From ee898f2f7eaaab65d71095cbb2fc3916269afbbc Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 28 May 2005 05:29:19 +0000 Subject: [PATCH] * Sat May 28 2005 Dan Walsh 1.23.11-3 - Add Ivan's patch for user role changes in genhomedircon --- policycoreutils-rhat.patch | 39 ++++++++++++++++++++++++++++++++++++-- policycoreutils.spec | 5 ++++- 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 4dd7d0a..0f8db5f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-1.23.11/load_policy/load_policy.c --- nsapolicycoreutils/load_policy/load_policy.c 2005-04-14 07:22:16.000000000 -0400 -+++ policycoreutils-1.23.11/load_policy/load_policy.c 2005-05-26 10:49:44.000000000 -0400 ++++ policycoreutils-1.23.11/load_policy/load_policy.c 2005-05-28 01:25:28.000000000 -0400 @@ -103,7 +103,7 @@ if (errno == ENOENT || errno == EINVAL) { /* No booleans file or stale booleans in the file; non-fatal. */ @@ -30,7 +30,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/load_policy/load_policy. exit(2); diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.11/newrole/newrole.c --- nsapolicycoreutils/newrole/newrole.c 2005-05-20 13:15:12.000000000 -0400 -+++ policycoreutils-1.23.11/newrole/newrole.c 2005-05-26 08:46:35.000000000 -0400 ++++ policycoreutils-1.23.11/newrole/newrole.c 2005-05-28 01:25:28.000000000 -0400 @@ -198,6 +198,11 @@ result = 0; /* user authenticated OK! */ } @@ -43,3 +43,38 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policy /* We're done with PAM. Free `pam_handle'. */ pam_end( pam_handle, PAM_SUCCESS ); +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.23.11/scripts/genhomedircon +--- nsapolicycoreutils/scripts/genhomedircon 2005-04-14 07:22:16.000000000 -0400 ++++ policycoreutils-1.23.11/scripts/genhomedircon 2005-05-28 01:26:50.000000000 -0400 +@@ -357,16 +357,22 @@ + return udict + + def getHomeDirContext(self, user, home, role): +- ret="\n\n#\n# Context for user %s\n#\n\n" % user ++ ret="\n\n#\n# Home Context for user %s\n#\n\n" % user + rc=commands.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user)) + return ret + rc[1] + "\n" + ++ def getUserContext(self, user, sel_user, role): ++ ret="\n\n#\n# Other Context for user %s\n#\n\n" % user ++ rc=commands.getstatusoutput("grep 'USER' %s | sed -e 's/USER/%s/' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), user, role, sel_user)) ++ return ret + rc[1] + "\n" ++ + def genHomeDirContext(self): + users = self.getUsers() + ret="" + # Fill in HOME and ROLE for users that are defined + for u in users.keys(): + ret += self.getHomeDirContext (u, users[u]["home"], users[u]["role"]) ++ ret += self.getUserContext (u, u, users[u]["role"]) + return ret+"\n" + + def checkExists(self, home): +@@ -428,6 +434,7 @@ + ret= self.heading() + for h in self.getHomeDirs(): + ret += self.getHomeDirContext ("user_u" , h+'/[^/]*', "user") ++ ret += self.getUserContext(".*", "user_u", "user") + "\n" + ret += self.getHomeRootContext(h) + ret += self.genHomeDirContext() + return ret diff --git a/policycoreutils.spec b/policycoreutils.spec index 4b6c85d..b67cec2 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -3,7 +3,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.23.11 -Release: 2 +Release: 3 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -84,6 +84,9 @@ rm -rf ${RPM_BUILD_ROOT} %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog +* Sat May 28 2005 Dan Walsh 1.23.11-3 +- Add Ivan's patch for user role changes in genhomedircon + * Thu May 26 2005 Dan Walsh 1.23.11-2 - Fix warning message on reload of booleans