diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.28/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2005-12-01 10:11:27.000000000 -0500 +++ policycoreutils-1.28/audit2allow/audit2allow 2005-12-07 15:30:48.000000000 -0500 @@ -355,7 +355,7 @@ 'lastreload', 'module=', 'output=', - 'requires' + 'requires', 'tefile', 'verbose' ]) diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.28/restorecon/restorecon.8 --- nsapolicycoreutils/restorecon/restorecon.8 2005-02-02 13:31:48.000000000 -0500 +++ policycoreutils-1.28/restorecon/restorecon.8 2005-12-07 15:32:14.000000000 -0500 @@ -29,7 +29,7 @@ .B \-e directory directory to exclude (repeat option for more than one directory.) .TP -.B \-R +.B \-R \-r change files and directories file labels recursively .TP .B \-n diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.28/restorecon/restorecon.c --- nsapolicycoreutils/restorecon/restorecon.c 2005-09-20 14:13:05.000000000 -0400 +++ policycoreutils-1.28/restorecon/restorecon.c 2005-12-07 15:31:40.000000000 -0500 @@ -112,7 +112,7 @@ void usage(const char * const name) { fprintf(stderr, - "usage: %s [-Rnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", name); + "usage: %s [-rRnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", name); exit(1); } int restore(char *filename) { @@ -271,11 +271,12 @@ memset(buf,0, sizeof(buf)); - while ((opt = getopt(argc, argv, "FRnvf:o:e:")) > 0) { + while ((opt = getopt(argc, argv, "FrRnvf:o:e:")) > 0) { switch (opt) { case 'n': change = 0; break; + case 'r': case 'R': recurse = 1; break; diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.28/scripts/chcat --- nsapolicycoreutils/scripts/chcat 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.28/scripts/chcat 2005-12-08 11:31:57.000000000 -0500 @@ -0,0 +1,191 @@ +#! /usr/bin/env python +# Copyright (C) 2005 Red Hat +# see file 'COPYING' for use and warranty information +# +# chcat is a script that allows you modify the Security label on a file +# +#` Author: Daniel Walsh +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# +# +import commands, sys, os, pwd, string, getopt, re, selinux + +def chcat_add(orig, newcat, files): + errors=0 + cmd='chcon -l ' + if len(newcat) > 1: + sensitivity=newcat[0] + cat=newcat[1] + else: + sensitivity=0 + cat=newcat[0] + + + for f in files: + (rc, con) = selinux.getfilecon(f) + (rc, raw) = selinux.selinux_trans_to_raw_context(con) + clist=raw.split(":")[3:] + if sensitivity == 0: + sensitivity = clist[0] + if len(clist) > 1: + if clist[0] != sensitivity: + print("Can not modify sensitivity levels using '+' on %s" % f) + continue + cats=clist[1].split(",") + if cat in cats: + print "%s is already in %s" % (f, orig) + continue + cats.append(cat) + cats.sort() + cat_string=cats[0] + for c in cats[1:]: + cat_string="%s,%s" % (cat_string, c) + else: + cat_string=cat + cmd='chcon -l %s:%s %s' % (sensitivity, cat_string, f) + rc=commands.getstatusoutput(cmd) + if rc[0] != 0: + print rc[1] + errors+=1 + return errors + +def chcat_remove(orig, newcat, files): + errors=0 + if len(newcat) > 1: + sensitivity=newcat[0] + cat=newcat[1] + else: + sensitivity=0 + cat=newcat[0] + for f in files: + (rc, con) = selinux.getfilecon(f) + (rc, raw) = selinux.selinux_trans_to_raw_context(con) + clist=raw.split(":")[3:] + if sensitivity == 0: + sensitivity = clist[0] + if len(clist) > 1: + if clist[0] != sensitivity: + print("Can not modify sensitivity levels using '+' on %s" % f) + continue + cats=clist[1].split(",") + if cat not in cats: + print "%s is not in %s" % (f, orig) + continue + cats.remove(cat) + if len(cats) > 0: + cat=cats[0] + for c in cats[1:]: + cat="%s,%s" % (cat, c) + else: + cat="" + else: + print "%s is not in %s" % (f, orig) + continue + + if len(cat) == 0: + cmd='chcon -l %s %s' % (sensitivity, f) + else: + cmd='chcon -l %s:%s %s' % (sensitivity, cat, f) + rc=commands.getstatusoutput(cmd) + if rc[0] != 0: + print rc[1] + errors+=1 + return errors + +def chcat(context, files): + errors=0 + for c in context: + if len(c) > 0 and c[0] == "+": + (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:]) + rlist=raw.split(":") + errors += chcat_add(c[1:], rlist[3:], files) + continue + if len(c) > 0 and c[0] == "-": + (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:]) + rlist=raw.split(":") + errors += chcat_remove(c[1:], rlist[3:], files) + continue + + cmd='chcon -l "%s"' % c + for f in files: + cmd = "%s %s" % (cmd, f) + + rc=commands.getstatusoutput(cmd) + if rc[0] != 0: + print rc[1] + errors += 1 + return errors + +def usage(): + print "Usage %s CATEGORY File ..." % sys.argv[0] + print "Usage %s [[+|-]CATEGORY],...]q File ..." % sys.argv[0] + print "Usage %s -d File ..." % sys.argv[0] + print "Use -- to end option list. For example" + print "chcat -- -CompanyConfidential /docs/businessplan.odt." + sys.exit(1) + +def error(msg): + print "%s: %s" % (sys.argv[0], msg) + sys.exit(1) + +if __name__ == '__main__': + if selinux.is_selinux_mls_enabled() != 1: + error("Requires a mls enabled system") + + if selinux.is_selinux_enabled() != 1: + error("Requires an SELinux enabled system") + + delete_ind=0 + try: + gopts, cmds = getopt.getopt(sys.argv[1:], + 'dh', + ['help', + 'delete']) + + for o,a in gopts: + if o == "-h" or o == "--help": + usage() + if o == "-d" or o == "--delete": + delete_ind=1 + + if len(cmds) < 1: + usage() + except: + usage() + if delete_ind: + sys.exit(chcat([""], cmds)) + + if len(cmds) < 2: + usage() + + cats=cmds[0].split(",") + set_ind=0 + mod_ind=0 + for i in cats: + if i[0]=='+' or i[0]=="-": + mod_ind=1 + if set_ind == 1: + error("You can not use '%s' with previous categories" % i) + else: + if mod_ind == 1 or set_ind==1: + error("You can not use '%s' with previous categories" % i) + set_ind=1 + + files=cmds[1:] + sys.exit(chcat(cats, files)) + + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.28/scripts/chcat.8 --- nsapolicycoreutils/scripts/chcat.8 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.28/scripts/chcat.8 2005-12-07 15:30:48.000000000 -0500 @@ -0,0 +1,29 @@ +.TH CHCAT "8" "September 2005" "chcat" "User Commands" +.SH NAME +chcat \- change file security category +.SH SYNOPSIS +.B chcat +\fICATEGORY FILE\fR... +.br +.B chcat +\fI[[+|-]CATEGORY],...] FILE\fR... +.br +.B chcat +[\fI-d\fR] \fIFILE\fR... +.br +.PP +Change/Remove the security CATEGORY for each FILE. +.PP +Use +/- to add/remove categories from a FILE. +.TP +\fB\-d\fR +delete the category from each file. +.SH "SEE ALSO" +.TP +chcon(1), selinux(8) +.PP +.br +This script wraps the chcon command. +.SH "FILES" +/etc/selinux/{SELINUXTYPE}/setrans.conf + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-1.28/scripts/Makefile --- nsapolicycoreutils/scripts/Makefile 2005-01-28 15:24:12.000000000 -0500 +++ policycoreutils-1.28/scripts/Makefile 2005-12-07 15:30:48.000000000 -0500 @@ -1,20 +1,23 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr -BINDIR ?= $(PREFIX)/sbin +BINDIR ?= $(PREFIX)/bin +SBINDIR ?= $(PREFIX)/sbin MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale -TARGETS=genhomedircon +TARGETS=genhomedircon all: $(TARGETS) fixfiles install: all -mkdir -p $(BINDIR) - install -m 755 $(TARGETS) $(BINDIR) + install -m 755 $(TARGETS) $(SBINDIR) + install -m 755 chcat $(BINDIR) install -m 755 fixfiles $(DESTDIR)/sbin -mkdir -p $(MANDIR)/man8 install -m 644 fixfiles.8 $(MANDIR)/man8/ install -m 644 genhomedircon.8 $(MANDIR)/man8/ + install -m 644 chcat.8 $(MANDIR)/man8/ clean: