diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.29.11/restorecon/restorecon.c --- nsapolicycoreutils/restorecon/restorecon.c 2006-01-13 09:47:40.000000000 -0500 +++ policycoreutils-1.29.11/restorecon/restorecon.c 2006-01-25 14:03:12.000000000 -0500 @@ -140,6 +140,7 @@ fprintf(stderr,"Warning! %s refers to a symbolic link, not following last component.\n", filename); char *p = NULL, *file_sep; char *tmp_path = strdupa(filename); + size_t len=0; if (!tmp_path) { fprintf(stderr,"strdupa on %s failed: %s\n", filename,strerror(errno)); return 1; @@ -150,8 +151,11 @@ *file_sep = 0; file_sep++; p = realpath(tmp_path, path); + } + else { + file_sep = tmp_path; + p = realpath("./", path); } - size_t len; if(p) len = strlen(p); if (!p || len + strlen(file_sep) + 2 > PATH_MAX) { @@ -162,7 +166,7 @@ *p = '/'; p++; strcpy(p, file_sep); - filename = p; + filename = path; } else { char *p; p = realpath(filename, path); diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.11/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2006-01-19 16:00:44.000000000 -0500 +++ policycoreutils-1.29.11/scripts/chcat 2006-01-25 11:13:33.000000000 -0500 @@ -356,7 +356,7 @@ if list_ind==0 and len(cmds) < 1: usage() - except: + except ValueError, e: usage() if delete_ind: diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.11/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2006-01-20 10:37:37.000000000 -0500 +++ policycoreutils-1.29.11/semanage/semanage 2006-01-25 11:13:33.000000000 -0500 @@ -30,28 +30,27 @@ def usage(message = ""): print '\ -semanage {login|user|port|interface|fcontext} -l\n\ +semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\ semanage login -{a|d|m} [-sr] login_name\n\ semanage user -{a|d|m} [-LrR] selinux_name\n\ -semanage port -{a|d|m} -p protocol [-t] port_number\n\ +semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\ semanage interface -{a|d|m} [-tr] interface_spec\n\ -semanage translation -{a|d|m} [-T] level\n\ semanage fcontext -{a|d|m} [-frst] file_spec\n\ +semanage translation -{a|d|m} [-T] level\n\ -a, --add Add a OBJECT record NAME\n\ -d, --delete Delete a OBJECT record NAME\n\ -f, --ftype File Type of OBJECT \n\ -h, --help display this message\n\ -l, --list List the OBJECTS\n\ -L, --level Default SELinux Level\n\ - -n, --noheading Do not print heading when listing OBJECTS\n\ -m, --modify Modify a OBJECT record NAME\n\ - -P, --proto Port protocol\n\ + -n, --noheading Do not print heading when listing OBJECTS\n\ + -p, --proto Port protocol\n\ -r, --range MLS/MCS Security Range\n\ -R, --roles SELinux Roles (Separate by spaces)\n\ -s, --seuser SELinux user name\n\ -t, --type SELinux Type for the object\n\ -T, --trans SELinux Level Translation\n\ - -v, --verbose verbose output\n\ ' print message sys.exit(1) @@ -62,35 +61,29 @@ sys.stderr.flush() sys.exit(1) - def unwanted_ftype(): - if ftype != "": - sys.stderr.write("ftype not used\n"); - def unwanted_selevel(): - if selevel != "": - sys.stderr.write("level not used\n"); - def unwanted_proto(): - if proto != "": - sys.stderr.write("proto not used\n"); - def unwanted_roles(): - if roles != "": - sys.stderr.write("role not used\n"); - def unwanted_serange(): - if serange != "": - sys.stderr.write("range not used\n"); - def unwanted_seuser(): - if seuser != "": - sys.stderr.write("seuser not used\n"); - def unwanted_setype(): - if setype != "": - sys.stderr.write("type not used\n"); - def unwanted_setrans(): - if setrans != "": - sys.stderr.write("trans not used\n"); + def get_options(): + valid_option={} + valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ] + valid_option["login"] = [] + valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range'] + valid_option["user"] = [] + valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles' ] + valid_option["port"] = [] + valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range'] + valid_option["port"] = [] + valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--protocol' ] + valid_option["interface"] = [] + valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range'] + valid_option["fcontext"] = [] + valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] + valid_option["translation"] = [] + valid_option["fcontext"] += valid_everyone + [ '-T', '--trans' ] + return valid_option + # # # try: - objectlist = ("login", "user", "port", "interface", "fcontext", "translation") input = sys.stdin output = sys.stdout serange = "" @@ -112,12 +105,14 @@ usage("Requires 2 or more arguments") object = sys.argv[1] - if object not in objectlist: + option_dict=get_options() + if object not in option_dict.keys(): usage("%s not defined" % object) args = sys.argv[2:] + gopts, cmds = getopt.getopt(args, - 'adf:lhmnp:P:s:R:L:r:t:vT:', + 'adf:lhmnp:s:R:L:r:t:vT:', ['add', 'delete', 'ftype=', @@ -125,16 +120,18 @@ 'list', 'modify', 'noheading', - 'port=', 'proto=', 'seuser=', 'range=', 'level=', 'roles=', 'type=', - 'trans=', - 'verbose' + 'trans=' ]) + for o, a in gopts: + if o not in option_dict[object]: + sys.stderr.write("%s not valid for %s objects\n" % ( o, object) ); + for o,a in gopts: if o == "-a" or o == "--add": if modify or delete: @@ -167,11 +164,11 @@ if o == "-L" or o == '--level': selevel = a - if o == "-P" or o == '--proto': + if o == "-p" or o == '--proto': proto = a if o == "-R" or o == '--roles': - roles = roles + " " + a + roles = a if o == "-s" or o == "--seuser": seuser = a @@ -185,91 +182,25 @@ if o == "-v" or o == "--verbose": verbose = 1 -# Note in this section I intentionally leave the unwanted_*() functions for -# variabled which are wanted commented out and don't delete those lines. This -# will make it easier to modify the code when the list of wanted variables -# changes. if object == "login": - if not delete: - unwanted_ftype() - unwanted_selevel() - unwanted_proto() - unwanted_roles() -# unwanted_serange() -# unwanted_seuser() - unwanted_setype() - unwanted_setrans() OBJECT = seobject.loginRecords() if object == "user": - if not delete: - unwanted_ftype() -# unwanted_selevel() - unwanted_proto() -# unwanted_roles() -# unwanted_serange() - unwanted_seuser() - unwanted_setype() - unwanted_setrans() OBJECT = seobject.seluserRecords() if object == "port": - if not delete: - unwanted_ftype() - unwanted_selevel() -# unwanted_proto() - unwanted_roles() - unwanted_serange() - unwanted_seuser() -# unwanted_setype() - unwanted_setrans() OBJECT = seobject.portRecords() if object == "interface": - if not delete: - unwanted_ftype() - unwanted_selevel() - unwanted_proto() - unwanted_roles() -# unwanted_serange() - unwanted_seuser() -# unwanted_setype() - unwanted_setrans() OBJECT = seobject.interfaceRecords() if object == "fcontext": - if not delete: -# unwanted_ftype() - unwanted_selevel() - unwanted_proto() - unwanted_roles() -# unwanted_serange() -# unwanted_seuser() -# unwanted_setype() - unwanted_setrans() OBJECT = seobject.fcontextRecords() if object == "translation": - if not delete: - unwanted_ftype() - unwanted_selevel() - unwanted_proto() - unwanted_roles() - unwanted_serange() - unwanted_seuser() - unwanted_setype() -# unwanted_setrans() OBJECT = seobject.setransRecords() if list: - unwanted_ftype() - unwanted_selevel() - unwanted_proto() - unwanted_roles() - unwanted_serange() - unwanted_seuser() - unwanted_setype() - unwanted_setrans() OBJECT.list(heading) sys.exit(0); @@ -324,16 +255,6 @@ sys.exit(0); if delete: - if object != "fcontext": - unwanted_ftype() - unwanted_selevel() - if object == "port": - unwanted_proto() - unwanted_roles() - unwanted_serange() - unwanted_seuser() - unwanted_setype() - unwanted_setrans() if object == "port": OBJECT.delete(target, proto) diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.11/semanage/semanage.8 --- nsapolicycoreutils/semanage/semanage.8 2006-01-20 10:37:37.000000000 -0500 +++ policycoreutils-1.29.11/semanage/semanage.8 2006-01-25 11:13:33.000000000 -0500 @@ -3,19 +3,19 @@ semanage \- SELinux Policy Management tool .SH "SYNOPSIS" -.B semanage {login|user|port|interface|fcontext} \-l [\-n] +.B semanage {login|user|port|interface|fcontext|translation} \-l [\-n] .br .B semanage login \-{a|d|m} [\-sr] login_name .br .B semanage user \-{a|d|m} [\-LrR] selinux_name .br -.B semanage port \-{a|d|m} \-p protocol [\-t] port_number +.B semanage port \-{a|d|m} [\-tr] [\-p protocol] port | port_range .br .B semanage interface \-{a|d|m} [\-tr] interface_spec .br -.B semanage translation \-{a|d|m} [\-T] level -.br .B semanage fcontext \-{a|d|m} [\-frst] file_spec +.br +.B semanage translation \-{a|d|m} [\-T] level .P This tool is used to configure SELinux policy @@ -35,34 +35,34 @@ .I \-d, \-\-delete Delete a OBJECT record NAME .TP -.I \-h, \-\-help -display this message -.TP .I \-f, \-\-ftype File Type. This is used with fcontext. Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files. .TP +.I \-h, \-\-help +display this message +.TP .I \-l, \-\-list List the OBJECTS .TP -.I \-n, \-\-noheading -Do not print heading when listing OBJECTS -.TP .I \-L, \-\-level Default SELinux Level for SELinux use. (s0) .TP .I \-m, \-\-modify Modify a OBJECT record NAME .TP +.I \-n, \-\-noheading +Do not print heading when listing OBJECTS. +.TP .I \-p, \-\-proto Protocol for the specified port (tcp|udp). .TP -.I \-R, \-\-role -SELinux Roles (Separate by spaces) -.TP .I \-r, \-\-range MLS/MCS Security Range .TP +.I \-R, \-\-role +SELinux Roles. You must inclose multiple roles within quotes, separate by spaces. +.TP .I \-s, \-\-seuser SELinux user name .TP