From 27013450e08a99551fa7aed05231fc100cd74c13 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 31 Jul 2007 19:39:20 +0000 Subject: [PATCH] * Fri Jul 27 2007 Dan Walsh 2.0.22-11 - Fixfiles update required to match new regex --- policycoreutils-gui.patch | 79 ++++++++++++++++---------------- policycoreutils-rhat.patch | 93 +++++++++++++++++++++++++++++++++----- policycoreutils.spec | 5 +- 3 files changed, 126 insertions(+), 51 deletions(-) diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index bcd67ab..b753318 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -3059,50 +3059,50 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.22/gui/selinux.tbl --- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.22/gui/selinux.tbl 2007-07-27 14:57:41.000000000 -0400 -@@ -0,0 +1,295 @@ ++++ policycoreutils-2.0.22/gui/selinux.tbl 2007-07-28 11:01:13.000000000 -0400 +@@ -0,0 +1,296 @@ +allow_console_login _("Login") _("Allow direct login to the console device. Requiered for System 390") +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon") +allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow") -+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /.") -+allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys.") ++allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /") ++allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys") +allow_execheap _("Memory Protection") _("Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") +allow_execmem _("Memory Protection") _("Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla") +allow_execmod _("Memory Protection") _("Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t") +allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be neessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") +allow_ftpd_full_access _("FTP") _("Allow ftpd to full access to the system") +allow_ftpd_anon_write _("FTP") _("Allow ftpd to upload files to directories labeled public_content_rw_t") -+allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services.") -+allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services.") ++allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services") ++allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services") +allow_gpg_execstack _("Memory Protection") _("Allow gpg executable stack") -+allow_gadmin_exec_content _("User Privs") _("Allow gadmin SELinux user accounts to execute files in his homedirectory or /tmp") -+allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory.") -+allow_guest_exec_content _("User Privs") _("Allow guest SELinux user accounts to execute files in his homedirectory or /tmp") ++allow_gadmin_exec_content _("User Privs") _("Allow gadmin SELinux user accounts to execute files in his home directory or /tmp") ++allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory") ++allow_guest_exec_content _("User Privs") _("Allow guest SELinux user accounts to execute files in his home directory or /tmp") +allow_httpd_anon_write _("HTTPD Service") _("Allow httpd daemon to write files in directories labeled public_content_rw_t") -+allow_httpd_dbus_avahi _("HTTPD Service") _("Allow Apache to communicate with avahi service.") -+allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam.") ++allow_httpd_dbus_avahi _("HTTPD Service") _("Allow Apache to communicate with avahi service") ++allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam") +allow_httpd_sys_script_anon_write _("HTTPD Service") _("Allow httpd scripts to write files in directories labeled public_content_rw_t") +allow_java_execstack _("Memory Protection") _("Allow java executable stack") +allow_kerberos _("Kerberos") _("Allow daemons to use kerberos files") +allow_mount_anyfile _("Mount") _("Allow mount to mount any file") -+allow_mounton_anydir _("Mount") _("Allow mount to mount any dir") ++allow_mounton_anydir _("Mount") _("Allow mount to mount any directory") +allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack") -+allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services.") -+allow_polyinstantiation _("Polyinstatiation") _("Enable polyinstantiated directory support.") -+allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications) ++allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services") ++allow_polyinstantiation _("Polyinstatiation") _("Enable polyinstantiated directory support") ++allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications") +allow_rsync_anon_write _("rsync") _("Allow rsync to write files in directories labeled public_content_rw_t") +allow_smbd_anon_write _("Samba") _("Allow Samba to write files in directories labeled public_content_rw_t") +allow_ssh_keysign _("SSH") _("Allow ssh to run ssh-keysign") -+allow_staff_exec_content _("User Privs") _("Allow staff SELinux user accounts to execute files in his homedirectory or /tmp") -+allow_sysadm_exec_content _("User Privs") _("Allow sysadm SELinux user accounts to execute files in his homedirectory or /tmp") -+allow_unconfined_exec_content _("User Privs") _("Allow unconfined SELinux user accounts to execute files in his homedirectory or /tmp") ++allow_staff_exec_content _("User Privs") _("Allow staff SELinux user accounts to execute files in his home directory or /tmp") ++allow_sysadm_exec_content _("User Privs") _("Allow sysadm SELinux user accounts to execute files in his home directory or /tmp") ++allow_unconfined_exec_content _("User Privs") _("Allow unconfined SELinux user accounts to execute files in his home directory or /tmp") +allow_unlabeled_packets _("Network Configuration") _("Allow unlabeled packets to flow on the network") -+allow_user_exec_content _("User Privs") _("Allow user SELinux user accounts to execute files in his homedirectory or /tmp") ++allow_user_exec_content _("User Privs") _("Allow user SELinux user accounts to execute files in his home directory or /tmp") +allow_unconfined_execmem_dyntrans _("Memory Protection") _("Allow unconfined to dyntrans to unconfined_execmem") +allow_user_mysql_connect _("Databases") _("Allow user to connect to mysql socket") +allow_user_postgresql_connect _("Databases") _("Allow user to connect to postgres socket") +allow_write_xshm _("XServer") _("Allow clients to write to X shared memory") -+allow_xguest_exec_content _("User Privs") _("Allow xguest SELinux user accounts to execute files in his homedirectory or /tmp") ++allow_xguest_exec_content _("User Privs") _("Allow xguest SELinux user accounts to execute files in his home directory or /tmp") +allow_ypbind _("NIS") _("Allow daemons to run with NIS") +allow_zebra_write_config _("Zebra") _("Allow zebra daemon to write it configuration files") +browser_confine_staff _("Web Applications") _("Transition staff SELinux user to Web Browser Domain") @@ -3137,7 +3137,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +courier_tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") +cpucontrol_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpucontrol daemon") +cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon") -+cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts.") ++cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts") +crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon") +cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd backend server") +cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon") @@ -3164,7 +3164,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +dnsmasq_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dnsmasq daemon") +dovecot_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dovecot daemon") +entropyd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for entropyd daemon") -+fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron.") ++fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron") +fetchmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fetchmail") +fingerd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fingerd daemon") +freshclam_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for freshclam daemon") @@ -3172,7 +3172,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +ftpd_disable_trans _("FTP") _("Disable SELinux protection for ftpd daemon") +ftpd_is_daemon _("FTP") _("Allow ftpd to run directly without inetd") +ftp_home_dir _("FTP") _("Allow ftp to read/write files in the user home directories") -+global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom.") ++global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom") +gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon") +gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon") +hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hal daemon") @@ -3183,18 +3183,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +hplip_disable_trans _("Printing") _("Disable SELinux protection for cups hplip daemon") +httpd_builtin_scripting _("HTTPD Service") _("Allow HTTPD to support built-in scripting") +httpd_can_sendmail _("HTTPD Service") _("Allow HTTPD to send mail") -+httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases.") -+httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network.") -+httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay.") ++httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases") ++httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network") ++httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay") +httpd_disable_trans _("HTTPD Service") _("Disable SELinux protection for httpd daemon") +httpd_enable_cgi _("HTTPD Service") _("Allow HTTPD cgi support") +httpd_enable_ftp_server _("HTTPD Service") _("Allow HTTPD to run as a ftp server") +httpd_enable_homedirs _("HTTPD Service") _("Allow HTTPD to read home directories") +httpd_rotatelogs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for httpd rotatelogs") -+httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts.") ++httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts") +httpd_suexec_disable_trans _("HTTPD Service") _("Disable SELinux protection for http suexec") -+httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal. Needed for handling certificates.") -+httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files.") ++httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal. Needed for handling certificates") ++httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files") +hwclock_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hwclock daemon") +i18n_input_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for i18n daemon") +imazesrv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for imazesrv daemon") @@ -3249,7 +3249,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +pppd_can_insmod _("pppd") _("Allow pppd daemon to insert modules into the kernel") +pppd_disable_trans _("pppd") _("Disable SELinux protection for pppd daemon") +pppd_disable_trans _("pppd") _("Disable SELinux protection for the mozilla ppp daemon") -+pppd_for_user _("pppd") _("Allow pppd to be run for a regular user.") ++pppd_for_user _("pppd") _("Allow pppd to be run for a regular user") +pptp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pptp") +prelink_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for prelink daemon") +privoxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for privoxy daemon") @@ -3275,6 +3275,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +samba_enable_home_dirs _("Samba") _("Allow Samba to share users home directories") +samba_share_nfs _("Samba") _("Allow Samba to share nfs directories") +allow_saslauthd_read_shadow _("SASL authentication server") _("Allow sasl authentication server to read /etc/shadow") ++allow_xserver_execmem _("XServer") _("Allow X-Windows server to map a memory region as both executable and writable") +saslauthd_disable_trans _("SASL authentication server") _("Disable SELinux protection for saslauthd daemon") +scannerdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for scannerdaemon daemon") +secure_mode _("Admin") _("Do not allow transition to sysadm_t, sudo and su effected") @@ -3312,15 +3313,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +transproxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for transproxy daemon") +udev_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for udev daemon") +uml_switch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uml daemon") -+unlimitedInetd _("Admin") _("Allow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly defined.") -+unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined.") -+unlimitedRPM _("Admin") _("Allow rpm to run unconfined.") -+unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined.") ++unlimitedInetd _("Admin") _("Allow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly defined") ++unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined") ++unlimitedRPM _("Admin") _("Allow rpm to run unconfined") ++unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined") +updfstab_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for updfstab daemon") +uptimed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uptimed daemon") +use_lpd_server _("Printing") _("Use lpd server instead of cups") +use_nfs_home_dirs _("NFS") _("Support NFS home directories") -+user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so.") ++user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so") +user_can_mount _("Mount") _("Allow users to execute the mount command") +user_direct_mouse _("User Privs") _("Allow regular users direct mouse access (only allow the X server)") +user_dmesg _("User Privs") _("Allow users to run the dmesg command") @@ -3347,14 +3348,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon") +ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon") +zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon") -+httpd_use_cifs _("HTTPD Service") _("Allow httpd to access samba/cifs file systems.") -+httpd_use_nfs _("HTTPD Service") _("Allow httpd to access nfs file systems.") ++httpd_use_cifs _("HTTPD Service") _("Allow httpd to access samba/cifs file systems") ++httpd_use_nfs _("HTTPD Service") _("Allow httpd to access nfs file systems") +samba_domain_controller _("Samba") _("Allow samba to act as the domain controller, add users, groups and change passwords") +samba_export_all_ro _("Samba") _("Allow Samba to share any file/directory read only") +samba_export_all_rw _("Samba") _("Allow Samba to share any file/directory read/write") +samba_run_unconfined _("Samba") _("Allow Samba to run unconfined scripts in /var/lib/samba/scripts directory") -+webadm_manage_users_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivledged users home directories.") -+webadm_read_users_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivledged users home directories.") ++webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivledged users home directories") ++webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivledged users home directories") + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.22/gui/semanagePage.py --- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index fa014ef..6e17735 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-2.0.22/audit2allow/Makefile --- nsapolicycoreutils/audit2allow/Makefile 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/audit2allow/Makefile 2007-07-20 12:07:46.000000000 -0400 ++++ policycoreutils-2.0.22/audit2allow/Makefile 2007-07-23 10:40:06.000000000 -0400 @@ -1,6 +1,7 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr @@ -18,9 +18,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -mkdir -p $(MANDIR)/man1 install -m 644 audit2allow.1 $(MANDIR)/man1/ +diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/ChangeLog policycoreutils-2.0.22/ChangeLog +--- nsapolicycoreutils/ChangeLog 2007-07-16 14:20:43.000000000 -0400 ++++ policycoreutils-2.0.22/ChangeLog 2007-06-21 05:17:13.000000000 -0400 +@@ -91,7 +91,6 @@ + 1.33.15 2007-01-17 + * Merged unicode-to-string fix for seobject audit from Dan Walsh. + * Merged man page updates to make "apropos selinux" work from Dan Walsh. +- + 1.33.14 2007-01-16 + * Merged newrole man page patch from Michael Thompson. + diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.22/Makefile --- nsapolicycoreutils/Makefile 2007-07-16 14:20:43.000000000 -0400 -+++ policycoreutils-2.0.22/Makefile 2007-07-20 12:07:46.000000000 -0400 ++++ policycoreutils-2.0.22/Makefile 2007-07-23 10:40:06.000000000 -0400 @@ -1,4 +1,4 @@ -SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui @@ -29,7 +40,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po @for subdir in $(SUBDIRS); do \ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.22/restorecond/Makefile --- nsapolicycoreutils/restorecond/Makefile 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/restorecond/Makefile 2007-07-20 12:07:46.000000000 -0400 ++++ policycoreutils-2.0.22/restorecond/Makefile 2007-07-23 10:40:06.000000000 -0400 @@ -22,7 +22,7 @@ -mkdir -p $(INITDIR) install -m 644 restorecond.init $(INITDIR)/restorecond @@ -41,7 +52,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po /sbin/restorecon $(SBINDIR)/restorecond diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.22/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/restorecond/restorecond.c 2007-07-20 12:07:46.000000000 -0400 ++++ policycoreutils-2.0.22/restorecond/restorecond.c 2007-07-23 10:40:06.000000000 -0400 @@ -210,9 +210,10 @@ } @@ -70,7 +81,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po close(fd); diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/run_init/Makefile policycoreutils-2.0.22/run_init/Makefile --- nsapolicycoreutils/run_init/Makefile 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/run_init/Makefile 2007-07-20 12:07:46.000000000 -0400 ++++ policycoreutils-2.0.22/run_init/Makefile 2007-07-23 10:40:06.000000000 -0400 @@ -34,8 +34,8 @@ install: all test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) @@ -84,7 +95,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po ifeq (${PAMH}, /usr/include/security/pam_appl.h) diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.22/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/scripts/chcat 2007-07-20 12:07:46.000000000 -0400 ++++ policycoreutils-2.0.22/scripts/chcat 2007-07-23 10:40:06.000000000 -0400 @@ -77,7 +77,7 @@ if len(cats) > 0: @@ -105,7 +116,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po if add_ind: diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.22/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/scripts/fixfiles 2007-07-23 10:25:32.000000000 -0400 ++++ policycoreutils-2.0.22/scripts/fixfiles 2007-07-31 15:36:53.000000000 -0400 +@@ -88,7 +88,7 @@ + esac; \ + fi; \ + done | \ +- while read pattern ; do find $pattern \ ++ while read pattern ; do sh -c "find $pattern" \ + ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \ + \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \ + done 2> /dev/null | \ @@ -108,6 +108,7 @@ rpmlist() { @@ -116,7 +136,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po # diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.22/scripts/genhomedircon --- nsapolicycoreutils/scripts/genhomedircon 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/scripts/genhomedircon 2007-07-20 12:07:46.000000000 -0400 ++++ policycoreutils-2.0.22/scripts/genhomedircon 2007-07-23 10:40:06.000000000 -0400 @@ -302,7 +302,7 @@ regex = re.sub("\(\/\.\*\)\?", "", regex) @@ -128,7 +148,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po continue diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.22/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/semanage/semanage 2007-07-20 12:07:46.000000000 -0400 ++++ policycoreutils-2.0.22/semanage/semanage 2007-07-23 10:40:06.000000000 -0400 @@ -34,7 +34,10 @@ sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace') @@ -143,7 +163,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po __builtin__.__dict__['_'] = unicode diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.22/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/semanage/seobject.py 2007-07-20 12:07:46.000000000 -0400 ++++ policycoreutils-2.0.22/semanage/seobject.py 2007-07-31 09:55:36.000000000 -0400 @@ -210,6 +210,7 @@ os.write(fd, self.out()) os.close(fd) @@ -152,7 +172,58 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po class semanageRecords: def __init__(self): -@@ -1283,9 +1284,12 @@ +@@ -1051,26 +1052,30 @@ + raise ValueError(_("Could not create file context for %s") % target) + + rc = semanage_fcontext_set_expr(self.sh, fcontext, target) +- (rc, con) = semanage_context_create(self.sh) +- if rc < 0: +- raise ValueError(_("Could not create context for %s") % target) +- +- rc = semanage_context_set_user(self.sh, con, seuser) +- if rc < 0: +- raise ValueError(_("Could not set user in file context for %s") % target) +- +- rc = semanage_context_set_role(self.sh, con, "object_r") +- if rc < 0: +- raise ValueError(_("Could not set role in file context for %s") % target) +- +- rc = semanage_context_set_type(self.sh, con, type) +- if rc < 0: +- raise ValueError(_("Could not set type in file context for %s") % target) +- +- if serange != "": +- rc = semanage_context_set_mls(self.sh, con, serange) +- if rc < 0: +- raise ValueError(_("Could not set mls fields in file context for %s") % target) ++ if type == "<>": ++ rc, con = semanage_context_from_string(self.sh, type) ++ if rc < 0: ++ raise ValueError(_("Could not set context from string %s for %s") % (type, target)) ++ else: ++ (rc, con) = semanage_context_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create context for %s") % target) ++ rc = semanage_context_set_user(self.sh, con, seuser) ++ if rc < 0: ++ raise ValueError(_("Could not set user in file context for %s") % target) ++ ++ rc = semanage_context_set_role(self.sh, con, "object_r") ++ if rc < 0: ++ raise ValueError(_("Could not set role in file context for %s") % target) ++ ++ rc = semanage_context_set_type(self.sh, con, type) ++ if rc < 0: ++ raise ValueError(_("Could not set type in file context for %s") % target) ++ ++ if serange != "": ++ rc = semanage_context_set_mls(self.sh, con, serange) ++ if rc < 0: ++ raise ValueError(_("Could not set mls fields in file context for %s") % target) + + semanage_fcontext_set_type(fcontext, file_types[ftype]) + +@@ -1283,9 +1288,12 @@ raise ValueError(_("Could not list booleans")) for boolean in self.blist: diff --git a/policycoreutils.spec b/policycoreutils.spec index 2d6f801..4a8049f 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.22 -Release: 10%{?dist} +Release: 11%{?dist} License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Fri Jul 27 2007 Dan Walsh 2.0.22-11 +- Fixfiles update required to match new regex + * Fri Jul 27 2007 Dan Walsh 2.0.22-10 - Update booleans translations