From 127ce1fef4869ff263ed7964b72677e603347fdf Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 11 Nov 2008 21:18:08 +0000 Subject: [PATCH] * Tue Nov 11 2008 Dan Walsh 2.0.59-1 - Update to upstream * fcontext add checked local records twice, fix from Dan Walsh. --- .cvsignore | 2 + policycoreutils-rhat.patch | 150 +++---------------------------------- policycoreutils.spec | 15 +++- sources | 2 +- 4 files changed, 25 insertions(+), 144 deletions(-) diff --git a/.cvsignore b/.cvsignore index 81c2b9b..bf421f0 100644 --- a/.cvsignore +++ b/.cvsignore @@ -189,3 +189,5 @@ policycoreutils-2.0.54.tgz policycoreutils-2.0.55.tgz policycoreutils-2.0.56.tgz policycoreutils-2.0.57.tgz +policycoreutils-2.0.58.tgz +policycoreutils-2.0.59.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 5a33691..d8733ae 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,64 +1,15 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.57/Makefile +diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.58/Makefile --- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.57/Makefile 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.58/Makefile 2008-11-10 08:57:34.000000000 -0500 @@ -1,4 +1,4 @@ -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.57/audit2allow/audit2allow ---- nsapolicycoreutils/audit2allow/audit2allow 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.57/audit2allow/audit2allow 2008-10-30 14:21:33.000000000 -0400 -@@ -287,7 +287,11 @@ - def __output(self): - - if self.__options.audit2why: -- return self.__output_audit2why() -+ try: -+ return self.__output_audit2why() -+ except RuntimeError, e: -+ print e -+ sys.exit(1) - - g = policygen.PolicyGenerator() - -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.57/audit2allow/audit2allow.1 ---- nsapolicycoreutils/audit2allow/audit2allow.1 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2008-10-29 09:44:41.000000000 -0400 -@@ -82,7 +82,7 @@ - Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format. - .TP - .B "\-w" | "\-\-why" --Translates SELinux audit messages into a description of why the access wasn denied -+Translates SELinux audit messages into a description of why the access was denied - - .TP - .B "\-v" | "\-\-verbose" -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.57/newrole/newrole.c ---- nsapolicycoreutils/newrole/newrole.c 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.57/newrole/newrole.c 2008-10-17 16:43:52.000000000 -0400 -@@ -553,7 +553,7 @@ - new_caps = cap_init(); - tmp_caps = cap_init(); - if (!new_caps || !tmp_caps) { -- fprintf(stderr, _("Error initing capabilities, aborting.\n")); -+ fprintf(stderr, _("Error initializing capabilities, aborting.\n")); - return -1; - } - rc |= cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET); -@@ -631,7 +631,7 @@ - /* Non-root caller, suid root path */ - new_caps = cap_init(); - if (!new_caps) { -- fprintf(stderr, _("Error initing capabilities, aborting.\n")); -+ fprintf(stderr, _("Error initializing capabilities, aborting.\n")); - return -1; - } - rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET); -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.57/scripts/chcat +diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.58/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.57/scripts/chcat 2008-11-04 19:09:01.000000000 -0500 ++++ policycoreutils-2.0.58/scripts/chcat 2008-11-10 08:57:34.000000000 -0500 @@ -291,6 +291,8 @@ for i in c.split(","): if i not in newcats: @@ -68,9 +19,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po return newcats def translate(cats): -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.57/semanage/seobject.py ---- nsapolicycoreutils/semanage/seobject.py 2008-09-12 11:48:15.000000000 -0400 -+++ policycoreutils-2.0.57/semanage/seobject.py 2008-10-28 15:48:14.000000000 -0400 +diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.58/semanage/seobject.py +--- nsapolicycoreutils/semanage/seobject.py 2008-11-11 16:13:18.000000000 -0500 ++++ policycoreutils-2.0.58/semanage/seobject.py 2008-11-10 08:59:16.000000000 -0500 @@ -35,7 +35,7 @@ import __builtin__ __builtin__.__dict__['_'] = unicode @@ -80,92 +31,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po import syslog -@@ -1433,8 +1433,14 @@ - (rc,exists) = semanage_fcontext_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) -- if exists: -- raise ValueError(_("File context for %s already defined") % target) -+ -+ if not exists: -+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if file context for %s is defined") % target) -+ -+ if exists: -+ raise ValueError(_("File context for %s already defined") % target) - - (rc,fcontext) = semanage_fcontext_create(self.sh) - if rc < 0: -@@ -1481,15 +1487,19 @@ - if rc < 0: - raise ValueError(_("Could not create a key for %s") % target) - -- (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ (rc,exists) = semanage_fcontext_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - if not exists: -- raise ValueError(_("File context for %s is not defined") % target) -+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ if not exists: -+ raise ValueError(_("File context for %s is not defined") % target) - - (rc,fcontext) = semanage_fcontext_query_local(self.sh, k) - if rc < 0: -- raise ValueError(_("Could not query file context for %s") % target) -+ (rc,fcontext) = semanage_fcontext_query(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not query file context for %s") % target) - - if setype != "<>": - con = semanage_fcontext_get_con(fcontext) -@@ -1591,30 +1601,33 @@ - - self.flist += fclocal - -+ ddict = {} - for fcontext in self.flist: - expr = semanage_fcontext_get_expr(fcontext) - ftype = semanage_fcontext_get_type(fcontext) - ftype_str = semanage_fcontext_get_type_str(ftype) - con = semanage_fcontext_get_con(fcontext) - if con: -- l.append((expr, ftype_str, semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))) -+ ddict[(expr, ftype_str)] = (semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) - else: -- l.append((expr, ftype_str, con)) -+ ddict[(expr, ftype_str)] = con - -- return l -+ return ddict - - def list(self, heading = 1, locallist = 0 ): - if heading: - print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context")) -- fcon_list = self.get_all(locallist) -- for fcon in fcon_list: -- if len(fcon) > 3: -+ fcon_dict = self.get_all(locallist) -+ keys = fcon_dict.keys() -+ keys.sort() -+ for k in keys: -+ if fcon_dict[k]: - if is_mls_enabled: -- print "%-50s %-18s %s:%s:%s:%s " % (fcon[0], fcon[1], fcon[2], fcon[3], fcon[4], translate(fcon[5],False)) -+ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1], fcon_dict[k][2], translate(fcon_dict[k][3],False)) - else: -- print "%-50s %-18s %s:%s:%s " % (fcon[0], fcon[1], fcon[2], fcon[3],fcon[4]) -+ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2]) - else: -- print "%-50s %-18s <>" % (fcon[0], fcon[1]) -+ print "%-50s %-18s <>" % (k[0], k[1]) - - class booleanRecords(semanageRecords): - def __init__(self, store = ""): -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.57/semodule/semodule.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.58/semodule/semodule.c --- nsapolicycoreutils/semodule/semodule.c 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.57/semodule/semodule.c 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.58/semodule/semodule.c 2008-11-10 08:57:34.000000000 -0500 @@ -60,24 +60,6 @@ free(commands); } diff --git a/policycoreutils.spec b/policycoreutils.spec index 49cc347..74fb884 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -5,8 +5,8 @@ %define sepolgenver 1.0.13 Summary: SELinux policy core utilities Name: policycoreutils -Version: 2.0.57 -Release: 12%{?dist} +Version: 2.0.59 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -192,6 +192,17 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Tue Nov 11 2008 Dan Walsh 2.0.59-1 +- Update to upstream + * fcontext add checked local records twice, fix from Dan Walsh. + +* Mon Nov 10 2008 Dan Walsh 2.0.58-1 +- Update to upstream + * Allow local file context entries to override policy entries in + semanage from Dan Walsh. + * Newrole error message corrections from Dan Walsh. + * Add exception to audit2why call in audit2allow from Dan Walsh. + * Fri Nov 7 2008 Dan Walsh 2.0.57-12 - add compression diff --git a/sources b/sources index 92d3624..49332ca 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ b6756a012c26f414e4a5f8f438ce2188 sepolgen-1.0.13.tgz -52b590e33e13ed8aa10610237e8fa8d7 policycoreutils-2.0.57.tgz +52d3b44666096f3cce20696ff3fbce17 policycoreutils-2.0.59.tgz