2008-12-02 13:37:45 +00:00
|
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.60/audit2allow/audit2allow.1
|
2009-01-13 14:01:10 +00:00
|
|
|
--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-01-13 08:45:35.000000000 -0500
|
2009-01-04 19:46:52 +00:00
|
|
|
+++ policycoreutils-2.0.60/audit2allow/audit2allow.1 2008-12-15 15:35:46.000000000 -0500
|
2009-01-13 14:01:10 +00:00
|
|
|
@@ -75,9 +75,6 @@
|
2009-01-04 19:46:52 +00:00
|
|
|
Generate reference policy using installed macros.
|
|
|
|
This attempts to match denials against interfaces and may be inaccurate.
|
|
|
|
.TP
|
|
|
|
-.B "\-t " | "\-\-tefile"
|
|
|
|
-Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
|
|
|
-.TP
|
|
|
|
.B "\-w" | "\-\-why"
|
|
|
|
Translates SELinux audit messages into a description of why the access was denied
|
|
|
|
|
|
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.60/Makefile
|
|
|
|
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
|
|
|
+++ policycoreutils-2.0.60/Makefile 2008-12-15 15:34:54.000000000 -0500
|
|
|
|
@@ -1,4 +1,4 @@
|
|
|
|
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
|
|
|
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
|
|
|
|
|
|
|
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
|
|
|
|
2008-12-02 13:37:45 +00:00
|
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.60/restorecond/restorecond.c
|
|
|
|
--- nsapolicycoreutils/restorecond/restorecond.c 2008-08-28 09:34:24.000000000 -0400
|
2009-01-04 19:46:52 +00:00
|
|
|
+++ policycoreutils-2.0.60/restorecond/restorecond.c 2008-12-15 15:34:54.000000000 -0500
|
2008-12-02 13:37:45 +00:00
|
|
|
@@ -283,6 +283,8 @@
|
|
|
|
inotify_rm_watch(fd, master_wd);
|
|
|
|
master_wd =
|
|
|
|
inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
|
|
|
|
+ if (master_wd == -1)
|
|
|
|
+ exitApp("Error watching config file.");
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
@@ -411,7 +413,14 @@
|
|
|
|
|
|
|
|
if (!ptr)
|
|
|
|
exitApp("Out of Memory");
|
|
|
|
+
|
|
|
|
ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
|
|
|
|
+ if (ptr->wd == -1) {
|
|
|
|
+ free(ptr);
|
|
|
|
+ syslog(LOG_ERR, "Unable to watch (%s) %s\n",
|
|
|
|
+ path, strerror(errno));
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
|
|
|
|
ptr->dir = strdup(dir);
|
|
|
|
if (!ptr->dir)
|
|
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.60/restorecond/utmpwatcher.c
|
|
|
|
--- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-08-28 09:34:24.000000000 -0400
|
2009-01-04 19:46:52 +00:00
|
|
|
+++ policycoreutils-2.0.60/restorecond/utmpwatcher.c 2008-12-15 15:34:54.000000000 -0500
|
2008-12-02 13:37:45 +00:00
|
|
|
@@ -57,7 +57,7 @@
|
|
|
|
utmp_ptr = NULL;
|
|
|
|
FILE *cfg = fopen(utmp_path, "r");
|
|
|
|
if (!cfg)
|
|
|
|
- exitApp("Error reading config file.");
|
|
|
|
+ exitApp("Error reading utmp file.");
|
|
|
|
|
|
|
|
while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
|
|
|
|
if (u.ut_type == USER_PROCESS)
|
|
|
|
@@ -69,6 +69,9 @@
|
|
|
|
|
|
|
|
utmp_wd =
|
|
|
|
inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
|
|
|
|
+ if (utmp_wd == -1)
|
|
|
|
+ exitApp("Error watching utmp file.");
|
|
|
|
+
|
|
|
|
if (prev_utmp_ptr) {
|
|
|
|
changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
|
|
|
|
strings_list_free(prev_utmp_ptr);
|
2009-01-06 14:12:27 +00:00
|
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.60/semanage/semanage
|
|
|
|
--- nsapolicycoreutils/semanage/semanage 2008-11-14 17:10:15.000000000 -0500
|
2009-01-13 14:01:10 +00:00
|
|
|
+++ policycoreutils-2.0.60/semanage/semanage 2009-01-13 08:55:07.000000000 -0500
|
2009-01-06 14:12:27 +00:00
|
|
|
@@ -219,6 +219,7 @@
|
|
|
|
'seuser=',
|
|
|
|
'store=',
|
|
|
|
'range=',
|
|
|
|
+ 'locallist=',
|
|
|
|
'level=',
|
|
|
|
'roles=',
|
|
|
|
'type=',
|
2008-12-02 13:37:45 +00:00
|
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.60/semodule/semodule.c
|
2009-01-13 14:01:10 +00:00
|
|
|
--- nsapolicycoreutils/semodule/semodule.c 2009-01-13 08:45:35.000000000 -0500
|
2009-01-06 14:12:27 +00:00
|
|
|
+++ policycoreutils-2.0.60/semodule/semodule.c 2009-01-06 08:56:37.000000000 -0500
|
2009-01-13 14:01:10 +00:00
|
|
|
@@ -359,6 +359,9 @@
|
2009-01-06 14:12:27 +00:00
|
|
|
mode_arg);
|
|
|
|
}
|
|
|
|
result = semanage_module_remove(sh, mode_arg);
|
|
|
|
+ if ( result == -2 ) {
|
|
|
|
+ continue;
|
|
|
|
+ }
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
case LIST_M:{
|