* Mon Dec 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
- Fix audit2allow getopt calls - Fix audit2allow error message - Fix chcat to not crash on large number of categories
This commit is contained in:
parent
7da1477333
commit
e94935d28d
@ -189,3 +189,4 @@ policycoreutils-2.0.54.tgz
|
||||
policycoreutils-2.0.55.tgz
|
||||
policycoreutils-2.0.56.tgz
|
||||
policycoreutils-2.0.57.tgz
|
||||
sepolgen-1.0.14.tgz
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.57/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/Makefile 2008-10-10 16:04:46.000000000 -0400
|
||||
--- nsapolicycoreutils/Makefile 2008-09-22 13:25:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/Makefile 2008-12-01 15:20:08.000000000 -0500
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||
@ -8,8 +8,42 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.57/audit2allow/audit2allow
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow 2008-10-30 14:21:33.000000000 -0400
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow 2008-09-22 13:25:08.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow 2008-12-01 15:22:30.000000000 -0500
|
||||
@@ -42,10 +42,10 @@
|
||||
from optparse import OptionParser
|
||||
|
||||
parser = OptionParser(version=self.VERSION)
|
||||
- parser.add_option("-a", "--audit", action="store_true", dest="audit", default=False,
|
||||
+ parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
|
||||
help="read input from audit log - conflicts with -i")
|
||||
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
|
||||
- help="read input from dmesg - conflicts with --audit and --input")
|
||||
+ help="read input from dmesg - conflicts with --all and --input")
|
||||
parser.add_option("-i", "--input", dest="input",
|
||||
help="read input from <input> - conflicts with -a")
|
||||
parser.add_option("-l", "--lastreload", action="store_true", dest="lastreload", default=False,
|
||||
@@ -82,9 +82,9 @@
|
||||
# Make -d, -a, and -i conflict
|
||||
if options.audit is True:
|
||||
if options.input is not None:
|
||||
- sys.stderr.write("error: --audit conflicts with --input\n")
|
||||
+ sys.stderr.write("error: --all conflicts with --input\n")
|
||||
if options.dmesg is True:
|
||||
- sys.stderr.write("error: --audit conflicts with --dmesg\n")
|
||||
+ sys.stderr.write("error: --all conflicts with --dmesg\n")
|
||||
if options.input is not None and options.dmesg is True:
|
||||
sys.stderr.write("error: --input conflicts with --dmesg\n")
|
||||
|
||||
@@ -200,7 +200,7 @@
|
||||
try:
|
||||
fd = open(filename, "w")
|
||||
except IOError, e:
|
||||
- sys.stderr.write("could not write output file: %s\n", str(e))
|
||||
+ sys.stderr.write("could not write output file: %s\n" % str(e))
|
||||
sys.exit(1)
|
||||
|
||||
writer.write(generator.get_module(), fd)
|
||||
@@ -287,7 +287,11 @@
|
||||
def __output(self):
|
||||
|
||||
@ -24,9 +58,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
||||
g = policygen.PolicyGenerator()
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.57/audit2allow/audit2allow.1
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2008-10-29 09:44:41.000000000 -0400
|
||||
@@ -82,7 +82,7 @@
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-09-22 13:25:08.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2008-12-01 15:22:34.000000000 -0500
|
||||
@@ -44,9 +44,6 @@
|
||||
Note that all audit messages are not available via dmesg when
|
||||
auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
|
||||
.TP
|
||||
-.B "\-f" | "\-\-fcfile" <File Context File>
|
||||
-Add File Context File to generated Module Package. Requires -M option.
|
||||
-.TP
|
||||
.B "\-h" | "\-\-help"
|
||||
Print a short usage message
|
||||
.TP
|
||||
@@ -82,7 +79,7 @@
|
||||
Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
||||
.TP
|
||||
.B "\-w" | "\-\-why"
|
||||
@ -36,8 +80,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
||||
.TP
|
||||
.B "\-v" | "\-\-verbose"
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.57/newrole/newrole.c
|
||||
--- nsapolicycoreutils/newrole/newrole.c 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/newrole/newrole.c 2008-10-17 16:43:52.000000000 -0400
|
||||
--- nsapolicycoreutils/newrole/newrole.c 2008-09-22 13:25:08.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/newrole/newrole.c 2008-12-01 15:20:08.000000000 -0500
|
||||
@@ -553,7 +553,7 @@
|
||||
new_caps = cap_init();
|
||||
tmp_caps = cap_init();
|
||||
@ -56,9 +100,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
||||
return -1;
|
||||
}
|
||||
rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET);
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.57/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2008-09-22 13:25:08.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/scripts/chcat 2008-12-01 15:23:46.000000000 -0500
|
||||
@@ -291,6 +291,8 @@
|
||||
for i in c.split(","):
|
||||
if i not in newcats:
|
||||
newcats.append(i)
|
||||
+ if len(newcats) > 25:
|
||||
+ return cats
|
||||
return newcats
|
||||
|
||||
def translate(cats):
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.57/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-09-12 11:48:15.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/semanage/seobject.py 2008-10-28 15:48:14.000000000 -0400
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-09-22 13:25:08.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/semanage/seobject.py 2008-12-01 15:20:08.000000000 -0500
|
||||
@@ -35,7 +35,7 @@
|
||||
import __builtin__
|
||||
__builtin__.__dict__['_'] = unicode
|
||||
|
@ -1,39 +1,18 @@
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/policygen.py
|
||||
--- nsasepolgen/src/sepolgen/policygen.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/policygen.py 2008-09-11 09:26:52.000000000 -0400
|
||||
@@ -134,6 +134,10 @@
|
||||
m.refpolicy = False
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py
|
||||
--- nsasepolgen/src/sepolgen/access.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py 2008-12-01 11:41:09.000000000 -0500
|
||||
@@ -314,7 +314,7 @@
|
||||
|
||||
def get_module(self):
|
||||
+ # Generate the requires
|
||||
+ if self.gen_requires:
|
||||
+ gen_requires(self.module)
|
||||
+
|
||||
"""Return the generated module"""
|
||||
return self.module
|
||||
def __len__(self):
|
||||
"""Return the unique number of role allow statements."""
|
||||
- return len(self.roles)
|
||||
+ return len(self.role_type.keys())
|
||||
|
||||
@@ -163,18 +167,10 @@
|
||||
# Generate the raw allow rules from the filtered list
|
||||
self.__add_allow_rules(raw_allow)
|
||||
|
||||
- # Generate the requires
|
||||
- if self.gen_requires:
|
||||
- gen_requires(self.module)
|
||||
-
|
||||
def add_role_types(self, role_type_set):
|
||||
for role_type in role_type_set:
|
||||
self.module.children.append(role_type)
|
||||
|
||||
- # Generate the requires
|
||||
- if self.gen_requires:
|
||||
- gen_requires(self.module)
|
||||
-
|
||||
def explain_access(av, ml=None, verbosity=SHORT_EXPLANATION):
|
||||
"""Explain why a policy statement was generated.
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/refparser.py
|
||||
def add(self, role, type):
|
||||
if self.role_types.has_key(role):
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py
|
||||
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/refparser.py 2008-08-29 14:34:59.000000000 -0400
|
||||
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py 2008-12-01 11:26:20.000000000 -0500
|
||||
@@ -919,7 +919,7 @@
|
||||
def list_headers(root):
|
||||
modules = []
|
||||
|
@ -2,11 +2,11 @@
|
||||
%define libsepolver 2.0.19-1
|
||||
%define libsemanagever 2.0.28-1
|
||||
%define libselinuxver 2.0.46-5
|
||||
%define sepolgenver 1.0.13
|
||||
%define sepolgenver 1.0.14
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.57
|
||||
Release: 11%{?dist}
|
||||
Release: 12%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -192,6 +192,11 @@ if [ "$1" -ge "1" ]; then
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Mon Dec 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
|
||||
- Fix audit2allow getopt calls
|
||||
- Fix audit2allow error message
|
||||
- Fix chcat to not crash on large number of categories
|
||||
|
||||
* Tue Nov 04 2008 Jesse Keating <jkeating@redhat.com> - 2.0.57-11
|
||||
- Move the usermode-gtk requires to the -gui subpackage.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user