214 lines
8.5 KiB
Diff
214 lines
8.5 KiB
Diff
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.60/audit2allow/audit2allow
|
|
--- nsapolicycoreutils/audit2allow/audit2allow 2008-11-10 08:53:49.000000000 -0500
|
|
+++ policycoreutils-2.0.60/audit2allow/audit2allow 2008-12-15 15:34:54.000000000 -0500
|
|
@@ -42,10 +42,10 @@
|
|
from optparse import OptionParser
|
|
|
|
parser = OptionParser(version=self.VERSION)
|
|
- parser.add_option("-a", "--audit", action="store_true", dest="audit", default=False,
|
|
+ parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
|
|
help="read input from audit log - conflicts with -i")
|
|
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
|
|
- help="read input from dmesg - conflicts with --audit and --input")
|
|
+ help="read input from dmesg - conflicts with --all and --input")
|
|
parser.add_option("-i", "--input", dest="input",
|
|
help="read input from <input> - conflicts with -a")
|
|
parser.add_option("-l", "--lastreload", action="store_true", dest="lastreload", default=False,
|
|
@@ -82,9 +82,9 @@
|
|
# Make -d, -a, and -i conflict
|
|
if options.audit is True:
|
|
if options.input is not None:
|
|
- sys.stderr.write("error: --audit conflicts with --input\n")
|
|
+ sys.stderr.write("error: --all conflicts with --input\n")
|
|
if options.dmesg is True:
|
|
- sys.stderr.write("error: --audit conflicts with --dmesg\n")
|
|
+ sys.stderr.write("error: --all conflicts with --dmesg\n")
|
|
if options.input is not None and options.dmesg is True:
|
|
sys.stderr.write("error: --input conflicts with --dmesg\n")
|
|
|
|
@@ -200,7 +200,7 @@
|
|
try:
|
|
fd = open(filename, "w")
|
|
except IOError, e:
|
|
- sys.stderr.write("could not write output file: %s\n", str(e))
|
|
+ sys.stderr.write("could not write output file: %s\n" % str(e))
|
|
sys.exit(1)
|
|
|
|
writer.write(generator.get_module(), fd)
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.60/audit2allow/audit2allow.1
|
|
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-11-10 08:53:49.000000000 -0500
|
|
+++ policycoreutils-2.0.60/audit2allow/audit2allow.1 2008-12-15 15:35:46.000000000 -0500
|
|
@@ -44,9 +44,6 @@
|
|
Note that all audit messages are not available via dmesg when
|
|
auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
|
|
.TP
|
|
-.B "\-f" | "\-\-fcfile" <File Context File>
|
|
-Add File Context File to generated Module Package. Requires -M option.
|
|
-.TP
|
|
.B "\-h" | "\-\-help"
|
|
Print a short usage message
|
|
.TP
|
|
@@ -78,9 +75,6 @@
|
|
Generate reference policy using installed macros.
|
|
This attempts to match denials against interfaces and may be inaccurate.
|
|
.TP
|
|
-.B "\-t " | "\-\-tefile"
|
|
-Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
|
-.TP
|
|
.B "\-w" | "\-\-why"
|
|
Translates SELinux audit messages into a description of why the access was denied
|
|
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.60/Makefile
|
|
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
|
+++ policycoreutils-2.0.60/Makefile 2008-12-15 15:34:54.000000000 -0500
|
|
@@ -1,4 +1,4 @@
|
|
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
|
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
|
|
|
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
|
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.60/restorecond/restorecond.c
|
|
--- nsapolicycoreutils/restorecond/restorecond.c 2008-08-28 09:34:24.000000000 -0400
|
|
+++ policycoreutils-2.0.60/restorecond/restorecond.c 2008-12-15 15:34:54.000000000 -0500
|
|
@@ -283,6 +283,8 @@
|
|
inotify_rm_watch(fd, master_wd);
|
|
master_wd =
|
|
inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
|
|
+ if (master_wd == -1)
|
|
+ exitApp("Error watching config file.");
|
|
}
|
|
|
|
/*
|
|
@@ -411,7 +413,14 @@
|
|
|
|
if (!ptr)
|
|
exitApp("Out of Memory");
|
|
+
|
|
ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
|
|
+ if (ptr->wd == -1) {
|
|
+ free(ptr);
|
|
+ syslog(LOG_ERR, "Unable to watch (%s) %s\n",
|
|
+ path, strerror(errno));
|
|
+ return;
|
|
+ }
|
|
|
|
ptr->dir = strdup(dir);
|
|
if (!ptr->dir)
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.60/restorecond/utmpwatcher.c
|
|
--- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-08-28 09:34:24.000000000 -0400
|
|
+++ policycoreutils-2.0.60/restorecond/utmpwatcher.c 2008-12-15 15:34:54.000000000 -0500
|
|
@@ -57,7 +57,7 @@
|
|
utmp_ptr = NULL;
|
|
FILE *cfg = fopen(utmp_path, "r");
|
|
if (!cfg)
|
|
- exitApp("Error reading config file.");
|
|
+ exitApp("Error reading utmp file.");
|
|
|
|
while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
|
|
if (u.ut_type == USER_PROCESS)
|
|
@@ -69,6 +69,9 @@
|
|
|
|
utmp_wd =
|
|
inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
|
|
+ if (utmp_wd == -1)
|
|
+ exitApp("Error watching utmp file.");
|
|
+
|
|
if (prev_utmp_ptr) {
|
|
changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
|
|
strings_list_free(prev_utmp_ptr);
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.60/scripts/chcat
|
|
--- nsapolicycoreutils/scripts/chcat 2008-08-28 09:34:24.000000000 -0400
|
|
+++ policycoreutils-2.0.60/scripts/chcat 2008-12-15 15:34:54.000000000 -0500
|
|
@@ -291,6 +291,8 @@
|
|
for i in c.split(","):
|
|
if i not in newcats:
|
|
newcats.append(i)
|
|
+ if len(newcats) > 25:
|
|
+ return cats
|
|
return newcats
|
|
|
|
def translate(cats):
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.60/semodule/semodule.c
|
|
--- nsapolicycoreutils/semodule/semodule.c 2008-08-28 09:34:24.000000000 -0400
|
|
+++ policycoreutils-2.0.60/semodule/semodule.c 2008-12-15 15:34:54.000000000 -0500
|
|
@@ -60,24 +60,6 @@
|
|
free(commands);
|
|
}
|
|
|
|
-/* mmap() a file to '*data', returning the total number of bytes in
|
|
- * the file. Returns 0 if file could not be opened or mapped. */
|
|
-static size_t map_file(char *filename, char **data)
|
|
-{
|
|
- int fd;
|
|
- struct stat sb;
|
|
- if ((fd = open(filename, O_RDONLY)) == -1) {
|
|
- return 0;
|
|
- }
|
|
- if (fstat(fd, &sb) == -1 ||
|
|
- (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) ==
|
|
- MAP_FAILED) {
|
|
- sb.st_size = 0;
|
|
- }
|
|
- close(fd);
|
|
- return sb.st_size;
|
|
-}
|
|
-
|
|
/* Signal handlers. */
|
|
static void handle_signal(int sig_num)
|
|
{
|
|
@@ -339,16 +321,6 @@
|
|
for (i = 0; i < num_commands; i++) {
|
|
enum client_modes mode = commands[i].mode;
|
|
char *mode_arg = commands[i].arg;
|
|
- char *data = NULL;
|
|
- size_t data_len = 0;
|
|
- if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
|
|
- if ((data_len = map_file(mode_arg, &data)) == 0) {
|
|
- fprintf(stderr,
|
|
- "%s: Could not read file '%s': %s\n",
|
|
- argv[0], mode_arg, errno ? strerror(errno) : "");
|
|
- goto cleanup;
|
|
- }
|
|
- }
|
|
switch (mode) {
|
|
case INSTALL_M:{
|
|
if (verbose) {
|
|
@@ -357,7 +329,7 @@
|
|
mode_arg);
|
|
}
|
|
result =
|
|
- semanage_module_install(sh, data, data_len);
|
|
+ semanage_module_install_file(sh, mode_arg);
|
|
break;
|
|
}
|
|
case UPGRADE_M:{
|
|
@@ -367,7 +339,7 @@
|
|
mode_arg);
|
|
}
|
|
result =
|
|
- semanage_module_upgrade(sh, data, data_len);
|
|
+ semanage_module_upgrade_file(sh, mode_arg);
|
|
break;
|
|
}
|
|
case BASE_M:{
|
|
@@ -377,8 +349,7 @@
|
|
mode_arg);
|
|
}
|
|
result =
|
|
- semanage_module_install_base(sh, data,
|
|
- data_len);
|
|
+ semanage_module_install_base_file(sh, mode_arg);
|
|
break;
|
|
}
|
|
case REMOVE_M:{
|
|
@@ -429,9 +400,6 @@
|
|
}
|
|
}
|
|
commit += do_commit[mode];
|
|
- if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
|
|
- munmap(data, data_len);
|
|
- }
|
|
if (result < 0) {
|
|
fprintf(stderr, "%s: Failed on %s!\n", argv[0],
|
|
mode_arg ? : "list");
|