diff --git a/.cvsignore b/.cvsignore index c352986..ac23da9 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -policycoreutils-1.9.tgz +policycoreutils-1.11.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index d922ee1..e704806 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,143 +1,29 @@ ---- policycoreutils-1.9/restorecon/restorecon.c.rhat 2004-03-15 12:04:20.000000000 -0500 -+++ policycoreutils-1.9/restorecon/restorecon.c 2004-03-23 11:51:08.438569904 -0500 -@@ -25,13 +25,15 @@ - #include - #include - #include -+#include -+#include - #include - #include +--- policycoreutils-1.11/scripts/fixfiles.rhat 2004-05-05 09:36:40.000000000 -0400 ++++ policycoreutils-1.11/scripts/fixfiles 2004-05-07 10:41:27.721773064 -0400 +@@ -21,20 +21,22 @@ + # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - void usage(const char * const name) - { - fprintf(stderr, -- "usage: %s [-hnv] pathname...\n", name); -+ "usage: %s [-nv] pathname...\n", name); - exit(1); + FC=/etc/security/selinux/file_contexts ++LOGFILE=`mktemp /tmp/fixfiles.XXXXXXXXXX` || exit 1 ++echo "logging to $LOGFILE" + SETFILES=/usr/sbin/setfiles +-FILESYSTEMS=`mount | awk '/(ext[23]| xfs).*rw/{print $3}';` ++FILESYSTEMS=`mount | grep -v "context=" | grep -v bind | awk '/(ext[23]| xfs).*rw/{print $3}';` + checkLabels () { +-${SETFILES} -v -n ${FC} ${FILESYSTEMS} ++${SETFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE } -@@ -39,15 +41,18 @@ - security_context_t scontext; - security_context_t prev_context; - int i=0; -+ int retcontext=0; - int retval=0; - int errors=0; -- int links=0; - int change=1; - int verbose=0; - char opt; - char *progname=argv[0]; - -- while ((opt = getopt(argc, argv, "hnv")) > 0) { -+ if (is_selinux_enabled() <= 0 ) -+ exit(0); -+ -+ while ((opt = getopt(argc, argv, "nv")) > 0) { - switch (opt) { - case 'n': - change = 0; -@@ -55,50 +60,49 @@ - case 'v': - verbose = 1; - break; -- case 'h': -- links = 1; -- break; - case '?': - usage(argv[0]); - } - } - for (i=optind; i< argc; i++) { -- retval = matchpathcon(argv[i], 0, &scontext); -+ char *filename=argv[i]; -+ int len=strlen(filename); -+ /* -+ Eliminate trailing / -+ */ -+ if (filename[len-1]=='/' && (strcmp(filename,"/") != 0)) { -+ filename[len-1]=NULL; -+ } -+ retval = matchpathcon(filename, 0, &scontext); - if (retval < 0) { -- fprintf(stderr,"matchpathcon(%s) failed\n", argv[i]); -+ fprintf(stderr,"matchpathcon(%s) failed\n", filename); - errors++; - continue; - } -- if (links) -- retval=lgetfilecon(argv[i],&prev_context); -- else -- retval=getfilecon(argv[i],&prev_context); -- -- if (retval > 0) { -- if (strcmp(prev_context,scontext) != 0) { -- -+ retcontext=lgetfilecon(filename,&prev_context); -+ -+ if (retcontext >= 0 || errno == ENODATA) { -+ if (retcontext < 0 || strcmp(prev_context,scontext) != 0) { - if (change) { -- if ( links ) -- retval=lsetfilecon(argv[i],scontext); -- else -- retval=setfilecon(argv[i],scontext); -+ retval=lsetfilecon(filename,scontext); - } - if (retval<0) - fprintf(stderr,"%s set context %s->%s failed:'%s'\n", -- progname, argv[i], scontext, strerror(errno)); -+ progname, filename, scontext, strerror(errno)); - else - if (verbose) - fprintf(stderr,"%s set context %s->%s\n", -- progname, argv[i], scontext); -- } -+ progname, filename, scontext); -+ } -+ if (retcontext >= 0) -+ free(prev_context); - } - else { - if (verbose) - fprintf(stderr,"%s get context on %s failed: '%s'\n", -- progname, argv[i], strerror(errno)); -+ progname, filename, strerror(errno)); - } - free(scontext); -- free(prev_context); - } - return errors; + restoreLabels () { +-${SETFILES} -v ${FC} ${FILESYSTEMS} ++${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE } ---- policycoreutils-1.9/restorecon/restorecon.8.rhat 2004-03-15 12:04:20.000000000 -0500 -+++ policycoreutils-1.9/restorecon/restorecon.8 2004-03-18 10:04:44.000000000 -0500 -@@ -4,7 +4,7 @@ - .SH "SYNOPSIS" - .B restorecon --.I [\-h] [\-n] [\-v] pathname... -+.I [\-n] [\-v] pathname... + relabel() { + echo "Cleaning out /tmp" + rm -rf /tmp/.??* /tmp/* +-${SETFILES} ${FC} ${FILESYSTEMS} ++${SETFILES} ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE + } - .SH "DESCRIPTION" - This manual page describes the -@@ -20,9 +20,6 @@ - - .SH "OPTIONS" - .TP --.B \-h --change symbolic links rather then the files they point at --.TP - .B \-n - don't change any file labels. - .TP ---- policycoreutils-1.9/restorecon/Makefile.rhat 2004-03-15 12:04:20.000000000 -0500 -+++ policycoreutils-1.9/restorecon/Makefile 2004-03-18 10:04:44.000000000 -0500 -@@ -1,6 +1,6 @@ - # Installation directories. - PREFIX ?= ${DESTDIR}/usr --SBINDIR ?= $(PREFIX)/sbin -+SBINDIR ?= $(DESTDIR)/sbin - MANDIR = $(PREFIX)/share/man - - CFLAGS = -Wall + # See how we were called. diff --git a/policycoreutils.spec b/policycoreutils.spec index de54964..43b8f2a 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,17 +1,13 @@ Summary: SELinux policy core utilities. Name: policycoreutils -Version: 1.9 -Release: 12 +Version: 1.11 +Release: 2 License: GPL Group: System Environment/Base -Source: http://www.nsa.gov/selinux/archives/policycoreutils-1.9.tgz +Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz +Patch1: policycoreutils-rhat.patch Prefix: %{_prefix} -BuildRequires: libselinux-devel -Source1: fixfiles -Source2: checkselinux -Patch1: policycoreutils-genhomedircon.patch -Patch2: policycoreutils-rhat.patch -Patch3: policycoreutils-verbosity.patch +BuildRequires: libselinux-devel pam-devel BuildRoot: %{_tmppath}/%{name}-buildroot @@ -34,9 +30,7 @@ context. %prep %setup -q -%patch1 -p1 -b .genhomedircon -%patch2 -p1 -b .rhat -%patch3 -p1 -b .verbosity +%patch1 -p1 %build make all @@ -50,8 +44,6 @@ mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man1 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8 mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d make DESTDIR="${RPM_BUILD_ROOT}" install -install -m 750 %SOURCE1 ${RPM_BUILD_ROOT}/sbin -install -m 750 %SOURCE2 ${RPM_BUILD_ROOT}/sbin %find_lang %{name} @@ -62,11 +54,13 @@ rm -rf ${RPM_BUILD_ROOT} %defattr(-,root,root) %{_sbindir}/setfiles /sbin/fixfiles -/sbin/checkselinux /sbin/restorecon %{_mandir}/man8/restorecon.8.gz %{_sbindir}/genhomedircon +%{_sbindir}/sestatus +%{_mandir}/man8/sestatus.8.gz %{_mandir}/man8/setfiles.8.gz +%{_mandir}/man8/fixfiles.8.gz %{_sbindir}/load_policy %{_bindir}/newrole %{_bindir}/audit2allow @@ -75,8 +69,56 @@ rm -rf ${RPM_BUILD_ROOT} %{_sbindir}/run_init %config %{_sysconfdir}/pam.d/run_init %{_mandir}/man8/run_init.8.gz +%config(noreplace) %{_sysconfdir}/sestatus.conf %changelog +* Fri May 7 2004 Dan Walsh 1.11-2 +- Eliminate bind and context mounts + +* Wed May 5 2004 Dan Walsh 1.11-1 +- update to match NSA + +* Wed Apr 28 2004 Dan Walsh 1.10-4 +- Log fixfiles to the /tmp directory + +* Wed Apr 21 2004 Colin Walters 1.10-3 +- Add patch to fall back to authenticating via uid if + the current user's SELinux user identity is the default + identity +- Add BuildRequires pam-devel + +* Mon Apr 12 2004 Dan Walsh 1.10-2 +- Add man page, thanks to Richard Halley + +* Thu Apr 8 2004 Dan Walsh 1.10-1 +- Upgrade to latest from NSA + +* Fri Apr 2 2004 Dan Walsh 1.9.2-1 +- Update with latest from gentoo and NSA + +* Thu Apr 1 2004 Dan Walsh 1.9.1-1 +- Check return codes in sestatus.c + +* Mon Mar 29 2004 Dan Walsh 1.9-19 +- Fix sestatus to not double free +- Fix sestatus.conf to be unix format + +* Mon Mar 29 2004 Dan Walsh 1.9-18 +- Warn on setfiles failure to relabel. + +* Mon Mar 29 2004 Dan Walsh 1.9-17 +- Updated version of sestatus + +* Mon Mar 29 2004 Dan Walsh 1.9-16 +- Fix fixfiles to checklabel properly + +* Fri Mar 26 2004 Dan Walsh 1.9-15 +- add sestatus + +* Thu Mar 25 2004 Dan Walsh 1.9-14 +- Change free call to freecon +- Cleanup + * Tue Mar 23 2004 Dan Walsh 1.9-12 - Remove setfiles-assoc patch - Fix restorecon to not crash on missing dir diff --git a/sources b/sources index e82854b..e9aac2e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d8479bc93519dbcd1a95e89c2be08c59 policycoreutils-1.9.tgz +b879c0815805fc6274c59027cfc6e483 policycoreutils-1.11.tgz