* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4
- Handle files with spaces in fixfiles
This commit is contained in:
parent
ec80e1ce63
commit
60ad59cab9
@ -72,8 +72,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
Binary files nsapolicycoreutils/audit2why/audit2why and policycoreutils-2.0.34/audit2why/audit2why differ
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.34/audit2why/audit2why.c
|
||||
--- nsapolicycoreutils/audit2why/audit2why.c 2007-07-16 14:20:41.000000000 -0400
|
||||
+++ policycoreutils-2.0.34/audit2why/audit2why.c 2007-12-20 11:04:10.000000000 -0500
|
||||
@@ -22,27 +22,151 @@
|
||||
+++ policycoreutils-2.0.34/audit2why/audit2why.c 2007-12-31 11:12:23.000000000 -0500
|
||||
@@ -22,27 +22,146 @@
|
||||
exit(rc);
|
||||
}
|
||||
|
||||
@ -116,7 +116,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
+ if (!foundlist) {
|
||||
+ fprintf(stderr,
|
||||
+ "Out of memory.\n");
|
||||
+ return -1;
|
||||
+ return fcnt;
|
||||
+ }
|
||||
+ for (i=0; i < boolcnt; i++) {
|
||||
+ char *name = boollist[i]->name;
|
||||
@ -128,7 +128,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
+ if (rc < 0) {
|
||||
+ fprintf(stderr,
|
||||
+ "Could not create boolean key.\n");
|
||||
+ rc = -1;
|
||||
+ break;
|
||||
+ }
|
||||
+ sepol_bool_set_value(boolean, !active);
|
||||
@ -140,7 +139,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
+ if (rc < 0) {
|
||||
+ fprintf(stderr,
|
||||
+ "Could not set boolean data %s.\n", name);
|
||||
+ rc = -1;
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
@ -149,13 +147,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
+ if (rc < 0) {
|
||||
+ fprintf(stderr,
|
||||
+ "Error during access vector computation, skipping...\n");
|
||||
+ rc = -1;
|
||||
+ break;
|
||||
+ } else {
|
||||
+ if (!reason) {
|
||||
+ foundlist[fcnt] = i;
|
||||
+ fcnt++;
|
||||
+ rc = 0;
|
||||
+ }
|
||||
+ sepol_bool_set_value((sepol_bool_t*)boolean, active);
|
||||
+ rc = sepol_bool_set(access->handle,
|
||||
@ -165,7 +161,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
+ if (rc < 0) {
|
||||
+ fprintf(stderr,
|
||||
+ "Could not set boolean data %s.\n", name);
|
||||
+ rc = -1;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
@ -187,7 +182,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
+ }
|
||||
+
|
||||
+ free(foundlist);
|
||||
+ return rc;
|
||||
+ return fcnt;
|
||||
+}
|
||||
+
|
||||
+
|
||||
@ -229,7 +224,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
case 'p':
|
||||
set_path = 1;
|
||||
strncpy(path, optarg, PATH_MAX);
|
||||
@@ -110,7 +234,6 @@
|
||||
@@ -110,7 +229,6 @@
|
||||
}
|
||||
fclose(fp);
|
||||
sepol_set_policydb(&policydb);
|
||||
@ -237,7 +232,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
if (!set_path) {
|
||||
/* If they didn't specify a full path of a binary policy file,
|
||||
then also try loading any boolean settings and user
|
||||
@@ -125,6 +248,30 @@
|
||||
@@ -125,6 +243,30 @@
|
||||
(void)sepol_genusers_policydb(&policydb, selinux_users_path());
|
||||
}
|
||||
|
||||
@ -268,7 +263,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
/* Initialize the sidtab for subsequent use by sepol_context_to_sid
|
||||
and sepol_compute_av_reason. */
|
||||
rc = sepol_sidtab_init(&sidtab);
|
||||
@@ -135,8 +282,10 @@
|
||||
@@ -135,8 +277,10 @@
|
||||
sepol_set_sidtab(&sidtab);
|
||||
|
||||
/* Process the audit messages. */
|
||||
@ -280,7 +275,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
|
||||
if (buffer[len2 - 1] == '\n')
|
||||
buffer[len2 - 1] = 0;
|
||||
@@ -179,6 +328,7 @@
|
||||
@@ -179,6 +323,7 @@
|
||||
}
|
||||
*p++ = 0;
|
||||
|
||||
@ -288,7 +283,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
/* Get scontext and convert to SID. */
|
||||
while (*p && strncmp(p, SCONTEXT, sizeof(SCONTEXT) - 1))
|
||||
p++;
|
||||
@@ -188,11 +338,14 @@
|
||||
@@ -188,11 +333,14 @@
|
||||
continue;
|
||||
}
|
||||
p += sizeof(SCONTEXT) - 1;
|
||||
@ -306,7 +301,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
|
||||
if (rc < 0) {
|
||||
fprintf(stderr,
|
||||
@@ -201,6 +354,10 @@
|
||||
@@ -201,6 +349,10 @@
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -317,7 +312,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
/* Get tcontext and convert to SID. */
|
||||
while (*p && strncmp(p, TCONTEXT, sizeof(TCONTEXT) - 1))
|
||||
p++;
|
||||
@@ -210,11 +367,15 @@
|
||||
@@ -210,11 +362,15 @@
|
||||
continue;
|
||||
}
|
||||
p += sizeof(TCONTEXT) - 1;
|
||||
@ -336,7 +331,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
|
||||
if (rc < 0) {
|
||||
fprintf(stderr,
|
||||
@@ -222,6 +383,9 @@
|
||||
@@ -222,6 +378,9 @@
|
||||
TCONTEXT, tcon, lineno);
|
||||
continue;
|
||||
}
|
||||
@ -346,7 +341,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
|
||||
/* Get tclass= and convert to value. */
|
||||
while (*p && strncmp(p, TCLASS, sizeof(TCLASS) - 1))
|
||||
@@ -232,12 +396,17 @@
|
||||
@@ -232,12 +391,17 @@
|
||||
continue;
|
||||
}
|
||||
p += sizeof(TCLASS) - 1;
|
||||
@ -367,7 +362,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
if (!tclass) {
|
||||
fprintf(stderr,
|
||||
"Invalid %s%s on line %u, skipping...\n",
|
||||
@@ -286,11 +455,16 @@
|
||||
@@ -286,11 +450,16 @@
|
||||
}
|
||||
|
||||
if (reason & SEPOL_COMPUTEAV_TE) {
|
||||
@ -381,7 +376,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
+ access.tclass = tclass;
|
||||
+ access.av = av;
|
||||
+
|
||||
+ if (check_booleans(&access) < 0) {
|
||||
+ if (check_booleans(&access) == 0) {
|
||||
+ printf("\t\tMissing or disabled TE allow rule.\n");
|
||||
+ printf
|
||||
+ ("\t\tYou can see the necessary allow rules by running audit2allow with this audit message as input.\n");
|
||||
@ -389,7 +384,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
}
|
||||
|
||||
if (reason & SEPOL_COMPUTEAV_CONS) {
|
||||
@@ -309,5 +483,8 @@
|
||||
@@ -309,5 +478,8 @@
|
||||
}
|
||||
free(buffer);
|
||||
free(bufcopy);
|
||||
@ -450,6 +445,82 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
||||
|
||||
try:
|
||||
gettext.install('policycoreutils')
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.34/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2007-12-10 21:42:28.000000000 -0500
|
||||
+++ policycoreutils-2.0.34/scripts/fixfiles 2007-12-31 10:54:13.000000000 -0500
|
||||
@@ -126,17 +126,15 @@
|
||||
done
|
||||
exit $?
|
||||
fi
|
||||
-if [ ! -z "$DIRS" ]; then
|
||||
+if [ ! -z "$PATH" ]; then
|
||||
if [ -x /usr/bin/find ]; then
|
||||
- for d in ${DIRS} ; do find $d \
|
||||
+ /usr/bin/find "$PATH" \
|
||||
! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
|
||||
${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
|
||||
- done
|
||||
else
|
||||
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>&1 >> $LOGFILE
|
||||
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $PATH 2>&1 >> $LOGFILE
|
||||
fi
|
||||
-
|
||||
- exit $?
|
||||
+ return
|
||||
fi
|
||||
LogReadOnly
|
||||
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
|
||||
@@ -173,6 +171,20 @@
|
||||
fi
|
||||
}
|
||||
|
||||
+process() {
|
||||
+#
|
||||
+# Make sure they specified one of the three valid commands
|
||||
+#
|
||||
+case "$1" in
|
||||
+ restore) restore -p ;;
|
||||
+ check) restore -n -v;;
|
||||
+ verify) restore -n -o -;;
|
||||
+ relabel) relabel;;
|
||||
+ *)
|
||||
+ usage
|
||||
+ exit 1
|
||||
+esac
|
||||
+}
|
||||
usage() {
|
||||
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
|
||||
echo or
|
||||
@@ -229,22 +241,15 @@
|
||||
|
||||
shift 1
|
||||
if [ ! -z "$RPMFILES" ]; then
|
||||
+ process $command
|
||||
if [ $# -gt 0 ]; then
|
||||
usage
|
||||
fi
|
||||
else
|
||||
- DIRS=$*
|
||||
+ while [ -n "$1" ]; do
|
||||
+ PATH=$1
|
||||
+ process $command
|
||||
+ shift
|
||||
+ done
|
||||
fi
|
||||
-
|
||||
-#
|
||||
-# Make sure they specified one of the three valid commands
|
||||
-#
|
||||
-case "$command" in
|
||||
- restore) restore -p ;;
|
||||
- check) restore -n -v ;;
|
||||
- verify) restore -n -o -;;
|
||||
- relabel) relabel;;
|
||||
- *)
|
||||
- usage
|
||||
- exit 1
|
||||
-esac
|
||||
+exit $?
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.34/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400
|
||||
+++ policycoreutils-2.0.34/semanage/semanage 2007-12-19 06:05:50.000000000 -0500
|
||||
|
@ -6,7 +6,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.34
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -193,6 +193,9 @@ if [ "$1" -ge "1" ]; then
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4
|
||||
- Handle files with spaces in fixfiles
|
||||
|
||||
* Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-3
|
||||
- Catch SELINUX_ERR with audit2allow and generate policy
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user