* Tue Jan 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-1
- Update to upstream * chcat: cut categories at arbitrary point (25) from Dan Walsh * semodule: use new interfaces in libsemanage for compressed files from Dan Walsh * audit2allow: string changes for usage
This commit is contained in:
parent
e2044195fe
commit
114d182b28
@ -193,3 +193,4 @@ policycoreutils-2.0.58.tgz
|
||||
policycoreutils-2.0.59.tgz
|
||||
policycoreutils-2.0.60.tgz
|
||||
sepolgen-1.0.14.tgz
|
||||
policycoreutils-2.0.61.tgz
|
||||
|
@ -1,54 +1,7 @@
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.60/audit2allow/audit2allow
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow 2008-11-10 08:53:49.000000000 -0500
|
||||
+++ policycoreutils-2.0.60/audit2allow/audit2allow 2008-12-15 15:34:54.000000000 -0500
|
||||
@@ -42,10 +42,10 @@
|
||||
from optparse import OptionParser
|
||||
|
||||
parser = OptionParser(version=self.VERSION)
|
||||
- parser.add_option("-a", "--audit", action="store_true", dest="audit", default=False,
|
||||
+ parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
|
||||
help="read input from audit log - conflicts with -i")
|
||||
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
|
||||
- help="read input from dmesg - conflicts with --audit and --input")
|
||||
+ help="read input from dmesg - conflicts with --all and --input")
|
||||
parser.add_option("-i", "--input", dest="input",
|
||||
help="read input from <input> - conflicts with -a")
|
||||
parser.add_option("-l", "--lastreload", action="store_true", dest="lastreload", default=False,
|
||||
@@ -82,9 +82,9 @@
|
||||
# Make -d, -a, and -i conflict
|
||||
if options.audit is True:
|
||||
if options.input is not None:
|
||||
- sys.stderr.write("error: --audit conflicts with --input\n")
|
||||
+ sys.stderr.write("error: --all conflicts with --input\n")
|
||||
if options.dmesg is True:
|
||||
- sys.stderr.write("error: --audit conflicts with --dmesg\n")
|
||||
+ sys.stderr.write("error: --all conflicts with --dmesg\n")
|
||||
if options.input is not None and options.dmesg is True:
|
||||
sys.stderr.write("error: --input conflicts with --dmesg\n")
|
||||
|
||||
@@ -200,7 +200,7 @@
|
||||
try:
|
||||
fd = open(filename, "w")
|
||||
except IOError, e:
|
||||
- sys.stderr.write("could not write output file: %s\n", str(e))
|
||||
+ sys.stderr.write("could not write output file: %s\n" % str(e))
|
||||
sys.exit(1)
|
||||
|
||||
writer.write(generator.get_module(), fd)
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.60/audit2allow/audit2allow.1
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-11-10 08:53:49.000000000 -0500
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-01-13 08:45:35.000000000 -0500
|
||||
+++ policycoreutils-2.0.60/audit2allow/audit2allow.1 2008-12-15 15:35:46.000000000 -0500
|
||||
@@ -44,9 +44,6 @@
|
||||
Note that all audit messages are not available via dmesg when
|
||||
auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
|
||||
.TP
|
||||
-.B "\-f" | "\-\-fcfile" <File Context File>
|
||||
-Add File Context File to generated Module Package. Requires -M option.
|
||||
-.TP
|
||||
.B "\-h" | "\-\-help"
|
||||
Print a short usage message
|
||||
.TP
|
||||
@@ -78,9 +75,6 @@
|
||||
@@ -75,9 +75,6 @@
|
||||
Generate reference policy using installed macros.
|
||||
This attempts to match denials against interfaces and may be inaccurate.
|
||||
.TP
|
||||
@ -116,21 +69,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
|
||||
if (prev_utmp_ptr) {
|
||||
changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
|
||||
strings_list_free(prev_utmp_ptr);
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.60/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.60/scripts/chcat 2008-12-15 15:34:54.000000000 -0500
|
||||
@@ -291,6 +291,8 @@
|
||||
for i in c.split(","):
|
||||
if i not in newcats:
|
||||
newcats.append(i)
|
||||
+ if len(newcats) > 25:
|
||||
+ return cats
|
||||
return newcats
|
||||
|
||||
def translate(cats):
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.60/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2008-11-14 17:10:15.000000000 -0500
|
||||
+++ policycoreutils-2.0.60/semanage/semanage 2009-01-05 14:07:44.000000000 -0500
|
||||
+++ policycoreutils-2.0.60/semanage/semanage 2009-01-13 08:55:07.000000000 -0500
|
||||
@@ -219,6 +219,7 @@
|
||||
'seuser=',
|
||||
'store=',
|
||||
@ -140,79 +81,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
|
||||
'roles=',
|
||||
'type=',
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.60/semodule/semodule.c
|
||||
--- nsapolicycoreutils/semodule/semodule.c 2008-08-28 09:34:24.000000000 -0400
|
||||
--- nsapolicycoreutils/semodule/semodule.c 2009-01-13 08:45:35.000000000 -0500
|
||||
+++ policycoreutils-2.0.60/semodule/semodule.c 2009-01-06 08:56:37.000000000 -0500
|
||||
@@ -60,24 +60,6 @@
|
||||
free(commands);
|
||||
}
|
||||
|
||||
-/* mmap() a file to '*data', returning the total number of bytes in
|
||||
- * the file. Returns 0 if file could not be opened or mapped. */
|
||||
-static size_t map_file(char *filename, char **data)
|
||||
-{
|
||||
- int fd;
|
||||
- struct stat sb;
|
||||
- if ((fd = open(filename, O_RDONLY)) == -1) {
|
||||
- return 0;
|
||||
- }
|
||||
- if (fstat(fd, &sb) == -1 ||
|
||||
- (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) ==
|
||||
- MAP_FAILED) {
|
||||
- sb.st_size = 0;
|
||||
- }
|
||||
- close(fd);
|
||||
- return sb.st_size;
|
||||
-}
|
||||
-
|
||||
/* Signal handlers. */
|
||||
static void handle_signal(int sig_num)
|
||||
{
|
||||
@@ -339,16 +321,6 @@
|
||||
for (i = 0; i < num_commands; i++) {
|
||||
enum client_modes mode = commands[i].mode;
|
||||
char *mode_arg = commands[i].arg;
|
||||
- char *data = NULL;
|
||||
- size_t data_len = 0;
|
||||
- if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
|
||||
- if ((data_len = map_file(mode_arg, &data)) == 0) {
|
||||
- fprintf(stderr,
|
||||
- "%s: Could not read file '%s': %s\n",
|
||||
- argv[0], mode_arg, errno ? strerror(errno) : "");
|
||||
- goto cleanup;
|
||||
- }
|
||||
- }
|
||||
switch (mode) {
|
||||
case INSTALL_M:{
|
||||
if (verbose) {
|
||||
@@ -357,7 +329,7 @@
|
||||
mode_arg);
|
||||
}
|
||||
result =
|
||||
- semanage_module_install(sh, data, data_len);
|
||||
+ semanage_module_install_file(sh, mode_arg);
|
||||
break;
|
||||
}
|
||||
case UPGRADE_M:{
|
||||
@@ -367,7 +339,7 @@
|
||||
mode_arg);
|
||||
}
|
||||
result =
|
||||
- semanage_module_upgrade(sh, data, data_len);
|
||||
+ semanage_module_upgrade_file(sh, mode_arg);
|
||||
break;
|
||||
}
|
||||
case BASE_M:{
|
||||
@@ -377,8 +349,7 @@
|
||||
mode_arg);
|
||||
}
|
||||
result =
|
||||
- semanage_module_install_base(sh, data,
|
||||
- data_len);
|
||||
+ semanage_module_install_base_file(sh, mode_arg);
|
||||
break;
|
||||
}
|
||||
case REMOVE_M:{
|
||||
@@ -388,6 +359,9 @@
|
||||
@@ -359,6 +359,9 @@
|
||||
mode_arg);
|
||||
}
|
||||
result = semanage_module_remove(sh, mode_arg);
|
||||
@ -222,14 +93,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
|
||||
break;
|
||||
}
|
||||
case LIST_M:{
|
||||
@@ -429,9 +403,6 @@
|
||||
}
|
||||
}
|
||||
commit += do_commit[mode];
|
||||
- if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
|
||||
- munmap(data, data_len);
|
||||
- }
|
||||
if (result < 0) {
|
||||
fprintf(stderr, "%s: Failed on %s!\n", argv[0],
|
||||
mode_arg ? : "list");
|
||||
Binary files nsapolicycoreutils/semodule/semodule.o and policycoreutils-2.0.60/semodule/semodule.o differ
|
||||
|
@ -1,18 +1,6 @@
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py
|
||||
--- nsasepolgen/src/sepolgen/access.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/access.py 2008-12-01 11:47:09.000000000 -0500
|
||||
@@ -313,7 +313,7 @@
|
||||
|
||||
def __len__(self):
|
||||
"""Return the unique number of role allow statements."""
|
||||
- return len(self.roles)
|
||||
+ return len(self.role_type.keys())
|
||||
|
||||
def add(self, role, type):
|
||||
if self.role_types.has_key(role):
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py
|
||||
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py 2008-12-01 11:47:09.000000000 -0500
|
||||
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py 2008-12-15 15:34:55.000000000 -0500
|
||||
@@ -919,7 +919,7 @@
|
||||
def list_headers(root):
|
||||
modules = []
|
||||
@ -24,7 +12,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py polic
|
||||
for name in filenames:
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/yacc.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/yacc.py
|
||||
--- nsasepolgen/src/sepolgen/yacc.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/yacc.py 2008-12-06 07:26:04.000000000 -0500
|
||||
+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/yacc.py 2008-12-15 15:34:55.000000000 -0500
|
||||
@@ -67,7 +67,7 @@
|
||||
|
||||
error_count = 3 # Number of symbols that must be shifted to leave recovery mode
|
||||
|
@ -5,8 +5,8 @@
|
||||
%define sepolgenver 1.0.14
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.60
|
||||
Release: 7%{?dist}
|
||||
Version: 2.0.61
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -25,7 +25,7 @@ Patch3: policycoreutils-gui.patch
|
||||
Patch4: policycoreutils-sepolgen.patch
|
||||
|
||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
||||
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed /usr/bin/make
|
||||
Requires: libsepol >= %{libsepolver} libsemanage-python >= %{libsemanagever} coreutils audit-libs-python >= %{libauditver} checkpolicy libselinux-python libselinux-utils >= %{libselinuxver}
|
||||
Requires(post): /sbin/service /sbin/chkconfig
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
@ -192,6 +192,13 @@ if [ "$1" -ge "1" ]; then
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Tue Jan 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-1
|
||||
- Update to upstream
|
||||
* chcat: cut categories at arbitrary point (25) from Dan Walsh
|
||||
* semodule: use new interfaces in libsemanage for compressed files
|
||||
from Dan Walsh
|
||||
* audit2allow: string changes for usage
|
||||
|
||||
* Tue Jan 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.60-7
|
||||
- Don't error out when removing a non existing module
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user