* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30-5

- Fix audit2allow to retrieve dontaudit rules
2006-03-21 14:19:08 +00:00 · 2006-03-21 14:19:08 +00:00 · 0965f99c89
commit 0965f99c89
parent 751b4ff02b
2 changed files with 45 additions and 1 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,3 +1,44 @@
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30/audit2allow/audit2allow
+--- nsapolicycoreutils/audit2allow/audit2allow	2006-03-10 09:48:04.000000000 -0500
+++ policycoreutils-1.30/audit2allow/audit2allow	2006-03-21 09:17:27.000000000 -0500
+@@ -27,15 +27,14 @@
+ import commands, sys, os, pwd, string, getopt, re, selinux
+ 
+ obj="(\{[^\}]*\}|[^ \t:]*)"
+-allow_regexp="allow[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj)
+-
+allow_regexp="(allow|dontaudit)[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj)
+ awk_script='/^[[:blank:]]*interface[[:blank:]]*\(/ {\n\
+         IFACEFILE=FILENAME\n\
+ 	IFACENAME = gensub("^[[:blank:]]*interface[[:blank:]]*\\\\(\`?","","g",$0);\n\
+ 	IFACENAME = gensub("\'?,.*$","","g",IFACENAME);\n\
+ }\n\
+ \n\
+-/^[[:blank:]]*allow[[:blank:]]+.*;[[:blank:]]*$/ {\n\
+/^[[:blank:]]*(allow|dontaudit)[[:blank:]]+.*;[[:blank:]]*$/ {\n\
+ \n\
+   if ((length(IFACENAME) > 0) && (IFACEFILE == FILENAME)){\n\
+ 		ALLOW = gensub("^[[:blank:]]*","","g",$0)\n\
+@@ -84,14 +83,13 @@
+                 m=re.match(regexp,r)
+                 if m==None:
+                     continue
+-                else:
+-                    val=m.groups()
+                val=m.groups()
+                 file=os.path.basename(val[0]).split(".")[0]
+                 iface=val[1]
+-                Scon=val[2].split()
+-                Tcon=val[3].split()
+-                Class=val[4].split()
+-                Access=trans.get(val[5].split())
+                Scon=val[3].split()
+                Tcon=val[4].split()
+                Class=val[5].split()
+                Access=trans.get(val[6].split())
+                 for s in Scon:
+                     for t in Tcon:
+                         for c in Class:
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.30/Makefile
 --- nsapolicycoreutils/Makefile	2005-11-29 10:55:01.000000000 -0500
 +++ policycoreutils-1.30/Makefile	2006-03-20 22:51:07.000000000 -0500
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -5,7 +5,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.30
-Release: 4
+Release: 5
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -107,6 +107,9 @@ rm -rf ${RPM_BUILD_ROOT}
 service restorecond condrestart

 %changelog
+* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30-5
+- Fix audit2allow to retrieve dontaudit rules
+
 * Mon Mar 20 2006 Dan Walsh <dwalsh@redhat.com> 1.30-4
 - Open file descriptor to make sure file does not change from underneath.