rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Tue Sep 6 2005 Dan Walsh <dwalsh@redhat.com> 1.25.9-2

Browse Source 
- Add prereq for mount command
This commit is contained in:
Daniel J Walsh 2005-09-06 21:19:01 +00:00
parent 905895c931
commit 35b57c9442
2 changed files with 14 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.25.7/scripts/fixfiles diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.25.7/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2005-08-25 16:18:08.000000000 -0400 --- nsapolicycoreutils/scripts/fixfiles 2005-08-25 16:18:08.000000000 -0400
+++ policycoreutils-1.25.7/scripts/fixfiles 2005-08-26 16:05:39.000000000 -0400 +++ policycoreutils-1.25.7/scripts/fixfiles 2005-09-01 11:48:00.000000000 -0400
@@ -61,7 +61,11 @@ @@ -61,7 +61,11 @@
if [ -f ${PREFC} -a -x /usr/bin/diff ]; then if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
TEMPFILE=`mktemp ${FC}.XXXXXXXXXX` TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
@ -23,127 +23,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
fi fi
} }
# #
--- nsapolicycoreutils/semodule_package/Makefile 2005-07-28 09:46:02.000000000 -0400 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-1.25.7/setfiles/setfiles.8
+++ policycoreutils-1.25.7/semodule_package/Makefile 2005-08-30 10:31:41.000000000 -0400
@@ -3,6 +3,7 @@
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= ${PREFIX}/lib
+SELINUXDIR ?= ${DESTDIR}/usr/share/semod
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(INCLUDEDIR)
@@ -14,7 +15,9 @@
install: all
-mkdir -p $(BINDIR)
+ -mkdir -p $(SELINUXDIR)
install -m 755 semodule_package $(BINDIR)
+ install -m 640 semod.conf $(SELINUXDIR)/semod.conf
relabel:
--- nsapolicycoreutils/semodule_package/semod.conf 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.25.7/semodule_package/semod.conf 2005-08-30 10:24:54.000000000 -0400
@@ -0,0 +1,96 @@
+# Authors: Jason Tang <jtang@tresys.com>
+#
+# Copyright (C) 2004-2005 Tresys Technology, LLC
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+# Specify how libsemanage will interact with the module store. The three
+# options are:
+#
+# "direct" - libsemanage will write directly to the store.
+# /foo/bar - Write by way of a policy server, whose named socket
+# is at /foo/bar. The path must begin with a '/'.
+# foo.com:4242 - Establish a TCP connection to a remote policy server
+# at foo.com. If there is a colon then the remainder
+# is interpreted as a port number; otherwise default
+# to port 4242.
+module-store = direct
+
+# When generating the final linked and expanded policy, by default
+# semodule will set the policy version to POLICYDB_VERSION_MAX, as
+# given in <sepol/policydb.h>. Change this setting if a different
+# version is necessary.
+#policy-version = 19
+
+# After a policy has been created this library will attempt to load it
+# by calling the load_policy utility. If there are special
+# requirements (e.g., read booleans from a certain file) then add them
+# here. Below are the default values. Within 'args', the special
+# sequence "$@" will be replaced with the policy filename.
+#[load_policy]
+#path = /usr/sbin/load_policy
+#args = -b $@
+#[end]
+
+# In addition to loading a policy libsemanage will validate file contexts
+# by calling the setfiles utility. As above, "$@" will be replaced
+# with the policy filename. In addition "$<" will be replaced with
+# the file contexts filename.
+#[setfiles]
+#path = /usr/sbin/setfiles
+#args = -q -c $@ $<
+#[end]
+
+# Each program specified within a [verify] block is run during
+# committing. There are three types of verifies allowed: module,
+# linked, and kernel. Multiple verifies may exist for a stage; place
+# each program within its own [verify] block. For each stage the
+# programs are executed in the order given below. If a program ever
+# returns a non-zero value then the entire commit is aborted.
+#
+# Module verifies are executed for each source module prior to
+# linking. After they have been linked each link verifier is run
+# against the linked base module. Finally, each kernel verifier is
+# run against the final expanded kernel policy. If these verifiers
+# all exit with a return value of 0 then that kernel policy will be
+# loaded.
+#
+# 'path' gives a path the verificaton program. 'args' is any
+# free-form string that supplies command line arguments to the
+# verifier. Within args single quotes, double quotes, and backslashes
+# are metacharacters handled similarly to bash. Within 'args', the
+# special sequence "$@" will be replaced with a filename to the entity
+# being checked: source module for module verifiers, linked module for
+# linked, kernel policy for kernel. The sequence "$<" will be
+# replaced with the previous filename, if applicable. If an older
+# version does not exist "$<" expands to an empty string.
+#[verify module]
+#path = /usr/bin/some_module_verifier
+#args = -Wall -ansi -pedantic $@ $<
+#[end]
+
+#[verify module]
+#path = /another/module/verify/program
+#args = -With -some_more arguments
+#[end]
+
+#[verify linked]
+#path = /usr/local/bin/some_link_verifier
+#[end]
+
+#[verify kernel]
+#path = /usr/sbin/kernel_verifier
+#args = "some argument" "some other parameter" -k $@
+#[end]
--- nsapolicycoreutils/setfiles/setfiles.8 2005-03-17 10:29:50.000000000 -0500 --- nsapolicycoreutils/setfiles/setfiles.8 2005-03-17 10:29:50.000000000 -0500
+++ policycoreutils-1.25.7/setfiles/setfiles.8 2005-08-29 12:52:49.000000000 -0400 +++ policycoreutils-1.25.7/setfiles/setfiles.8 2005-09-01 11:48:00.000000000 -0400
@@ -35,6 +35,9 @@ @@ -35,6 +35,9 @@
.B \-q .B \-q
suppress non-error output. suppress non-error output.
@ -154,8 +36,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
.B \-e directory .B \-e directory
directory to exclude (repeat option for more than one directory.) directory to exclude (repeat option for more than one directory.)
.TP .TP
--- nsapolicycoreutils/setfiles/setfiles.c 2005-04-11 16:00:46.000000000 -0400 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.25.7/setfiles/setfiles.c
+++ policycoreutils-1.25.7/setfiles/setfiles.c 2005-08-29 12:50:56.000000000 -0400 --- nsapolicycoreutils/setfiles/setfiles.c 2005-09-01 11:26:48.000000000 -0400
+++ policycoreutils-1.25.7/setfiles/setfiles.c 2005-09-01 11:48:00.000000000 -0400
@@ -198,8 +198,8 @@ @@ -198,8 +198,8 @@
void usage(const char * const name) void usage(const char * const name)
{ {

14
policycoreutils.spec
View File

@ -1,10 +1,10 @@
%define libselinuxver 1.25.6-1 %define libselinuxver 1.25.6-1
%define libsepolver 1.7.24-1 %define libsepolver 1.7.24-1
%define libsemanagever 1.1.4-1 %define libsemanagever 1.1.6-1
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.25.9 Version: 1.25.9
Release: 1 Release: 2
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -12,8 +12,8 @@ Patch: policycoreutils-rhat.patch
BuildRequires: libselinux-devel >= %{libselinuxver} pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} BuildRequires: libselinux-devel >= %{libselinuxver} pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever}
Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver} PreReq: /bin/mount
Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver} libsemanage
BuildRoot: %{_tmppath}/%{name}-buildroot BuildRoot: %{_tmppath}/%{name}-buildroot
%description %description
@ -32,7 +32,7 @@ for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper to switch roles, and run_init to run /etc/init.d scripts in the proper
context. context.
p
%prep %prep
%setup -q %setup -q
%patch -p1 -b .rhat %patch -p1 -b .rhat
@ -84,11 +84,13 @@ rm -rf ${RPM_BUILD_ROOT}
%{_mandir}/man1/audit2allow.1.gz %{_mandir}/man1/audit2allow.1.gz
%{_mandir}/man1/newrole.1.gz %{_mandir}/man1/newrole.1.gz
%config %{_sysconfdir}/pam.d/newrole %config %{_sysconfdir}/pam.d/newrole
%config %{_sysconfdir}/selinux/semod.conf
%config %{_sysconfdir}/pam.d/run_init %config %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf %config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog %changelog
* Tue Sep 6 2005 Dan Walsh <dwalsh@redhat.com> 1.25.9-2
- Add prereq for mount command
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.25.9-1 * Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.25.9-1
- Update to match NSA - Update to match NSA
* Changed setfiles -c to translate the context to raw format * Changed setfiles -c to translate the context to raw format