Compare commits
17 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
43248abeda | ||
|
9e9fd7456a | ||
|
dc7c2791e5 | ||
|
c6891da0ed | ||
|
b65ecbc7c2 | ||
|
20846cdedc | ||
|
b48c6c02b4 | ||
|
53a0edbbd4 | ||
|
d8f892f305 | ||
|
3236a9a844 | ||
|
f99d83ab74 | ||
|
8ffeaf4bdd | ||
|
bf8422685f | ||
|
a1e7893bdc | ||
|
2353cbd5a1 | ||
|
e94935d28d | ||
|
7da1477333 |
2
.cvsignore → .gitignore
vendored
2
.cvsignore → .gitignore
vendored
@ -189,3 +189,5 @@ policycoreutils-2.0.54.tgz
|
|||||||
policycoreutils-2.0.55.tgz
|
policycoreutils-2.0.55.tgz
|
||||||
policycoreutils-2.0.56.tgz
|
policycoreutils-2.0.56.tgz
|
||||||
policycoreutils-2.0.57.tgz
|
policycoreutils-2.0.57.tgz
|
||||||
|
sepolgen-1.0.14.tgz
|
||||||
|
policycoreutils_man_ru2.tar.bz2
|
2
Makefile
2
Makefile
@ -4,7 +4,7 @@ NAME := policycoreutils
|
|||||||
SPECFILE = $(firstword $(wildcard *.spec))
|
SPECFILE = $(firstword $(wildcard *.spec))
|
||||||
|
|
||||||
define find-makefile-common
|
define find-makefile-common
|
||||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||||
endef
|
endef
|
||||||
|
|
||||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||||
|
File diff suppressed because it is too large
Load Diff
160690
policycoreutils-po.patch
160690
policycoreutils-po.patch
File diff suppressed because it is too large
Load Diff
@ -1,15 +1,40 @@
|
|||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.57/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.57/audit2allow/audit2allow
|
||||||
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
--- nsapolicycoreutils/audit2allow/audit2allow 2008-09-22 19:25:08.000000000 +0200
|
||||||
+++ policycoreutils-2.0.57/Makefile 2008-10-10 16:04:46.000000000 -0400
|
+++ policycoreutils-2.0.57/audit2allow/audit2allow 2009-05-26 12:05:46.000000000 +0200
|
||||||
@@ -1,4 +1,4 @@
|
@@ -42,10 +42,10 @@
|
||||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
from optparse import OptionParser
|
||||||
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
|
||||||
|
|
||||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
parser = OptionParser(version=self.VERSION)
|
||||||
|
- parser.add_option("-a", "--audit", action="store_true", dest="audit", default=False,
|
||||||
|
+ parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
|
||||||
|
help="read input from audit log - conflicts with -i")
|
||||||
|
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
|
||||||
|
- help="read input from dmesg - conflicts with --audit and --input")
|
||||||
|
+ help="read input from dmesg - conflicts with --all and --input")
|
||||||
|
parser.add_option("-i", "--input", dest="input",
|
||||||
|
help="read input from <input> - conflicts with -a")
|
||||||
|
parser.add_option("-l", "--lastreload", action="store_true", dest="lastreload", default=False,
|
||||||
|
@@ -82,9 +82,9 @@
|
||||||
|
# Make -d, -a, and -i conflict
|
||||||
|
if options.audit is True:
|
||||||
|
if options.input is not None:
|
||||||
|
- sys.stderr.write("error: --audit conflicts with --input\n")
|
||||||
|
+ sys.stderr.write("error: --all conflicts with --input\n")
|
||||||
|
if options.dmesg is True:
|
||||||
|
- sys.stderr.write("error: --audit conflicts with --dmesg\n")
|
||||||
|
+ sys.stderr.write("error: --all conflicts with --dmesg\n")
|
||||||
|
if options.input is not None and options.dmesg is True:
|
||||||
|
sys.stderr.write("error: --input conflicts with --dmesg\n")
|
||||||
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.57/audit2allow/audit2allow
|
@@ -200,7 +200,7 @@
|
||||||
--- nsapolicycoreutils/audit2allow/audit2allow 2008-08-28 09:34:24.000000000 -0400
|
try:
|
||||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow 2008-10-30 14:21:33.000000000 -0400
|
fd = open(filename, "w")
|
||||||
|
except IOError, e:
|
||||||
|
- sys.stderr.write("could not write output file: %s\n", str(e))
|
||||||
|
+ sys.stderr.write("could not write output file: %s\n" % str(e))
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
writer.write(generator.get_module(), fd)
|
||||||
@@ -287,7 +287,11 @@
|
@@ -287,7 +287,11 @@
|
||||||
def __output(self):
|
def __output(self):
|
||||||
|
|
||||||
@ -23,21 +48,44 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
g = policygen.PolicyGenerator()
|
g = policygen.PolicyGenerator()
|
||||||
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.57/audit2allow/audit2allow.1
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.57/audit2allow/audit2allow.1
|
||||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-08-28 09:34:24.000000000 -0400
|
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-09-22 19:25:08.000000000 +0200
|
||||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2008-10-29 09:44:41.000000000 -0400
|
+++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2009-05-26 12:05:46.000000000 +0200
|
||||||
@@ -82,7 +82,7 @@
|
@@ -44,9 +44,6 @@
|
||||||
Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
Note that all audit messages are not available via dmesg when
|
||||||
|
auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
|
||||||
.TP
|
.TP
|
||||||
|
-.B "\-f" | "\-\-fcfile" <File Context File>
|
||||||
|
-Add File Context File to generated Module Package. Requires -M option.
|
||||||
|
-.TP
|
||||||
|
.B "\-h" | "\-\-help"
|
||||||
|
Print a short usage message
|
||||||
|
.TP
|
||||||
|
@@ -78,11 +75,8 @@
|
||||||
|
Generate reference policy using installed macros.
|
||||||
|
This attempts to match denials against interfaces and may be inaccurate.
|
||||||
|
.TP
|
||||||
|
-.B "\-t " | "\-\-tefile"
|
||||||
|
-Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
||||||
|
-.TP
|
||||||
.B "\-w" | "\-\-why"
|
.B "\-w" | "\-\-why"
|
||||||
-Translates SELinux audit messages into a description of why the access wasn denied
|
-Translates SELinux audit messages into a description of why the access wasn denied
|
||||||
+Translates SELinux audit messages into a description of why the access was denied
|
+Translates SELinux audit messages into a description of why the access was denied
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
.B "\-v" | "\-\-verbose"
|
.B "\-v" | "\-\-verbose"
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.57/newrole/newrole.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.57/Makefile
|
||||||
--- nsapolicycoreutils/newrole/newrole.c 2008-08-28 09:34:24.000000000 -0400
|
--- nsapolicycoreutils/Makefile 2008-09-22 19:25:07.000000000 +0200
|
||||||
+++ policycoreutils-2.0.57/newrole/newrole.c 2008-10-17 16:43:52.000000000 -0400
|
+++ policycoreutils-2.0.57/Makefile 2009-05-26 12:05:46.000000000 +0200
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||||
|
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||||
|
|
||||||
|
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||||
|
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.57/newrole/newrole.c
|
||||||
|
--- nsapolicycoreutils/newrole/newrole.c 2008-09-22 19:25:08.000000000 +0200
|
||||||
|
+++ policycoreutils-2.0.57/newrole/newrole.c 2009-05-26 12:05:46.000000000 +0200
|
||||||
@@ -553,7 +553,7 @@
|
@@ -553,7 +553,7 @@
|
||||||
new_caps = cap_init();
|
new_caps = cap_init();
|
||||||
tmp_caps = cap_init();
|
tmp_caps = cap_init();
|
||||||
@ -56,9 +104,238 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET);
|
rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET);
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.57/semanage/seobject.py
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.57/restorecond/Makefile
|
||||||
--- nsapolicycoreutils/semanage/seobject.py 2008-09-12 11:48:15.000000000 -0400
|
--- nsapolicycoreutils/restorecond/Makefile 2008-09-22 19:25:08.000000000 +0200
|
||||||
+++ policycoreutils-2.0.57/semanage/seobject.py 2008-10-28 15:48:14.000000000 -0400
|
+++ policycoreutils-2.0.57/restorecond/Makefile 2009-05-26 12:05:46.000000000 +0200
|
||||||
|
@@ -20,7 +20,7 @@
|
||||||
|
install -m 755 restorecond $(SBINDIR)
|
||||||
|
install -m 644 restorecond.8 $(MANDIR)/man8
|
||||||
|
-mkdir -p $(INITDIR)
|
||||||
|
- install -m 644 restorecond.init $(INITDIR)/restorecond
|
||||||
|
+ install -m 755 restorecond.init $(INITDIR)/restorecond
|
||||||
|
-mkdir -p $(SELINUXDIR)
|
||||||
|
install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf
|
||||||
|
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.57/restorecond/restorecond.c
|
||||||
|
--- nsapolicycoreutils/restorecond/restorecond.c 2008-09-22 19:25:08.000000000 +0200
|
||||||
|
+++ policycoreutils-2.0.57/restorecond/restorecond.c 2009-05-26 12:05:46.000000000 +0200
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
/*
|
||||||
|
* restorecond
|
||||||
|
*
|
||||||
|
- * Copyright (C) 2006 Red Hat
|
||||||
|
+ * Copyright (C) 2006-2009 Red Hat
|
||||||
|
* see file 'COPYING' for use and warranty information
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or
|
||||||
|
@@ -75,7 +75,7 @@
|
||||||
|
static int debug_mode = 0;
|
||||||
|
static int verbose_mode = 0;
|
||||||
|
|
||||||
|
-static void restore(const char *filename);
|
||||||
|
+static void restore(const char *filename, int exact);
|
||||||
|
|
||||||
|
struct watchList {
|
||||||
|
struct watchList *next;
|
||||||
|
@@ -113,12 +113,13 @@
|
||||||
|
printf("%d: File=%s\n", wd, file);
|
||||||
|
while (ptr != NULL) {
|
||||||
|
if (ptr->wd == wd) {
|
||||||
|
- if (strings_list_find(ptr->files, file) == 0) {
|
||||||
|
+ int exact=0;
|
||||||
|
+ if (strings_list_find(ptr->files, file, &exact) == 0) {
|
||||||
|
char *path = NULL;
|
||||||
|
if (asprintf(&path, "%s/%s", ptr->dir, file) <
|
||||||
|
0)
|
||||||
|
exitApp("Error allocating memory.");
|
||||||
|
- restore(path);
|
||||||
|
+ restore(path, exact);
|
||||||
|
free(path);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -155,7 +156,7 @@
|
||||||
|
Set the file context to the default file context for this system.
|
||||||
|
Same as restorecon.
|
||||||
|
*/
|
||||||
|
-static void restore(const char *filename)
|
||||||
|
+static void restore(const char *filename, int exact)
|
||||||
|
{
|
||||||
|
int retcontext = 0;
|
||||||
|
security_context_t scontext = NULL;
|
||||||
|
@@ -181,9 +182,11 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!(st.st_mode & S_IFDIR) && st.st_nlink > 1) {
|
||||||
|
- syslog(LOG_ERR,
|
||||||
|
- "Will not restore a file with more than one hard link (%s) %s\n",
|
||||||
|
- filename, strerror(errno));
|
||||||
|
+ if (exact) {
|
||||||
|
+ syslog(LOG_ERR,
|
||||||
|
+ "Will not restore a file with more than one hard link (%s) %s\n",
|
||||||
|
+ filename, strerror(errno));
|
||||||
|
+ }
|
||||||
|
close(fd);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
@@ -283,6 +286,8 @@
|
||||||
|
inotify_rm_watch(fd, master_wd);
|
||||||
|
master_wd =
|
||||||
|
inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
|
||||||
|
+ if (master_wd == -1)
|
||||||
|
+ exitApp("Error watching config file.");
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -396,7 +401,7 @@
|
||||||
|
char *file = basename(path);
|
||||||
|
ptr = firstDir;
|
||||||
|
|
||||||
|
- restore(path);
|
||||||
|
+ restore(path, 1);
|
||||||
|
|
||||||
|
while (ptr != NULL) {
|
||||||
|
if (strcmp(dir, ptr->dir) == 0) {
|
||||||
|
@@ -411,7 +416,14 @@
|
||||||
|
|
||||||
|
if (!ptr)
|
||||||
|
exitApp("Out of Memory");
|
||||||
|
+
|
||||||
|
ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
|
||||||
|
+ if (ptr->wd == -1) {
|
||||||
|
+ free(ptr);
|
||||||
|
+ syslog(LOG_ERR, "Unable to watch (%s) %s\n",
|
||||||
|
+ path, strerror(errno));
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
ptr->dir = strdup(dir);
|
||||||
|
if (!ptr->dir)
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.57/restorecond/restorecond.conf
|
||||||
|
--- nsapolicycoreutils/restorecond/restorecond.conf 2008-09-22 19:25:08.000000000 +0200
|
||||||
|
+++ policycoreutils-2.0.57/restorecond/restorecond.conf 2009-05-26 12:05:46.000000000 +0200
|
||||||
|
@@ -5,4 +5,7 @@
|
||||||
|
/var/run/utmp
|
||||||
|
/var/log/wtmp
|
||||||
|
~/*
|
||||||
|
-~/.mozilla/plugins/libflashplayer.so
|
||||||
|
+/root/.ssh
|
||||||
|
+/root/.ssh/*
|
||||||
|
+
|
||||||
|
+
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/stringslist.c policycoreutils-2.0.57/restorecond/stringslist.c
|
||||||
|
--- nsapolicycoreutils/restorecond/stringslist.c 2008-09-22 19:25:08.000000000 +0200
|
||||||
|
+++ policycoreutils-2.0.57/restorecond/stringslist.c 2009-05-26 12:05:46.000000000 +0200
|
||||||
|
@@ -55,9 +55,10 @@
|
||||||
|
*list = newptr;
|
||||||
|
}
|
||||||
|
|
||||||
|
-int strings_list_find(struct stringsList *ptr, const char *string)
|
||||||
|
+int strings_list_find(struct stringsList *ptr, const char *string, int *exact)
|
||||||
|
{
|
||||||
|
while (ptr) {
|
||||||
|
+ *exact = strcmp(ptr->string, string) == 0;
|
||||||
|
int cmp = fnmatch(ptr->string, string, 0);
|
||||||
|
if (cmp == 0)
|
||||||
|
return 0; /* Match found */
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/stringslist.h policycoreutils-2.0.57/restorecond/stringslist.h
|
||||||
|
--- nsapolicycoreutils/restorecond/stringslist.h 2008-09-22 19:25:08.000000000 +0200
|
||||||
|
+++ policycoreutils-2.0.57/restorecond/stringslist.h 2009-05-26 12:05:46.000000000 +0200
|
||||||
|
@@ -31,7 +31,7 @@
|
||||||
|
void strings_list_free(struct stringsList *list);
|
||||||
|
void strings_list_add(struct stringsList **list, const char *string);
|
||||||
|
void strings_list_print(struct stringsList *list);
|
||||||
|
-int strings_list_find(struct stringsList *list, const char *string);
|
||||||
|
+int strings_list_find(struct stringsList *list, const char *string, int *exact);
|
||||||
|
int strings_list_diff(struct stringsList *from, struct stringsList *to);
|
||||||
|
|
||||||
|
#endif
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.57/restorecond/utmpwatcher.c
|
||||||
|
--- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-09-22 19:25:08.000000000 +0200
|
||||||
|
+++ policycoreutils-2.0.57/restorecond/utmpwatcher.c 2009-05-26 12:05:46.000000000 +0200
|
||||||
|
@@ -57,7 +57,7 @@
|
||||||
|
utmp_ptr = NULL;
|
||||||
|
FILE *cfg = fopen(utmp_path, "r");
|
||||||
|
if (!cfg)
|
||||||
|
- exitApp("Error reading config file.");
|
||||||
|
+ exitApp("Error reading utmp file.");
|
||||||
|
|
||||||
|
while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
|
||||||
|
if (u.ut_type == USER_PROCESS)
|
||||||
|
@@ -69,6 +69,9 @@
|
||||||
|
|
||||||
|
utmp_wd =
|
||||||
|
inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
|
||||||
|
+ if (utmp_wd == -1)
|
||||||
|
+ exitApp("Error watching utmp file.");
|
||||||
|
+
|
||||||
|
if (prev_utmp_ptr) {
|
||||||
|
changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
|
||||||
|
strings_list_free(prev_utmp_ptr);
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.57/scripts/chcat
|
||||||
|
--- nsapolicycoreutils/scripts/chcat 2008-09-22 19:25:08.000000000 +0200
|
||||||
|
+++ policycoreutils-2.0.57/scripts/chcat 2009-05-26 12:05:46.000000000 +0200
|
||||||
|
@@ -281,16 +281,18 @@
|
||||||
|
def expandCats(cats):
|
||||||
|
newcats = []
|
||||||
|
for c in cats:
|
||||||
|
- if c.find(".") != -1:
|
||||||
|
- c = c.split(".")
|
||||||
|
- for i in range(int(c[0][1:]), int(c[1][1:]) + 1):
|
||||||
|
- x = ("c%d" % i)
|
||||||
|
- if x not in newcats:
|
||||||
|
- newcats.append("c%d" % i)
|
||||||
|
- else:
|
||||||
|
- for i in c.split(","):
|
||||||
|
+ for i in c.split(","):
|
||||||
|
+ if i.find(".") != -1:
|
||||||
|
+ j = i.split(".")
|
||||||
|
+ for k in range(int(j[0][1:]), int(j[1][1:]) + 1):
|
||||||
|
+ x = ("c%d" % k)
|
||||||
|
+ if x not in newcats:
|
||||||
|
+ newcats.append(x)
|
||||||
|
+ else:
|
||||||
|
if i not in newcats:
|
||||||
|
newcats.append(i)
|
||||||
|
+ if len(newcats) > 25:
|
||||||
|
+ return cats
|
||||||
|
return newcats
|
||||||
|
|
||||||
|
def translate(cats):
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.57/scripts/fixfiles
|
||||||
|
--- nsapolicycoreutils/scripts/fixfiles 2008-09-22 19:25:08.000000000 +0200
|
||||||
|
+++ policycoreutils-2.0.57/scripts/fixfiles 2009-05-26 12:05:46.000000000 +0200
|
||||||
|
@@ -3,7 +3,7 @@
|
||||||
|
#
|
||||||
|
# Script to restore labels on a SELinux box
|
||||||
|
#
|
||||||
|
-# Copyright (C) 2004 Red Hat, Inc.
|
||||||
|
+# Copyright (C) 2004-2009 Red Hat, Inc.
|
||||||
|
# Authors: Dan Walsh <dwalsh@redhat.com>
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
@@ -36,8 +36,8 @@
|
||||||
|
LOGGER=/usr/sbin/logger
|
||||||
|
SETFILES=/sbin/setfiles
|
||||||
|
RESTORECON=/sbin/restorecon
|
||||||
|
-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';`
|
||||||
|
-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';`
|
||||||
|
+FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(rw/{print $3}';`
|
||||||
|
+FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(ro/{print $3}';`
|
||||||
|
FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
|
||||||
|
SELINUXTYPE="targeted"
|
||||||
|
if [ -e /etc/selinux/config ]; then
|
||||||
|
@@ -122,7 +122,7 @@
|
||||||
|
fi
|
||||||
|
if [ ! -z "$RPMFILES" ]; then
|
||||||
|
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
||||||
|
- rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -i -f - 2>&1 >> $LOGFILE
|
||||||
|
+ rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
|
||||||
|
done
|
||||||
|
exit $?
|
||||||
|
fi
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.57/semanage/seobject.py
|
||||||
|
--- nsapolicycoreutils/semanage/seobject.py 2008-09-22 19:25:08.000000000 +0200
|
||||||
|
+++ policycoreutils-2.0.57/semanage/seobject.py 2009-05-26 12:07:51.000000000 +0200
|
||||||
@@ -35,7 +35,7 @@
|
@@ -35,7 +35,7 @@
|
||||||
import __builtin__
|
import __builtin__
|
||||||
__builtin__.__dict__['_'] = unicode
|
__builtin__.__dict__['_'] = unicode
|
||||||
@ -68,6 +345,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
import syslog
|
import syslog
|
||||||
|
|
||||||
|
@@ -965,7 +965,7 @@
|
||||||
|
proto_str = semanage_port_get_proto_str(proto)
|
||||||
|
low = semanage_port_get_low(port)
|
||||||
|
high = semanage_port_get_high(port)
|
||||||
|
- ddict[(low, high)] = (ctype, proto_str, level)
|
||||||
|
+ ddict[(low, high, proto_str)] = (ctype, level)
|
||||||
|
return ddict
|
||||||
|
|
||||||
|
def get_all_by_type(self, locallist = 0):
|
||||||
@@ -1433,8 +1433,14 @@
|
@@ -1433,8 +1433,14 @@
|
||||||
(rc,exists) = semanage_fcontext_exists(self.sh, k)
|
(rc,exists) = semanage_fcontext_exists(self.sh, k)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@ -151,3 +437,38 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
class booleanRecords(semanageRecords):
|
class booleanRecords(semanageRecords):
|
||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.57/setfiles/setfiles.c
|
||||||
|
--- nsapolicycoreutils/setfiles/setfiles.c 2008-09-22 19:25:08.000000000 +0200
|
||||||
|
+++ policycoreutils-2.0.57/setfiles/setfiles.c 2009-05-26 12:05:46.000000000 +0200
|
||||||
|
@@ -29,6 +29,8 @@
|
||||||
|
static int mass_relabel;
|
||||||
|
static int mass_relabel_errs;
|
||||||
|
|
||||||
|
+#define STAR_COUNT 1000
|
||||||
|
+
|
||||||
|
static FILE *outfile = NULL;
|
||||||
|
static int force = 0;
|
||||||
|
#define STAT_BLOCK_SIZE 1
|
||||||
|
@@ -444,11 +446,11 @@
|
||||||
|
|
||||||
|
if (progress) {
|
||||||
|
count++;
|
||||||
|
- if (count % 80000 == 0) {
|
||||||
|
+ if (count % (80 * STAR_COUNT) == 0) {
|
||||||
|
fprintf(stdout, "\n");
|
||||||
|
fflush(stdout);
|
||||||
|
}
|
||||||
|
- if (count % 1000 == 0) {
|
||||||
|
+ if (count % STAR_COUNT == 0) {
|
||||||
|
fprintf(stdout, "*");
|
||||||
|
fflush(stdout);
|
||||||
|
}
|
||||||
|
@@ -1017,7 +1019,7 @@
|
||||||
|
free(excludeArray[i].directory);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (progress)
|
||||||
|
+ if (progress && count >= STAR_COUNT)
|
||||||
|
printf("\n");
|
||||||
|
exit(errors);
|
||||||
|
}
|
||||||
|
@ -1,39 +1,18 @@
|
|||||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/policygen.py
|
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py
|
||||||
--- nsasepolgen/src/sepolgen/policygen.py 2008-08-28 09:34:24.000000000 -0400
|
--- nsasepolgen/src/sepolgen/access.py 2008-08-28 09:34:24.000000000 -0400
|
||||||
+++ policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/policygen.py 2008-09-11 09:26:52.000000000 -0400
|
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py 2008-12-01 11:41:09.000000000 -0500
|
||||||
@@ -134,6 +134,10 @@
|
@@ -314,7 +314,7 @@
|
||||||
m.refpolicy = False
|
|
||||||
|
|
||||||
def get_module(self):
|
def __len__(self):
|
||||||
+ # Generate the requires
|
"""Return the unique number of role allow statements."""
|
||||||
+ if self.gen_requires:
|
- return len(self.roles)
|
||||||
+ gen_requires(self.module)
|
+ return len(self.role_type.keys())
|
||||||
+
|
|
||||||
"""Return the generated module"""
|
|
||||||
return self.module
|
|
||||||
|
|
||||||
@@ -163,18 +167,10 @@
|
def add(self, role, type):
|
||||||
# Generate the raw allow rules from the filtered list
|
if self.role_types.has_key(role):
|
||||||
self.__add_allow_rules(raw_allow)
|
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py
|
||||||
|
|
||||||
- # Generate the requires
|
|
||||||
- if self.gen_requires:
|
|
||||||
- gen_requires(self.module)
|
|
||||||
-
|
|
||||||
def add_role_types(self, role_type_set):
|
|
||||||
for role_type in role_type_set:
|
|
||||||
self.module.children.append(role_type)
|
|
||||||
|
|
||||||
- # Generate the requires
|
|
||||||
- if self.gen_requires:
|
|
||||||
- gen_requires(self.module)
|
|
||||||
-
|
|
||||||
def explain_access(av, ml=None, verbosity=SHORT_EXPLANATION):
|
|
||||||
"""Explain why a policy statement was generated.
|
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/refparser.py
|
|
||||||
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
|
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
|
||||||
+++ policycoreutils-2.0.55/sepolgen-1.0.13/src/sepolgen/refparser.py 2008-08-29 14:34:59.000000000 -0400
|
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py 2008-12-01 11:26:20.000000000 -0500
|
||||||
@@ -919,7 +919,7 @@
|
@@ -919,7 +919,7 @@
|
||||||
def list_headers(root):
|
def list_headers(root):
|
||||||
modules = []
|
modules = []
|
||||||
|
@ -2,11 +2,11 @@
|
|||||||
%define libsepolver 2.0.19-1
|
%define libsepolver 2.0.19-1
|
||||||
%define libsemanagever 2.0.28-1
|
%define libsemanagever 2.0.28-1
|
||||||
%define libselinuxver 2.0.46-5
|
%define libselinuxver 2.0.46-5
|
||||||
%define sepolgenver 1.0.13
|
%define sepolgenver 1.0.14
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.57
|
Version: 2.0.57
|
||||||
Release: 11%{?dist}
|
Release: 22%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -113,7 +113,7 @@ Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
|
|||||||
Requires: usermode-gtk
|
Requires: usermode-gtk
|
||||||
Requires: setools-console
|
Requires: setools-console
|
||||||
Requires: selinux-policy-devel
|
Requires: selinux-policy-devel
|
||||||
Requires: python >= 2.4
|
Requires: python >= 2.5 /usr/bin/make
|
||||||
BuildRequires: desktop-file-utils
|
BuildRequires: desktop-file-utils
|
||||||
|
|
||||||
%description gui
|
%description gui
|
||||||
@ -192,6 +192,45 @@ if [ "$1" -ge "1" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 26 2009 Miroslav Grepl <mgrepl@redhat.com> 2.0.57-22
|
||||||
|
- More portspage fixes
|
||||||
|
|
||||||
|
* Wed May 13 2009 Miroslav Grepl <mgrepl@redhat.com> 2.0.57-21
|
||||||
|
- Fix portspage and generation of init_script_file in templates
|
||||||
|
|
||||||
|
* Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.57-20
|
||||||
|
- Do not print \n, if count < 1000;
|
||||||
|
- Add /root/.ssh to restorecond.conf
|
||||||
|
- fixfiles -R package should recursively fix files
|
||||||
|
- Add btrfs to fixfiles
|
||||||
|
|
||||||
|
* Mon Feb 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.57-19
|
||||||
|
- Fix script created by polgengui to not refer to selinux-policy-devel
|
||||||
|
|
||||||
|
* Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.57-18
|
||||||
|
- Change initc scripts to use proper labeling on gui
|
||||||
|
|
||||||
|
* Sat Feb 7 2009 Dan Walsh <dwalsh@redhat.com> 2.0.57-17
|
||||||
|
- Require the correct version of python
|
||||||
|
|
||||||
|
* Mon Feb 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.57-16
|
||||||
|
- Fix restorecond to not complain on global diff
|
||||||
|
- Update po files
|
||||||
|
|
||||||
|
* Mon Dec 15 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-15
|
||||||
|
- Fix audit2allow man page
|
||||||
|
|
||||||
|
* Wed Dec 10 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-13
|
||||||
|
- Fix Japanese translations
|
||||||
|
|
||||||
|
* Tue Dec 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
|
||||||
|
- Fix error checking in restorecond, for inotify_add_watch
|
||||||
|
|
||||||
|
* Mon Dec 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
|
||||||
|
- Fix audit2allow getopt calls
|
||||||
|
- Fix audit2allow error message
|
||||||
|
- Fix chcat to not crash on large number of categories
|
||||||
|
|
||||||
* Tue Nov 04 2008 Jesse Keating <jkeating@redhat.com> - 2.0.57-11
|
* Tue Nov 04 2008 Jesse Keating <jkeating@redhat.com> - 2.0.57-11
|
||||||
- Move the usermode-gtk requires to the -gui subpackage.
|
- Move the usermode-gtk requires to the -gui subpackage.
|
||||||
|
|
||||||
|
Binary file not shown.
3
sources
3
sources
@ -1,2 +1,3 @@
|
|||||||
b6756a012c26f414e4a5f8f438ce2188 sepolgen-1.0.13.tgz
|
|
||||||
52b590e33e13ed8aa10610237e8fa8d7 policycoreutils-2.0.57.tgz
|
52b590e33e13ed8aa10610237e8fa8d7 policycoreutils-2.0.57.tgz
|
||||||
|
df57d9d33c940c60994c6cbaa9f8e4a3 sepolgen-1.0.14.tgz
|
||||||
|
7915287c8377b768ccae7eb6dc736783 policycoreutils_man_ru2.tar.bz2
|
||||||
|
Loading…
Reference in New Issue
Block a user