From 375c226ef275ec1d9e98992aaaed4bf14be3e9e8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 24 Jan 2008 19:45:03 +0000 Subject: [PATCH] * Thu Jan 24 2008 Dan Walsh 2.0.38-1 - Update to upstream * Merged audit2allow cleanups and boolean descriptions from Dan Walsh. * Merged setfiles -0 support by Benny Amorsen via Dan Walsh. * Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh. --- .cvsignore | 1 + policycoreutils-rhat.patch | 221 ------------------------------------- policycoreutils.spec | 8 +- sources | 2 +- 4 files changed, 9 insertions(+), 223 deletions(-) diff --git a/.cvsignore b/.cvsignore index 97e2aef..fbc7810 100644 --- a/.cvsignore +++ b/.cvsignore @@ -170,3 +170,4 @@ policycoreutils-2.0.35.tgz policycoreutils-2.0.36.tgz policycoreutils-2.0.37.tgz sepolgen-1.0.11.tgz +policycoreutils-2.0.38.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 9c00d89..70cf20d 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,72 +1,3 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.37/audit2allow/audit2allow ---- nsapolicycoreutils/audit2allow/audit2allow 2008-01-23 16:47:07.000000000 -0500 -+++ policycoreutils-2.0.37/audit2allow/audit2allow 2008-01-23 17:15:21.000000000 -0500 -@@ -19,7 +19,6 @@ - # - - import sys --import tempfile - - import sepolgen.audit as audit - import sepolgen.policygen as policygen -@@ -153,9 +152,9 @@ - - def __process_input(self): - if self.__options.type: -- filter = audit.TypeFilter(self.__options.type) -- self.__avs = self.__parser.to_access(filter) -- self.__selinux_errs = self.__parser.to_role(filter) -+ avcfilter = audit.TypeFilter(self.__options.type) -+ self.__avs = self.__parser.to_access(avcfilter) -+ self.__selinux_errs = self.__parser.to_role(avcfilter) - else: - self.__avs = self.__parser.to_access() - self.__selinux_errs = self.__parser.to_role() -@@ -221,13 +220,14 @@ - def __output_audit2why(self): - import selinux - import selinux.audit2why as audit2why -+ import seobject - audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers())) - for i in self.__parser.avc_msgs: - rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses) - if rc >= 0: - print "%s\n\tWas caused by:" % i.message - if rc == audit2why.NOPOLICY: -- raise "Must call policy_init first" -+ raise RuntimeError("Must call policy_init first") - if rc == audit2why.BADTCON: - print "Invalid Target Context %s\n" % i.tcontext - continue -@@ -241,7 +241,7 @@ - print "Invalid permission %s\n" % i.accesses - continue - if rc == audit2why. BADCOMPUTE: -- raise "Error during access vector computation" -+ raise RuntimeError("Error during access vector computation") - if rc == audit2why.ALLOW: - print "\t\tUnknown - would be allowed by active policy\n", - print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" -@@ -251,12 +251,14 @@ - if len(bools) > 1: - print "\tOne of the following booleans was set incorrectly." - for b in bools: -- print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1]) -- print "\t# setsebool -P %s %d" % (b[0], b[1]) -+ print "\n\tBoolean %s is %d." % (b[0], not b[1]) -+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0]) -+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]) - else: -- print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0] -- print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1]) -- -+ print "\tThe boolean %s set incorrectly. " % (bools[0][0]) -+ print "\n\tBoolean %s is %d." % (bools[0][0], bools[0][1]) -+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0]) -+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1]) - continue - - if rc == audit2why.TERULE: diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.37/Makefile --- nsapolicycoreutils/Makefile 2007-12-19 06:02:52.000000000 -0500 +++ policycoreutils-2.0.37/Makefile 2008-01-23 17:13:45.000000000 -0500 @@ -105,59 +36,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po } free(scontext); close(fd); -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.37/scripts/fixfiles ---- nsapolicycoreutils/scripts/fixfiles 2008-01-23 14:36:28.000000000 -0500 -+++ policycoreutils-2.0.37/scripts/fixfiles 2008-01-23 17:13:45.000000000 -0500 -@@ -36,8 +36,8 @@ - LOGGER=/usr/sbin/logger - SETFILES=/sbin/setfiles - RESTORECON=/sbin/restorecon --FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(rw/{print $3}';` --FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(ro/{print $3}';` -+FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';` -+FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';` - FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO" - SELINUXTYPE="targeted" - if [ -e /etc/selinux/config ]; then -@@ -88,11 +88,11 @@ - esac; \ - fi; \ - done | \ -- while read pattern ; do sh -c "find $pattern" \ -- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \ -- \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \ -+ while read pattern ; do sh -c "find $pattern \ -+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \ -+ \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \ - done 2> /dev/null | \ -- ${RESTORECON} $2 -f - -+ ${RESTORECON} $2 -0 -f - - rm -f ${TEMPFILE} ${PREFCTEMPFILE} - fi - } -@@ -129,8 +129,8 @@ - if [ ! -z "$FILEPATH" ]; then - if [ -x /usr/bin/find ]; then - /usr/bin/find "$FILEPATH" \ -- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \ -- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE -+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o -print0 | \ -+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE - else - ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE - fi -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.37/scripts/fixfiles.8 ---- nsapolicycoreutils/scripts/fixfiles.8 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.37/scripts/fixfiles.8 2008-01-23 17:13:45.000000000 -0500 -@@ -35,7 +35,7 @@ - - .TP - .B -f --Don't prompt for removal of /tmp directory. -+Clear /tmp directory with out prompt for removal. - - .TP - .B -R rpmpackagename[,rpmpackagename...] diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.37/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2008-01-23 14:36:28.000000000 -0500 +++ policycoreutils-2.0.37/semanage/semanage 2008-01-23 17:13:45.000000000 -0500 @@ -209,102 +87,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po if object == "login": OBJECT = seobject.loginRecords(store) -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.37/semanage/seobject.py ---- nsapolicycoreutils/semanage/seobject.py 2007-12-10 21:42:27.000000000 -0500 -+++ policycoreutils-2.0.37/semanage/seobject.py 2008-01-23 17:13:45.000000000 -0500 -@@ -117,6 +117,12 @@ - #print _("Failed to translate booleans.\n%s") % e - pass - -+def boolean_desc(boolean): -+ if boolean in booleans_dict: -+ return _(booleans_dict[boolean][2]) -+ else: -+ return boolean -+ - def validate_level(raw): - sensitivity = "s[0-9]*" - category = "c[0-9]*" -@@ -1456,10 +1462,7 @@ - return ddict - - def get_desc(self, boolean): -- if boolean in booleans_dict: -- return _(booleans_dict[boolean][2]) -- else: -- return boolean -+ return boolean_desc(boolean) - - def get_category(self, boolean): - if boolean in booleans_dict: -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.37/setfiles/setfiles.8 ---- nsapolicycoreutils/setfiles/setfiles.8 2007-07-16 14:20:43.000000000 -0400 -+++ policycoreutils-2.0.37/setfiles/setfiles.8 2008-01-23 17:13:45.000000000 -0500 -@@ -59,6 +59,9 @@ - .TP - .B \-W - display warnings about entries that had no matching files. -+.TP -+.B \-0 -+Input items are terminated by a null character instead of by whitespace, and the quotes and backslash are not special (every character is taken literally). Disables the end of file string, which is treated like any other argument. Useful when input items might contain white space, quote marks, or backslashes.The GNU find -print0 option produces input suitable for this mode. - - .SH "ARGUMENTS" - .B spec_file -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.37/setfiles/setfiles.c ---- nsapolicycoreutils/setfiles/setfiles.c 2008-01-11 10:52:37.000000000 -0500 -+++ policycoreutils-2.0.37/setfiles/setfiles.c 2008-01-23 17:13:45.000000000 -0500 -@@ -55,6 +55,7 @@ - static int verbose = 0; - static int logging = 0; - static int warn_no_match = 0; -+static int null_terminated = 0; - static char *rootpath = NULL; - static int rootpathlen = 0; - static int recurse; /* Recursive descent. */ -@@ -384,7 +385,7 @@ - { - if (iamrestorecon) { - fprintf(stderr, -- "usage: %s [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", -+ "usage: %s [-iFnrRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", - name); - } else { - fprintf(stderr, -@@ -805,7 +806,7 @@ - } - - /* Process any options. */ -- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW")) > 0) { -+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) { - switch (opt) { - case 'c': - { -@@ -927,6 +928,9 @@ - case 'W': - warn_no_match = 1; - break; -+ case '0': -+ null_terminated = 1; -+ break; - case '?': - usage(argv[0]); - } -@@ -983,6 +987,7 @@ - if (use_input_file) { - FILE *f = stdin; - ssize_t len; -+ int delim; - if (strcmp(input_filename, "-") != 0) - f = fopen(input_filename, "r"); - if (f == NULL) { -@@ -991,7 +996,9 @@ - usage(argv[0]); - } - __fsetlocking(f, FSETLOCKING_BYCALLER); -- while ((len = getline(&buf, &buf_len, f)) > 0) { -+ -+ delim = (null_terminated != 0) ? '\0' : '\n'; -+ while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) { - buf[len - 1] = 0; - errors |= process_one(buf); - } diff --git a/policycoreutils.spec b/policycoreutils.spec index be827b9..217347f 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -5,7 +5,7 @@ %define sepolgenver 1.0.11 Summary: SELinux policy core utilities Name: policycoreutils -Version: 2.0.37 +Version: 2.0.38 Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base @@ -193,6 +193,12 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Thu Jan 24 2008 Dan Walsh 2.0.38-1 +- Update to upstream + * Merged audit2allow cleanups and boolean descriptions from Dan Walsh. + * Merged setfiles -0 support by Benny Amorsen via Dan Walsh. + * Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh. + * Wed Jan 23 2008 Dan Walsh 2.0.37-1 - Update to upstream * Merged replacement for audit2why from Dan Walsh. diff --git a/sources b/sources index 602399b..61dfcd7 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -f450ab5a14db31051869cc22a4e532a3 policycoreutils-2.0.37.tgz 3fed5cd04ee67c0f86e3cc6825261819 sepolgen-1.0.11.tgz +221516276ea4930b6c88689c00210e10 policycoreutils-2.0.38.tgz