 13:25:08.000000000 -0400
+++ policycoreutils-2.0.57/semanage/seobject.py 2008-12-01 15:20:08.000000000 -0500
@@ -35,7 +35,7 @@
import __builtin__
__builtin__.__dict__['_'] = unicode

45
policycoreutils-sepolgen.patch
View File

@ -1,39 +1,18 @@
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/policygen.py
--- nsasepolgen/src/sepolgen/policygen.py 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/policygen.py 2008-09-11 09:26:52.000000000 -0400
@@ -134,6 +134,10 @@
m.refpolicy = False
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py
--- nsasepolgen/src/sepolgen/access.py 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py 2008-12-01 11:41:09.000000000 -0500
@@ -314,7 +314,7 @@
def get_module(self):
+ # Generate the requires
+ if self.gen_requires:
+ gen_requires(self.module)
+
"""Return the generated module"""
return self.module
def __len__(self):
"""Return the unique number of role allow statements."""
- return len(self.roles)
+ return len(self.role_type.keys())
@@ -163,18 +167,10 @@
# Generate the raw allow rules from the filtered list
self.__add_allow_rules(raw_allow)
- # Generate the requires
- if self.gen_requires:
- gen_requires(self.module)
-
def add_role_types(self, role_type_set):
for role_type in role_type_set:
self.module.children.append(role_type)
- # Generate the requires
- if self.gen_requires:
- gen_requires(self.module)
-
def explain_access(av, ml=None, verbosity=SHORT_EXPLANATION):
"""Explain why a policy statement was generated.
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/refparser.py
def add(self, role, type):
if self.role_types.has_key(role):
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/refparser.py 2008-08-29 14:34:59.000000000 -0400
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py 2008-12-01 11:26:20.000000000 -0500
@@ -919,7 +919,7 @@
def list_headers(root):
modules = []

9
policycoreutils.spec
View File

@ -2,11 +2,11 @@
%define libsepolver 2.0.19-1
%define libsemanagever 2.0.28-1
%define libselinuxver 2.0.46-5
%define sepolgenver 1.0.13
%define sepolgenver 1.0.14
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.57
Release: 11%{?dist}
Release: 12%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -192,6 +192,11 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Mon Dec 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
- Fix audit2allow getopt calls
- Fix audit2allow error message
- Fix chcat to not crash on large number of categories
* Tue Nov 04 2008 Jesse Keating <jkeating@redhat.com> - 2.0.57-11
- Move the usermode-gtk requires to the -gui subpackage.

2
sources
View File

@ -1,2 +1,2 @@
b6756a012c26f414e4a5f8f438ce2188 sepolgen-1.0.13.tgz
52b590e33e13ed8aa10610237e8fa8d7 policycoreutils-2.0.57.tgz
df57d9d33c940c60994c6cbaa9f8e4a3 sepolgen-1.0.14.tgz