* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.28-1

- Update to match NSA - Add gfs support
2005-12-08 16:33:16 +00:00 · 2005-12-08 16:33:16 +00:00 · 2af5d4efc4
commit 2af5d4efc4
parent 78a6ed5399
2 changed files with 95 additions and 144 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.37/audit2allow/audit2allow
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.28/audit2allow/audit2allow
 --- nsapolicycoreutils/audit2allow/audit2allow	2005-12-01 10:11:27.000000000 -0500
-+++ policycoreutils-1.27.37/audit2allow/audit2allow	2005-12-07 12:26:00.000000000 -0500
+++ policycoreutils-1.28/audit2allow/audit2allow	2005-12-07 15:30:48.000000000 -0500
@@ -355,7 +355,7 @@
 					     'lastreload',
 					     'module=',
@ -10,113 +10,48 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
 					     'tefile',
 					     'verbose'
 					     ])
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/debugfiles.list policycoreutils-1.27.37/debugfiles.list
--- nsapolicycoreutils/debugfiles.list	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.27.37/debugfiles.list	2005-12-07 11:56:28.000000000 -0500
-@@ -0,0 +1,14 @@
-+/usr/lib/debug/usr/bin/newrole.debug
-+/usr/lib/debug/usr/bin/semodule_link.debug
-+/usr/lib/debug/usr/bin/semodule_expand.debug
-+/usr/lib/debug/usr/bin/semodule_package.debug
-+/usr/lib/debug/usr/sbin/sestatus.debug
-+/usr/lib/debug/usr/sbin/setfiles.debug
-+/usr/lib/debug/usr/sbin/open_init_pty.debug
-+/usr/lib/debug/usr/sbin/run_init.debug
-+/usr/lib/debug/usr/sbin/load_policy.debug
-+/usr/lib/debug/usr/sbin/semodule.debug
-+/usr/lib/debug/usr/sbin/audit2why.debug
-+/usr/lib/debug/usr/sbin/setsebool.debug
-+/usr/lib/debug/sbin/restorecon.debug
-+/usr/src/debug/policycoreutils-1.27.37
-Binary files nsapolicycoreutils/debugsources.list and policycoreutils-1.27.37/debugsources.list differ
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/policycoreutils.lang policycoreutils-1.27.37/policycoreutils.lang
--- nsapolicycoreutils/policycoreutils.lang	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.27.37/policycoreutils.lang	2005-12-07 11:56:27.000000000 -0500
-@@ -0,0 +1,80 @@
-+%defattr (644, root, root, 755)
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+%lang(sv) /usr/share/locale/sv/LC_MESSAGES/policycoreutils.mo
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.27.37/scripts/chcat
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.28/restorecon/restorecon.8
+--- nsapolicycoreutils/restorecon/restorecon.8	2005-02-02 13:31:48.000000000 -0500
+++ policycoreutils-1.28/restorecon/restorecon.8	2005-12-07 15:32:14.000000000 -0500
+@@ -29,7 +29,7 @@
+ .B \-e directory
+ directory to exclude (repeat option for more than one directory.)
+ .TP 
+-.B \-R
+.B \-R \-r
+ change files and directories file labels recursively
+ .TP 
+ .B \-n
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.28/restorecon/restorecon.c
+--- nsapolicycoreutils/restorecon/restorecon.c	2005-09-20 14:13:05.000000000 -0400
+++ policycoreutils-1.28/restorecon/restorecon.c	2005-12-07 15:31:40.000000000 -0500
+@@ -112,7 +112,7 @@
+ void usage(const char * const name)
+ {	
+   fprintf(stderr,
+-	  "usage:  %s [-Rnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",  name);
+	  "usage:  %s [-rRnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",  name);
+   exit(1);
+ }
+ int restore(char *filename) {
+@@ -271,11 +271,12 @@
+ 
+   memset(buf,0, sizeof(buf));
+ 
+-  while ((opt = getopt(argc, argv, "FRnvf:o:e:")) > 0) {
+  while ((opt = getopt(argc, argv, "FrRnvf:o:e:")) > 0) {
+     switch (opt) {
+     case 'n':
+       change = 0;
+       break;
+    case 'r':
+     case 'R':
+       recurse = 1;
+       break;
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.28/scripts/chcat
 --- nsapolicycoreutils/scripts/chcat	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.27.37/scripts/chcat	2005-12-07 11:56:20.000000000 -0500
-@@ -0,0 +1,175 @@
+++ policycoreutils-1.28/scripts/chcat	2005-12-08 11:31:57.000000000 -0500
+@@ -0,0 +1,191 @@
 +#! /usr/bin/env python
 +# Copyright (C) 2005 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -146,48 +81,65 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycore
 +def chcat_add(orig, newcat, files):
 +    errors=0
 +    cmd='chcon -l '
-+    sensitivity=newcat[0]
-+    cat=newcat[1]
+    if len(newcat) > 1:
+        sensitivity=newcat[0]
+        cat=newcat[1]
+    else:
+        sensitivity=0
+        cat=newcat[0]
+
+        
 +    for f in files:
 +        (rc, con) = selinux.getfilecon(f)
 +        (rc, raw) = selinux.selinux_trans_to_raw_context(con)
 +        clist=raw.split(":")[3:]
+        if sensitivity == 0:
+            sensitivity = clist[0]
 +        if len(clist) > 1:
 +            if clist[0] != sensitivity:
 +                print("Can not modify sensitivity levels using '+' on %s" % f)
 +                continue
 +            cats=clist[1].split(",")
-+            if newcat[1] in cats:
+            if cat in cats:
 +                print "%s is already in %s" % (f, orig)
 +                continue
-+            cats.append(newcat[1])
+            cats.append(cat)
 +            cats.sort()
-+            cat=cats[0]
+            cat_string=cats[0]
 +            for c in cats[1:]:
-+                cat="%s,%s" % (cat, c)
-+        cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
+                cat_string="%s,%s" % (cat_string, c)
+        else:
+            cat_string=cat
+        cmd='chcon -l %s:%s %s' % (sensitivity, cat_string, f)
 +        rc=commands.getstatusoutput(cmd)
 +        if rc[0] != 0:
+            print rc[1]
 +            errors+=1
 +    return errors
 +
 +def chcat_remove(orig, newcat, files):
 +    errors=0
-+    sensitivity=newcat[0]
-+    cat=newcat[1]
+    if len(newcat) > 1:
+        sensitivity=newcat[0]
+        cat=newcat[1]
+    else:
+        sensitivity=0
+        cat=newcat[0]
 +    for f in files:
 +        (rc, con) = selinux.getfilecon(f)
 +        (rc, raw) = selinux.selinux_trans_to_raw_context(con)
 +        clist=raw.split(":")[3:]
+        if sensitivity == 0:
+            sensitivity = clist[0]
 +        if len(clist) > 1:
 +            if clist[0] != sensitivity:
 +                print("Can not modify sensitivity levels using '+' on %s" % f)
 +                continue
 +            cats=clist[1].split(",")
-+            if newcat[1] not in cats:
+            if cat not in cats:
 +                print "%s is not in %s" % (f, orig)
 +                continue
-+            cats.remove(newcat[1])
+            cats.remove(cat)
 +            if len(cats) > 0:
 +                cat=cats[0]
 +                for c in cats[1:]:
@ -204,6 +156,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycore
 +            cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
 +        rc=commands.getstatusoutput(cmd)
 +        if rc[0] != 0:
+            print rc[1]
 +            errors+=1
 +    return errors
 +
@ -213,17 +166,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycore
 +        if len(c) > 0 and c[0] == "+":
 +            (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
 +            rlist=raw.split(":")
-+            if len(rlist) < 5:
-+                print "%s must have a sensitivity and at least one category" % c[1:]
-+                continue
 +            errors += chcat_add(c[1:], rlist[3:], files)
 +            continue
 +        if len(c) > 0 and c[0] == "-":
 +            (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
 +            rlist=raw.split(":")
-+            if len(rlist) < 5:
-+                print "%s must have a sensitivity and at least one category" % c[1:]
-+                continue
 +            errors += chcat_remove(c[1:], rlist[3:], files)
 +            continue
 +
@ -241,6 +188,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycore
 +	print "Usage %s CATEGORY File ..." % sys.argv[0]
 +	print "Usage %s [[+|-]CATEGORY],...]q File ..." % sys.argv[0]
 +	print "Usage %s -d File ..." % sys.argv[0]
+        print "Use -- to end option list.  For example"
+        print "chcat -- -CompanyConfidential /docs/businessplan.odt."
 +	sys.exit(1)
 +
 +def error(msg):
@ -255,20 +204,22 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycore
 +        error("Requires an SELinux enabled system")
 +        
 +    delete_ind=0
-+    gopts, cmds = getopt.getopt(sys.argv[1:],
-+	'dh',
-+	['help',
-+	    'delete'])
+    try:
+        gopts, cmds = getopt.getopt(sys.argv[1:],
+                                    'dh',
+                                    ['help',
+                                     'delete'])
 +
-+    for o,a in gopts:
-+        if o == "-h" or o == "--help":
+        for o,a in gopts:
+            if o == "-h" or o == "--help":
+                usage()
+            if o == "-d" or o == "--delete":
+                delete_ind=1
+
+        if len(cmds) < 1:
 +            usage()
-+        if o == "-d" or o == "--delete":
-+            delete_ind=1
-+
-+    if len(cmds) < 1:
+    except:
 +        usage()
-+
 +    if delete_ind:
 +        sys.exit(chcat([""], cmds))
 +
@ -292,9 +243,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycore
 +    sys.exit(chcat(cats, files))
 +
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.27.37/scripts/chcat.8
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.28/scripts/chcat.8
 --- nsapolicycoreutils/scripts/chcat.8	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.27.37/scripts/chcat.8	2005-12-07 11:56:20.000000000 -0500
+++ policycoreutils-1.28/scripts/chcat.8	2005-12-07 15:30:48.000000000 -0500
@@ -0,0 +1,29 @@
 +.TH CHCAT "8" "September 2005" "chcat" "User Commands"
 +.SH NAME
@ -325,9 +276,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policyco
 +.SH "FILES"
 +/etc/selinux/{SELINUXTYPE}/setrans.conf 
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-1.27.37/scripts/Makefile
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-1.28/scripts/Makefile
 --- nsapolicycoreutils/scripts/Makefile	2005-01-28 15:24:12.000000000 -0500
-+++ policycoreutils-1.27.37/scripts/Makefile	2005-12-07 11:56:20.000000000 -0500
+++ policycoreutils-1.28/scripts/Makefile	2005-12-07 15:30:48.000000000 -0500
@@ -1,20 +1,23 @@
 # Installation directories.
 PREFIX ?= ${DESTDIR}/usr
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -1,6 +1,6 @@
-%define libsepolver 1.9.41-1
-%define libsemanagever 1.3.64-1
-%define libselinuxver 1.27.28-2
+%define libsepolver 1.10-1
+%define libsemanagever 1.4-1
+%define libselinuxver 1.28-1
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.28
@ -12,7 +12,7 @@ Patch: policycoreutils-rhat.patch

 BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} 
 PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff
-Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python
+Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python coreutils
 BuildRoot: %{_tmppath}/%{name}-buildroot

 %description