rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> 1.29.23-1

Browse Source 
- Update from upstream
	* Merged newrole -V/--version support from Glauber de Oliveira Costa.
	* Merged genhomedircon prefix patch from Dan Walsh.
	* Merged optionals in base patch from Joshua Brindle.
This commit is contained in:
Daniel J Walsh 2006-02-13 19:54:09 +00:00
parent c2f80b696b
commit 15119ec30a
4 changed files with 12 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -90,3 +90,4 @@ policycoreutils-1.29.17.tgz
policycoreutils-1.29.18.tgz
policycoreutils-1.29.19.tgz
policycoreutils-1.29.20.tgz
policycoreutils-1.29.23.tgz

153
policycoreutils-rhat.patch
View File

@ -1,156 +1,3 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.20/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2006-01-30 18:32:39.000000000 -0500
+++ policycoreutils-1.29.20/scripts/genhomedircon 2006-02-09 10:27:15.000000000 -0500
@@ -4,7 +4,7 @@
#
# genhomedircon - this script is used to generate file context
# configuration entries for user home directories based on their
-# default roles and is run when building the policy. Specifically, we
+# default prefixes and is run when building the policy. Specifically, we
# replace HOME_ROOT, HOME_DIR, and ROLE macros in .fc files with
# generic and user-specific values.
#
@@ -15,9 +15,7 @@
# The file CONTEXTDIR/files/homedir_template exists. This file is used to
# set up the home directory context for each real user.
#
-# If a user has more than one role, genhomedircon uses the first role in the list.
-#
-# If a user is not listed in CONTEXTDIR/seusers, he will default to user_u, role user
+# If a user is not listed in CONTEXTDIR/seusers, he will default to user_u, prefix user
#
# "Real" users (as opposed to system users) are those whose UID is greater than
# or equal STARTING_UID (usually 500) and whose login is not a member of
@@ -170,37 +168,34 @@
def heading(self):
ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
if self.semanaged:
- ret += "# use seusers command to manage system users in order to change the file_context\n#\n#\n"
+ ret += "# use semanage command to manage system users in order to change the file_context\n#\n#\n"
else:
ret += "# edit %s to change file_context\n#\n#\n" % (self.selinuxdir+self.type+"/seusers")
return ret
- def defaultrole(self, name):
+ def get_default_prefix(self, name):
for idx in range(self.usize):
user = semanage_user_by_idx(self.ulist, idx)
if semanage_user_get_name(user) == name:
- if name == "staff_u" or name == "root" and self.type != "targeted":
- return "staff_r"
- else:
- return "user_r"
+ return semanage_user_get_prefix(user)
return name
- def getOldRole(self, role):
- rc=grep(self.selinuxdir+self.type+"/users/system.users", "^user %s" % role)
+ def get_old_prefix(self, user):
+ rc=grep(self.selinuxdir+self.type+"/users/system.users", "^user %s" % user)
if rc == "":
- rc=grep(self.selinuxdir+self.type+"/users/local.users", "^user %s" % role)
+ rc=grep(self.selinuxdir+self.type+"/users/local.users", "^user %s" % user)
if rc != "":
user=rc.split()
- role = user[3]
- if role == "{":
- role = user[4]
- return role
+ prefix = user[3]
+ if prefix == "{":
+ prefix = user[4]
+ if len(prefix) > 2 and (prefix[-2:] == "_r" or prefix[-2:] == "_u"):
+ prefix = prefix[:-2]
+ return prefix
- def adduser(self, udict, user, seuser, role):
- if seuser == "user_u" or user == "__default__":
+ def adduser(self, udict, user, seuser, prefix):
+ if seuser == "user_u" or user == "__default__" or user == "system_u":
return
- # !!! chooses first role in the list to use in the file context !!!
- if role[-2:] == "_r" or role[-2:] == "_u":
- role = role[:-2]
+ # !!! chooses first prefix in the list to use in the file context !!!
try:
home = pwd.getpwnam(user)[5]
if home == "/":
@@ -217,7 +212,7 @@
return
prefs = {}
prefs["seuser"] = seuser
- prefs["role"] = role
+ prefs["prefix"] = prefix
prefs["home"] = home
udict[user] = prefs
@@ -229,7 +224,7 @@
user=[]
seuser = semanage_seuser_by_idx(list, idx)
seusername=semanage_seuser_get_sename(seuser)
- self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.defaultrole(seusername))
+ self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.get_default_prefix(seusername))
else:
try:
@@ -242,8 +237,8 @@
if len(user) < 2:
continue
- role=self.getOldRole(user[1])
- self.adduser(udict, user[0], user[1], role)
+ prefix=self.get_old_prefix(user[1])
+ self.adduser(udict, user[0], user[1], prefix)
fd.close()
except IOError, error:
# Must be install so force add of root
@@ -251,40 +246,37 @@
return udict
- def getHomeDirContext(self, user, seuser, home, role):
+ def getHomeDirContext(self, user, seuser, home, prefix):
ret="\n\n#\n# Home Context for user %s\n#\n\n" % user
fd=open(self.getHomeDirTemplate(), 'r')
for i in fd.read().split('\n'):
if i.startswith("HOME_DIR") == 1:
i=i.replace("HOME_DIR", home)
- i=i.replace("ROLE", role)
+ i=i.replace("ROLE", prefix)
i=i.replace("system_u", seuser)
ret = ret+i+"\n"
fd.close()
return ret
- def getUserContext(self, user, sel_user, role):
+ def getUserContext(self, user, sel_user, prefix):
ret=""
fd=open(self.getHomeDirTemplate(), 'r')
for i in fd.read().split('\n'):
if i.find("USER") == 1:
i=i.replace("USER", user)
- i=i.replace("ROLE", role)
+ i=i.replace("ROLE", prefix)
i=i.replace("system_u", sel_user)
ret=ret+i+"\n"
fd.close()
return ret
def genHomeDirContext(self):
- if self.semanaged and grep(self.getHomeDirTemplate(), "ROLE") != "":
- warning("genhomedircon: Warning! No support yet for expanding ROLE macros in the %s file when using libsemanage." % self.getHomeDirTemplate());
- warning("genhomedircon: You must manually update file_contexts.homedirs for any non-user_r users (including root).");
users = self.getUsers()
ret=""
- # Fill in HOME and ROLE for users that are defined
+ # Fill in HOME and prefix for users that are defined
for u in users.keys():
- ret += self.getHomeDirContext (u, users[u]["seuser"], users[u]["home"], users[u]["role"])
- ret += self.getUserContext (u, users[u]["seuser"], users[u]["role"])
+ ret += self.getHomeDirContext (u, users[u]["seuser"], users[u]["home"], users[u]["prefix"])
+ ret += self.getUserContext (u, users[u]["seuser"], users[u]["prefix"])
return ret+"\n"
def checkExists(self, home):
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.20/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2006-02-02 12:08:04.000000000 -0500
+++ policycoreutils-1.29.20/semanage/seobject.py 2006-02-10 11:48:59.000000000 -0500

14
policycoreutils.spec
View File

@ -1,11 +1,11 @@
%define libauditver 1.1.4-3
%define libsepolver 1.11.13-1
%define libsemanagever 1.5.21-2
%define libsepolver 1.11.14-1
%define libsemanagever 1.5.23-1
%define libselinuxver 1.29.7-1
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.29.20
Release: 2.1
Version: 1.29.23
Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -98,6 +98,12 @@ rm -rf ${RPM_BUILD_ROOT}
%{_libdir}/python2.4/site-packages/seobject.py*
%changelog
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> 1.29.23-1
- Update from upstream
* Merged newrole -V/--version support from Glauber de Oliveira Costa.
* Merged genhomedircon prefix patch from Dan Walsh.
* Merged optionals in base patch from Joshua Brindle.
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.29.20-2.1
- bump again for double-long bug on ppc(64)

2
sources
View File

@ -1 +1 @@
3b3793a52a940f5ec19a077965625b18 policycoreutils-1.29.20.tgz
b57167cc3ee8d8d49cbb848ebe5628d5 policycoreutils-1.29.23.tgz