From 15119ec30affde69129dcd6eb2fc3e073d0d33a3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 13 Feb 2006 19:54:09 +0000 Subject: [PATCH] * Mon Feb 13 2006 Dan Walsh 1.29.23-1 - Update from upstream * Merged newrole -V/--version support from Glauber de Oliveira Costa. * Merged genhomedircon prefix patch from Dan Walsh. * Merged optionals in base patch from Joshua Brindle. --- .cvsignore | 1 + policycoreutils-rhat.patch | 153 ------------------------------------- policycoreutils.spec | 14 +++- sources | 2 +- 4 files changed, 12 insertions(+), 158 deletions(-) diff --git a/.cvsignore b/.cvsignore index bed8050..72cc3cc 100644 --- a/.cvsignore +++ b/.cvsignore @@ -90,3 +90,4 @@ policycoreutils-1.29.17.tgz policycoreutils-1.29.18.tgz policycoreutils-1.29.19.tgz policycoreutils-1.29.20.tgz +policycoreutils-1.29.23.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index b449d5b..47211b3 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,156 +1,3 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.20/scripts/genhomedircon ---- nsapolicycoreutils/scripts/genhomedircon 2006-01-30 18:32:39.000000000 -0500 -+++ policycoreutils-1.29.20/scripts/genhomedircon 2006-02-09 10:27:15.000000000 -0500 -@@ -4,7 +4,7 @@ - # - # genhomedircon - this script is used to generate file context - # configuration entries for user home directories based on their --# default roles and is run when building the policy. Specifically, we -+# default prefixes and is run when building the policy. Specifically, we - # replace HOME_ROOT, HOME_DIR, and ROLE macros in .fc files with - # generic and user-specific values. - # -@@ -15,9 +15,7 @@ - # The file CONTEXTDIR/files/homedir_template exists. This file is used to - # set up the home directory context for each real user. - # --# If a user has more than one role, genhomedircon uses the first role in the list. --# --# If a user is not listed in CONTEXTDIR/seusers, he will default to user_u, role user -+# If a user is not listed in CONTEXTDIR/seusers, he will default to user_u, prefix user - # - # "Real" users (as opposed to system users) are those whose UID is greater than - # or equal STARTING_UID (usually 500) and whose login is not a member of -@@ -170,37 +168,34 @@ - def heading(self): - ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0] - if self.semanaged: -- ret += "# use seusers command to manage system users in order to change the file_context\n#\n#\n" -+ ret += "# use semanage command to manage system users in order to change the file_context\n#\n#\n" - else: - ret += "# edit %s to change file_context\n#\n#\n" % (self.selinuxdir+self.type+"/seusers") - return ret - -- def defaultrole(self, name): -+ def get_default_prefix(self, name): - for idx in range(self.usize): - user = semanage_user_by_idx(self.ulist, idx) - if semanage_user_get_name(user) == name: -- if name == "staff_u" or name == "root" and self.type != "targeted": -- return "staff_r" -- else: -- return "user_r" -+ return semanage_user_get_prefix(user) - return name -- def getOldRole(self, role): -- rc=grep(self.selinuxdir+self.type+"/users/system.users", "^user %s" % role) -+ def get_old_prefix(self, user): -+ rc=grep(self.selinuxdir+self.type+"/users/system.users", "^user %s" % user) - if rc == "": -- rc=grep(self.selinuxdir+self.type+"/users/local.users", "^user %s" % role) -+ rc=grep(self.selinuxdir+self.type+"/users/local.users", "^user %s" % user) - if rc != "": - user=rc.split() -- role = user[3] -- if role == "{": -- role = user[4] -- return role -+ prefix = user[3] -+ if prefix == "{": -+ prefix = user[4] -+ if len(prefix) > 2 and (prefix[-2:] == "_r" or prefix[-2:] == "_u"): -+ prefix = prefix[:-2] -+ return prefix - -- def adduser(self, udict, user, seuser, role): -- if seuser == "user_u" or user == "__default__": -+ def adduser(self, udict, user, seuser, prefix): -+ if seuser == "user_u" or user == "__default__" or user == "system_u": - return -- # !!! chooses first role in the list to use in the file context !!! -- if role[-2:] == "_r" or role[-2:] == "_u": -- role = role[:-2] -+ # !!! chooses first prefix in the list to use in the file context !!! - try: - home = pwd.getpwnam(user)[5] - if home == "/": -@@ -217,7 +212,7 @@ - return - prefs = {} - prefs["seuser"] = seuser -- prefs["role"] = role -+ prefs["prefix"] = prefix - prefs["home"] = home - udict[user] = prefs - -@@ -229,7 +224,7 @@ - user=[] - seuser = semanage_seuser_by_idx(list, idx) - seusername=semanage_seuser_get_sename(seuser) -- self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.defaultrole(seusername)) -+ self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.get_default_prefix(seusername)) - - else: - try: -@@ -242,8 +237,8 @@ - if len(user) < 2: - continue - -- role=self.getOldRole(user[1]) -- self.adduser(udict, user[0], user[1], role) -+ prefix=self.get_old_prefix(user[1]) -+ self.adduser(udict, user[0], user[1], prefix) - fd.close() - except IOError, error: - # Must be install so force add of root -@@ -251,40 +246,37 @@ - - return udict - -- def getHomeDirContext(self, user, seuser, home, role): -+ def getHomeDirContext(self, user, seuser, home, prefix): - ret="\n\n#\n# Home Context for user %s\n#\n\n" % user - fd=open(self.getHomeDirTemplate(), 'r') - for i in fd.read().split('\n'): - if i.startswith("HOME_DIR") == 1: - i=i.replace("HOME_DIR", home) -- i=i.replace("ROLE", role) -+ i=i.replace("ROLE", prefix) - i=i.replace("system_u", seuser) - ret = ret+i+"\n" - fd.close() - return ret - -- def getUserContext(self, user, sel_user, role): -+ def getUserContext(self, user, sel_user, prefix): - ret="" - fd=open(self.getHomeDirTemplate(), 'r') - for i in fd.read().split('\n'): - if i.find("USER") == 1: - i=i.replace("USER", user) -- i=i.replace("ROLE", role) -+ i=i.replace("ROLE", prefix) - i=i.replace("system_u", sel_user) - ret=ret+i+"\n" - fd.close() - return ret - - def genHomeDirContext(self): -- if self.semanaged and grep(self.getHomeDirTemplate(), "ROLE") != "": -- warning("genhomedircon: Warning! No support yet for expanding ROLE macros in the %s file when using libsemanage." % self.getHomeDirTemplate()); -- warning("genhomedircon: You must manually update file_contexts.homedirs for any non-user_r users (including root)."); - users = self.getUsers() - ret="" -- # Fill in HOME and ROLE for users that are defined -+ # Fill in HOME and prefix for users that are defined - for u in users.keys(): -- ret += self.getHomeDirContext (u, users[u]["seuser"], users[u]["home"], users[u]["role"]) -- ret += self.getUserContext (u, users[u]["seuser"], users[u]["role"]) -+ ret += self.getHomeDirContext (u, users[u]["seuser"], users[u]["home"], users[u]["prefix"]) -+ ret += self.getUserContext (u, users[u]["seuser"], users[u]["prefix"]) - return ret+"\n" - - def checkExists(self, home): diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.20/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2006-02-02 12:08:04.000000000 -0500 +++ policycoreutils-1.29.20/semanage/seobject.py 2006-02-10 11:48:59.000000000 -0500 diff --git a/policycoreutils.spec b/policycoreutils.spec index 453870a..e265426 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,11 +1,11 @@ %define libauditver 1.1.4-3 -%define libsepolver 1.11.13-1 -%define libsemanagever 1.5.21-2 +%define libsepolver 1.11.14-1 +%define libsemanagever 1.5.23-1 %define libselinuxver 1.29.7-1 Summary: SELinux policy core utilities. Name: policycoreutils -Version: 1.29.20 -Release: 2.1 +Version: 1.29.23 +Release: 1 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -98,6 +98,12 @@ rm -rf ${RPM_BUILD_ROOT} %{_libdir}/python2.4/site-packages/seobject.py* %changelog +* Mon Feb 13 2006 Dan Walsh 1.29.23-1 +- Update from upstream + * Merged newrole -V/--version support from Glauber de Oliveira Costa. + * Merged genhomedircon prefix patch from Dan Walsh. + * Merged optionals in base patch from Joshua Brindle. + * Fri Feb 10 2006 Jesse Keating - 1.29.20-2.1 - bump again for double-long bug on ppc(64) diff --git a/sources b/sources index 7eb1952..85b22f7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3b3793a52a940f5ec19a077965625b18 policycoreutils-1.29.20.tgz +b57167cc3ee8d8d49cbb848ebe5628d5 policycoreutils-1.29.23.tgz