33d42c2e3d
- Update to upstream -sepolgen * Merged support for enabling parser debugging from Karl MacMillan. - Add sgrupp cleanup of restorcon init script
187 lines
6.5 KiB
Diff
187 lines
6.5 KiB
Diff
diff --exclude-from=exclude --exclude=sepolgen-1.0.2 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.6/Makefile
|
|
--- nsapolicycoreutils/Makefile 2006-11-16 17:15:00.000000000 -0500
|
|
+++ policycoreutils-2.0.6/Makefile 2007-02-27 11:30:03.000000000 -0500
|
|
@@ -1,4 +1,4 @@
|
|
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
|
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
|
|
|
all install relabel clean indent:
|
|
@for subdir in $(SUBDIRS); do \
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.2 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.6/restorecond/restorecond.c
|
|
--- nsapolicycoreutils/restorecond/restorecond.c 2007-02-22 08:53:22.000000000 -0500
|
|
+++ policycoreutils-2.0.6/restorecond/restorecond.c 2007-02-27 11:30:03.000000000 -0500
|
|
@@ -210,9 +210,10 @@
|
|
}
|
|
|
|
if (fsetfilecon(fd, scontext) < 0) {
|
|
- syslog(LOG_ERR,
|
|
- "set context %s->%s failed:'%s'\n",
|
|
- filename, scontext, strerror(errno));
|
|
+ if (errno != EOPNOTSUPP)
|
|
+ syslog(LOG_ERR,
|
|
+ "set context %s->%s failed:'%s'\n",
|
|
+ filename, scontext, strerror(errno));
|
|
if (retcontext >= 0)
|
|
free(prev_context);
|
|
free(scontext);
|
|
@@ -225,8 +226,9 @@
|
|
if (retcontext >= 0)
|
|
free(prev_context);
|
|
} else {
|
|
- syslog(LOG_ERR, "get context on %s failed: '%s'\n",
|
|
- filename, strerror(errno));
|
|
+ if (errno != EOPNOTSUPP)
|
|
+ syslog(LOG_ERR, "get context on %s failed: '%s'\n",
|
|
+ filename, strerror(errno));
|
|
}
|
|
free(scontext);
|
|
close(fd);
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.2 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.6/restorecond/restorecond.conf
|
|
--- nsapolicycoreutils/restorecond/restorecond.conf 2006-11-20 12:19:55.000000000 -0500
|
|
+++ policycoreutils-2.0.6/restorecond/restorecond.conf 2007-02-27 11:30:03.000000000 -0500
|
|
@@ -1,7 +1,10 @@
|
|
/etc/resolv.conf
|
|
+/etc/localtime
|
|
/etc/samba/secrets.tdb
|
|
/etc/mtab
|
|
/var/run/utmp
|
|
+/var/run/faillog
|
|
/var/log/wtmp
|
|
+/etc/lvm/.cache
|
|
~/public_html
|
|
~/.mozilla/plugins/libflashplayer.so
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.2 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.6/restorecond/restorecond.init
|
|
--- nsapolicycoreutils/restorecond/restorecond.init 2006-11-16 17:14:28.000000000 -0500
|
|
+++ policycoreutils-2.0.6/restorecond/restorecond.init 2007-02-27 11:34:54.000000000 -0500
|
|
@@ -1,43 +1,68 @@
|
|
#!/bin/sh
|
|
#
|
|
-# restorecond: Daemo used to maintain path file context
|
|
+# restorecond: Daemon used to maintain path file context
|
|
#
|
|
-# chkconfig: 2345 10 90
|
|
+# chkconfig: 2345 12 87
|
|
# description: restorecond uses inotify to look for creation of new files \
|
|
# listed in the /etc/selinux/restorecond.conf file, and restores the \
|
|
# correct security context.
|
|
#
|
|
+# processname: /usr/sbin/restorecond
|
|
+# config: /etc/selinux/restorecond.conf
|
|
+# pidfile: /var/run/restorecond.pid
|
|
+#
|
|
+# Return values according to LSB for all commands but status:
|
|
+# 0 - success
|
|
+# 1 - generic or unspecified error
|
|
+# 2 - invalid or excess argument(s)
|
|
+# 3 - unimplemented feature (e.g. "reload")
|
|
+# 4 - insufficient privilege
|
|
+# 5 - program is not installed
|
|
+# 6 - program is not configured
|
|
+# 7 - program is not running
|
|
+
|
|
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
|
|
|
|
# Source function library.
|
|
. /etc/rc.d/init.d/functions
|
|
|
|
[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 0
|
|
|
|
+# Check that we are root ... so non-root users stop here
|
|
+test $EUID = 0 || exit 4
|
|
+
|
|
+test -x /usr/sbin/restorecond || exit 5
|
|
+test -f /etc/selinux/restorecond.conf || exit 6
|
|
+
|
|
+RETVAL=0
|
|
+
|
|
start()
|
|
{
|
|
echo -n $"Starting restorecond: "
|
|
+ unset HOME MAIL USER USERNAME
|
|
daemon /usr/sbin/restorecond
|
|
-
|
|
+ RETVAL=$?
|
|
touch /var/lock/subsys/restorecond
|
|
echo
|
|
+ return $RETVAL
|
|
}
|
|
|
|
stop()
|
|
{
|
|
echo -n $"Shutting down restorecond: "
|
|
killproc restorecond
|
|
-
|
|
+ RETVAL=$?
|
|
rm -f /var/lock/subsys/restorecond
|
|
echo
|
|
+ return $RETVAL
|
|
}
|
|
+
|
|
restart()
|
|
{
|
|
stop
|
|
start
|
|
}
|
|
|
|
-[ -f /usr/sbin/restorecond ] || exit 0
|
|
-
|
|
# See how we were called.
|
|
case "$1" in
|
|
start)
|
|
@@ -57,7 +82,8 @@
|
|
;;
|
|
*)
|
|
echo $"Usage: $0 {start|stop|restart|reload|condrestart}"
|
|
- exit 1
|
|
+ RETVAL=3
|
|
esac
|
|
|
|
-exit 0
|
|
+exit $RETVAL
|
|
+
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.2 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.6/scripts/chcat
|
|
--- nsapolicycoreutils/scripts/chcat 2007-02-22 08:53:22.000000000 -0500
|
|
+++ policycoreutils-2.0.6/scripts/chcat 2007-02-27 11:30:03.000000000 -0500
|
|
@@ -74,9 +74,11 @@
|
|
if i not in cats:
|
|
cats.append(i)
|
|
|
|
- new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
|
|
- if new_serange[-1:] == ":":
|
|
- new_serange = new_serange[:-1]
|
|
+
|
|
+ if len(cats) > 0:
|
|
+ new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
|
|
+ else
|
|
+ new_serange = "%s-%s" % (serange[0], top[0])
|
|
|
|
if add_ind:
|
|
cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
|
|
@@ -151,10 +153,11 @@
|
|
if i in cats:
|
|
cats.remove(i)
|
|
|
|
- new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
|
|
- if new_serange[-1:] == ":":
|
|
- new_serange = new_serange[:-1]
|
|
-
|
|
+ if len(cats) > 0:
|
|
+ new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
|
|
+ else
|
|
+ new_serange = "%s-%s" % (serange[0], top[0])
|
|
+
|
|
if add_ind:
|
|
cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
|
|
else:
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.2 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.6/semanage/seobject.py
|
|
--- nsapolicycoreutils/semanage/seobject.py 2007-02-22 08:53:22.000000000 -0500
|
|
+++ policycoreutils-2.0.6/semanage/seobject.py 2007-02-27 11:30:03.000000000 -0500
|
|
@@ -209,6 +209,7 @@
|
|
os.write(fd, self.out())
|
|
os.close(fd)
|
|
os.rename(newfilename, self.filename)
|
|
+ os.system("/sbin/service mcstrans reload > /dev/null")
|
|
|
|
class semanageRecords:
|
|
def __init__(self):
|