* Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-5
- Fix sandbox to handle relative paths
This commit is contained in:
parent
c9fdf240be
commit
1696e8f7d1
@ -1222,8 +1222,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+relabel:
|
+relabel:
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.73/sandbox/sandbox
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.73/sandbox/sandbox
|
||||||
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.73/sandbox/sandbox 2009-09-09 17:05:42.000000000 -0400
|
+++ policycoreutils-2.0.73/sandbox/sandbox 2009-09-16 15:46:50.000000000 -0400
|
||||||
@@ -0,0 +1,200 @@
|
@@ -0,0 +1,202 @@
|
||||||
+#!/usr/bin/python -E
|
+#!/usr/bin/python -E
|
||||||
+import os, sys, getopt, socket, random, fcntl, shutil
|
+import os, sys, getopt, socket, random, fcntl, shutil
|
||||||
+import selinux
|
+import selinux
|
||||||
@ -1307,7 +1307,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+def copyfiles(newhomedir, newtmpdir, files):
|
+def copyfiles(newhomedir, newtmpdir, files):
|
||||||
+ import pwd
|
+ import pwd
|
||||||
+ homedir=pwd.getpwuid(os.getuid()).pw_dir
|
+ homedir=pwd.getpwuid(os.getuid()).pw_dir
|
||||||
+
|
|
||||||
+ for f in files:
|
+ for f in files:
|
||||||
+ copyfile(f,homedir, newhomedir)
|
+ copyfile(f,homedir, newhomedir)
|
||||||
+ copyfile(f,"/tmp", newtmpdir)
|
+ copyfile(f,"/tmp", newtmpdir)
|
||||||
@ -1389,12 +1388,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+ os.mkdir(newtmpdir)
|
+ os.mkdir(newtmpdir)
|
||||||
+ selinux.setfilecon(newtmpdir, filecon)
|
+ selinux.setfilecon(newtmpdir, filecon)
|
||||||
+ warnings.resetwarnings()
|
+ warnings.resetwarnings()
|
||||||
+ copyfiles(newhomedir, newtmpdir, init_files + cmds)
|
+ paths = []
|
||||||
|
+ for i in cmds:
|
||||||
|
+ paths.append(os.path.realpath(i))
|
||||||
|
+ copyfiles(newhomedir, newtmpdir, init_files + paths)
|
||||||
+ execfile = newhomedir + "/.sandboxrc"
|
+ execfile = newhomedir + "/.sandboxrc"
|
||||||
+ fd = open(execfile, "w+")
|
+ fd = open(execfile, "w+")
|
||||||
+ fd.write("""#! /bin/sh
|
+ fd.write("""#! /bin/sh
|
||||||
+%s
|
+%s
|
||||||
+""" % " ".join(cmds))
|
+""" % " ".join(paths))
|
||||||
+ fd.close()
|
+ fd.close()
|
||||||
+ os.chmod(execfile, 0700)
|
+ os.chmod(execfile, 0700)
|
||||||
+
|
+
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.73
|
Version: 2.0.73
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -297,6 +297,9 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-5
|
||||||
|
- Fix sandbox to handle relative paths
|
||||||
|
|
||||||
* Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-4
|
* Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-4
|
||||||
- Add symbolic link to load_policy
|
- Add symbolic link to load_policy
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user