* Mon Jan 2 2006 Dan Walsh <dwalsh@redhat.com> 1.29.2-10

- Fix restorecon to not say it is changing user section when -vv is specified
This commit is contained in:
Daniel J Walsh 2006-01-02 19:35:53 +00:00
parent 25eeaeed66
commit 3c5f6e8b35
2 changed files with 102 additions and 10 deletions

View File

@ -1,6 +1,95 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.29.2/restorecon/restorecon.8
--- nsapolicycoreutils/restorecon/restorecon.8 2005-12-08 12:59:25.000000000 -0500
+++ policycoreutils-1.29.2/restorecon/restorecon.8 2006-01-02 14:35:46.000000000 -0500
@@ -45,7 +45,7 @@
show changes in file labels, if type, role, or user are changing.
.TP
.B \-F
-Force reset of context to match file_context for customizable files
+Force reset of context to match file_context for customizable files, or the user section, if it has changed.
.TP
.SH "ARGUMENTS"
.B pathname...
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.29.2/restorecon/restorecon.c
--- nsapolicycoreutils/restorecon/restorecon.c 2005-12-08 12:59:25.000000000 -0500
+++ policycoreutils-1.29.2/restorecon/restorecon.c 2006-01-02 14:33:52.000000000 -0500
@@ -112,18 +112,16 @@
void usage(const char * const name)
{
fprintf(stderr,
- "usage: %s [-rRnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", name);
+ "usage: %s [-FnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", name);
exit(1);
}
int restore(char *filename) {
int retcontext=0;
- int retval=0;
security_context_t scontext=NULL;
security_context_t prev_context=NULL;
int len=strlen(filename);
struct stat st;
char path[PATH_MAX+1];
- int user_only_changed=0;
/*
Eliminate trailing /
*/
@@ -175,8 +173,7 @@
if (excludeCtr > 0 && exclude(filename)) {
return 0;
}
- retval = matchpathcon(filename, st.st_mode, &scontext);
- if (retval < 0) {
+ if (matchpathcon(filename, st.st_mode, &scontext) < 0) {
if (errno == ENOENT)
return 0;
fprintf(stderr,"matchpathcon(%s) failed %s\n", filename,strerror(errno));
@@ -194,27 +191,24 @@
if (retcontext < 0 || force ||
(strcmp(prev_context,scontext) != 0 &&
!(customizable=is_context_customizable(prev_context) > 0))) {
- if (outfile) {
- fprintf(outfile, "%s\n", filename);
- }
- user_only_changed = only_changed_user(scontext, prev_context);
- if (change && !user_only_changed) {
- retval=lsetfilecon(filename,scontext);
- }
- if (retval<0) {
- fprintf(stderr,"%s set context %s->%s failed:'%s'\n",
- progname, filename, scontext, strerror(errno));
- if (retcontext >= 0)
- freecon(prev_context);
- freecon(scontext);
- return 1;
- } else
- if (verbose &&
- (verbose > 1 || !user_only_changed))
+ if (only_changed_user(scontext, prev_context) == 0) {
+ if (outfile) fprintf(outfile, "%s\n", filename);
+ if (change) {
+ if (lsetfilecon(filename,scontext) < 0) {
+ fprintf(stderr,"%s set context %s->%s failed:'%s'\n",
+ progname, filename, scontext, strerror(errno));
+ if (retcontext >= 0)
+ freecon(prev_context);
+ freecon(scontext);
+ return 1;
+ }
+ }
+ if (verbose)
printf("%s reset %s context %s->%s\n",
- progname, filename, (retcontext >= 0 ? prev_context : ""), scontext);
+ progname, filename, (retcontext >= 0 ? prev_context : ""), scontext);
+ }
}
- if (verbose > 1 && customizable>0) {
+ if (verbose > 1 && ! force && customizable>0) {
printf("%s: %s not reset customized by admin to %s\n",
progname, filename, prev_context);
}
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.2/scripts/chcat diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.2/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2005-12-14 14:16:50.000000000 -0500 --- nsapolicycoreutils/scripts/chcat 2005-12-14 14:16:50.000000000 -0500
+++ policycoreutils-1.29.2/scripts/chcat 2005-12-22 16:29:28.000000000 -0500 +++ policycoreutils-1.29.2/scripts/chcat 2006-01-02 14:33:44.000000000 -0500
@@ -39,11 +39,11 @@ @@ -39,11 +39,11 @@
print("Can not modify sensitivity levels using '+' on %s" % f) print("Can not modify sensitivity levels using '+' on %s" % f)
@ -205,7 +294,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycore
usage() usage()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.29.2/scripts/chcat.8 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.29.2/scripts/chcat.8
--- nsapolicycoreutils/scripts/chcat.8 2005-12-08 12:52:47.000000000 -0500 --- nsapolicycoreutils/scripts/chcat.8 2005-12-08 12:52:47.000000000 -0500
+++ policycoreutils-1.29.2/scripts/chcat.8 2005-12-22 16:29:28.000000000 -0500 +++ policycoreutils-1.29.2/scripts/chcat.8 2006-01-02 14:33:44.000000000 -0500
@@ -11,6 +11,9 @@ @@ -11,6 +11,9 @@
.B chcat .B chcat
[\fI-d\fR] \fIFILE\fR... [\fI-d\fR] \fIFILE\fR...
@ -228,7 +317,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policyco
chcon(1), selinux(8) chcon(1), selinux(8)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.29.2/scripts/fixfiles diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.29.2/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2005-10-13 13:51:22.000000000 -0400 --- nsapolicycoreutils/scripts/fixfiles 2005-10-13 13:51:22.000000000 -0400
+++ policycoreutils-1.29.2/scripts/fixfiles 2005-12-30 08:17:05.000000000 -0500 +++ policycoreutils-1.29.2/scripts/fixfiles 2006-01-02 14:33:44.000000000 -0500
@@ -62,8 +62,8 @@ @@ -62,8 +62,8 @@
TEMPFILE=`mktemp ${FC}.XXXXXXXXXX` TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
test -z "$TEMPFILE" && exit test -z "$TEMPFILE" && exit
@ -242,7 +331,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
egrep -v '(^/home|^/root|^/tmp|^/dev)' |\ egrep -v '(^/home|^/root|^/tmp|^/dev)' |\
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2005-12-07 07:28:00.000000000 -0500 --- nsapolicycoreutils/scripts/genhomedircon 2005-12-07 07:28:00.000000000 -0500
+++ policycoreutils-1.29.2/scripts/genhomedircon 2005-12-27 08:54:19.000000000 -0500 +++ policycoreutils-1.29.2/scripts/genhomedircon 2006-01-02 14:33:44.000000000 -0500
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-#! /usr/bin/env python -#! /usr/bin/env python
+#! /usr/bin/python +#! /usr/bin/python
@ -579,7 +668,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
- errorExit("IndexError") - errorExit("IndexError")
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/selisteners policycoreutils-1.29.2/scripts/selisteners diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/selisteners policycoreutils-1.29.2/scripts/selisteners
--- nsapolicycoreutils/scripts/selisteners 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/scripts/selisteners 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.29.2/scripts/selisteners 2005-12-22 16:29:28.000000000 -0500 +++ policycoreutils-1.29.2/scripts/selisteners 2006-01-02 14:33:44.000000000 -0500
@@ -0,0 +1,37 @@ @@ -0,0 +1,37 @@
+#! /usr/bin/env python +#! /usr/bin/env python
+# Copyright (C) 2005 Red Hat +# Copyright (C) 2005 Red Hat
@ -620,7 +709,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/selisteners poli
+ print "%s %-40s %-10s\t%-20s\t%s" % (x[0], x[3], pid,y[1],selinux.getpidcon(pid)[1]) + print "%s %-40s %-10s\t%-20s\t%s" % (x[0], x[3], pid,y[1],selinux.getpidcon(pid)[1])
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/chcat_test policycoreutils-1.29.2/scripts/tests/chcat_test diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/chcat_test policycoreutils-1.29.2/scripts/tests/chcat_test
--- nsapolicycoreutils/scripts/tests/chcat_test 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/scripts/tests/chcat_test 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.29.2/scripts/tests/chcat_test 2005-12-22 16:29:28.000000000 -0500 +++ policycoreutils-1.29.2/scripts/tests/chcat_test 2006-01-02 14:33:44.000000000 -0500
@@ -0,0 +1,43 @@ @@ -0,0 +1,43 @@
+#!/bin/sh -x +#!/bin/sh -x
+# +#
@ -667,7 +756,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/chcat_test
+ls -lZ /tmp/chcat_test +ls -lZ /tmp/chcat_test
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/setrans.conf policycoreutils-1.29.2/scripts/tests/setrans.conf diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/setrans.conf policycoreutils-1.29.2/scripts/tests/setrans.conf
--- nsapolicycoreutils/scripts/tests/setrans.conf 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/scripts/tests/setrans.conf 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.29.2/scripts/tests/setrans.conf 2005-12-22 16:29:28.000000000 -0500 +++ policycoreutils-1.29.2/scripts/tests/setrans.conf 2006-01-02 14:33:44.000000000 -0500
@@ -0,0 +1,23 @@ @@ -0,0 +1,23 @@
+# +#
+# Multi-Category Security translation table for SELinux +# Multi-Category Security translation table for SELinux
@ -694,7 +783,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/setrans.co
+s0:c3=NDA_Yoyodyne +s0:c3=NDA_Yoyodyne
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.2/semanage/semanage diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.2/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2005-11-29 10:55:01.000000000 -0500 --- nsapolicycoreutils/semanage/semanage 2005-11-29 10:55:01.000000000 -0500
+++ policycoreutils-1.29.2/semanage/semanage 2005-12-27 15:13:34.000000000 -0500 +++ policycoreutils-1.29.2/semanage/semanage 2006-01-02 14:33:44.000000000 -0500
@@ -24,22 +24,33 @@ @@ -24,22 +24,33 @@
from semanage import *; from semanage import *;
class loginRecords: class loginRecords:
@ -1310,7 +1399,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/tests/semanage_test policycoreutils-1.29.2/semanage/tests/semanage_test diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/tests/semanage_test policycoreutils-1.29.2/semanage/tests/semanage_test
--- nsapolicycoreutils/semanage/tests/semanage_test 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/semanage/tests/semanage_test 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.29.2/semanage/tests/semanage_test 2005-12-27 14:40:02.000000000 -0500 +++ policycoreutils-1.29.2/semanage/tests/semanage_test 2006-01-02 14:33:44.000000000 -0500
@@ -0,0 +1,67 @@ @@ -0,0 +1,67 @@
+#!/bin/sh -x +#!/bin/sh -x
+# +#

View File

@ -4,7 +4,7 @@
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.29.2 Version: 1.29.2
Release: 9 Release: 10
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -96,6 +96,9 @@ rm -rf ${RPM_BUILD_ROOT}
%config(noreplace) %{_sysconfdir}/sestatus.conf %config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog %changelog
* Mon Jan 2 2006 Dan Walsh <dwalsh@redhat.com> 1.29.2-10
- Fix restorecon to not say it is changing user section when -vv is specified
* Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-9 * Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-9
- Fixes for semanage, patch from Ivan and added a test script - Fixes for semanage, patch from Ivan and added a test script