* Thu Jul 27 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1

- Update to match NSA
	* Merged restorecon patch from Ivan Gyurdiev.
This commit is contained in:
Daniel J Walsh 2005-07-27 14:05:30 +00:00
parent 8db28853c1
commit 3ff1aebc51
4 changed files with 22 additions and 83 deletions

View File

@ -40,3 +40,5 @@ policycoreutils-1.23.10.tgz
policycoreutils-1.23.11.tgz policycoreutils-1.23.11.tgz
policycoreutils-1.24.tgz policycoreutils-1.24.tgz
policycoreutils-1.25.1.tgz policycoreutils-1.25.1.tgz
policycoreutils-1.25.2.tgz
policycoreutils-1.25.3.tgz

View File

@ -1,80 +1,9 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-1.23.11/load_policy/load_policy.c diff --exclude-from=exclude -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.25.3/Makefile
--- nsapolicycoreutils/load_policy/load_policy.c 2005-04-14 07:22:16.000000000 -0400 --- nsapolicycoreutils/Makefile 2005-07-18 15:07:46.000000000 -0400
+++ policycoreutils-1.23.11/load_policy/load_policy.c 2005-05-28 01:25:28.000000000 -0400 +++ policycoreutils-1.25.3/Makefile 2005-07-27 10:02:12.000000000 -0400
@@ -103,7 +103,7 @@ @@ -1,4 +1,4 @@
if (errno == ENOENT || errno == EINVAL) { -SUBDIRS=setfiles load_policy newrole run_init restorecon audit2allow audit2why scripts po sestatus semodule_link semodule_expand semodule
/* No booleans file or stale booleans in the file; non-fatal. */ +SUBDIRS=setfiles load_policy newrole run_init restorecon audit2allow audit2why scripts po sestatus
if (! quiet)
- fprintf(stderr, _("%s: Warning! Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
+ fprintf(stderr, _("%s: Warning while setting booleans from %s\n"), argv[0], boolpath);
} else {
fprintf(stderr, _("%s: Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
exit(2);
@@ -115,7 +115,7 @@
if (ret) {
/* Possibly ok, as there may be no booleans. */
if (! quiet)
- fprintf(stderr, _("%s: Warning! Error while getting boolean names: %s\n"), argv[0], strerror(errno));
+ fprintf(stderr, _("%s: Warning! unable to get boolean names: %s\n"), argv[0], strerror(errno));
goto load;
}
if (!len)
@@ -137,7 +137,7 @@
if (errno == EINVAL) {
/* Stale booleans in the file; non-fatal. */
if (! quiet)
- fprintf(stderr, _("%s: Warning! Error while setting booleans: %s\n"), argv[0], strerror(errno));
+ fprintf(stderr, _("%s: Warning! Unable to reset all booleans\n"), argv[0]);
} else {
fprintf(stderr, _("%s: Error while setting booleans: %s\n"), argv[0], strerror(errno));
exit(2);
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.11/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2005-05-20 13:15:12.000000000 -0400
+++ policycoreutils-1.23.11/newrole/newrole.c 2005-05-28 01:25:28.000000000 -0400
@@ -198,6 +198,11 @@
result = 0; /* user authenticated OK! */
}
+ /* Ask PAM to verify acct_mgmt */
+ if( PAM_SUCCESS != pam_acct_mgmt(pam_handle,0) ) {
+ result = 0; /* user authenticated OK! */
+ }
+
/* We're done with PAM. Free `pam_handle'. */
pam_end( pam_handle, PAM_SUCCESS );
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.23.11/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2005-04-14 07:22:16.000000000 -0400
+++ policycoreutils-1.23.11/scripts/genhomedircon 2005-06-14 13:01:12.000000000 -0400
@@ -357,16 +357,22 @@
return udict
def getHomeDirContext(self, user, home, role):
- ret="\n\n#\n# Context for user %s\n#\n\n" % user
+ ret="\n\n#\n# Home Context for user %s\n#\n\n" % user
rc=commands.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user))
return ret + rc[1] + "\n"
+ def getUserContext(self, user, sel_user, role):
+ ret="\n\n#\n# Other Context for user %s\n#\n\n" % user
+ rc=commands.getstatusoutput("grep 'USER' %s | sed -e 's/USER/%s/' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), user, role, sel_user))
+ return ret + rc[1] + "\n"
+
def genHomeDirContext(self):
users = self.getUsers()
ret=""
# Fill in HOME and ROLE for users that are defined
for u in users.keys():
ret += self.getHomeDirContext (u, users[u]["home"], users[u]["role"])
+ ret += self.getUserContext (u, u, users[u]["role"])
return ret+"\n"
def checkExists(self, home):
@@ -429,6 +435,7 @@
for h in self.getHomeDirs():
ret += self.getHomeDirContext ("user_u" , h+'/[^/]*', "user")
ret += self.getHomeRootContext(h)
+ ret += self.getUserContext(".*", "user_u", "user") + "\n"
ret += self.genHomeDirContext()
return ret
all install relabel clean:
@for subdir in $(SUBDIRS); do \

View File

@ -1,8 +1,8 @@
%define libselinuxver 1.23.1-1 %define libselinuxver 1.23.1-1
%define libsepolver 1.5.9-2 %define libsepolver 1.7-1
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.25.1 Version: 1.25.3
Release: 1 Release: 1
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
@ -11,6 +11,7 @@ Patch: policycoreutils-rhat.patch
Prefix: %{_prefix} Prefix: %{_prefix}
BuildRequires: libselinux-devel >= %{libselinuxver} pam-devel libsepol-devel >= %{libsepolver} BuildRequires: libselinux-devel >= %{libselinuxver} pam-devel libsepol-devel >= %{libsepolver}
Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver} Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver}
BuildRoot: %{_tmppath}/%{name}-buildroot BuildRoot: %{_tmppath}/%{name}-buildroot
@ -35,7 +36,6 @@ context.
%prep %prep
%setup -q %setup -q
%patch -p1 -b .rhat %patch -p1 -b .rhat
%build %build
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all
@ -84,6 +84,14 @@ rm -rf ${RPM_BUILD_ROOT}
%config(noreplace) %{_sysconfdir}/sestatus.conf %config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog %changelog
* Thu Jul 27 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1
- Update to match NSA
* Merged restorecon patch from Ivan Gyurdiev.
* Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.25.2-1
- Update to match NSA
* Merged load_policy, newrole, and genhomedircon patches from Red Hat.
* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.25.1-1 * Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.25.1-1
- Update to match NSA - Update to match NSA
* Merged loadable module support from Tresys Technology. * Merged loadable module support from Tresys Technology.

View File

@ -1 +1 @@
9978db7cb19c52a3474c6445e9e21bfb policycoreutils-1.25.1.tgz ea4ea978c040dc35db5b38ce28383bdc policycoreutils-1.25.3.tgz