rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-1 

- Add /etc/samba/secrets.tdb to restorecond.conf
- Update from upstream
	* Merged semanage prefix support from Russell Coker.
	* Added a test to setfiles to check that the spec file is
	  a regular file.
This commit is contained in:
Daniel J Walsh 2006-04-14 19:47:03 +00:00
parent 333aa50e52
commit e94e3a00f6
4 changed files with 33 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -97,3 +97,4 @@ policycoreutils-1.30.tgz
policycoreutils-1.30.1.tgz
policycoreutils-1.30.4.tgz
policycoreutils-1.30.5.tgz
policycoreutils-1.30.6.tgz

163
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.5/audit2allow/audit2allow
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.6/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2006-03-29 15:35:22.000000000 -0500
+++ policycoreutils-1.30.5/audit2allow/audit2allow 2006-04-14 07:44:00.000000000 -0400
+++ policycoreutils-1.30.6/audit2allow/audit2allow 2006-04-14 15:07:36.000000000 -0400
@@ -24,431 +24,8 @@
# 02111-1307 USA
#
@ -495,7 +495,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
if o == "-R" or o == "--reference":
ref_ind=True
@@ -565,25 +144,37 @@
@@ -565,25 +144,38 @@
if o == "-v" or o == "--verbose":
verbose=1
@ -524,6 +524,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+
+ if analyze:
+ serules.analyze()
+ sys.exit(0)
- if auditlogs:
+ if auditlogs and os.path.exists("/var/log/audit/audit.log"):
@ -538,9 +539,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
output.flush()
if buildPP:
cmd="checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.30.5/audit2allow/audit2allow.1
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.30.6/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2006-03-10 09:48:04.000000000 -0500
+++ policycoreutils-1.30.5/audit2allow/audit2allow.1 2006-04-14 07:44:00.000000000 -0400
+++ policycoreutils-1.30.6/audit2allow/audit2allow.1 2006-04-14 13:50:16.000000000 -0400
@@ -98,6 +98,11 @@
.PP
.SH EXAMPLE
@ -553,9 +554,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.
.B Using audit2allow to generate monolithic (non-module) policy
$ cd /etc/selinux/$SELINUXTYPE/src/policy
$ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.5/audit2allow/avc.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.6/audit2allow/avc.py
--- nsapolicycoreutils/audit2allow/avc.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.30.5/audit2allow/avc.py 2006-04-14 07:44:00.000000000 -0400
+++ policycoreutils-1.30.6/audit2allow/avc.py 2006-04-14 15:46:22.000000000 -0400
@@ -0,0 +1,518 @@
+#! /usr/bin/env python
+# Copyright (C) 2006 Red Hat
@ -989,6 +990,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic
+ self.seRules[key]=serule(key)
+ if "name" not in AVC.keys():
+ AVC["name"]=""
+ if "comm" not in AVC.keys():
+ AVC["comm"]=""
+
+ self.add_avc(AVC)
+ self.seRules[key].add((AVC["access"], AVC["msg"], AVC["comm"], AVC["name"]))
@ -1049,11 +1052,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic
+
+ def analyze(self):
+ a=Analyze()
+ analysys=a.process(self.AVCS)
+ for i in analysys:
+ for i in a.process(self.AVCS):
+ print i[0][0]
+ print ""
+ sys.exit(0)
+
+ def out(self, require=0, module=""):
+ rec=""
@ -1075,9 +1076,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/avc.py polic
+ rec += self.seRules[i].out(self.verbose)+"\n"
+ return rec
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.5/restorecond/restorecond.conf
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.6/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2006-03-29 11:08:21.000000000 -0500
+++ policycoreutils-1.30.5/restorecond/restorecond.conf 2006-04-14 09:40:32.000000000 -0400
+++ policycoreutils-1.30.6/restorecond/restorecond.conf 2006-04-14 13:50:16.000000000 -0400
@@ -1,4 +1,6 @@
/etc/resolv.conf
+/etc/samba/secrets.tdb
@ -1085,82 +1086,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.
/var/run/utmp
~/public_html
+~/.mozilla/plugins/libflashplayer.so
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.5/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2006-03-29 15:35:22.000000000 -0500
+++ policycoreutils-1.30.5/semanage/semanage 2006-04-14 07:45:07.000000000 -0400
@@ -32,7 +32,7 @@
print '\
semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\
semanage login -{a|d|m} [-sr] login_name\n\
-semanage user -{a|d|m} [-LrR] selinux_name\n\
+semanage user -{a|d|m} [-LrRP] selinux_name\n\
semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\
semanage interface -{a|d|m} [-tr] interface_spec\n\
semanage fcontext -{a|d|m} [-frst] file_spec\n\
@@ -60,6 +60,7 @@
-p (named pipe) \n\n\
\
-p, --proto Port protocol (tcp or udp)\n\
+ -P, --prefix Prefix for home directory labeling\n\
-L, --level Default SELinux Level (MLS/MCS Systems only)\n\
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")\n\
-T, --trans SELinux Level Translation (MLS/MCS Systems only)\n\n\
@@ -83,7 +84,7 @@
valid_option["login"] = []
valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
valid_option["user"] = []
- valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles' ]
+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
valid_option["port"] = []
valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--protocol' ]
valid_option["interface"] = []
@@ -109,6 +110,7 @@
setrans = ""
roles = ""
seuser = ""
+ prefix = ""
heading=1
add = 0
@@ -126,7 +128,7 @@
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- 'adf:lhmnp:s:R:L:r:t:T:',
+ 'adf:lhmnp:s:R:L:r:t:T:P:',
['add',
'delete',
'ftype=',
@@ -140,7 +142,8 @@
'level=',
'roles=',
'type=',
- 'trans='
+ 'trans=',
+ 'prefix='
])
for o, a in gopts:
if o not in option_dict[object]:
@@ -185,6 +188,9 @@
if o == "-p" or o == '--proto':
proto = a
+ if o == "-P" or o == '--prefix':
+ prefix = a
+
if o == "-R" or o == '--roles':
roles = roles + " " + a
@@ -235,7 +241,7 @@
rlist = roles.split()
if len(rlist) == 0:
raise ValueError("You must specify a role")
- OBJECT.add(target, rlist, selevel, serange)
+ OBJECT.add(target, rlist, selevel, serange, prefix)
if object == "port":
OBJECT.add(target, proto, serange, setype)
@@ -286,6 +292,8 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.6/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2006-04-14 13:10:51.000000000 -0400
+++ policycoreutils-1.30.6/semanage/semanage 2006-04-14 13:50:16.000000000 -0400
@@ -292,6 +292,8 @@
errorExit("Options Error " + error.msg)
except ValueError, error:
errorExit(error.args[0])
@ -1169,49 +1098,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
except IOError, error:
errorExit(error.args[1])
except KeyboardInterrupt, error:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.5/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2006-03-29 15:35:22.000000000 -0500
+++ policycoreutils-1.30.5/semanage/seobject.py 2006-04-14 07:47:13.000000000 -0400
@@ -381,7 +381,7 @@
def __init__(self):
semanageRecords.__init__(self)
- def add(self, name, roles, selevel, serange):
+ def add(self, name, roles, selevel, serange, prefix):
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
@@ -427,6 +427,9 @@
if rc < 0:
raise ValueError("Could not set MLS level for %s" % name)
+ rc = semanage_user_set_prefix(self.sh, u, prefix)
+ if rc < 0:
+ raise ValueError("Could not add prefix %s for %s" % (r, prefix))
(rc,key) = semanage_user_key_extract(self.sh,u)
if rc < 0:
raise ValueError("Could not extract key for %s" % name)
@@ -451,13 +454,15 @@
semanage_user_key_free(k)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.6/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2006-04-14 13:10:51.000000000 -0400
+++ policycoreutils-1.30.6/semanage/seobject.py 2006-04-14 13:52:19.000000000 -0400
@@ -455,6 +455,8 @@
semanage_user_free(u)
- def modify(self, name, roles = [], selevel = "", serange = ""):
+ def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
+ oldroles=""
+ newroles = string.join(roles, ' ');
try:
- if len(roles) == 0 and serange == "" and selevel == "":
+ if prefix == "" and len(roles) == 0 and serange == "" and selevel == "":
if prefix == "" and len(roles) == 0 and serange == "" and selevel == "":
if is_mls_enabled == 1:
- raise ValueError("Requires roles, level or range")
+ raise ValueError("Requires prefix, roles, level or range")
else:
- raise ValueError("Requires roles")
+ raise ValueError("Requires prefix or roles")
(rc,k) = semanage_user_key_create(self.sh, name)
if rc < 0:
@@ -473,11 +478,21 @@
@@ -476,6 +478,13 @@
if rc < 0:
raise ValueError("Could not query user for %s" % name)
@ -1225,15 +1124,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
if serange != "":
semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
if selevel != "":
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
+ if prefix != "":
+ semanage_user_set_prefix(self.sh, u, prefix)
+
if len(roles) != 0:
for r in roles:
semanage_user_add_role(self.sh, u, r)
@@ -495,10 +510,11 @@
@@ -501,10 +510,11 @@
raise ValueError("Could not modify SELinux user %s" % name)
except ValueError, error:
@ -1247,9 +1138,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
semanage_user_key_free(k)
semanage_user_free(u)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/setsebool.8 policycoreutils-1.30.5/setsebool/setsebool.8
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/setsebool.8 policycoreutils-1.30.6/setsebool/setsebool.8
--- nsapolicycoreutils/setsebool/setsebool.8 2005-11-04 15:37:49.000000000 -0500
+++ policycoreutils-1.30.5/setsebool/setsebool.8 2006-04-14 07:44:00.000000000 -0400
+++ policycoreutils-1.30.6/setsebool/setsebool.8 2006-04-14 13:50:16.000000000 -0400
@@ -17,7 +17,7 @@
are not changed.

9
policycoreutils.spec
View File

@ -4,8 +4,8 @@
%define libselinuxver 1.30.3-1
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.30.5
Release: 2
Version: 1.30.6
Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -108,11 +108,10 @@ rm -rf ${RPM_BUILD_ROOT}
/sbin/service restorecond condrestart
%changelog
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-2
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-1
- Add /etc/samba/secrets.tdb to restorecond.conf
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-1
- Update from upstream
* Merged semanage prefix support from Russell Coker.
* Added a test to setfiles to check that the spec file is
a regular file.

2
sources
View File

@ -1 +1 @@
b3eba7a93507ee2e576c184854d01610 policycoreutils-1.30.5.tgz
8debed023798b5de5252be47d5fd1b1b policycoreutils-1.30.6.tgz