* Thu Jul 27 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1
- Update to match NSA * Merged restorecon patch from Ivan Gyurdiev.
This commit is contained in:
parent
8db28853c1
commit
3ff1aebc51
@ -40,3 +40,5 @@ policycoreutils-1.23.10.tgz
|
|||||||
policycoreutils-1.23.11.tgz
|
policycoreutils-1.23.11.tgz
|
||||||
policycoreutils-1.24.tgz
|
policycoreutils-1.24.tgz
|
||||||
policycoreutils-1.25.1.tgz
|
policycoreutils-1.25.1.tgz
|
||||||
|
policycoreutils-1.25.2.tgz
|
||||||
|
policycoreutils-1.25.3.tgz
|
||||||
|
@ -1,80 +1,9 @@
|
|||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-1.23.11/load_policy/load_policy.c
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.25.3/Makefile
|
||||||
--- nsapolicycoreutils/load_policy/load_policy.c 2005-04-14 07:22:16.000000000 -0400
|
--- nsapolicycoreutils/Makefile 2005-07-18 15:07:46.000000000 -0400
|
||||||
+++ policycoreutils-1.23.11/load_policy/load_policy.c 2005-05-28 01:25:28.000000000 -0400
|
+++ policycoreutils-1.25.3/Makefile 2005-07-27 10:02:12.000000000 -0400
|
||||||
@@ -103,7 +103,7 @@
|
@@ -1,4 +1,4 @@
|
||||||
if (errno == ENOENT || errno == EINVAL) {
|
-SUBDIRS=setfiles load_policy newrole run_init restorecon audit2allow audit2why scripts po sestatus semodule_link semodule_expand semodule
|
||||||
/* No booleans file or stale booleans in the file; non-fatal. */
|
+SUBDIRS=setfiles load_policy newrole run_init restorecon audit2allow audit2why scripts po sestatus
|
||||||
if (! quiet)
|
|
||||||
- fprintf(stderr, _("%s: Warning! Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
|
|
||||||
+ fprintf(stderr, _("%s: Warning while setting booleans from %s\n"), argv[0], boolpath);
|
|
||||||
} else {
|
|
||||||
fprintf(stderr, _("%s: Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
|
|
||||||
exit(2);
|
|
||||||
@@ -115,7 +115,7 @@
|
|
||||||
if (ret) {
|
|
||||||
/* Possibly ok, as there may be no booleans. */
|
|
||||||
if (! quiet)
|
|
||||||
- fprintf(stderr, _("%s: Warning! Error while getting boolean names: %s\n"), argv[0], strerror(errno));
|
|
||||||
+ fprintf(stderr, _("%s: Warning! unable to get boolean names: %s\n"), argv[0], strerror(errno));
|
|
||||||
goto load;
|
|
||||||
}
|
|
||||||
if (!len)
|
|
||||||
@@ -137,7 +137,7 @@
|
|
||||||
if (errno == EINVAL) {
|
|
||||||
/* Stale booleans in the file; non-fatal. */
|
|
||||||
if (! quiet)
|
|
||||||
- fprintf(stderr, _("%s: Warning! Error while setting booleans: %s\n"), argv[0], strerror(errno));
|
|
||||||
+ fprintf(stderr, _("%s: Warning! Unable to reset all booleans\n"), argv[0]);
|
|
||||||
} else {
|
|
||||||
fprintf(stderr, _("%s: Error while setting booleans: %s\n"), argv[0], strerror(errno));
|
|
||||||
exit(2);
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.11/newrole/newrole.c
|
|
||||||
--- nsapolicycoreutils/newrole/newrole.c 2005-05-20 13:15:12.000000000 -0400
|
|
||||||
+++ policycoreutils-1.23.11/newrole/newrole.c 2005-05-28 01:25:28.000000000 -0400
|
|
||||||
@@ -198,6 +198,11 @@
|
|
||||||
result = 0; /* user authenticated OK! */
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* Ask PAM to verify acct_mgmt */
|
|
||||||
+ if( PAM_SUCCESS != pam_acct_mgmt(pam_handle,0) ) {
|
|
||||||
+ result = 0; /* user authenticated OK! */
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* We're done with PAM. Free `pam_handle'. */
|
|
||||||
pam_end( pam_handle, PAM_SUCCESS );
|
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.23.11/scripts/genhomedircon
|
|
||||||
--- nsapolicycoreutils/scripts/genhomedircon 2005-04-14 07:22:16.000000000 -0400
|
|
||||||
+++ policycoreutils-1.23.11/scripts/genhomedircon 2005-06-14 13:01:12.000000000 -0400
|
|
||||||
@@ -357,16 +357,22 @@
|
|
||||||
return udict
|
|
||||||
|
|
||||||
def getHomeDirContext(self, user, home, role):
|
|
||||||
- ret="\n\n#\n# Context for user %s\n#\n\n" % user
|
|
||||||
+ ret="\n\n#\n# Home Context for user %s\n#\n\n" % user
|
|
||||||
rc=commands.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user))
|
|
||||||
return ret + rc[1] + "\n"
|
|
||||||
|
|
||||||
+ def getUserContext(self, user, sel_user, role):
|
|
||||||
+ ret="\n\n#\n# Other Context for user %s\n#\n\n" % user
|
|
||||||
+ rc=commands.getstatusoutput("grep 'USER' %s | sed -e 's/USER/%s/' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), user, role, sel_user))
|
|
||||||
+ return ret + rc[1] + "\n"
|
|
||||||
+
|
|
||||||
def genHomeDirContext(self):
|
|
||||||
users = self.getUsers()
|
|
||||||
ret=""
|
|
||||||
# Fill in HOME and ROLE for users that are defined
|
|
||||||
for u in users.keys():
|
|
||||||
ret += self.getHomeDirContext (u, users[u]["home"], users[u]["role"])
|
|
||||||
+ ret += self.getUserContext (u, u, users[u]["role"])
|
|
||||||
return ret+"\n"
|
|
||||||
|
|
||||||
def checkExists(self, home):
|
|
||||||
@@ -429,6 +435,7 @@
|
|
||||||
for h in self.getHomeDirs():
|
|
||||||
ret += self.getHomeDirContext ("user_u" , h+'/[^/]*', "user")
|
|
||||||
ret += self.getHomeRootContext(h)
|
|
||||||
+ ret += self.getUserContext(".*", "user_u", "user") + "\n"
|
|
||||||
ret += self.genHomeDirContext()
|
|
||||||
return ret
|
|
||||||
|
|
||||||
|
all install relabel clean:
|
||||||
|
@for subdir in $(SUBDIRS); do \
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
%define libselinuxver 1.23.1-1
|
%define libselinuxver 1.23.1-1
|
||||||
%define libsepolver 1.5.9-2
|
%define libsepolver 1.7-1
|
||||||
Summary: SELinux policy core utilities.
|
Summary: SELinux policy core utilities.
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 1.25.1
|
Version: 1.25.3
|
||||||
Release: 1
|
Release: 1
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
@ -11,6 +11,7 @@ Patch: policycoreutils-rhat.patch
|
|||||||
|
|
||||||
Prefix: %{_prefix}
|
Prefix: %{_prefix}
|
||||||
BuildRequires: libselinux-devel >= %{libselinuxver} pam-devel libsepol-devel >= %{libsepolver}
|
BuildRequires: libselinux-devel >= %{libselinuxver} pam-devel libsepol-devel >= %{libsepolver}
|
||||||
|
|
||||||
Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver}
|
Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver}
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||||
@ -35,7 +36,6 @@ context.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch -p1 -b .rhat
|
%patch -p1 -b .rhat
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all
|
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all
|
||||||
|
|
||||||
@ -84,6 +84,14 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 27 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1
|
||||||
|
- Update to match NSA
|
||||||
|
* Merged restorecon patch from Ivan Gyurdiev.
|
||||||
|
|
||||||
|
* Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.25.2-1
|
||||||
|
- Update to match NSA
|
||||||
|
* Merged load_policy, newrole, and genhomedircon patches from Red Hat.
|
||||||
|
|
||||||
* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.25.1-1
|
* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.25.1-1
|
||||||
- Update to match NSA
|
- Update to match NSA
|
||||||
* Merged loadable module support from Tresys Technology.
|
* Merged loadable module support from Tresys Technology.
|
||||||
|
Loading…
Reference in New Issue
Block a user