diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.60/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2008-11-10 08:53:49.000000000 -0500
+++ policycoreutils-2.0.60/audit2allow/audit2allow 2008-12-15 15:34:54.000000000 -0500
@@ -42,10 +42,10 @@
from optparse import OptionParser
parser = OptionParser(version=self.VERSION)
- parser.add_option("-a", "--audit", action="store_true", dest="audit", default=False,
+ parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
help="read input from audit log - conflicts with -i")
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
- help="read input from dmesg - conflicts with --audit and --input")
+ help="read input from dmesg - conflicts with --all and --input")
parser.add_option("-i", "--input", dest="input",
help="read input from - conflicts with -a")
parser.add_option("-l", "--lastreload", action="store_true", dest="lastreload", default=False,
@@ -82,9 +82,9 @@
# Make -d, -a, and -i conflict
if options.audit is True:
if options.input is not None:
- sys.stderr.write("error: --audit conflicts with --input\n")
+ sys.stderr.write("error: --all conflicts with --input\n")
if options.dmesg is True:
- sys.stderr.write("error: --audit conflicts with --dmesg\n")
+ sys.stderr.write("error: --all conflicts with --dmesg\n")
if options.input is not None and options.dmesg is True:
sys.stderr.write("error: --input conflicts with --dmesg\n")
@@ -200,7 +200,7 @@
try:
fd = open(filename, "w")
except IOError, e:
- sys.stderr.write("could not write output file: %s\n", str(e))
+ sys.stderr.write("could not write output file: %s\n" % str(e))
sys.exit(1)
writer.write(generator.get_module(), fd)
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.60/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-11-10 08:53:49.000000000 -0500
+++ policycoreutils-2.0.60/audit2allow/audit2allow.1 2008-12-15 15:35:46.000000000 -0500
@@ -44,9 +44,6 @@
Note that all audit messages are not available via dmesg when
auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
.TP
-.B "\-f" | "\-\-fcfile"
-Add File Context File to generated Module Package. Requires -M option.
-.TP
.B "\-h" | "\-\-help"
Print a short usage message
.TP
@@ -78,9 +75,6 @@
Generate reference policy using installed macros.
This attempts to match denials against interfaces and may be inaccurate.
.TP
-.B "\-t " | "\-\-tefile"
-Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
-.TP
.B "\-w" | "\-\-why"
Translates SELinux audit messages into a description of why the access was denied
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.60/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/Makefile 2008-12-15 15:34:54.000000000 -0500
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.60/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/restorecond/restorecond.c 2008-12-15 15:34:54.000000000 -0500
@@ -283,6 +283,8 @@
inotify_rm_watch(fd, master_wd);
master_wd =
inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
+ if (master_wd == -1)
+ exitApp("Error watching config file.");
}
/*
@@ -411,7 +413,14 @@
if (!ptr)
exitApp("Out of Memory");
+
ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
+ if (ptr->wd == -1) {
+ free(ptr);
+ syslog(LOG_ERR, "Unable to watch (%s) %s\n",
+ path, strerror(errno));
+ return;
+ }
ptr->dir = strdup(dir);
if (!ptr->dir)
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.60/restorecond/utmpwatcher.c
--- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/restorecond/utmpwatcher.c 2008-12-15 15:34:54.000000000 -0500
@@ -57,7 +57,7 @@
utmp_ptr = NULL;
FILE *cfg = fopen(utmp_path, "r");
if (!cfg)
- exitApp("Error reading config file.");
+ exitApp("Error reading utmp file.");
while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
if (u.ut_type == USER_PROCESS)
@@ -69,6 +69,9 @@
utmp_wd =
inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
+ if (utmp_wd == -1)
+ exitApp("Error watching utmp file.");
+
if (prev_utmp_ptr) {
changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
strings_list_free(prev_utmp_ptr);
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.60/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/scripts/chcat 2008-12-15 15:34:54.000000000 -0500
@@ -291,6 +291,8 @@
for i in c.split(","):
if i not in newcats:
newcats.append(i)
+ if len(newcats) > 25:
+ return cats
return newcats
def translate(cats):
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.60/semodule/semodule.c
--- nsapolicycoreutils/semodule/semodule.c 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/semodule/semodule.c 2008-12-15 15:34:54.000000000 -0500
@@ -60,24 +60,6 @@
free(commands);
}
-/* mmap() a file to '*data', returning the total number of bytes in
- * the file. Returns 0 if file could not be opened or mapped. */
-static size_t map_file(char *filename, char **data)
-{
- int fd;
- struct stat sb;
- if ((fd = open(filename, O_RDONLY)) == -1) {
- return 0;
- }
- if (fstat(fd, &sb) == -1 ||
- (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) ==
- MAP_FAILED) {
- sb.st_size = 0;
- }
- close(fd);
- return sb.st_size;
-}
-
/* Signal handlers. */
static void handle_signal(int sig_num)
{
@@ -339,16 +321,6 @@
for (i = 0; i < num_commands; i++) {
enum client_modes mode = commands[i].mode;
char *mode_arg = commands[i].arg;
- char *data = NULL;
- size_t data_len = 0;
- if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
- if ((data_len = map_file(mode_arg, &data)) == 0) {
- fprintf(stderr,
- "%s: Could not read file '%s': %s\n",
- argv[0], mode_arg, errno ? strerror(errno) : "");
- goto cleanup;
- }
- }
switch (mode) {
case INSTALL_M:{
if (verbose) {
@@ -357,7 +329,7 @@
mode_arg);
}
result =
- semanage_module_install(sh, data, data_len);
+ semanage_module_install_file(sh, mode_arg);
break;
}
case UPGRADE_M:{
@@ -367,7 +339,7 @@
mode_arg);
}
result =
- semanage_module_upgrade(sh, data, data_len);
+ semanage_module_upgrade_file(sh, mode_arg);
break;
}
case BASE_M:{
@@ -377,8 +349,7 @@
mode_arg);
}
result =
- semanage_module_install_base(sh, data,
- data_len);
+ semanage_module_install_base_file(sh, mode_arg);
break;
}
case REMOVE_M:{
@@ -429,9 +400,6 @@
}
}
commit += do_commit[mode];
- if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
- munmap(data, data_len);
- }
if (result < 0) {
fprintf(stderr, "%s: Failed on %s!\n", argv[0],
mode_arg ? : "list");