Compare commits
24 Commits
Author | SHA1 | Date |
---|---|---|
Fedora Release Engineering | a06c71a0d3 | |
Bill Nottingham | 403559f760 | |
Daniel J Walsh | 9005b5b529 | |
Daniel J Walsh | 531062f702 | |
Miroslav Grepl | b5aeeb75bc | |
Ville Skyttä | d46f9204ff | |
Daniel J Walsh | ed1c24c9e0 | |
Daniel J Walsh | cee6334c7e | |
Daniel J Walsh | fd57d1a218 | |
Daniel J Walsh | 7bf7971a06 | |
Daniel J Walsh | db27692fd6 | |
Daniel J Walsh | 8c97448739 | |
Daniel J Walsh | 15753a3a4a | |
Daniel J Walsh | 99f84b1b02 | |
Daniel J Walsh | a422c176e0 | |
Daniel J Walsh | 2be6f439a9 | |
Daniel J Walsh | 5594809617 | |
Daniel J Walsh | 4c6238c984 | |
Daniel J Walsh | 6a5bb95dfd | |
Daniel J Walsh | ae3cda5138 | |
Daniel J Walsh | 1e7540b5b3 | |
Daniel J Walsh | 27d6dacdb9 | |
Daniel J Walsh | 7fa79b350d | |
Jesse Keating | ae29830097 |
|
@ -197,3 +197,4 @@ policycoreutils-2.0.61.tgz
|
|||
sepolgen-1.0.15.tgz
|
||||
policycoreutils-2.0.62.tgz
|
||||
sepolgen-1.0.16.tgz
|
||||
policycoreutils_man_ru2.tar.bz2
|
2
Makefile
2
Makefile
|
@ -4,7 +4,7 @@ NAME := policycoreutils
|
|||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
|
|
@ -0,0 +1,239 @@
|
|||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.62/restorecond/restorecond.c
|
||||
--- nsapolicycoreutils/restorecond/restorecond.c 2009-02-18 13:45:01.000000000 -0800
|
||||
+++ policycoreutils-2.0.62/restorecond/restorecond.c 2009-09-24 20:03:16.000000000 -0700
|
||||
@@ -315,21 +315,24 @@
|
||||
printf("wd=%d mask=%u cookie=%u len=%u\n",
|
||||
event->wd, event->mask,
|
||||
event->cookie, event->len);
|
||||
- if (event->wd == master_wd)
|
||||
- read_config(fd);
|
||||
- else {
|
||||
- switch (utmpwatcher_handle(fd, event->wd)) {
|
||||
- case -1: /* Message was not for utmpwatcher */
|
||||
- if (event->len)
|
||||
- watch_list_find(event->wd, event->name);
|
||||
- break;
|
||||
|
||||
- case 1: /* utmp has changed need to reload */
|
||||
+ if (event->mask & ~IN_IGNORED) {
|
||||
+ if (event->wd == master_wd)
|
||||
read_config(fd);
|
||||
- break;
|
||||
-
|
||||
- default: /* No users logged in or out */
|
||||
- break;
|
||||
+ else {
|
||||
+ switch (utmpwatcher_handle(fd, event->wd)) {
|
||||
+ case -1: /* Message was not for utmpwatcher */
|
||||
+ if (event->len)
|
||||
+ watch_list_find(event->wd, event->name);
|
||||
+ break;
|
||||
+
|
||||
+ case 1: /* utmp has changed need to reload */
|
||||
+ read_config(fd);
|
||||
+ break;
|
||||
+
|
||||
+ default: /* No users logged in or out */
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2009-05-22 11:10:01.000000000 -0700
|
||||
+++ policycoreutils-2.0.62/scripts/fixfiles 2009-07-14 09:08:10.000000000 -0700
|
||||
@@ -129,7 +129,7 @@
|
||||
if [ ! -z "$FILEPATH" ]; then
|
||||
if [ -x /usr/bin/find ]; then
|
||||
/usr/bin/find "$FILEPATH" \
|
||||
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o fstype btrfs \) -prune -o -print0 | \
|
||||
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o -print0 | \
|
||||
${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
|
||||
else
|
||||
${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.62/scripts/Makefile
|
||||
--- nsapolicycoreutils/scripts/Makefile 2009-02-18 13:45:01.000000000 -0800
|
||||
+++ policycoreutils-2.0.62/scripts/Makefile 2009-07-14 09:08:10.000000000 -0700
|
||||
@@ -5,11 +5,12 @@
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
LOCALEDIR ?= /usr/share/locale
|
||||
|
||||
-all: fixfiles genhomedircon
|
||||
+all: fixfiles genhomedircon sandbox chcat
|
||||
|
||||
install: all
|
||||
-mkdir -p $(BINDIR)
|
||||
install -m 755 chcat $(BINDIR)
|
||||
+ install -m 755 sandbox $(BINDIR)
|
||||
install -m 755 fixfiles $(DESTDIR)/sbin
|
||||
install -m 755 genhomedircon $(SBINDIR)
|
||||
-mkdir -p $(MANDIR)/man8
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.62/scripts/sandbox
|
||||
--- nsapolicycoreutils/scripts/sandbox 1969-12-31 16:00:00.000000000 -0800
|
||||
+++ policycoreutils-2.0.62/scripts/sandbox 2009-07-14 09:08:10.000000000 -0700
|
||||
@@ -0,0 +1,139 @@
|
||||
+#!/usr/bin/python -E
|
||||
+import os, sys, getopt, socket, random, fcntl
|
||||
+import selinux
|
||||
+
|
||||
+PROGNAME = "policycoreutils"
|
||||
+
|
||||
+import gettext
|
||||
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
+gettext.textdomain(PROGNAME)
|
||||
+
|
||||
+try:
|
||||
+ gettext.install(PROGNAME,
|
||||
+ localedir = "/usr/share/locale",
|
||||
+ unicode=False,
|
||||
+ codeset = 'utf-8')
|
||||
+except IOError:
|
||||
+ import __builtin__
|
||||
+ __builtin__.__dict__['_'] = unicode
|
||||
+
|
||||
+
|
||||
+random.seed(None)
|
||||
+
|
||||
+def error_exit(msg):
|
||||
+ sys.stderr.write("%s: " % sys.argv[0])
|
||||
+ sys.stderr.write("%s\n" % msg)
|
||||
+ sys.stderr.flush()
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+def mount(context):
|
||||
+ if os.getuid() != 0:
|
||||
+ usage(_("Mount options require root privileges"))
|
||||
+ destdir = "/mnt/%s" % context
|
||||
+ os.mkdir(destdir)
|
||||
+ rc = os.system('/bin/mount -t tmpfs tmpfs %s' % (destdir))
|
||||
+ selinux.setfilecon(destdir, context)
|
||||
+ if rc != 0:
|
||||
+ sys.exit(rc)
|
||||
+ os.chdir(destdir)
|
||||
+
|
||||
+def umount(dest):
|
||||
+ os.chdir("/")
|
||||
+ destdir = "/mnt/%s" % dest
|
||||
+ os.system('/bin/umount %s' % (destdir))
|
||||
+ os.rmdir(destdir)
|
||||
+
|
||||
+
|
||||
+def reserve(mcs):
|
||||
+ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
||||
+ sock.bind("\0%s" % mcs)
|
||||
+ fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
|
||||
+
|
||||
+def gen_context(setype):
|
||||
+ while True:
|
||||
+ i1 = random.randrange(0, 1024)
|
||||
+ i2 = random.randrange(0, 1024)
|
||||
+ if i1 == i2:
|
||||
+ continue
|
||||
+ if i1 > i2:
|
||||
+ tmp = i1
|
||||
+ i1 = i2
|
||||
+ i2 = tmp
|
||||
+ mcs = "s0:c%d,c%d" % (i1, i2)
|
||||
+ reserve(mcs)
|
||||
+ try:
|
||||
+ reserve(mcs)
|
||||
+ except:
|
||||
+ continue
|
||||
+ break
|
||||
+ con = selinux.getcon()[1].split(":")
|
||||
+
|
||||
+ execcon = "%s:%s:%s:%s" % (con[0], con[1], setype, mcs)
|
||||
+
|
||||
+ filecon = "%s:%s:%s:%s" % (con[0],
|
||||
+ "object_r",
|
||||
+ "%s_file_t" % setype[:-2],
|
||||
+ mcs)
|
||||
+ return execcon, filecon
|
||||
+
|
||||
+
|
||||
+if __name__ == '__main__':
|
||||
+ if selinux.is_selinux_enabled() != 1:
|
||||
+ error_exit("Requires an SELinux enabled system")
|
||||
+
|
||||
+ def usage(message = ""):
|
||||
+ text = _("""
|
||||
+sandbox [ -m ] [ -t type ] command
|
||||
+""")
|
||||
+ error_exit("%s\n%s" % (message, text))
|
||||
+
|
||||
+ setype = "sandbox_t"
|
||||
+ mount_ind = False
|
||||
+ try:
|
||||
+ gopts, cmds = getopt.getopt(sys.argv[1:], "ht:m",
|
||||
+ ["help",
|
||||
+ "type=",
|
||||
+ "mount"])
|
||||
+ for o, a in gopts:
|
||||
+ if o == "-t" or o == "--type":
|
||||
+ setype = a
|
||||
+
|
||||
+ if o == "-m" or o == "--mount":
|
||||
+ mount_ind = True
|
||||
+
|
||||
+ if o == "-h" or o == "--help":
|
||||
+ usage(_("Usage"));
|
||||
+
|
||||
+ if len(cmds) == 0:
|
||||
+ usage(_("Command required"))
|
||||
+
|
||||
+ execcon, filecon = gen_context(setype)
|
||||
+ rc = -1
|
||||
+ if mount_ind:
|
||||
+ mount(filecon)
|
||||
+
|
||||
+ if cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
|
||||
+ for i in os.environ["PATH"].split(':'):
|
||||
+ f = "%s/%s" % (i, cmds[0])
|
||||
+ if os.access(f, os.X_OK):
|
||||
+ cmds[0] = f
|
||||
+ break
|
||||
+
|
||||
+ selinux.setexeccon(execcon)
|
||||
+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
|
||||
+ selinux.setexeccon(None)
|
||||
+
|
||||
+ if mount_ind:
|
||||
+ umount(filecon)
|
||||
+ except getopt.GetoptError, error:
|
||||
+ usage(_("Options Error %s ") % error.msg)
|
||||
+ except ValueError, error:
|
||||
+ error_exit(error.args[0])
|
||||
+ except KeyError, error:
|
||||
+ error_exit(_("Invalid value %s") % error.args[0])
|
||||
+ except IOError, error:
|
||||
+ error_exit(error.args[1])
|
||||
+ except OSError, error:
|
||||
+ error_exit(error.args[1])
|
||||
+
|
||||
+ sys.exit(rc)
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.62/scripts/sandbox.8
|
||||
--- nsapolicycoreutils/scripts/sandbox.8 1969-12-31 16:00:00.000000000 -0800
|
||||
+++ policycoreutils-2.0.62/scripts/sandbox.8 2009-07-14 09:08:10.000000000 -0700
|
||||
@@ -0,0 +1,22 @@
|
||||
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
|
||||
+.SH NAME
|
||||
+sandbox \- Run cmd under an SELinux sandbox
|
||||
+.SH SYNOPSIS
|
||||
+.B sandbox
|
||||
+[ -M ] [ -t type ] cmd
|
||||
+.br
|
||||
+.SH DESCRIPTION
|
||||
+.PP
|
||||
+Run application within a tightly confined SELinux domain, This application can only read and write stdin and stdout along with files handled to it by the shell.
|
||||
+.PP
|
||||
+.TP
|
||||
+\fB\-m\fR
|
||||
+Mount a temporary file system and change working directory to it, files will be removed when job completes.
|
||||
+.TP
|
||||
+\fB\-t type\fR
|
||||
+Use alternate sandbox type, defaults to sandbox_t
|
||||
+.TP
|
||||
+.SH "SEE ALSO"
|
||||
+.TP
|
||||
+runcon(1)
|
||||
+.PP
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,17 @@
|
|||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debugfiles.list policycoreutils-2.0.62/debugfiles.list
|
||||
--- nsapolicycoreutils/debugfiles.list 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/debugfiles.list 2009-04-03 14:13:23.000000000 -0400
|
||||
diff -up policycoreutils-2.0.62/audit2allow/audit2allow.rhat policycoreutils-2.0.62/audit2allow/audit2allow
|
||||
--- policycoreutils-2.0.62/audit2allow/audit2allow.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/audit2allow/audit2allow 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -126,6 +126,7 @@ class AuditToPolicy:
|
||||
elif self.__options.audit:
|
||||
try:
|
||||
messages = audit.get_audit_msgs()
|
||||
+ messages += audit.get_log_msgs()
|
||||
except OSError, e:
|
||||
sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
|
||||
sys.exit(1)
|
||||
diff -up /dev/null policycoreutils-2.0.62/debugfiles.list
|
||||
--- /dev/null 2009-05-04 15:46:32.150257971 -0400
|
||||
+++ policycoreutils-2.0.62/debugfiles.list 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -0,0 +1,64 @@
|
||||
+%dir /usr/lib/debug
|
||||
+%dir /usr/lib/debug/sbin
|
||||
|
@ -66,9 +77,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+/usr/lib/debug/usr/bin/semodule_expand.debug
|
||||
+/usr/lib/debug/usr/bin/secon.debug
|
||||
+/usr/src/debug/policycoreutils-2.0.62
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debuglinks.list policycoreutils-2.0.62/debuglinks.list
|
||||
--- nsapolicycoreutils/debuglinks.list 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/debuglinks.list 2009-04-03 14:13:23.000000000 -0400
|
||||
diff -up /dev/null policycoreutils-2.0.62/debuglinks.list
|
||||
--- /dev/null 2009-05-04 15:46:32.150257971 -0400
|
||||
+++ policycoreutils-2.0.62/debuglinks.list 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -0,0 +1,29 @@
|
||||
+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7 /sbin/setfiles
|
||||
+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7.debug /usr/lib/debug/sbin/setfiles.debug
|
||||
|
@ -99,19 +110,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665 /usr/bin/semodule_deps
|
||||
+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665.debug /usr/lib/debug/usr/bin/semodule_deps.debug
|
||||
+/usr/lib/debug/sbin/restorecon.debug /usr/lib/debug/sbin/setfiles.debug
|
||||
Binary files nsapolicycoreutils/debugsources.list and policycoreutils-2.0.62/debugsources.list differ
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.62/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/Makefile 2009-04-03 14:12:56.000000000 -0400
|
||||
diff -up policycoreutils-2.0.62/Makefile.rhat policycoreutils-2.0.62/Makefile
|
||||
--- policycoreutils-2.0.62/Makefile.rhat 2009-02-18 16:45:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/Makefile 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||
|
||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.62/restorecond/restorecond.conf
|
||||
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-02-18 16:44:47.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/restorecond/restorecond.conf 2009-04-03 14:12:56.000000000 -0400
|
||||
diff -up policycoreutils-2.0.62/restorecond/restorecond.conf.rhat policycoreutils-2.0.62/restorecond/restorecond.conf
|
||||
--- policycoreutils-2.0.62/restorecond/restorecond.conf.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/restorecond/restorecond.conf 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -5,3 +5,7 @@
|
||||
/var/run/utmp
|
||||
/var/log/wtmp
|
||||
|
@ -120,10 +130,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+/root/.ssh/*
|
||||
+
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.62/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2009-01-13 08:45:35.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/scripts/chcat 2009-04-09 12:28:34.000000000 -0400
|
||||
@@ -281,14 +281,14 @@
|
||||
diff -up policycoreutils-2.0.62/scripts/chcat.rhat policycoreutils-2.0.62/scripts/chcat
|
||||
--- policycoreutils-2.0.62/scripts/chcat.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/scripts/chcat 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -281,14 +281,14 @@ def isSensitivity(sensitivity):
|
||||
def expandCats(cats):
|
||||
newcats = []
|
||||
for c in cats:
|
||||
|
@ -146,10 +156,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if i not in newcats:
|
||||
newcats.append(i)
|
||||
if len(newcats) > 25:
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2009-02-18 16:44:47.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/scripts/fixfiles 2009-04-03 14:12:56.000000000 -0400
|
||||
@@ -122,7 +122,7 @@
|
||||
diff -up policycoreutils-2.0.62/scripts/fixfiles.rhat policycoreutils-2.0.62/scripts/fixfiles
|
||||
--- policycoreutils-2.0.62/scripts/fixfiles.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/scripts/fixfiles 2009-05-05 10:49:24.000000000 -0400
|
||||
@@ -89,7 +89,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ];
|
||||
fi; \
|
||||
done | \
|
||||
while read pattern ; do sh -c "find $pattern \
|
||||
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \
|
||||
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o \
|
||||
\( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
|
||||
done 2> /dev/null | \
|
||||
${RESTORECON} $* -0 -f -
|
||||
@@ -122,14 +122,14 @@ if [ ! -z "$PREFC" ]; then
|
||||
fi
|
||||
if [ ! -z "$RPMFILES" ]; then
|
||||
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
||||
|
@ -158,10 +177,37 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
done
|
||||
exit $?
|
||||
fi
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.62/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2009-02-18 16:44:47.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/semanage/semanage 2009-04-08 21:39:50.000000000 -0400
|
||||
@@ -50,7 +50,7 @@
|
||||
if [ ! -z "$FILEPATH" ]; then
|
||||
if [ -x /usr/bin/find ]; then
|
||||
/usr/bin/find "$FILEPATH" \
|
||||
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o -print0 | \
|
||||
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o fstype btrfs \) -prune -o -print0 | \
|
||||
${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
|
||||
else
|
||||
${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
|
||||
diff -up policycoreutils-2.0.62/semanage/semanage.8.rhat policycoreutils-2.0.62/semanage/semanage.8
|
||||
--- policycoreutils-2.0.62/semanage/semanage.8.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/semanage/semanage.8 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -21,6 +21,8 @@ semanage \- SELinux Policy Management to
|
||||
.br
|
||||
.B semanage permissive \-{a|d} type
|
||||
.br
|
||||
+.B semanage module \-{a|d} policy_package
|
||||
+.br
|
||||
.B semanage translation \-{a|d|m} [\-T] level
|
||||
.P
|
||||
|
||||
diff -up policycoreutils-2.0.62/semanage/semanage.rhat policycoreutils-2.0.62/semanage/semanage
|
||||
--- policycoreutils-2.0.62/semanage/semanage.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/semanage/semanage 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -44,16 +44,17 @@ if __name__ == '__main__':
|
||||
text = _("""
|
||||
semanage [ -S store ] -i [ input_file | - ]
|
||||
|
||||
-semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
|
||||
+semanage {module,boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
|
||||
semanage login -{a|d|m} [-sr] login_name | %groupname
|
||||
semanage user -{a|d|m} [-LrRP] selinux_name
|
||||
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
|
||||
semanage interface -{a|d|m} [-tr] interface_spec
|
||||
semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
|
||||
|
@ -169,8 +215,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+semanage fcontext -{a|d|m} [-frst] [-e path ] file_spec
|
||||
semanage translation -{a|d|m} [-T] level
|
||||
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
|
||||
semanage permissive -{d|a} type
|
||||
@@ -84,6 +84,7 @@
|
||||
-semanage permissive -{d|a} type
|
||||
+semanage permissive -{a|d} type
|
||||
+semanage module -{a|d|} module
|
||||
|
||||
Primary Options:
|
||||
|
||||
@@ -68,6 +69,7 @@ Primary Options:
|
||||
-h, --help Display this message
|
||||
-n, --noheading Do not print heading when listing OBJECTS
|
||||
-S, --store Select and alternate SELinux store to manage
|
||||
+ --dontaudit Turn on or off dontaudit rules
|
||||
|
||||
Object-specific Options (see above):
|
||||
|
||||
@@ -84,6 +86,7 @@ Object-specific Options (see above):
|
||||
-F, --file Treat target as an input file for command, change multiple settings
|
||||
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
|
||||
-M, --mask Netmask
|
||||
|
@ -178,7 +237,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
-P, --prefix Prefix for home directory labeling
|
||||
-L, --level Default SELinux Level (MLS/MCS Systems only)
|
||||
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
|
||||
@@ -115,7 +116,7 @@
|
||||
@@ -115,11 +118,14 @@ Object-specific Options (see above):
|
||||
valid_option["node"] = []
|
||||
valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
|
||||
valid_option["fcontext"] = []
|
||||
|
@ -187,15 +246,25 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
valid_option["translation"] = []
|
||||
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
|
||||
valid_option["boolean"] = []
|
||||
@@ -192,6 +193,7 @@
|
||||
valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
|
||||
+ valid_option["module"] = []
|
||||
+ valid_option["module"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '--dontaudit']
|
||||
+
|
||||
valid_option["permissive"] = []
|
||||
valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
|
||||
return valid_option
|
||||
@@ -192,7 +198,10 @@ Object-specific Options (see above):
|
||||
locallist = False
|
||||
use_file = False
|
||||
store = ""
|
||||
+ equil=""
|
||||
|
||||
+ dontaudit = ""
|
||||
+
|
||||
object = argv[0]
|
||||
option_dict=get_options()
|
||||
@@ -201,10 +203,11 @@
|
||||
if object not in option_dict.keys():
|
||||
@@ -201,10 +210,12 @@ Object-specific Options (see above):
|
||||
args = argv[1:]
|
||||
|
||||
gopts, cmds = getopt.getopt(args,
|
||||
|
@ -204,21 +273,69 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
['add',
|
||||
'delete',
|
||||
'deleteall',
|
||||
+ 'dontaudit=',
|
||||
+ 'equil=',
|
||||
'ftype=',
|
||||
'file',
|
||||
'help',
|
||||
@@ -248,6 +251,9 @@
|
||||
if o == "-f" or o == "--ftype":
|
||||
ftype=a
|
||||
|
||||
+ if o == "-e" or o == "--equil":
|
||||
+ equil=a
|
||||
@@ -241,16 +252,24 @@ Object-specific Options (see above):
|
||||
if modify or add:
|
||||
raise ValueError(_("%s bad option") % o)
|
||||
delete = True
|
||||
+
|
||||
if o == "-D" or o == "--deleteall":
|
||||
if modify:
|
||||
raise ValueError(_("%s bad option") % o)
|
||||
deleteall = True
|
||||
+
|
||||
if o == "-f" or o == "--ftype":
|
||||
- ftype=a
|
||||
+ ftype = a
|
||||
+
|
||||
+ if o == "-e" or o == "--equil":
|
||||
+ equil = a
|
||||
|
||||
if o == "-F" or o == "--file":
|
||||
use_file = True
|
||||
|
||||
@@ -366,7 +372,10 @@
|
||||
+ if o == "--dontaudit":
|
||||
+ dontaudit = a
|
||||
+
|
||||
if o == "-h" or o == "--help":
|
||||
raise ValueError(_("%s bad option") % o)
|
||||
|
||||
@@ -323,6 +342,9 @@ Object-specific Options (see above):
|
||||
|
||||
if object == "boolean":
|
||||
OBJECT = seobject.booleanRecords(store)
|
||||
+
|
||||
+ if object == "module":
|
||||
+ OBJECT = seobject.moduleRecords(store)
|
||||
|
||||
if object == "translation":
|
||||
OBJECT = seobject.setransRecords()
|
||||
@@ -341,6 +363,13 @@ Object-specific Options (see above):
|
||||
OBJECT.deleteall()
|
||||
return
|
||||
|
||||
+ if dontaudit != "":
|
||||
+ if object == "module":
|
||||
+ OBJECT.dontaudit(dontaudit)
|
||||
+ else:
|
||||
+ raise ValueError(_("%s bad option") % o)
|
||||
+ return
|
||||
+
|
||||
if len(cmds) != 1:
|
||||
raise ValueError(_("%s bad option") % o)
|
||||
|
||||
@@ -362,11 +391,17 @@ Object-specific Options (see above):
|
||||
if object == "interface":
|
||||
OBJECT.add(target, serange, setype)
|
||||
|
||||
+ if object == "module":
|
||||
+ OBJECT.add(target)
|
||||
+
|
||||
if object == "node":
|
||||
OBJECT.add(target, mask, proto, serange, setype)
|
||||
|
||||
if object == "fcontext":
|
||||
|
@ -230,7 +347,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if object == "permissive":
|
||||
OBJECT.add(target)
|
||||
|
||||
@@ -396,7 +405,10 @@
|
||||
@@ -386,6 +421,9 @@ Object-specific Options (see above):
|
||||
rlist = roles.split()
|
||||
OBJECT.modify(target, rlist, selevel, serange, prefix)
|
||||
|
||||
+ if object == "module":
|
||||
+ OBJECT.modify(target)
|
||||
+
|
||||
if object == "port":
|
||||
OBJECT.modify(target, proto, serange, setype)
|
||||
|
||||
@@ -396,7 +434,10 @@ Object-specific Options (see above):
|
||||
OBJECT.modify(target, mask, proto, serange, setype)
|
||||
|
||||
if object == "fcontext":
|
||||
|
@ -242,7 +369,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
return
|
||||
|
||||
@@ -405,7 +417,7 @@
|
||||
@@ -405,7 +446,7 @@ Object-specific Options (see above):
|
||||
OBJECT.delete(target, proto)
|
||||
|
||||
elif object == "fcontext":
|
||||
|
@ -251,7 +378,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
elif object == "node":
|
||||
OBJECT.delete(target, mask, proto)
|
||||
@@ -464,10 +476,10 @@
|
||||
@@ -464,10 +505,10 @@ Object-specific Options (see above):
|
||||
else:
|
||||
fd = open(input, 'r')
|
||||
trans = seobject.semanageRecords(store)
|
||||
|
@ -264,9 +391,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
else:
|
||||
process_args(sys.argv[1:])
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.62/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-11-14 17:10:15.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/semanage/seobject.py 2009-04-11 08:13:02.000000000 -0400
|
||||
diff -up policycoreutils-2.0.62/semanage/seobject.py.rhat policycoreutils-2.0.62/semanage/seobject.py
|
||||
--- policycoreutils-2.0.62/semanage/seobject.py.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/semanage/seobject.py 2009-05-05 14:46:35.000000000 -0400
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/python -E
|
||||
-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
|
||||
+# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# semanage is a tool for managing SELinux configuration files
|
||||
@@ -21,16 +21,16 @@
|
||||
#
|
||||
#
|
||||
|
@ -287,7 +421,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
except IOError:
|
||||
import __builtin__
|
||||
__builtin__.__dict__['_'] = unicode
|
||||
@@ -96,7 +96,7 @@
|
||||
@@ -96,7 +96,7 @@ try:
|
||||
self.audit_fd = audit.audit_open()
|
||||
|
||||
def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
|
||||
|
@ -296,7 +430,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
except:
|
||||
class logger:
|
||||
def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
|
||||
@@ -104,7 +104,7 @@
|
||||
@@ -104,7 +104,7 @@ except:
|
||||
message = "Successful: "
|
||||
else:
|
||||
message = "Failed: "
|
||||
|
@ -305,7 +439,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if sename != "":
|
||||
message += " sename=" + sename
|
||||
if old_sename != "":
|
||||
@@ -123,9 +123,9 @@
|
||||
@@ -123,9 +123,9 @@ mylog = logger()
|
||||
|
||||
import xml.etree.ElementTree
|
||||
|
||||
|
@ -317,7 +451,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
for l in tree.findall("layer"):
|
||||
for m in l.findall("module"):
|
||||
for b in m.findall("tunable"):
|
||||
@@ -160,12 +160,12 @@
|
||||
@@ -160,12 +160,12 @@ def validate_level(raw):
|
||||
cat_range = category + "(\." + category +")?"
|
||||
categories = cat_range + "(\," + cat_range + ")*"
|
||||
reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
|
||||
|
@ -333,7 +467,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
else:
|
||||
context = raw
|
||||
(rc, trans) = selinux.selinux_raw_to_trans_context(context)
|
||||
@@ -179,9 +179,9 @@
|
||||
@@ -179,9 +179,9 @@ def translate(raw, prepend = 1):
|
||||
return trans
|
||||
|
||||
def untranslate(trans, prepend = 1):
|
||||
|
@ -345,7 +479,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
else:
|
||||
context = trans
|
||||
|
||||
@@ -234,7 +234,7 @@
|
||||
@@ -234,7 +234,7 @@ class setransRecords:
|
||||
rec += "%s=%s\n" % (k, self.ddict[k])
|
||||
return rec
|
||||
|
||||
|
@ -354,7 +488,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if heading:
|
||||
print "\n%-25s %s\n" % (_("Level"), _("Translation"))
|
||||
keys = self.ddict.keys()
|
||||
@@ -273,6 +273,7 @@
|
||||
@@ -273,6 +273,7 @@ class setransRecords:
|
||||
(fd, newfilename) = tempfile.mkstemp('', self.filename)
|
||||
os.write(fd, self.out())
|
||||
os.close(fd)
|
||||
|
@ -362,7 +496,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
os.rename(newfilename, self.filename)
|
||||
os.system("/sbin/service mcstrans reload > /dev/null")
|
||||
|
||||
@@ -281,15 +282,20 @@
|
||||
@@ -281,15 +282,20 @@ class semanageRecords:
|
||||
global handle
|
||||
|
||||
if handle != None:
|
||||
|
@ -386,7 +520,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
def begin(self):
|
||||
if self.transaction:
|
||||
return
|
||||
@@ -303,6 +309,12 @@
|
||||
@@ -303,6 +309,55 @@ class semanageRecords:
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not commit semanage transaction"))
|
||||
|
||||
|
@ -396,10 +530,53 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+ self.transaction = False
|
||||
+ self.commit()
|
||||
+
|
||||
+class moduleRecords(semanageRecords):
|
||||
+ def __init__(self, store):
|
||||
+ semanageRecords.__init__(self, store)
|
||||
+
|
||||
+ def get_all(self):
|
||||
+ l = []
|
||||
+ (rc, mlist, number) = semanage_module_list(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not list SELinux modules"))
|
||||
+
|
||||
+ for i in range(number):
|
||||
+ mod = semanage_module_list_nth(mlist, i)
|
||||
+ name = semanage_module_get_name(mod)
|
||||
+ l.append(name)
|
||||
+ return l
|
||||
+
|
||||
+ def dontaudit(self, dontaudit = 0):
|
||||
+ self.begin()
|
||||
+ rc = semanage_set_disable_dontaudit(self.sh, int(dontaudit))
|
||||
+ self.commit()
|
||||
+ rc = semanage_reload_policy(self.sh)
|
||||
+
|
||||
+ def list(self, heading = 1, locallist = 0):
|
||||
+ if heading:
|
||||
+ print "\n%-25s\n" % (_("Modules"))
|
||||
+ for t in self.get_all():
|
||||
+ print t
|
||||
+
|
||||
+ def add(self, modules):
|
||||
+ import glob
|
||||
+ for m in modules.split():
|
||||
+ rc = semanage_module_install_file(self.sh, m);
|
||||
+ if rc >= 0:
|
||||
+ self.commit()
|
||||
+
|
||||
+ def delete(self, modules):
|
||||
+ for m in modules.split():
|
||||
+ rc = semanage_module_remove(self.sh, m)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not remove module %s (remove failed)") % name)
|
||||
+
|
||||
+ self.commit()
|
||||
+
|
||||
class permissiveRecords(semanageRecords):
|
||||
def __init__(self, store):
|
||||
semanageRecords.__init__(self, store)
|
||||
@@ -320,7 +332,7 @@
|
||||
@@ -320,7 +375,7 @@ class permissiveRecords(semanageRecords)
|
||||
l.append(name.split("permissive_")[1])
|
||||
return l
|
||||
|
||||
|
@ -408,7 +585,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if heading:
|
||||
print "\n%-25s\n" % (_("Permissive Types"))
|
||||
for t in self.get_all():
|
||||
@@ -328,6 +340,7 @@
|
||||
@@ -328,6 +383,7 @@ class permissiveRecords(semanageRecords)
|
||||
|
||||
|
||||
def add(self, type):
|
||||
|
@ -416,7 +593,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
name = "permissive_%s" % type
|
||||
dirname = "/var/lib/selinux"
|
||||
os.chdir(dirname)
|
||||
@@ -341,7 +354,7 @@
|
||||
@@ -341,7 +397,7 @@ require {
|
||||
|
||||
permissive %s;
|
||||
""" % (name, type, type)
|
||||
|
@ -425,7 +602,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
fd.write(modtxt)
|
||||
fd.close()
|
||||
mc = module.ModuleCompiler()
|
||||
@@ -351,16 +364,19 @@
|
||||
@@ -351,16 +407,19 @@ permissive %s;
|
||||
fd.close()
|
||||
|
||||
rc = semanage_module_install(self.sh, data, len(data));
|
||||
|
@ -450,7 +627,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
def delete(self, name):
|
||||
for n in name.split():
|
||||
@@ -390,11 +406,11 @@
|
||||
@@ -390,11 +449,11 @@ class loginRecords(semanageRecords):
|
||||
if sename == "":
|
||||
sename = "user_u"
|
||||
|
||||
|
@ -464,7 +641,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
||||
if exists:
|
||||
@@ -410,7 +426,7 @@
|
||||
@@ -410,7 +469,7 @@ class loginRecords(semanageRecords):
|
||||
except:
|
||||
raise ValueError(_("Linux User %s does not exist") % name)
|
||||
|
||||
|
@ -473,7 +650,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create login mapping for %s") % name)
|
||||
|
||||
@@ -450,17 +466,17 @@
|
||||
@@ -450,17 +509,17 @@ class loginRecords(semanageRecords):
|
||||
if sename == "" and serange == "":
|
||||
raise ValueError(_("Requires seuser or serange"))
|
||||
|
||||
|
@ -494,7 +671,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query seuser for %s") % name)
|
||||
|
||||
@@ -483,7 +499,7 @@
|
||||
@@ -483,7 +542,7 @@ class loginRecords(semanageRecords):
|
||||
semanage_seuser_key_free(k)
|
||||
semanage_seuser_free(u)
|
||||
|
||||
|
@ -503,7 +680,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
def modify(self, name, sename = "", serange = ""):
|
||||
try:
|
||||
@@ -492,21 +508,21 @@
|
||||
@@ -492,21 +551,21 @@ class loginRecords(semanageRecords):
|
||||
self.commit()
|
||||
|
||||
except ValueError, error:
|
||||
|
@ -529,7 +706,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
||||
if not exists:
|
||||
@@ -525,10 +541,10 @@
|
||||
@@ -525,10 +584,10 @@ class loginRecords(semanageRecords):
|
||||
self.commit()
|
||||
|
||||
except ValueError, error:
|
||||
|
@ -542,7 +719,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
def get_all(self, locallist = 0):
|
||||
ddict = {}
|
||||
@@ -578,17 +594,17 @@
|
||||
@@ -578,17 +637,17 @@ class seluserRecords(semanageRecords):
|
||||
if len(roles) < 1:
|
||||
raise ValueError(_("You must add at least one role for %s") % name)
|
||||
|
||||
|
@ -563,7 +740,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create SELinux user for %s") % name)
|
||||
|
||||
@@ -612,7 +628,7 @@
|
||||
@@ -612,7 +671,7 @@ class seluserRecords(semanageRecords):
|
||||
rc = semanage_user_set_prefix(self.sh, u, prefix)
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
|
||||
|
@ -572,7 +749,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not extract key for %s") % name)
|
||||
|
||||
@@ -645,17 +661,17 @@
|
||||
@@ -645,17 +704,17 @@ class seluserRecords(semanageRecords):
|
||||
else:
|
||||
raise ValueError(_("Requires prefix or roles"))
|
||||
|
||||
|
@ -593,7 +770,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query user for %s") % name)
|
||||
|
||||
@@ -703,17 +719,17 @@
|
||||
@@ -703,17 +762,17 @@ class seluserRecords(semanageRecords):
|
||||
raise error
|
||||
|
||||
def __delete(self, name):
|
||||
|
@ -614,7 +791,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
|
||||
if not exists:
|
||||
@@ -795,7 +811,7 @@
|
||||
@@ -795,7 +854,7 @@ class portRecords(semanageRecords):
|
||||
low = int(ports[0])
|
||||
high = int(ports[1])
|
||||
|
||||
|
@ -623,7 +800,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
|
||||
return ( k, proto_d, low, high )
|
||||
@@ -812,13 +828,13 @@
|
||||
@@ -812,13 +871,13 @@ class portRecords(semanageRecords):
|
||||
|
||||
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||
|
||||
|
@ -639,7 +816,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create port for %s/%s") % (proto, port))
|
||||
|
||||
@@ -871,13 +887,13 @@
|
||||
@@ -871,13 +930,13 @@ class portRecords(semanageRecords):
|
||||
|
||||
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||
|
||||
|
@ -655,7 +832,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query port %s/%s") % (proto, port))
|
||||
|
||||
@@ -926,13 +942,13 @@
|
||||
@@ -926,13 +985,13 @@ class portRecords(semanageRecords):
|
||||
|
||||
def __delete(self, port, proto):
|
||||
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||
|
@ -671,7 +848,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
|
||||
if not exists:
|
||||
@@ -1038,17 +1054,17 @@
|
||||
@@ -1038,17 +1097,17 @@ class nodeRecords(semanageRecords):
|
||||
if ctype == "":
|
||||
raise ValueError(_("SELinux Type is required"))
|
||||
|
||||
|
@ -692,7 +869,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create addr for %s") % addr)
|
||||
|
||||
@@ -1113,17 +1129,17 @@
|
||||
@@ -1113,17 +1172,17 @@ class nodeRecords(semanageRecords):
|
||||
if serange == "" and setype == "":
|
||||
raise ValueError(_("Requires setype or serange"))
|
||||
|
||||
|
@ -713,7 +890,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query addr %s") % addr)
|
||||
|
||||
@@ -1160,17 +1176,17 @@
|
||||
@@ -1160,17 +1219,17 @@ class nodeRecords(semanageRecords):
|
||||
else:
|
||||
raise ValueError(_("Unknown or missing protocol"))
|
||||
|
||||
|
@ -734,7 +911,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if addr %s is defined") % addr)
|
||||
if not exists:
|
||||
@@ -1240,17 +1256,17 @@
|
||||
@@ -1240,17 +1299,17 @@ class interfaceRecords(semanageRecords):
|
||||
if ctype == "":
|
||||
raise ValueError(_("SELinux Type is required"))
|
||||
|
||||
|
@ -755,7 +932,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create interface for %s") % interface)
|
||||
|
||||
@@ -1301,17 +1317,17 @@
|
||||
@@ -1301,17 +1360,17 @@ class interfaceRecords(semanageRecords):
|
||||
if serange == "" and setype == "":
|
||||
raise ValueError(_("Requires setype or serange"))
|
||||
|
||||
|
@ -776,7 +953,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query interface %s") % interface)
|
||||
|
||||
@@ -1335,17 +1351,17 @@
|
||||
@@ -1335,17 +1394,17 @@ class interfaceRecords(semanageRecords):
|
||||
self.commit()
|
||||
|
||||
def __delete(self, interface):
|
||||
|
@ -797,7 +974,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
||||
if not exists:
|
||||
@@ -1393,6 +1409,45 @@
|
||||
@@ -1393,6 +1452,48 @@ class interfaceRecords(semanageRecords):
|
||||
class fcontextRecords(semanageRecords):
|
||||
def __init__(self, store = ""):
|
||||
semanageRecords.__init__(self, store)
|
||||
|
@ -820,7 +997,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+ for src in self.equiv.keys():
|
||||
+ fd.write("%s %s\n" % (src, self.equiv[src]))
|
||||
+ fd.close()
|
||||
+ os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE])
|
||||
+ try:
|
||||
+ os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE])
|
||||
+ except:
|
||||
+ pass
|
||||
+ os.rename(tmpfile,subs_file)
|
||||
+ self.equil_ind = False
|
||||
+ semanageRecords.commit(self)
|
||||
|
@ -843,7 +1023,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
def createcon(self, target, seuser = "system_u"):
|
||||
(rc, con) = semanage_context_create(self.sh)
|
||||
@@ -1429,23 +1484,23 @@
|
||||
@@ -1429,23 +1530,23 @@ class fcontextRecords(semanageRecords):
|
||||
if type == "":
|
||||
raise ValueError(_("SELinux Type is required"))
|
||||
|
||||
|
@ -871,7 +1051,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create file context for %s") % target)
|
||||
|
||||
@@ -1486,21 +1541,21 @@
|
||||
@@ -1486,21 +1587,21 @@ class fcontextRecords(semanageRecords):
|
||||
raise ValueError(_("Requires setype, serange or seuser"))
|
||||
self.validate(target)
|
||||
|
||||
|
@ -898,7 +1078,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query file context for %s") % target)
|
||||
|
||||
@@ -1550,7 +1605,7 @@
|
||||
@@ -1550,7 +1651,7 @@ class fcontextRecords(semanageRecords):
|
||||
target = semanage_fcontext_get_expr(fcontext)
|
||||
ftype = semanage_fcontext_get_type(fcontext)
|
||||
ftype_str = semanage_fcontext_get_type_str(ftype)
|
||||
|
@ -907,7 +1087,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create a key for %s") % target)
|
||||
|
||||
@@ -1558,19 +1613,26 @@
|
||||
@@ -1558,19 +1659,26 @@ class fcontextRecords(semanageRecords):
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not delete the file context %s") % target)
|
||||
semanage_fcontext_key_free(k)
|
||||
|
@ -938,7 +1118,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||
if exists:
|
||||
@@ -1617,11 +1679,11 @@
|
||||
@@ -1617,11 +1725,11 @@ class fcontextRecords(semanageRecords):
|
||||
return ddict
|
||||
|
||||
def list(self, heading = 1, locallist = 0 ):
|
||||
|
@ -952,7 +1132,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
for k in keys:
|
||||
if fcon_dict[k]:
|
||||
if is_mls_enabled:
|
||||
@@ -1630,11 +1692,17 @@
|
||||
@@ -1630,11 +1738,17 @@ class fcontextRecords(semanageRecords):
|
||||
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
|
||||
else:
|
||||
print "%-50s %-18s <<None>>" % (k[0], k[1])
|
||||
|
@ -971,7 +1151,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
self.dict["TRUE"] = 1
|
||||
self.dict["FALSE"] = 0
|
||||
self.dict["ON"] = 1
|
||||
@@ -1643,16 +1711,16 @@
|
||||
@@ -1643,16 +1757,16 @@ class booleanRecords(semanageRecords):
|
||||
self.dict["0"] = 0
|
||||
|
||||
def __mod(self, name, value):
|
||||
|
@ -991,7 +1171,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query file context %s") % name)
|
||||
|
||||
@@ -1670,7 +1738,7 @@
|
||||
@@ -1670,7 +1784,7 @@ class booleanRecords(semanageRecords):
|
||||
semanage_bool_key_free(k)
|
||||
semanage_bool_free(b)
|
||||
|
||||
|
@ -1000,7 +1180,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
self.begin()
|
||||
|
||||
@@ -1694,16 +1762,16 @@
|
||||
@@ -1694,16 +1808,16 @@ class booleanRecords(semanageRecords):
|
||||
|
||||
def __delete(self, name):
|
||||
|
||||
|
@ -1020,7 +1200,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if boolean %s is defined") % name)
|
||||
if not exists:
|
||||
@@ -1762,7 +1830,7 @@
|
||||
@@ -1762,7 +1876,7 @@ class booleanRecords(semanageRecords):
|
||||
return _("unknown")
|
||||
|
||||
def list(self, heading = True, locallist = False, use_file = False):
|
||||
|
@ -1029,11 +1209,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if use_file:
|
||||
ddict = self.get_all(locallist)
|
||||
keys = ddict.keys()
|
||||
Binary files nsapolicycoreutils/setfiles/restorecon and policycoreutils-2.0.62/setfiles/restorecon differ
|
||||
Binary files nsapolicycoreutils/setfiles/setfiles and policycoreutils-2.0.62/setfiles/setfiles differ
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.62/setfiles/setfiles.c
|
||||
--- nsapolicycoreutils/setfiles/setfiles.c 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/setfiles/setfiles.c 2009-04-14 09:38:55.000000000 -0400
|
||||
diff -up policycoreutils-2.0.62/setfiles/setfiles.c.rhat policycoreutils-2.0.62/setfiles/setfiles.c
|
||||
--- policycoreutils-2.0.62/setfiles/setfiles.c.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/setfiles/setfiles.c 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -29,6 +29,8 @@
|
||||
static int mass_relabel;
|
||||
static int mass_relabel_errs;
|
||||
|
@ -1043,7 +1221,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
static FILE *outfile = NULL;
|
||||
static int force = 0;
|
||||
#define STAT_BLOCK_SIZE 1
|
||||
@@ -444,11 +446,11 @@
|
||||
@@ -444,11 +446,11 @@ static int restore(const char *file)
|
||||
|
||||
if (progress) {
|
||||
count++;
|
||||
|
@ -1057,7 +1235,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
fprintf(stdout, "*");
|
||||
fflush(stdout);
|
||||
}
|
||||
@@ -1017,7 +1019,7 @@
|
||||
@@ -1017,7 +1019,7 @@ int main(int argc, char **argv)
|
||||
free(excludeArray[i].directory);
|
||||
}
|
||||
|
||||
|
@ -1066,4 +1244,27 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
printf("\n");
|
||||
exit(errors);
|
||||
}
|
||||
Binary files nsapolicycoreutils/setfiles/setfiles.o and policycoreutils-2.0.62/setfiles/setfiles.o differ
|
||||
diff -up policycoreutils-2.0.62/semanage/seobject.py~ policycoreutils-2.0.62/semanage/seobject.py
|
||||
--- policycoreutils-2.0.62/semanage/seobject.py~ 2009-05-14 09:02:13.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/semanage/seobject.py 2009-05-14 09:03:05.000000000 -0400
|
||||
@@ -1027,7 +1027,7 @@ class portRecords(semanageRecords):
|
||||
proto_str = semanage_port_get_proto_str(proto)
|
||||
low = semanage_port_get_low(port)
|
||||
high = semanage_port_get_high(port)
|
||||
- ddict[(low, high)] = (ctype, proto_str, level)
|
||||
+ ddict[(low, high, proto_str)] = (ctype, level)
|
||||
return ddict
|
||||
|
||||
def get_all_by_type(self, locallist = 0):
|
||||
diff -up policycoreutils-2.0.62/setfiles/setfiles.c~ policycoreutils-2.0.62/setfiles/setfiles.c
|
||||
--- policycoreutils-2.0.62/setfiles/setfiles.c~ 2009-09-09 16:50:37.000000000 +0200
|
||||
+++ policycoreutils-2.0.62/setfiles/setfiles.c 2009-09-09 16:51:23.000000000 +0200
|
||||
@@ -683,6 +683,8 @@ static int process_one(char *name)
|
||||
progname, name, strerror(errno));
|
||||
goto err;
|
||||
}
|
||||
+ close(pipe_fds[0]);
|
||||
+ pipe_fds[0] = -1;
|
||||
} else {
|
||||
rc = restore(name);
|
||||
if (rc)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py
|
||||
--- nsasepolgen/src/sepolgen/access.py 2009-01-13 08:45:35.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py 2009-04-01 10:03:43.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py 2009-04-21 14:54:12.000000000 -0400
|
||||
@@ -313,7 +313,7 @@
|
||||
|
||||
def __len__(self):
|
||||
|
@ -10,9 +10,30 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco
|
|||
|
||||
def add(self, role, type):
|
||||
if self.role_types.has_key(role):
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py
|
||||
--- nsasepolgen/src/sepolgen/audit.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py 2009-04-24 13:19:39.000000000 -0400
|
||||
@@ -47,6 +47,17 @@
|
||||
stdout=subprocess.PIPE).communicate()[0]
|
||||
return output
|
||||
|
||||
+def get_log_msgs():
|
||||
+ """Obtain all of the avc and policy load messages from /var/log/messages.
|
||||
+
|
||||
+ Returns:
|
||||
+ string contain all of the audit messages returned by /var/log/messages.
|
||||
+ """
|
||||
+ import subprocess
|
||||
+ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"],
|
||||
+ stdout=subprocess.PIPE).communicate()[0]
|
||||
+ return output
|
||||
+
|
||||
# Classes representing audit messages
|
||||
|
||||
class AuditMessage:
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py
|
||||
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py 2009-04-21 14:54:12.000000000 -0400
|
||||
@@ -919,7 +919,7 @@
|
||||
def list_headers(root):
|
||||
modules = []
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.62
|
||||
Release: 10%{?dist}
|
||||
Release: 12.15%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
|
@ -23,6 +23,7 @@ Patch: policycoreutils-rhat.patch
|
|||
Patch1: policycoreutils-po.patch
|
||||
Patch3: policycoreutils-gui.patch
|
||||
Patch4: policycoreutils-sepolgen.patch
|
||||
Patch5: policycoreutils-F11.patch
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
|
||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
|
@ -54,6 +55,7 @@ context.
|
|||
%patch1 -p1 -b .rhatpo
|
||||
%patch3 -p1 -b .gui
|
||||
%patch4 -p1 -b .sepolgen
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
||||
|
@ -111,6 +113,7 @@ The policycoreutils-python package contains the management tools use to manage a
|
|||
%{_sbindir}/semanage
|
||||
%{_bindir}/audit2allow
|
||||
%{_bindir}/audit2why
|
||||
%{_bindir}/sandbox
|
||||
%{_bindir}/chcat
|
||||
%{_bindir}/sepolgen-ifgen
|
||||
%{_libdir}/python?.?/site-packages/seobject.py*
|
||||
|
@ -160,6 +163,7 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||
%defattr(-,root,root)
|
||||
%{_bindir}/system-config-selinux
|
||||
%{_bindir}/selinux-polgengui
|
||||
%{_bindir}/sepolgen
|
||||
%{_datadir}/applications/fedora-system-config-selinux.desktop
|
||||
%{_datadir}/applications/fedora-selinux-polgengui.desktop
|
||||
%dir %{_datadir}/system-config-selinux
|
||||
|
@ -221,6 +225,54 @@ else
|
|||
fi
|
||||
|
||||
%changelog
|
||||
* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.15
|
||||
- Update to Rawhides system-config-selinux/polgengui
|
||||
|
||||
* Thu Sep 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.14
|
||||
- Fix tight loop in restorecond patch from Martin Orr
|
||||
|
||||
* Wed Sep 23 2009 Miroslav Grepl <mgrepl@redhat.com> 2.0.62-12.13
|
||||
- Fix for setfiles leaks descriptors from Steve Grubb
|
||||
|
||||
* Fri Jun 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.12
|
||||
- Fix polgen.py
|
||||
|
||||
* Tue Jun 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.11
|
||||
- Fix polgen.py
|
||||
|
||||
* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.10
|
||||
- Add sepolgen executable
|
||||
|
||||
* Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.9
|
||||
- Fix mount options on sandbox
|
||||
|
||||
* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.8
|
||||
- Allow polgen.py to generate policy for just the binary
|
||||
|
||||
* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.7
|
||||
- Fix sandbox to be able to execute files in homedir
|
||||
|
||||
* Fri May 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.6
|
||||
- Add sandbox script
|
||||
|
||||
* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.5
|
||||
- More portspage fixes
|
||||
|
||||
* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.4
|
||||
- Fix portspage and generation of init_script_file in templates
|
||||
|
||||
* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.3
|
||||
- Fix handling of .subs file
|
||||
|
||||
* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.2
|
||||
- Fix fixfiles to handle btrfs
|
||||
|
||||
* Fri Apr 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.1
|
||||
- Fix audit2allow -a to read /var/log/messages
|
||||
|
||||
* Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12
|
||||
- Add semanage module support
|
||||
|
||||
* Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-10
|
||||
- Do not print \n, if count < 1000;
|
||||
|
||||
|
|
Binary file not shown.
Loading…
Reference in New Issue