* Tue Nov 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.59-1
- Update to upstream * fcontext add checked local records twice, fix from Dan Walsh.
This commit is contained in:
Daniel J Walsh
parent
69a016d597
commit
127ce1fef4
@ -189,3 +189,5 @@ policycoreutils-2.0.54.tgz
|
||||
policycoreutils-2.0.55.tgz
|
||||
policycoreutils-2.0.56.tgz
|
||||
policycoreutils-2.0.57.tgz
|
||||
policycoreutils-2.0.58.tgz
|
||||
policycoreutils-2.0.59.tgz
|
||||
|
||||
@ -1,64 +1,15 @@
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.57/Makefile
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.58/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/Makefile 2008-10-10 16:04:46.000000000 -0400
|
||||
+++ policycoreutils-2.0.58/Makefile 2008-11-10 08:57:34.000000000 -0500
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||
|
||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.57/audit2allow/audit2allow
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow 2008-10-30 14:21:33.000000000 -0400
|
||||
@@ -287,7 +287,11 @@
|
||||
def __output(self):
|
||||
|
||||
if self.__options.audit2why:
|
||||
- return self.__output_audit2why()
|
||||
+ try:
|
||||
+ return self.__output_audit2why()
|
||||
+ except RuntimeError, e:
|
||||
+ print e
|
||||
+ sys.exit(1)
|
||||
|
||||
g = policygen.PolicyGenerator()
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.57/audit2allow/audit2allow.1
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2008-10-29 09:44:41.000000000 -0400
|
||||
@@ -82,7 +82,7 @@
|
||||
Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
||||
.TP
|
||||
.B "\-w" | "\-\-why"
|
||||
-Translates SELinux audit messages into a description of why the access wasn denied
|
||||
+Translates SELinux audit messages into a description of why the access was denied
|
||||
|
||||
.TP
|
||||
.B "\-v" | "\-\-verbose"
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.57/newrole/newrole.c
|
||||
--- nsapolicycoreutils/newrole/newrole.c 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/newrole/newrole.c 2008-10-17 16:43:52.000000000 -0400
|
||||
@@ -553,7 +553,7 @@
|
||||
new_caps = cap_init();
|
||||
tmp_caps = cap_init();
|
||||
if (!new_caps || !tmp_caps) {
|
||||
- fprintf(stderr, _("Error initing capabilities, aborting.\n"));
|
||||
+ fprintf(stderr, _("Error initializing capabilities, aborting.\n"));
|
||||
return -1;
|
||||
}
|
||||
rc |= cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET);
|
||||
@@ -631,7 +631,7 @@
|
||||
/* Non-root caller, suid root path */
|
||||
new_caps = cap_init();
|
||||
if (!new_caps) {
|
||||
- fprintf(stderr, _("Error initing capabilities, aborting.\n"));
|
||||
+ fprintf(stderr, _("Error initializing capabilities, aborting.\n"));
|
||||
return -1;
|
||||
}
|
||||
rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET);
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.57/scripts/chcat
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.58/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/scripts/chcat 2008-11-04 19:09:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.58/scripts/chcat 2008-11-10 08:57:34.000000000 -0500
|
||||
@@ -291,6 +291,8 @@
|
||||
for i in c.split(","):
|
||||
if i not in newcats:
|
||||
@ -68,9 +19,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
||||
return newcats
|
||||
|
||||
def translate(cats):
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.57/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-09-12 11:48:15.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/semanage/seobject.py 2008-10-28 15:48:14.000000000 -0400
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.58/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-11-11 16:13:18.000000000 -0500
|
||||
+++ policycoreutils-2.0.58/semanage/seobject.py 2008-11-10 08:59:16.000000000 -0500
|
||||
@@ -35,7 +35,7 @@
|
||||
import __builtin__
|
||||
__builtin__.__dict__['_'] = unicode
|
||||
@ -80,92 +31,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
|
||||
|
||||
import syslog
|
||||
|
||||
@@ -1433,8 +1433,14 @@
|
||||
(rc,exists) = semanage_fcontext_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||
- if exists:
|
||||
- raise ValueError(_("File context for %s already defined") % target)
|
||||
+
|
||||
+ if not exists:
|
||||
+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||
+
|
||||
+ if exists:
|
||||
+ raise ValueError(_("File context for %s already defined") % target)
|
||||
|
||||
(rc,fcontext) = semanage_fcontext_create(self.sh)
|
||||
if rc < 0:
|
||||
@@ -1481,15 +1487,19 @@
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not create a key for %s") % target)
|
||||
|
||||
- (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
|
||||
+ (rc,exists) = semanage_fcontext_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||
if not exists:
|
||||
- raise ValueError(_("File context for %s is not defined") % target)
|
||||
+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
|
||||
+ if not exists:
|
||||
+ raise ValueError(_("File context for %s is not defined") % target)
|
||||
|
||||
(rc,fcontext) = semanage_fcontext_query_local(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not query file context for %s") % target)
|
||||
+ (rc,fcontext) = semanage_fcontext_query(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not query file context for %s") % target)
|
||||
|
||||
if setype != "<<none>>":
|
||||
con = semanage_fcontext_get_con(fcontext)
|
||||
@@ -1591,30 +1601,33 @@
|
||||
|
||||
self.flist += fclocal
|
||||
|
||||
+ ddict = {}
|
||||
for fcontext in self.flist:
|
||||
expr = semanage_fcontext_get_expr(fcontext)
|
||||
ftype = semanage_fcontext_get_type(fcontext)
|
||||
ftype_str = semanage_fcontext_get_type_str(ftype)
|
||||
con = semanage_fcontext_get_con(fcontext)
|
||||
if con:
|
||||
- l.append((expr, ftype_str, semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)))
|
||||
+ ddict[(expr, ftype_str)] = (semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
|
||||
else:
|
||||
- l.append((expr, ftype_str, con))
|
||||
+ ddict[(expr, ftype_str)] = con
|
||||
|
||||
- return l
|
||||
+ return ddict
|
||||
|
||||
def list(self, heading = 1, locallist = 0 ):
|
||||
if heading:
|
||||
print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
|
||||
- fcon_list = self.get_all(locallist)
|
||||
- for fcon in fcon_list:
|
||||
- if len(fcon) > 3:
|
||||
+ fcon_dict = self.get_all(locallist)
|
||||
+ keys = fcon_dict.keys()
|
||||
+ keys.sort()
|
||||
+ for k in keys:
|
||||
+ if fcon_dict[k]:
|
||||
if is_mls_enabled:
|
||||
- print "%-50s %-18s %s:%s:%s:%s " % (fcon[0], fcon[1], fcon[2], fcon[3], fcon[4], translate(fcon[5],False))
|
||||
+ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1], fcon_dict[k][2], translate(fcon_dict[k][3],False))
|
||||
else:
|
||||
- print "%-50s %-18s %s:%s:%s " % (fcon[0], fcon[1], fcon[2], fcon[3],fcon[4])
|
||||
+ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
|
||||
else:
|
||||
- print "%-50s %-18s <<None>>" % (fcon[0], fcon[1])
|
||||
+ print "%-50s %-18s <<None>>" % (k[0], k[1])
|
||||
|
||||
class booleanRecords(semanageRecords):
|
||||
def __init__(self, store = ""):
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.57/semodule/semodule.c
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.58/semodule/semodule.c
|
||||
--- nsapolicycoreutils/semodule/semodule.c 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.57/semodule/semodule.c 2008-10-10 16:04:46.000000000 -0400
|
||||
+++ policycoreutils-2.0.58/semodule/semodule.c 2008-11-10 08:57:34.000000000 -0500
|
||||
@@ -60,24 +60,6 @@
|
||||
free(commands);
|
||||
}
|
||||
|
||||
@ -5,8 +5,8 @@
|
||||
%define sepolgenver 1.0.13
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.57
|
||||
Release: 12%{?dist}
|
||||
Version: 2.0.59
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -192,6 +192,17 @@ if [ "$1" -ge "1" ]; then
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Tue Nov 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.59-1
|
||||
- Update to upstream
|
||||
* fcontext add checked local records twice, fix from Dan Walsh.
|
||||
|
||||
* Mon Nov 10 2008 Dan Walsh <dwalsh@redhat.com> 2.0.58-1
|
||||
- Update to upstream
|
||||
* Allow local file context entries to override policy entries in
|
||||
semanage from Dan Walsh.
|
||||
* Newrole error message corrections from Dan Walsh.
|
||||
* Add exception to audit2why call in audit2allow from Dan Walsh.
|
||||
|
||||
* Fri Nov 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
|
||||
- add compression
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user