Update to upstream
* policycoreutils * setfiles: Fix process_glob to handle error situations * sandbox: Allow seunshare to run as root * sandbox: trap sigterm to make sure sandbox * sandbox: pass DPI from the desktop * sandbox: seunshare: introduce helper spawn_command * sandbox: seunshare: introduce new filesystem helpers * sandbox: add -C option to not drop * sandbox: split seunshare caps dropping * sandbox: use dbus-launch * sandbox: numerous simple updates to sandbox * sandbox: do not require selinux context * sandbox: Makefile: new man pages * sandbox: rename dir to srcdir * sandbox: allow users specify sandbox window size * sandbox: check for paths up front * sandbox: use defined values for paths rather * sandbox: move seunshare globals to the top * sandbox: whitespace fix * semodule_package: Add semodule_unpackage executable * setfiles: get rid of some stupid globals * setfiles: move exclude_non_seclabel_mounts to a generic location * sepolgen * refparser: include open among valid permissions * refparser: add support for filename_trans rules
This commit is contained in:
parent
8b0727dc56
commit
42466e2b7e
2
.gitignore
vendored
2
.gitignore
vendored
@ -225,3 +225,5 @@ policycoreutils-2.0.83.tgz
|
||||
/policycoreutils-2.0.85.tgz
|
||||
/policycoreutils-2.0.86.tgz
|
||||
/policycoreutils-2.1.4.tgz
|
||||
/policycoreutils-2.1.5.tgz
|
||||
/sepolgen-1.1.1.tgz
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,7 +1,8 @@
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py 2011-05-25 16:11:58.150628048 -0400
|
||||
@@ -32,6 +32,7 @@ in a variety of ways, but they are the f
|
||||
diff --git a/sepolgen/src/sepolgen/access.py b/sepolgen/src/sepolgen/access.py
|
||||
index 3eda2fd..649735f 100644
|
||||
--- a/sepolgen/src/sepolgen/access.py
|
||||
+++ b/sepolgen/src/sepolgen/access.py
|
||||
@@ -32,6 +32,7 @@ in a variety of ways, but they are the fundamental representation of access.
|
||||
"""
|
||||
|
||||
import refpolicy
|
||||
@ -45,9 +46,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen
|
||||
|
||||
access.perms.update(perms)
|
||||
if audit_msg:
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py 2011-05-25 16:11:58.150628048 -0400
|
||||
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
|
||||
index 24e308e..e23725f 100644
|
||||
--- a/sepolgen/src/sepolgen/audit.py
|
||||
+++ b/sepolgen/src/sepolgen/audit.py
|
||||
@@ -68,6 +68,17 @@ def get_dmesg_msgs():
|
||||
stdout=subprocess.PIPE).communicate()[0]
|
||||
return output
|
||||
@ -131,9 +133,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen p
|
||||
return av_set
|
||||
|
||||
class AVCTypeFilter:
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py 2011-05-25 16:11:58.150628048 -0400
|
||||
diff --git a/sepolgen/src/sepolgen/defaults.py b/sepolgen/src/sepolgen/defaults.py
|
||||
index 45ce61a..6d511c3 100644
|
||||
--- a/sepolgen/src/sepolgen/defaults.py
|
||||
+++ b/sepolgen/src/sepolgen/defaults.py
|
||||
@@ -30,6 +30,9 @@ def perm_map():
|
||||
def interface_info():
|
||||
return data_dir() + "/interface_info"
|
||||
@ -144,9 +147,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolge
|
||||
def refpolicy_devel():
|
||||
return "/usr/share/selinux/devel"
|
||||
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py 2011-05-25 16:11:58.151628058 -0400
|
||||
diff --git a/sepolgen/src/sepolgen/interfaces.py b/sepolgen/src/sepolgen/interfaces.py
|
||||
index d8b3e34..ae1c9c5 100644
|
||||
--- a/sepolgen/src/sepolgen/interfaces.py
|
||||
+++ b/sepolgen/src/sepolgen/interfaces.py
|
||||
@@ -29,6 +29,8 @@ import matching
|
||||
|
||||
from sepolgeni18n import _
|
||||
@ -156,7 +160,7 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepol
|
||||
class Param:
|
||||
"""
|
||||
Object representing a paramater for an interface.
|
||||
@@ -197,10 +199,48 @@ def ifcall_extract_params(ifcall, params
|
||||
@@ -197,10 +199,48 @@ def ifcall_extract_params(ifcall, params):
|
||||
ret = 1
|
||||
|
||||
return ret
|
||||
@ -262,9 +266,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepol
|
||||
|
||||
self.expand_ifcalls(headers)
|
||||
self.index()
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py 2011-05-25 16:11:58.151628058 -0400
|
||||
diff --git a/sepolgen/src/sepolgen/matching.py b/sepolgen/src/sepolgen/matching.py
|
||||
index 1a9a3e5..d56dd92 100644
|
||||
--- a/sepolgen/src/sepolgen/matching.py
|
||||
+++ b/sepolgen/src/sepolgen/matching.py
|
||||
@@ -50,7 +50,7 @@ class Match:
|
||||
return 1
|
||||
|
||||
@ -293,9 +298,25 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolge
|
||||
|
||||
def __iter__(self):
|
||||
return iter(self.children)
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py 2011-05-25 16:11:58.151628058 -0400
|
||||
diff --git a/sepolgen/src/sepolgen/module.py b/sepolgen/src/sepolgen/module.py
|
||||
index edd24c6..5818cec 100644
|
||||
--- a/sepolgen/src/sepolgen/module.py
|
||||
+++ b/sepolgen/src/sepolgen/module.py
|
||||
@@ -37,8 +37,8 @@ import shutil
|
||||
def is_valid_name(modname):
|
||||
"""Check that a module name is valid.
|
||||
"""
|
||||
- m = re.findall("[^a-zA-Z0-9]", modname)
|
||||
- if len(m) == 0:
|
||||
+ m = re.findall("[^a-zA-Z0-9_\-\.]", modname)
|
||||
+ if len(m) == 0 and modname[0].isalpha():
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
|
||||
index 0e6b502..6ce892c 100644
|
||||
--- a/sepolgen/src/sepolgen/policygen.py
|
||||
+++ b/sepolgen/src/sepolgen/policygen.py
|
||||
@@ -29,6 +29,8 @@ import objectmodel
|
||||
import access
|
||||
import interfaces
|
||||
@ -334,7 +355,7 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolg
|
||||
+
|
||||
+ if av.type == audit2why.CONSTRAINT:
|
||||
+ rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
|
||||
+ rule.comment += "#Contraint rule: "
|
||||
+ rule.comment += "#Constraint rule: "
|
||||
+
|
||||
+ if av.type == audit2why.TERULE:
|
||||
+ if "write" in av.perms:
|
||||
@ -356,38 +377,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolg
|
||||
self.module.children.append(rule)
|
||||
|
||||
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py 2011-05-25 16:18:20.911964611 -0400
|
||||
@@ -243,7 +243,7 @@ def t_refpolicywarn(t):
|
||||
t.lexer.lineno += 1
|
||||
|
||||
def t_IDENTIFIER(t):
|
||||
- r'[a-zA-Z_\$][a-zA-Z0-9_\-\.\$\*]*'
|
||||
+ r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*'
|
||||
# Handle any keywords
|
||||
t.type = reserved.get(t.value,'IDENTIFIER')
|
||||
return t
|
||||
@@ -768,6 +768,7 @@ def p_avrule_def(p):
|
||||
|
||||
def p_typerule_def(p):
|
||||
'''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
|
||||
+ | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI
|
||||
| TYPE_CHANGE names names COLON names IDENTIFIER SEMI
|
||||
| TYPE_MEMBER names names COLON names IDENTIFIER SEMI
|
||||
'''
|
||||
@@ -1044,7 +1045,7 @@ def parse_headers(root, output=None, exp
|
||||
# of misc_macros. We are just going to pretend that this is an interface
|
||||
# to make the expansion work correctly.
|
||||
can_exec = refpolicy.Interface("can_exec")
|
||||
- av = access.AccessVector(["$1","$2","file","execute_no_trans","read",
|
||||
+ av = access.AccessVector(["$1","$2","file","execute_no_trans","open", "read",
|
||||
"getattr","lock","execute","ioctl"])
|
||||
|
||||
can_exec.children.append(refpolicy.AVRule(av))
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map 2011-05-25 16:11:58.152628068 -0400
|
||||
diff --git a/sepolgen/src/share/perm_map b/sepolgen/src/share/perm_map
|
||||
index eb2e23b..ca4fa4d 100644
|
||||
--- a/sepolgen/src/share/perm_map
|
||||
+++ b/sepolgen/src/share/perm_map
|
||||
@@ -124,7 +124,7 @@ class filesystem 10
|
||||
quotamod w 1
|
||||
quotaget r 1
|
||||
|
@ -1,13 +1,13 @@
|
||||
%define libauditver 1.4.2-1
|
||||
%define libsepolver 2.1.0-1
|
||||
%define libsemanagever 2.1.0-0
|
||||
%define libselinuxver 2.1.0-1
|
||||
%define sepolgenver 1.0.23
|
||||
%define libsepolver 2.1.2-1
|
||||
%define libsemanagever 2.1.2-1
|
||||
%define libselinuxver 2.1.5-1
|
||||
%define sepolgenver 1.1.1
|
||||
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.4
|
||||
Release: 2%{?dist}
|
||||
Version: 2.1.5
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -66,7 +66,7 @@ context.
|
||||
%patch -p2 -b .rhat
|
||||
%patch1 -p1 -b .rhatpo
|
||||
%patch3 -p1 -b .gui
|
||||
%patch4 -p1 -b .sepolgen
|
||||
%patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
|
||||
|
||||
%build
|
||||
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
||||
@ -352,6 +352,34 @@ fi
|
||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
|
||||
-Update to upstream
|
||||
* policycoreutils
|
||||
* setfiles: Fix process_glob to handle error situations
|
||||
* sandbox: Allow seunshare to run as root
|
||||
* sandbox: trap sigterm to make sure sandbox
|
||||
* sandbox: pass DPI from the desktop
|
||||
* sandbox: seunshare: introduce helper spawn_command
|
||||
* sandbox: seunshare: introduce new filesystem helpers
|
||||
* sandbox: add -C option to not drop
|
||||
* sandbox: split seunshare caps dropping
|
||||
* sandbox: use dbus-launch
|
||||
* sandbox: numerous simple updates to sandbox
|
||||
* sandbox: do not require selinux context
|
||||
* sandbox: Makefile: new man pages
|
||||
* sandbox: rename dir to srcdir
|
||||
* sandbox: allow users specify sandbox window size
|
||||
* sandbox: check for paths up front
|
||||
* sandbox: use defined values for paths rather
|
||||
* sandbox: move seunshare globals to the top
|
||||
* sandbox: whitespace fix
|
||||
* semodule_package: Add semodule_unpackage executable
|
||||
* setfiles: get rid of some stupid globals
|
||||
* setfiles: move exclude_non_seclabel_mounts to a generic location
|
||||
* sepolgen
|
||||
* refparser: include open among valid permissions
|
||||
* refparser: add support for filename_trans rules
|
||||
|
||||
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
|
||||
- Fix bug in glob handling for restorecon
|
||||
|
||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
||||
49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
|
||||
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
||||
7e1e18c09798ffb44913bce3d60c667d policycoreutils-2.1.4.tgz
|
||||
fcff0d994c5106e04190432304b1e8c6 sepolgen-1.1.1.tgz
|
||||
a84ec479bf09e8d2a912fd32532853e9 policycoreutils-2.1.5.tgz
|
||||
|
Loading…
Reference in New Issue
Block a user