Compare commits
17 Commits
Author | SHA1 | Date |
---|---|---|
|
43248abeda | |
|
9e9fd7456a | |
|
dc7c2791e5 | |
|
c6891da0ed | |
|
b65ecbc7c2 | |
|
20846cdedc | |
|
b48c6c02b4 | |
|
53a0edbbd4 | |
|
d8f892f305 | |
|
3236a9a844 | |
|
f99d83ab74 | |
|
8ffeaf4bdd | |
|
bf8422685f | |
|
a1e7893bdc | |
|
2353cbd5a1 | |
|
e94935d28d | |
|
7da1477333 |
|
@ -189,3 +189,5 @@ policycoreutils-2.0.54.tgz
|
|||
policycoreutils-2.0.55.tgz
|
||||
policycoreutils-2.0.56.tgz
|
||||
policycoreutils-2.0.57.tgz
|
||||
sepolgen-1.0.14.tgz
|
||||
policycoreutils_man_ru2.tar.bz2
|
2
Makefile
2
Makefile
|
@ -4,7 +4,7 @@ NAME := policycoreutils
|
|||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
|
File diff suppressed because it is too large
Load Diff
160690
policycoreutils-po.patch
160690
policycoreutils-po.patch
File diff suppressed because it is too large
Load Diff
|
@ -1,15 +1,40 @@
|
|||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.57/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/Makefile 2008-10-10 16:04:46.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.57/audit2allow/audit2allow
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -42,10 +42,10 @@
|
||||
from optparse import OptionParser
|
||||
|
||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||
parser = OptionParser(version=self.VERSION)
|
||||
- parser.add_option("-a", "--audit", action="store_true", dest="audit", default=False,
|
||||
+ parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
|
||||
help="read input from audit log - conflicts with -i")
|
||||
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
|
||||
- help="read input from dmesg - conflicts with --audit and --input")
|
||||
+ help="read input from dmesg - conflicts with --all and --input")
|
||||
parser.add_option("-i", "--input", dest="input",
|
||||
help="read input from <input> - conflicts with -a")
|
||||
parser.add_option("-l", "--lastreload", action="store_true", dest="lastreload", default=False,
|
||||
@@ -82,9 +82,9 @@
|
||||
# Make -d, -a, and -i conflict
|
||||
if options.audit is True:
|
||||
if options.input is not None:
|
||||
- sys.stderr.write("error: --audit conflicts with --input\n")
|
||||
+ sys.stderr.write("error: --all conflicts with --input\n")
|
||||
if options.dmesg is True:
|
||||
- sys.stderr.write("error: --audit conflicts with --dmesg\n")
|
||||
+ sys.stderr.write("error: --all conflicts with --dmesg\n")
|
||||
if options.input is not None and options.dmesg is True:
|
||||
sys.stderr.write("error: --input conflicts with --dmesg\n")
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.57/audit2allow/audit2allow
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow 2008-10-30 14:21:33.000000000 -0400
|
||||
@@ -200,7 +200,7 @@
|
||||
try:
|
||||
fd = open(filename, "w")
|
||||
except IOError, e:
|
||||
- sys.stderr.write("could not write output file: %s\n", str(e))
|
||||
+ sys.stderr.write("could not write output file: %s\n" % str(e))
|
||||
sys.exit(1)
|
||||
|
||||
writer.write(generator.get_module(), fd)
|
||||
@@ -287,7 +287,11 @@
|
||||
def __output(self):
|
||||
|
||||
|
@ -23,21 +48,44 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
|||
|
||||
g = policygen.PolicyGenerator()
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.57/audit2allow/audit2allow.1
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2008-10-29 09:44:41.000000000 -0400
|
||||
@@ -82,7 +82,7 @@
|
||||
Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.57/audit2allow/audit2allow.1
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -44,9 +44,6 @@
|
||||
Note that all audit messages are not available via dmesg when
|
||||
auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
|
||||
.TP
|
||||
-.B "\-f" | "\-\-fcfile" <File Context File>
|
||||
-Add File Context File to generated Module Package. Requires -M option.
|
||||
-.TP
|
||||
.B "\-h" | "\-\-help"
|
||||
Print a short usage message
|
||||
.TP
|
||||
@@ -78,11 +75,8 @@
|
||||
Generate reference policy using installed macros.
|
||||
This attempts to match denials against interfaces and may be inaccurate.
|
||||
.TP
|
||||
-.B "\-t " | "\-\-tefile"
|
||||
-Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
||||
-.TP
|
||||
.B "\-w" | "\-\-why"
|
||||
-Translates SELinux audit messages into a description of why the access wasn denied
|
||||
+Translates SELinux audit messages into a description of why the access was denied
|
||||
|
||||
.TP
|
||||
.B "\-v" | "\-\-verbose"
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.57/newrole/newrole.c
|
||||
--- nsapolicycoreutils/newrole/newrole.c 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/newrole/newrole.c 2008-10-17 16:43:52.000000000 -0400
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.57/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2008-09-22 19:25:07.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/Makefile 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||
|
||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.57/newrole/newrole.c
|
||||
--- nsapolicycoreutils/newrole/newrole.c 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/newrole/newrole.c 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -553,7 +553,7 @@
|
||||
new_caps = cap_init();
|
||||
tmp_caps = cap_init();
|
||||
|
@ -56,9 +104,238 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
|||
return -1;
|
||||
}
|
||||
rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET);
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.57/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-09-12 11:48:15.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/semanage/seobject.py 2008-10-28 15:48:14.000000000 -0400
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.57/restorecond/Makefile
|
||||
--- nsapolicycoreutils/restorecond/Makefile 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/restorecond/Makefile 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -20,7 +20,7 @@
|
||||
install -m 755 restorecond $(SBINDIR)
|
||||
install -m 644 restorecond.8 $(MANDIR)/man8
|
||||
-mkdir -p $(INITDIR)
|
||||
- install -m 644 restorecond.init $(INITDIR)/restorecond
|
||||
+ install -m 755 restorecond.init $(INITDIR)/restorecond
|
||||
-mkdir -p $(SELINUXDIR)
|
||||
install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.57/restorecond/restorecond.c
|
||||
--- nsapolicycoreutils/restorecond/restorecond.c 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/restorecond/restorecond.c 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
* restorecond
|
||||
*
|
||||
- * Copyright (C) 2006 Red Hat
|
||||
+ * Copyright (C) 2006-2009 Red Hat
|
||||
* see file 'COPYING' for use and warranty information
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
@@ -75,7 +75,7 @@
|
||||
static int debug_mode = 0;
|
||||
static int verbose_mode = 0;
|
||||
|
||||
-static void restore(const char *filename);
|
||||
+static void restore(const char *filename, int exact);
|
||||
|
||||
struct watchList {
|
||||
struct watchList *next;
|
||||
@@ -113,12 +113,13 @@
|
||||
printf("%d: File=%s\n", wd, file);
|
||||
while (ptr != NULL) {
|
||||
if (ptr->wd == wd) {
|
||||
- if (strings_list_find(ptr->files, file) == 0) {
|
||||
+ int exact=0;
|
||||
+ if (strings_list_find(ptr->files, file, &exact) == 0) {
|
||||
char *path = NULL;
|
||||
if (asprintf(&path, "%s/%s", ptr->dir, file) <
|
||||
0)
|
||||
exitApp("Error allocating memory.");
|
||||
- restore(path);
|
||||
+ restore(path, exact);
|
||||
free(path);
|
||||
return 0;
|
||||
}
|
||||
@@ -155,7 +156,7 @@
|
||||
Set the file context to the default file context for this system.
|
||||
Same as restorecon.
|
||||
*/
|
||||
-static void restore(const char *filename)
|
||||
+static void restore(const char *filename, int exact)
|
||||
{
|
||||
int retcontext = 0;
|
||||
security_context_t scontext = NULL;
|
||||
@@ -181,9 +182,11 @@
|
||||
}
|
||||
|
||||
if (!(st.st_mode & S_IFDIR) && st.st_nlink > 1) {
|
||||
- syslog(LOG_ERR,
|
||||
- "Will not restore a file with more than one hard link (%s) %s\n",
|
||||
- filename, strerror(errno));
|
||||
+ if (exact) {
|
||||
+ syslog(LOG_ERR,
|
||||
+ "Will not restore a file with more than one hard link (%s) %s\n",
|
||||
+ filename, strerror(errno));
|
||||
+ }
|
||||
close(fd);
|
||||
return;
|
||||
}
|
||||
@@ -283,6 +286,8 @@
|
||||
inotify_rm_watch(fd, master_wd);
|
||||
master_wd =
|
||||
inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
|
||||
+ if (master_wd == -1)
|
||||
+ exitApp("Error watching config file.");
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -396,7 +401,7 @@
|
||||
char *file = basename(path);
|
||||
ptr = firstDir;
|
||||
|
||||
- restore(path);
|
||||
+ restore(path, 1);
|
||||
|
||||
while (ptr != NULL) {
|
||||
if (strcmp(dir, ptr->dir) == 0) {
|
||||
@@ -411,7 +416,14 @@
|
||||
|
||||
if (!ptr)
|
||||
exitApp("Out of Memory");
|
||||
+
|
||||
ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
|
||||
+ if (ptr->wd == -1) {
|
||||
+ free(ptr);
|
||||
+ syslog(LOG_ERR, "Unable to watch (%s) %s\n",
|
||||
+ path, strerror(errno));
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
ptr->dir = strdup(dir);
|
||||
if (!ptr->dir)
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.57/restorecond/restorecond.conf
|
||||
--- nsapolicycoreutils/restorecond/restorecond.conf 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/restorecond/restorecond.conf 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -5,4 +5,7 @@
|
||||
/var/run/utmp
|
||||
/var/log/wtmp
|
||||
~/*
|
||||
-~/.mozilla/plugins/libflashplayer.so
|
||||
+/root/.ssh
|
||||
+/root/.ssh/*
|
||||
+
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/stringslist.c policycoreutils-2.0.57/restorecond/stringslist.c
|
||||
--- nsapolicycoreutils/restorecond/stringslist.c 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/restorecond/stringslist.c 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -55,9 +55,10 @@
|
||||
*list = newptr;
|
||||
}
|
||||
|
||||
-int strings_list_find(struct stringsList *ptr, const char *string)
|
||||
+int strings_list_find(struct stringsList *ptr, const char *string, int *exact)
|
||||
{
|
||||
while (ptr) {
|
||||
+ *exact = strcmp(ptr->string, string) == 0;
|
||||
int cmp = fnmatch(ptr->string, string, 0);
|
||||
if (cmp == 0)
|
||||
return 0; /* Match found */
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/stringslist.h policycoreutils-2.0.57/restorecond/stringslist.h
|
||||
--- nsapolicycoreutils/restorecond/stringslist.h 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/restorecond/stringslist.h 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -31,7 +31,7 @@
|
||||
void strings_list_free(struct stringsList *list);
|
||||
void strings_list_add(struct stringsList **list, const char *string);
|
||||
void strings_list_print(struct stringsList *list);
|
||||
-int strings_list_find(struct stringsList *list, const char *string);
|
||||
+int strings_list_find(struct stringsList *list, const char *string, int *exact);
|
||||
int strings_list_diff(struct stringsList *from, struct stringsList *to);
|
||||
|
||||
#endif
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.57/restorecond/utmpwatcher.c
|
||||
--- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/restorecond/utmpwatcher.c 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -57,7 +57,7 @@
|
||||
utmp_ptr = NULL;
|
||||
FILE *cfg = fopen(utmp_path, "r");
|
||||
if (!cfg)
|
||||
- exitApp("Error reading config file.");
|
||||
+ exitApp("Error reading utmp file.");
|
||||
|
||||
while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
|
||||
if (u.ut_type == USER_PROCESS)
|
||||
@@ -69,6 +69,9 @@
|
||||
|
||||
utmp_wd =
|
||||
inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
|
||||
+ if (utmp_wd == -1)
|
||||
+ exitApp("Error watching utmp file.");
|
||||
+
|
||||
if (prev_utmp_ptr) {
|
||||
changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
|
||||
strings_list_free(prev_utmp_ptr);
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.57/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/scripts/chcat 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -281,16 +281,18 @@
|
||||
def expandCats(cats):
|
||||
newcats = []
|
||||
for c in cats:
|
||||
- if c.find(".") != -1:
|
||||
- c = c.split(".")
|
||||
- for i in range(int(c[0][1:]), int(c[1][1:]) + 1):
|
||||
- x = ("c%d" % i)
|
||||
- if x not in newcats:
|
||||
- newcats.append("c%d" % i)
|
||||
- else:
|
||||
- for i in c.split(","):
|
||||
+ for i in c.split(","):
|
||||
+ if i.find(".") != -1:
|
||||
+ j = i.split(".")
|
||||
+ for k in range(int(j[0][1:]), int(j[1][1:]) + 1):
|
||||
+ x = ("c%d" % k)
|
||||
+ if x not in newcats:
|
||||
+ newcats.append(x)
|
||||
+ else:
|
||||
if i not in newcats:
|
||||
newcats.append(i)
|
||||
+ if len(newcats) > 25:
|
||||
+ return cats
|
||||
return newcats
|
||||
|
||||
def translate(cats):
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.57/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/scripts/fixfiles 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -3,7 +3,7 @@
|
||||
#
|
||||
# Script to restore labels on a SELinux box
|
||||
#
|
||||
-# Copyright (C) 2004 Red Hat, Inc.
|
||||
+# Copyright (C) 2004-2009 Red Hat, Inc.
|
||||
# Authors: Dan Walsh <dwalsh@redhat.com>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -36,8 +36,8 @@
|
||||
LOGGER=/usr/sbin/logger
|
||||
SETFILES=/sbin/setfiles
|
||||
RESTORECON=/sbin/restorecon
|
||||
-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';`
|
||||
-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';`
|
||||
+FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(rw/{print $3}';`
|
||||
+FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(ro/{print $3}';`
|
||||
FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
|
||||
SELINUXTYPE="targeted"
|
||||
if [ -e /etc/selinux/config ]; then
|
||||
@@ -122,7 +122,7 @@
|
||||
fi
|
||||
if [ ! -z "$RPMFILES" ]; then
|
||||
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
||||
- rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -i -f - 2>&1 >> $LOGFILE
|
||||
+ rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
|
||||
done
|
||||
exit $?
|
||||
fi
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.57/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/semanage/seobject.py 2009-05-26 12:07:51.000000000 +0200
|
||||
@@ -35,7 +35,7 @@
|
||||
import __builtin__
|
||||
__builtin__.__dict__['_'] = unicode
|
||||
|
@ -68,6 +345,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
|||
|
||||
import syslog
|
||||
|
||||
@@ -965,7 +965,7 @@
|
||||
proto_str = semanage_port_get_proto_str(proto)
|
||||
low = semanage_port_get_low(port)
|
||||
high = semanage_port_get_high(port)
|
||||
- ddict[(low, high)] = (ctype, proto_str, level)
|
||||
+ ddict[(low, high, proto_str)] = (ctype, level)
|
||||
return ddict
|
||||
|
||||
def get_all_by_type(self, locallist = 0):
|
||||
@@ -1433,8 +1433,14 @@
|
||||
(rc,exists) = semanage_fcontext_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
|
@ -151,3 +437,38 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
|||
|
||||
class booleanRecords(semanageRecords):
|
||||
def __init__(self, store = ""):
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.57/setfiles/setfiles.c
|
||||
--- nsapolicycoreutils/setfiles/setfiles.c 2008-09-22 19:25:08.000000000 +0200
|
||||
+++ policycoreutils-2.0.57/setfiles/setfiles.c 2009-05-26 12:05:46.000000000 +0200
|
||||
@@ -29,6 +29,8 @@
|
||||
static int mass_relabel;
|
||||
static int mass_relabel_errs;
|
||||
|
||||
+#define STAR_COUNT 1000
|
||||
+
|
||||
static FILE *outfile = NULL;
|
||||
static int force = 0;
|
||||
#define STAT_BLOCK_SIZE 1
|
||||
@@ -444,11 +446,11 @@
|
||||
|
||||
if (progress) {
|
||||
count++;
|
||||
- if (count % 80000 == 0) {
|
||||
+ if (count % (80 * STAR_COUNT) == 0) {
|
||||
fprintf(stdout, "\n");
|
||||
fflush(stdout);
|
||||
}
|
||||
- if (count % 1000 == 0) {
|
||||
+ if (count % STAR_COUNT == 0) {
|
||||
fprintf(stdout, "*");
|
||||
fflush(stdout);
|
||||
}
|
||||
@@ -1017,7 +1019,7 @@
|
||||
free(excludeArray[i].directory);
|
||||
}
|
||||
|
||||
- if (progress)
|
||||
+ if (progress && count >= STAR_COUNT)
|
||||
printf("\n");
|
||||
exit(errors);
|
||||
}
|
||||
|
|
|
@ -1,39 +1,18 @@
|
|||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/policygen.py
|
||||
--- nsasepolgen/src/sepolgen/policygen.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/policygen.py 2008-09-11 09:26:52.000000000 -0400
|
||||
@@ -134,6 +134,10 @@
|
||||
m.refpolicy = False
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py
|
||||
--- nsasepolgen/src/sepolgen/access.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py 2008-12-01 11:41:09.000000000 -0500
|
||||
@@ -314,7 +314,7 @@
|
||||
|
||||
def get_module(self):
|
||||
+ # Generate the requires
|
||||
+ if self.gen_requires:
|
||||
+ gen_requires(self.module)
|
||||
+
|
||||
"""Return the generated module"""
|
||||
return self.module
|
||||
def __len__(self):
|
||||
"""Return the unique number of role allow statements."""
|
||||
- return len(self.roles)
|
||||
+ return len(self.role_type.keys())
|
||||
|
||||
@@ -163,18 +167,10 @@
|
||||
# Generate the raw allow rules from the filtered list
|
||||
self.__add_allow_rules(raw_allow)
|
||||
|
||||
- # Generate the requires
|
||||
- if self.gen_requires:
|
||||
- gen_requires(self.module)
|
||||
-
|
||||
def add_role_types(self, role_type_set):
|
||||
for role_type in role_type_set:
|
||||
self.module.children.append(role_type)
|
||||
|
||||
- # Generate the requires
|
||||
- if self.gen_requires:
|
||||
- gen_requires(self.module)
|
||||
-
|
||||
def explain_access(av, ml=None, verbosity=SHORT_EXPLANATION):
|
||||
"""Explain why a policy statement was generated.
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/refparser.py
|
||||
def add(self, role, type):
|
||||
if self.role_types.has_key(role):
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py
|
||||
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/refparser.py 2008-08-29 14:34:59.000000000 -0400
|
||||
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py 2008-12-01 11:26:20.000000000 -0500
|
||||
@@ -919,7 +919,7 @@
|
||||
def list_headers(root):
|
||||
modules = []
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
%define libsepolver 2.0.19-1
|
||||
%define libsemanagever 2.0.28-1
|
||||
%define libselinuxver 2.0.46-5
|
||||
%define sepolgenver 1.0.13
|
||||
%define sepolgenver 1.0.14
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.57
|
||||
Release: 11%{?dist}
|
||||
Release: 22%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
|
@ -113,7 +113,7 @@ Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
|
|||
Requires: usermode-gtk
|
||||
Requires: setools-console
|
||||
Requires: selinux-policy-devel
|
||||
Requires: python >= 2.4
|
||||
Requires: python >= 2.5 /usr/bin/make
|
||||
BuildRequires: desktop-file-utils
|
||||
|
||||
%description gui
|
||||
|
@ -192,6 +192,45 @@ if [ "$1" -ge "1" ]; then
|
|||
fi
|
||||
|
||||
%changelog
|
||||
* Tue May 26 2009 Miroslav Grepl <mgrepl@redhat.com> 2.0.57-22
|
||||
- More portspage fixes
|
||||
|
||||
* Wed May 13 2009 Miroslav Grepl <mgrepl@redhat.com> 2.0.57-21
|
||||
- Fix portspage and generation of init_script_file in templates
|
||||
|
||||
* Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.57-20
|
||||
- Do not print \n, if count < 1000;
|
||||
- Add /root/.ssh to restorecond.conf
|
||||
- fixfiles -R package should recursively fix files
|
||||
- Add btrfs to fixfiles
|
||||
|
||||
* Mon Feb 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.57-19
|
||||
- Fix script created by polgengui to not refer to selinux-policy-devel
|
||||
|
||||
* Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.57-18
|
||||
- Change initc scripts to use proper labeling on gui
|
||||
|
||||
* Sat Feb 7 2009 Dan Walsh <dwalsh@redhat.com> 2.0.57-17
|
||||
- Require the correct version of python
|
||||
|
||||
* Mon Feb 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.57-16
|
||||
- Fix restorecond to not complain on global diff
|
||||
- Update po files
|
||||
|
||||
* Mon Dec 15 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-15
|
||||
- Fix audit2allow man page
|
||||
|
||||
* Wed Dec 10 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-13
|
||||
- Fix Japanese translations
|
||||
|
||||
* Tue Dec 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
|
||||
- Fix error checking in restorecond, for inotify_add_watch
|
||||
|
||||
* Mon Dec 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
|
||||
- Fix audit2allow getopt calls
|
||||
- Fix audit2allow error message
|
||||
- Fix chcat to not crash on large number of categories
|
||||
|
||||
* Tue Nov 04 2008 Jesse Keating <jkeating@redhat.com> - 2.0.57-11
|
||||
- Move the usermode-gtk requires to the -gui subpackage.
|
||||
|
||||
|
|
Binary file not shown.
Loading…
Reference in New Issue