* Mon Jan 2 2006 Dan Walsh <dwalsh@redhat.com> 1.29.2-10

- Fix restorecon to not say it is changing user section when -vv is specified
2006-01-02 19:35:53 +00:00 · 2006-01-02 19:35:53 +00:00 · 3c5f6e8b35
commit 3c5f6e8b35
parent 25eeaeed66
2 changed files with 102 additions and 10 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,6 +1,95 @@
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.29.2/restorecon/restorecon.8
+--- nsapolicycoreutils/restorecon/restorecon.8	2005-12-08 12:59:25.000000000 -0500
+++ policycoreutils-1.29.2/restorecon/restorecon.8	2006-01-02 14:35:46.000000000 -0500
+@@ -45,7 +45,7 @@
+ show changes in file labels, if type, role, or user are changing.
+ .TP 
+ .B \-F
+-Force reset of context to match file_context for customizable files
+Force reset of context to match file_context for customizable files, or the user section, if it has changed. 
+ .TP 
+ .SH "ARGUMENTS"
+ .B pathname...
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.29.2/restorecon/restorecon.c
+--- nsapolicycoreutils/restorecon/restorecon.c	2005-12-08 12:59:25.000000000 -0500
+++ policycoreutils-1.29.2/restorecon/restorecon.c	2006-01-02 14:33:52.000000000 -0500
+@@ -112,18 +112,16 @@
+ void usage(const char * const name)
+ {	
+   fprintf(stderr,
+-	  "usage:  %s [-rRnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",  name);
+	  "usage:  %s [-FnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",  name);
+   exit(1);
+ }
+ int restore(char *filename) {
+   int retcontext=0;
+-  int retval=0;
+   security_context_t scontext=NULL;
+   security_context_t prev_context=NULL;
+   int len=strlen(filename);
+   struct stat st;
+   char path[PATH_MAX+1];
+-  int user_only_changed=0;
+   /* 
+      Eliminate trailing /
+   */
+@@ -175,8 +173,7 @@
+   if (excludeCtr > 0 && exclude(filename)) {
+       return 0;
+   }
+-  retval = matchpathcon(filename, st.st_mode, &scontext);
+-  if (retval < 0) {
+  if (matchpathcon(filename, st.st_mode, &scontext) < 0) {
+     if (errno == ENOENT)
+       return 0;
+     fprintf(stderr,"matchpathcon(%s) failed %s\n", filename,strerror(errno));
+@@ -194,27 +191,24 @@
+     if (retcontext < 0 || force || 
+ 	(strcmp(prev_context,scontext) != 0 && 	
+ 	 !(customizable=is_context_customizable(prev_context) > 0))) {
+-      if (outfile) {
+-	fprintf(outfile, "%s\n", filename);
+-      }
+-      user_only_changed = only_changed_user(scontext, prev_context);
+-      if (change && !user_only_changed) {
+-	retval=lsetfilecon(filename,scontext);
+-      }
+-      if (retval<0) {
+-	  fprintf(stderr,"%s set context %s->%s failed:'%s'\n",
+-		  progname, filename, scontext, strerror(errno));
+-	  if (retcontext >= 0)
+-	    freecon(prev_context);
+-	  freecon(scontext);
+-	  return 1;
+-      } else 	
+-	      if (verbose && 
+-		  (verbose > 1 || !user_only_changed))
+      if (only_changed_user(scontext, prev_context) == 0) {
+	      if (outfile) fprintf(outfile, "%s\n", filename);
+	      if (change) {
+		      if (lsetfilecon(filename,scontext) < 0) {
+			      fprintf(stderr,"%s set context %s->%s failed:'%s'\n",
+				      progname, filename, scontext, strerror(errno));
+			      if (retcontext >= 0)
+				      freecon(prev_context);
+			      freecon(scontext);
+			      return 1;
+		      }
+	      }
+	      if (verbose)
+ 		      printf("%s reset %s context %s->%s\n",
+-			      progname, filename, (retcontext >= 0 ? prev_context : ""), scontext);
+			     progname, filename, (retcontext >= 0 ? prev_context : ""), scontext);
+      }
+     }
+-    if (verbose > 1 && customizable>0) {
+    if (verbose > 1 && ! force && customizable>0) {
+ 	    printf("%s: %s not reset customized by admin to %s\n",
+ 		      progname, filename, prev_context);
+     }
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.2/scripts/chcat
 --- nsapolicycoreutils/scripts/chcat	2005-12-14 14:16:50.000000000 -0500
-+++ policycoreutils-1.29.2/scripts/chcat	2005-12-22 16:29:28.000000000 -0500
+++ policycoreutils-1.29.2/scripts/chcat	2006-01-02 14:33:44.000000000 -0500
@@ -39,11 +39,11 @@
                 print("Can not modify sensitivity levels using '+' on %s" % f)
 
@ -205,7 +294,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycore
         usage()
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.29.2/scripts/chcat.8
 --- nsapolicycoreutils/scripts/chcat.8	2005-12-08 12:52:47.000000000 -0500
-+++ policycoreutils-1.29.2/scripts/chcat.8	2005-12-22 16:29:28.000000000 -0500
+++ policycoreutils-1.29.2/scripts/chcat.8	2006-01-02 14:33:44.000000000 -0500
@@ -11,6 +11,9 @@
 .B chcat
 [\fI-d\fR] \fIFILE\fR...
@ -228,7 +317,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policyco
 chcon(1), selinux(8)
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.29.2/scripts/fixfiles
 --- nsapolicycoreutils/scripts/fixfiles	2005-10-13 13:51:22.000000000 -0400
-+++ policycoreutils-1.29.2/scripts/fixfiles	2005-12-30 08:17:05.000000000 -0500
+++ policycoreutils-1.29.2/scripts/fixfiles	2006-01-02 14:33:44.000000000 -0500
@@ -62,8 +62,8 @@
 	TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
 	test -z "$TEMPFILE" && exit
@ -242,7 +331,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
 	    egrep -v '(^/home|^/root|^/tmp|^/dev)' |\
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon
 --- nsapolicycoreutils/scripts/genhomedircon	2005-12-07 07:28:00.000000000 -0500
-+++ policycoreutils-1.29.2/scripts/genhomedircon	2005-12-27 08:54:19.000000000 -0500
+++ policycoreutils-1.29.2/scripts/genhomedircon	2006-01-02 14:33:44.000000000 -0500
@@ -1,4 +1,4 @@
 -#! /usr/bin/env python
 +#! /usr/bin/python
@ -579,7 +668,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
 -	errorExit("IndexError")
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/selisteners policycoreutils-1.29.2/scripts/selisteners
 --- nsapolicycoreutils/scripts/selisteners	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.29.2/scripts/selisteners	2005-12-22 16:29:28.000000000 -0500
+++ policycoreutils-1.29.2/scripts/selisteners	2006-01-02 14:33:44.000000000 -0500
@@ -0,0 +1,37 @@
 +#! /usr/bin/env python
 +# Copyright (C) 2005 Red Hat
@ -620,7 +709,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/selisteners poli
 +        print "%s %-40s %-10s\t%-20s\t%s" % (x[0], x[3], pid,y[1],selinux.getpidcon(pid)[1])
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/chcat_test policycoreutils-1.29.2/scripts/tests/chcat_test
 --- nsapolicycoreutils/scripts/tests/chcat_test	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.29.2/scripts/tests/chcat_test	2005-12-22 16:29:28.000000000 -0500
+++ policycoreutils-1.29.2/scripts/tests/chcat_test	2006-01-02 14:33:44.000000000 -0500
@@ -0,0 +1,43 @@
 +#!/bin/sh -x
 +#
@ -667,7 +756,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/chcat_test
 +ls -lZ /tmp/chcat_test
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/setrans.conf policycoreutils-1.29.2/scripts/tests/setrans.conf
 --- nsapolicycoreutils/scripts/tests/setrans.conf	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.29.2/scripts/tests/setrans.conf	2005-12-22 16:29:28.000000000 -0500
+++ policycoreutils-1.29.2/scripts/tests/setrans.conf	2006-01-02 14:33:44.000000000 -0500
@@ -0,0 +1,23 @@
 +#
 +# Multi-Category Security translation table for SELinux
@ -694,7 +783,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/setrans.co
 +s0:c3=NDA_Yoyodyne
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.2/semanage/semanage
 --- nsapolicycoreutils/semanage/semanage	2005-11-29 10:55:01.000000000 -0500
-+++ policycoreutils-1.29.2/semanage/semanage	2005-12-27 15:13:34.000000000 -0500
+++ policycoreutils-1.29.2/semanage/semanage	2006-01-02 14:33:44.000000000 -0500
@@ -24,22 +24,33 @@
 from semanage import *;
 class loginRecords:
@ -1310,7 +1399,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
 			
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/tests/semanage_test policycoreutils-1.29.2/semanage/tests/semanage_test
 --- nsapolicycoreutils/semanage/tests/semanage_test	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.29.2/semanage/tests/semanage_test	2005-12-27 14:40:02.000000000 -0500
+++ policycoreutils-1.29.2/semanage/tests/semanage_test	2006-01-02 14:33:44.000000000 -0500
@@ -0,0 +1,67 @@
 +#!/bin/sh -x
 +#
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -4,7 +4,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.29.2
-Release: 9
+Release: 10
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -96,6 +96,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %config(noreplace) %{_sysconfdir}/sestatus.conf

 %changelog
+* Mon Jan 2 2006 Dan Walsh <dwalsh@redhat.com> 1.29.2-10
+- Fix restorecon to not say it is changing user section when -vv is specified
+
 * Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-9
 - Fixes for semanage, patch from Ivan and added a test script