rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Thu Feb 22 2007 Dan Walsh <dwalsh@redhat.com> 2.0.3-1

Browse Source 
- Update to upstream
	* Merged translations update from Dan Walsh.
	* Merged chcat fixes from Dan Walsh.
	* Merged man page fixes from Dan Walsh.
	* Merged seobject prefix validity checking from Dan Walsh.
	* Merged Makefile and refparser.py patch from Dan Walsh.
	  Fixes PYTHONLIBDIR definition and error handling on interface files.
This commit is contained in:
Daniel J Walsh 2007-02-22 15:14:00 +00:00
parent 565fe97388
commit 1e9f6c8a11
7 changed files with 117 additions and 3762 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -133,3 +133,5 @@ policycoreutils-2.0.0.tgz
policycoreutils-2.0.1.tgz
sepolgen-1.0.0.tgz
policycoreutils-2.0.2.tgz
policycoreutils-2.0.3.tgz
sepolgen-1.0.1.tgz

56
policycoreutils-gui.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.1/gui/booleansPage.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.2/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/booleansPage.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/booleansPage.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,199 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@ -201,9 +201,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+
+ setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val)
+ commands.getstatusoutput(setsebool)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.1/gui/fcontextPage.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.2/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/fcontextPage.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/fcontextPage.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,158 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@ -363,9 +363,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli
+ self.store.set_value(iter, 0, fspec)
+ self.store.set_value(iter, 2, ftype)
+ self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls))
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.1/gui/loginsPage.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.2/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/loginsPage.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/loginsPage.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,161 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@ -528,9 +528,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy
+ self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.1/gui/Makefile
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.2/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/Makefile 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/Makefile 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,30 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@ -562,9 +562,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
+indent:
+
+relabel:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.1/gui/mappingsPage.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.2/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/mappingsPage.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/mappingsPage.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,54 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@ -620,9 +620,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.1/gui/modulesPage.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.2/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/modulesPage.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/modulesPage.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,161 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@ -785,9 +785,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
+
+
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.1/gui/portsPage.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.2/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/portsPage.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/portsPage.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,214 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@ -1003,9 +1003,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+ self.store.set_value(iter, MLS_COL, mls)
+
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.1/gui/selinux.tbl
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.2/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/selinux.tbl 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/selinux.tbl 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,265 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow")
@ -1272,9 +1272,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
+ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon")
+ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon")
+zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon")
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.1/gui/semanagePage.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.2/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/semanagePage.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/semanagePage.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,109 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@ -1385,9 +1385,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli
+ self.dialog.hide()
+
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.1/gui/statusPage.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.2/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/statusPage.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/statusPage.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,213 @@
+## statusPage.py - show selinux status
+## Copyright (C) 2006 Red Hat, Inc.
@ -1602,9 +1602,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
+
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.1/gui/system-config-selinux.glade
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.2/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/system-config-selinux.glade 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/system-config-selinux.glade 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,2803 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@ -4409,9 +4409,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+</widget>
+
+</glade-interface>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.1/gui/system-config-selinux.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.2/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/system-config-selinux.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/system-config-selinux.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,156 @@
+#!/usr/bin/python
+#
@ -4569,9 +4569,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+
+ app = childWindow()
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.1/gui/translationsPage.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.2/gui/translationsPage.py
--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/translationsPage.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/translationsPage.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,109 @@
+## translationsPage.py - show selinux translations
+## Copyright (C) 2006 Red Hat, Inc.
@ -4682,9 +4682,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.1/gui/usersPage.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.2/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.1/gui/usersPage.py 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/gui/usersPage.py 2007-02-20 17:00:15.000000000 -0500
@@ -0,0 +1,155 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.

3462
policycoreutils-po.patch
View File

File diff suppressed because it is too large Load Diff

303
policycoreutils-rhat.patch
View File

@ -1,15 +1,54 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.1/Makefile
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.2/Makefile
--- nsapolicycoreutils/Makefile 2006-11-16 17:15:00.000000000 -0500
+++ policycoreutils-2.0.1/Makefile 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/Makefile 2007-02-20 17:00:14.000000000 -0500
@@ -1,4 +1,4 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
all install relabel clean indent:
@for subdir in $(SUBDIRS); do \
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.1/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2006-11-16 17:14:28.000000000 -0500
+++ policycoreutils-2.0.1/restorecond/restorecond.c 2007-02-15 15:16:09.000000000 -0500
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.2/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2007-01-24 10:03:59.000000000 -0500
+++ policycoreutils-2.0.2/newrole/newrole.c 2007-02-20 17:00:14.000000000 -0500
@@ -640,11 +640,12 @@
}
/* Re-open TTY descriptor */
- fd = open(ttyn, O_RDWR);
+ fd = open(ttyn, O_RDWR|O_NONBLOCK);
if (fd < 0) {
fprintf(stderr, _("Error! Could not open %s.\n"), ttyn);
return fd;
}
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
if (fgetfilecon(fd, &tty_con) < 0) {
fprintf(stderr, _("%s! Could not get current context "
@@ -1131,15 +1132,18 @@
fprintf(stderr, _("Could not close descriptors.\n"));
goto err_close_pam;
}
- fd = open(ttyn, O_RDONLY);
+ fd = open(ttyn, O_RDONLY|O_NONBLOCK);
if (fd != 0)
goto err_close_pam;
- fd = open(ttyn, O_RDWR);
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ fd = open(ttyn, O_RDWR|O_NONBLOCK);
if (fd != 1)
goto err_close_pam;
- fd = open(ttyn, O_RDWR);
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ fd = open(ttyn, O_RDWR|O_NONBLOCK);
if (fd != 2)
goto err_close_pam;
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
/*
* Step 5: Execute a new shell with the new context in `new_context'.
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.2/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2007-02-22 08:53:22.000000000 -0500
+++ policycoreutils-2.0.2/restorecond/restorecond.c 2007-02-20 17:00:14.000000000 -0500
@@ -210,9 +210,10 @@
}
@ -36,9 +75,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po
}
free(scontext);
close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.1/restorecond/restorecond.conf
@@ -481,8 +483,6 @@
watch_list_free(master_fd);
close(master_fd);
- matchpathcon_fini();
- utmpwatcher_free();
if (pidfile)
unlink(pidfile);
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.2/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2006-11-20 12:19:55.000000000 -0500
+++ policycoreutils-2.0.1/restorecond/restorecond.conf 2007-02-15 15:16:09.000000000 -0500
+++ policycoreutils-2.0.2/restorecond/restorecond.conf 2007-02-20 17:00:14.000000000 -0500
@@ -1,7 +1,9 @@
/etc/resolv.conf
+/etc/localtime
@ -49,245 +97,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po
/var/log/wtmp
~/public_html
~/.mozilla/plugins/libflashplayer.so
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.1/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2006-11-16 17:14:27.000000000 -0500
+++ policycoreutils-2.0.1/scripts/chcat 2007-02-15 15:16:09.000000000 -0500
@@ -25,11 +25,22 @@
import commands, sys, os, pwd, string, getopt, selinux
import seobject
import gettext
+import codecs
+import locale
+sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
+sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
try:
gettext.install('policycoreutils')
-except:
- pass
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+def errorExit(error):
+ sys.stderr.write("%s: " % sys.argv[0])
+ sys.stderr.write("%s\n" % error)
+ sys.stderr.flush()
+ sys.exit(1)
def verify_users(users):
for u in users:
@@ -62,12 +73,20 @@
for i in newcat[1:]:
if i not in cats:
cats.append(i)
+
new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
-
+ if new_serange[-1:] == ":":
+ new_serange = new_serange[:-1]
+
if add_ind:
- logins.add(u, user[0], new_serange)
+ cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
else:
- logins.modify(u, user[0], new_serange)
+ cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+
return errors
def chcat_add(orig, newcat, objects,login_ind):
@@ -133,11 +152,17 @@
cats.remove(i)
new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
+ if new_serange[-1:] == ":":
+ new_serange = new_serange[:-1]
if add_ind:
- logins.add(u, user[0], new_serange)
+ cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
else:
- logins.modify(u, user[0], new_serange)
+ cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
return errors
def chcat_remove(orig, newcat, objects, login_ind):
@@ -198,11 +223,17 @@
user = seusers["__default__"]
serange = user[1].split("-")
new_serange = "%s-%s:%s" % (serange[0],newcat[0], string.join(newcat[1:], ","))
-
+ if new_serange[-1:] == ":":
+ new_serange = new_serange[:-1]
+
if add_ind:
- logins.add(u, user[0], new_serange)
+ cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
else:
- logins.modify(u, user[0], new_serange)
+ cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
return errors
def chcat_replace(newcat, objects, login_ind):
@@ -362,6 +393,10 @@
if list_ind == 0 and len(cmds) < 1:
usage()
+
+ except getopt.error, error:
+ errorExit(_("Options Error %s ") % error.msg)
+
except ValueError, e:
usage()
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-2.0.1/scripts/chcat.8
--- nsapolicycoreutils/scripts/chcat.8 2007-01-17 11:11:34.000000000 -0500
+++ policycoreutils-2.0.1/scripts/chcat.8 2007-02-15 15:16:09.000000000 -0500
@@ -3,30 +3,31 @@
chcat \- change file SELinux security category
.SH SYNOPSIS
.B chcat
-\fICATEGORY FILE\fR...
+\fIcategory file\fR...
.br
.B chcat -l
-\fICATEGORY USER\fR...
+\fIcategory user\fR...
.br
.B chcat
-\fI[[+|-]CATEGORY],...] FILE\fR...
+\fI[[+|-]category...] file\fR...
.br
.B chcat -l
-\fI[[+|-]CATEGORY],...] USER\fR...
+\fI[[+|-]category...] user\fR...
.br
.B chcat
-[\fI-d\fR] \fIFILE\fR...
+[\fI-d\fR] \fIfile\fR...
.br
.B chcat -l
-[\fI-d\fR] \fIUSER\fR...
+[\fI-d\fR] \fIuser\fR...
.br
.B chcat
-\fI-L\fR [-l] [ USER ... ]
+\fI-L\fR [ -l ] [ user ... ]
.br
+.SH DESCRIPTION
.PP
-Change/Remove the security CATEGORY for each FILE/USER.
+Change/Remove the security \fIcategory\fR for each \fIfile\fR or \fIuser\fR.
.PP
-Use +/- to add/remove categories from a FILE/USER.
+Use +/- to add/remove categories from a \fIfile\fR or \fIuser\fR.
.PP
.B
Note:
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.1/scripts/fixfiles.8
--- nsapolicycoreutils/scripts/fixfiles.8 2007-01-17 11:11:34.000000000 -0500
+++ policycoreutils-2.0.1/scripts/fixfiles.8 2007-02-15 15:16:09.000000000 -0500
@@ -54,7 +54,7 @@
change any incorrect file context labels.
.TP
.B relabel
-Prompt for removal of contents of /tmp directory and then change any inccorect file context labels to match the install file_contexts file.
+Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
.TP
.B verify
List out files with incorrect file context labels, but do not change them.
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.1/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2007-02-20 08:43:10.000000000 -0500
+++ policycoreutils-2.0.1/semanage/seobject.py 2007-02-15 15:16:09.000000000 -0500
@@ -139,7 +139,7 @@
translations = fd.readlines()
fd.close()
except IOError, e:
- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) )
+ raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename, e) )
self.ddict = {}
self.comments = []
@@ -209,7 +209,8 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.2/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2007-02-22 08:53:22.000000000 -0500
+++ policycoreutils-2.0.2/semanage/seobject.py 2007-02-20 17:00:14.000000000 -0500
@@ -209,6 +209,7 @@
os.write(fd, self.out())
os.close(fd)
os.rename(newfilename, self.filename)
-
+ os.system("/sbin/service mcstrans reload > /dev/null")
+
class semanageRecords:
def __init__(self):
self.sh = semanage_handle_create()
@@ -464,7 +465,8 @@
rc = semanage_user_set_mlslevel(self.sh, u, selevel)
if rc < 0:
raise ValueError(_("Could not set MLS level for %s") % name)
-
+ if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0:
+ raise ValueError(_("Invalid prefix %s") % prefix)
rc = semanage_user_set_prefix(self.sh, u, prefix)
if rc < 0:
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@@ -530,7 +532,9 @@
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
if prefix != "":
- semanage_user_set_prefix(self.sh, u, prefix)
+ if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
+ raise ValueError(_("Invalid prefix %s") % prefix)
+ semanage_user_set_prefix(self.sh, u, prefix)
if len(roles) != 0:
for r in rlist:
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.1/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2007-01-24 10:03:59.000000000 -0500
+++ policycoreutils-2.0.1/newrole/newrole.c 2007-02-15 15:16:09.000000000 -0500
@@ -636,11 +636,12 @@ static int relabel_tty(const char *ttyn,
}
/* Re-open TTY descriptor */
- fd = open(ttyn, O_RDWR);
+ fd = open(ttyn, O_RDWR|O_NONBLOCK);
if (fd < 0) {
fprintf(stderr, _("Error! Could not open %s.\n"), ttyn);
return fd;
}
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
if (fgetfilecon(fd, &tty_con) < 0) {
fprintf(stderr, _("%s! Could not get current context "
@@ -1127,15 +1128,18 @@ int main(int argc, char *argv[])
fprintf(stderr, _("Could not close descriptors.\n"));
goto err_close_pam;
}
- fd = open(ttyn, O_RDONLY);
+ fd = open(ttyn, O_RDONLY|O_NONBLOCK);
if (fd != 0)
goto err_close_pam;
- fd = open(ttyn, O_RDWR);
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ fd = open(ttyn, O_RDWR|O_NONBLOCK);
if (fd != 1)
goto err_close_pam;
- fd = open(ttyn, O_RDWR);
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ fd = open(ttyn, O_RDWR|O_NONBLOCK);
if (fd != 2)
goto err_close_pam;
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
/*
* Step 5: Execute a new shell with the new context in `new_context'.

29
policycoreutils-sepolgen.patch
View File

@ -1,29 +0,0 @@
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/Makefile policycoreutils-2.0.1/sepolgen-1.0.0/src/sepolgen/Makefile
--- nsasepolgen/src/sepolgen/Makefile 2007-02-07 12:12:15.000000000 -0500
+++ policycoreutils-2.0.1/sepolgen-1.0.0/src/sepolgen/Makefile 2007-02-15 15:56:05.000000000 -0500
@@ -1,4 +1,4 @@
-PYTHONLIBDIR ?= `python -c "from distutils.sysconfig import *; print get_python_lib()"`
+PYTHONLIBDIR ?= $(shell python -c "from distutils.sysconfig import *; print get_python_lib(1)")
PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
install:
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.1/sepolgen-1.0.0/src/sepolgen/refparser.py
--- nsasepolgen/src/sepolgen/refparser.py 2007-02-07 12:12:15.000000000 -0500
+++ policycoreutils-2.0.1/sepolgen-1.0.0/src/sepolgen/refparser.py 2007-02-15 15:16:09.000000000 -0500
@@ -691,11 +691,13 @@
output.write(msg)
def parse_file(f, module, spt=None):
- fd = open(f)
- txt = fd.read()
- fd.close()
try:
+ fd = open(f)
+ txt = fd.read()
+ fd.close()
parse(txt, module, spt)
+ except IOError, e:
+ return
except ValueError, e:
raise ValueError("error parsing file %s: %s" % (f, str(e)))

23
policycoreutils.spec
View File

@ -2,11 +2,11 @@
%define libsepolver 2.0.1-1
%define libsemanagever 1.10.0-1
%define libselinuxver 2.0.0-1
%define sepolgenver 1.0.0
%define sepolgenver 1.0.1
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 2.0.2
Release: 3%{?dist}
Version: 2.0.3
Release: 1%{?dist}
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -16,8 +16,8 @@ Source3: system-config-selinux.desktop
Source4: system-config-selinux.pam
Source5: system-config-selinux.console
Patch: policycoreutils-rhat.patch
Patch1: policycoreutils-po.patch
Patch2: policycoreutils-sepolgen.patch
#Patch1: policycoreutils-po.patch
#Patch2: policycoreutils-sepolgen.patch
Patch3: policycoreutils-gui.patch
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel gettext
@ -46,8 +46,8 @@ context.
%prep
%setup -q -a 1
%patch -p1 -b .rhat
%patch1 -p1 -b .rhatpo
%patch2 -p1 -b .sepolgen
#%patch1 -p1 -b .rhatpo
#%patch2 -p1 -b .sepolgen
%patch3 -p1 -b .gui
%build
@ -181,6 +181,15 @@ fi
/usr/bin/sepolgen-ifgen > /dev/null
%changelog
* Thu Feb 22 2007 Dan Walsh <dwalsh@redhat.com> 2.0.3-1
- Update to upstream
* Merged translations update from Dan Walsh.
* Merged chcat fixes from Dan Walsh.
* Merged man page fixes from Dan Walsh.
* Merged seobject prefix validity checking from Dan Walsh.
* Merged Makefile and refparser.py patch from Dan Walsh.
Fixes PYTHONLIBDIR definition and error handling on interface files.
* Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-3
- Updated newrole NONBlOCK patch

4
sources
View File

@ -1,2 +1,2 @@
42087696c0b3926244ccfe637ee8c89b sepolgen-1.0.0.tgz
64bd1845e6457d0d238338a6a0292dfc policycoreutils-2.0.2.tgz
4af3294812518e0e1400cd13fd57e0e1 policycoreutils-2.0.3.tgz
dd378ab2d09a91263f4a27e46d515000 sepolgen-1.0.1.tgz