* Tue Jan 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-1

- Update to upstream * chcat: cut categories at arbitrary point (25) from Dan Walsh * semodule: use new interfaces in libsemanage for compressed files from Dan Walsh * audit2allow: string changes for usage
2009-01-13 14:01:10 +00:00 · 2009-01-13 14:01:10 +00:00 · 114d182b28
commit 114d182b28
parent e2044195fe
5 changed files with 19 additions and 163 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -193,3 +193,4 @@ policycoreutils-2.0.58.tgz
 policycoreutils-2.0.59.tgz
 policycoreutils-2.0.60.tgz
 sepolgen-1.0.14.tgz
 policycoreutils-2.0.61.tgz
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,54 +1,7 @@
 diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.60/audit2allow/audit2allow
 --- nsapolicycoreutils/audit2allow/audit2allow	2008-11-10 08:53:49.000000000 -0500
 +++ policycoreutils-2.0.60/audit2allow/audit2allow	2008-12-15 15:34:54.000000000 -0500
@@ -42,10 +42,10 @@
         from optparse import OptionParser
         parser = OptionParser(version=self.VERSION)
 -        parser.add_option("-a", "--audit", action="store_true", dest="audit", default=False,
 +        parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
                           help="read input from audit log - conflicts with -i")
         parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
 -                          help="read input from dmesg - conflicts with --audit and --input")
 +                          help="read input from dmesg - conflicts with --all and --input")
         parser.add_option("-i", "--input", dest="input",
                           help="read input from <input> - conflicts with -a")
         parser.add_option("-l", "--lastreload", action="store_true", dest="lastreload", default=False,
@@ -82,9 +82,9 @@
         # Make -d, -a, and -i conflict
         if options.audit is True:
             if options.input is not None:
 -                sys.stderr.write("error: --audit conflicts with --input\n")
 +                sys.stderr.write("error: --all conflicts with --input\n")
             if options.dmesg is True:
 -                sys.stderr.write("error: --audit conflicts with --dmesg\n")
 +                sys.stderr.write("error: --all conflicts with --dmesg\n")
         if options.input is not None and options.dmesg is True:
             sys.stderr.write("error: --input conflicts with --dmesg\n")
@@ -200,7 +200,7 @@
         try:
             fd = open(filename, "w")
         except IOError, e:
 -            sys.stderr.write("could not write output file: %s\n", str(e))
 +            sys.stderr.write("could not write output file: %s\n" % str(e))
             sys.exit(1)
         writer.write(generator.get_module(), fd)
 diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.60/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1	2008-11-10 08:53:49.000000000 -0500
+--- nsapolicycoreutils/audit2allow/audit2allow.1	2009-01-13 08:45:35.000000000 -0500
 +++ policycoreutils-2.0.60/audit2allow/audit2allow.1	2008-12-15 15:35:46.000000000 -0500
-@@ -44,9 +44,6 @@
+@@ -75,9 +75,6 @@
 Note that all audit messages are not available via dmesg when
 auditd is running; use "ausearch -m avc | audit2allow"  or "-a" instead.
 .TP
 -.B "\-f" | "\-\-fcfile" <File Context File>
 -Add File Context File to generated Module Package. Requires -M option.
 -.TP
 .B "\-h" | "\-\-help"
 Print a short usage message
 .TP
@@ -78,9 +75,6 @@
 Generate reference policy using installed macros.
 This attempts to match denials against interfaces and may be inaccurate.
 .TP
@ -116,21 +69,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
 	if (prev_utmp_ptr) {
 		changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
 		strings_list_free(prev_utmp_ptr);
 diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.60/scripts/chcat
 --- nsapolicycoreutils/scripts/chcat	2008-08-28 09:34:24.000000000 -0400
 +++ policycoreutils-2.0.60/scripts/chcat	2008-12-15 15:34:54.000000000 -0500
@@ -291,6 +291,8 @@
             for i in c.split(","):
                 if i not in newcats:
                     newcats.append(i)
 +    if len(newcats) > 25:
 +        return cats
     return newcats
 def translate(cats):
 diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.60/semanage/semanage
 --- nsapolicycoreutils/semanage/semanage	2008-11-14 17:10:15.000000000 -0500
-+++ policycoreutils-2.0.60/semanage/semanage	2009-01-05 14:07:44.000000000 -0500
+++ policycoreutils-2.0.60/semanage/semanage	2009-01-13 08:55:07.000000000 -0500
@@ -219,6 +219,7 @@
 					     'seuser=',
 					     'store=',
@ -140,79 +81,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
 					     'roles=',
 					     'type=',
 diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.60/semodule/semodule.c
--- nsapolicycoreutils/semodule/semodule.c	2008-08-28 09:34:24.000000000 -0400
+--- nsapolicycoreutils/semodule/semodule.c	2009-01-13 08:45:35.000000000 -0500
 +++ policycoreutils-2.0.60/semodule/semodule.c	2009-01-06 08:56:37.000000000 -0500
-@@ -60,24 +60,6 @@
+@@ -359,6 +359,9 @@
 	free(commands);
 }
 -/* mmap() a file to '*data', returning the total number of bytes in
 - * the file.  Returns 0 if file could not be opened or mapped. */
 -static size_t map_file(char *filename, char **data)
 -{
 -	int fd;
 -	struct stat sb;
 -	if ((fd = open(filename, O_RDONLY)) == -1) {
 -		return 0;
 -	}
 -	if (fstat(fd, &sb) == -1 ||
 -	    (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) ==
 -	    MAP_FAILED) {
 -		sb.st_size = 0;
 -	}
 -	close(fd);
 -	return sb.st_size;
 -}
 -
 /* Signal handlers. */
 static void handle_signal(int sig_num)
 {
@@ -339,16 +321,6 @@
 	for (i = 0; i < num_commands; i++) {
 		enum client_modes mode = commands[i].mode;
 		char *mode_arg = commands[i].arg;
 -		char *data = NULL;
 -		size_t data_len = 0;
 -		if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
 -			if ((data_len = map_file(mode_arg, &data)) == 0) {
 -				fprintf(stderr,
 -					"%s:  Could not read file '%s': %s\n",
 -					argv[0], mode_arg, errno ? strerror(errno) : "");
 -				goto cleanup;
 -			}
 -		}
 		switch (mode) {
 		case INSTALL_M:{
 				if (verbose) {
@@ -357,7 +329,7 @@
 					     mode_arg);
 				}
 				result =
 -				    semanage_module_install(sh, data, data_len);
 +				    semanage_module_install_file(sh, mode_arg);
 				break;
 			}
 		case UPGRADE_M:{
@@ -367,7 +339,7 @@
 					     mode_arg);
 				}
 				result =
 -				    semanage_module_upgrade(sh, data, data_len);
 +				    semanage_module_upgrade_file(sh, mode_arg);
 				break;
 			}
 		case BASE_M:{
@@ -377,8 +349,7 @@
 					     mode_arg);
 				}
 				result =
 -				    semanage_module_install_base(sh, data,
 -								 data_len);
 +				    semanage_module_install_base_file(sh, mode_arg);
 				break;
 			}
 		case REMOVE_M:{
@@ -388,6 +359,9 @@
 					     mode_arg);
 				}
 				result = semanage_module_remove(sh, mode_arg);
@ -222,14 +93,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
 				break;
 			}
 		case LIST_M:{
@@ -429,9 +403,6 @@
 			}
 		}
 		commit += do_commit[mode];
 -		if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
 -			munmap(data, data_len);
 -		}
 		if (result < 0) {
 			fprintf(stderr, "%s:  Failed on %s!\n", argv[0],
 				mode_arg ? : "list");
 Binary files nsapolicycoreutils/semodule/semodule.o and policycoreutils-2.0.60/semodule/semodule.o differ
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@ -1,18 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py
 --- nsasepolgen/src/sepolgen/access.py	2008-08-28 09:34:24.000000000 -0400
 +++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py	2008-12-01 11:47:09.000000000 -0500
@@ -313,7 +313,7 @@
     def __len__(self):
         """Return the unique number of role allow statements."""
 -        return len(self.roles)
 +        return len(self.role_type.keys())
     def add(self, role, type):
         if self.role_types.has_key(role):
 diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py
 --- nsasepolgen/src/sepolgen/refparser.py	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py	2008-12-01 11:47:09.000000000 -0500
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py	2008-12-15 15:34:55.000000000 -0500
@@ -919,7 +919,7 @@
 def list_headers(root):
     modules = []
@ -24,7 +12,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py polic
         for name in filenames:
 diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/yacc.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/yacc.py
 --- nsasepolgen/src/sepolgen/yacc.py	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/yacc.py	2008-12-06 07:26:04.000000000 -0500
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/yacc.py	2008-12-15 15:34:55.000000000 -0500
@@ -67,7 +67,7 @@
 error_count = 3                # Number of symbols that must be shifted to leave recovery mode
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -5,8 +5,8 @@
 %define	sepolgenver	1.0.14
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
-Version: 2.0.60
+Version: 2.0.61
-Release: 7%{?dist}
+Release: 1%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -25,7 +25,7 @@ Patch3:	 policycoreutils-gui.patch
 Patch4:	 policycoreutils-sepolgen.patch
 BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}  libcap-devel audit-libs-devel >=  %{libauditver} gettext
-Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed 
+Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed /usr/bin/make
 Requires: libsepol >= %{libsepolver} libsemanage-python >= %{libsemanagever} coreutils audit-libs-python >=  %{libauditver} checkpolicy libselinux-python libselinux-utils >=  %{libselinuxver} 
 Requires(post): /sbin/service /sbin/chkconfig 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -192,6 +192,13 @@ if [ "$1" -ge "1" ]; then
 fi
 %changelog
 * Tue Jan 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-1
 - Update to upstream
 	* chcat: cut categories at arbitrary point (25) from Dan Walsh
 	* semodule: use new interfaces in libsemanage for compressed files
 	  from Dan Walsh
 	* audit2allow: string changes for usage
 * Tue Jan 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.60-7
 - Don't error out when removing a non existing module
--- a/2
+++ b/2
@ -1,2 +1,2 @@
 53c9e85e3807a80e3ccca2bfd42e787d  policycoreutils-2.0.60.tgz
 df57d9d33c940c60994c6cbaa9f8e4a3  sepolgen-1.0.14.tgz
 1ba7555adc6d14e0bf41186aa9ce833e  policycoreutils-2.0.61.tgz