From 60ad59cab91272bda1b2d4095981e04478d69d4a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 31 Dec 2007 16:26:02 +0000 Subject: [PATCH] * Mon Dec 31 2007 Dan Walsh 2.0.34-4 - Handle files with spaces in fixfiles --- policycoreutils-rhat.patch | 113 ++++++++++++++++++++++++++++++------- policycoreutils.spec | 5 +- 2 files changed, 96 insertions(+), 22 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 9470d88..dec2a99 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -72,8 +72,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po Binary files nsapolicycoreutils/audit2why/audit2why and policycoreutils-2.0.34/audit2why/audit2why differ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.34/audit2why/audit2why.c --- nsapolicycoreutils/audit2why/audit2why.c 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.34/audit2why/audit2why.c 2007-12-20 11:04:10.000000000 -0500 -@@ -22,27 +22,151 @@ ++++ policycoreutils-2.0.34/audit2why/audit2why.c 2007-12-31 11:12:23.000000000 -0500 +@@ -22,27 +22,146 @@ exit(rc); } @@ -116,7 +116,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po + if (!foundlist) { + fprintf(stderr, + "Out of memory.\n"); -+ return -1; ++ return fcnt; + } + for (i=0; i < boolcnt; i++) { + char *name = boollist[i]->name; @@ -128,7 +128,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po + if (rc < 0) { + fprintf(stderr, + "Could not create boolean key.\n"); -+ rc = -1; + break; + } + sepol_bool_set_value(boolean, !active); @@ -140,7 +139,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po + if (rc < 0) { + fprintf(stderr, + "Could not set boolean data %s.\n", name); -+ rc = -1; + break; + } + @@ -149,13 +147,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po + if (rc < 0) { + fprintf(stderr, + "Error during access vector computation, skipping...\n"); -+ rc = -1; + break; + } else { + if (!reason) { + foundlist[fcnt] = i; + fcnt++; -+ rc = 0; + } + sepol_bool_set_value((sepol_bool_t*)boolean, active); + rc = sepol_bool_set(access->handle, @@ -165,7 +161,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po + if (rc < 0) { + fprintf(stderr, + "Could not set boolean data %s.\n", name); -+ rc = -1; + break; + } + } @@ -187,7 +182,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po + } + + free(foundlist); -+ return rc; ++ return fcnt; +} + + @@ -229,7 +224,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po case 'p': set_path = 1; strncpy(path, optarg, PATH_MAX); -@@ -110,7 +234,6 @@ +@@ -110,7 +229,6 @@ } fclose(fp); sepol_set_policydb(&policydb); @@ -237,7 +232,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po if (!set_path) { /* If they didn't specify a full path of a binary policy file, then also try loading any boolean settings and user -@@ -125,6 +248,30 @@ +@@ -125,6 +243,30 @@ (void)sepol_genusers_policydb(&policydb, selinux_users_path()); } @@ -268,7 +263,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po /* Initialize the sidtab for subsequent use by sepol_context_to_sid and sepol_compute_av_reason. */ rc = sepol_sidtab_init(&sidtab); -@@ -135,8 +282,10 @@ +@@ -135,8 +277,10 @@ sepol_set_sidtab(&sidtab); /* Process the audit messages. */ @@ -280,7 +275,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po if (buffer[len2 - 1] == '\n') buffer[len2 - 1] = 0; -@@ -179,6 +328,7 @@ +@@ -179,6 +323,7 @@ } *p++ = 0; @@ -288,7 +283,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po /* Get scontext and convert to SID. */ while (*p && strncmp(p, SCONTEXT, sizeof(SCONTEXT) - 1)) p++; -@@ -188,11 +338,14 @@ +@@ -188,11 +333,14 @@ continue; } p += sizeof(SCONTEXT) - 1; @@ -306,7 +301,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid); if (rc < 0) { fprintf(stderr, -@@ -201,6 +354,10 @@ +@@ -201,6 +349,10 @@ continue; } @@ -317,7 +312,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po /* Get tcontext and convert to SID. */ while (*p && strncmp(p, TCONTEXT, sizeof(TCONTEXT) - 1)) p++; -@@ -210,11 +367,15 @@ +@@ -210,11 +362,15 @@ continue; } p += sizeof(TCONTEXT) - 1; @@ -336,7 +331,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid); if (rc < 0) { fprintf(stderr, -@@ -222,6 +383,9 @@ +@@ -222,6 +378,9 @@ TCONTEXT, tcon, lineno); continue; } @@ -346,7 +341,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po /* Get tclass= and convert to value. */ while (*p && strncmp(p, TCLASS, sizeof(TCLASS) - 1)) -@@ -232,12 +396,17 @@ +@@ -232,12 +391,17 @@ continue; } p += sizeof(TCLASS) - 1; @@ -367,7 +362,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po if (!tclass) { fprintf(stderr, "Invalid %s%s on line %u, skipping...\n", -@@ -286,11 +455,16 @@ +@@ -286,11 +450,16 @@ } if (reason & SEPOL_COMPUTEAV_TE) { @@ -381,7 +376,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po + access.tclass = tclass; + access.av = av; + -+ if (check_booleans(&access) < 0) { ++ if (check_booleans(&access) == 0) { + printf("\t\tMissing or disabled TE allow rule.\n"); + printf + ("\t\tYou can see the necessary allow rules by running audit2allow with this audit message as input.\n"); @@ -389,7 +384,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po } if (reason & SEPOL_COMPUTEAV_CONS) { -@@ -309,5 +483,8 @@ +@@ -309,5 +478,8 @@ } free(buffer); free(bufcopy); @@ -450,6 +445,82 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po try: gettext.install('policycoreutils') +diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.34/scripts/fixfiles +--- nsapolicycoreutils/scripts/fixfiles 2007-12-10 21:42:28.000000000 -0500 ++++ policycoreutils-2.0.34/scripts/fixfiles 2007-12-31 10:54:13.000000000 -0500 +@@ -126,17 +126,15 @@ + done + exit $? + fi +-if [ ! -z "$DIRS" ]; then ++if [ ! -z "$PATH" ]; then + if [ -x /usr/bin/find ]; then +- for d in ${DIRS} ; do find $d \ ++ /usr/bin/find "$PATH" \ + ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \ + ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE +- done + else +- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>&1 >> $LOGFILE ++ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $PATH 2>&1 >> $LOGFILE + fi +- +- exit $? ++ return + fi + LogReadOnly + ${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE +@@ -173,6 +171,20 @@ + fi + } + ++process() { ++# ++# Make sure they specified one of the three valid commands ++# ++case "$1" in ++ restore) restore -p ;; ++ check) restore -n -v;; ++ verify) restore -n -o -;; ++ relabel) relabel;; ++ *) ++ usage ++ exit 1 ++esac ++} + usage() { + echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] " + echo or +@@ -229,22 +241,15 @@ + + shift 1 + if [ ! -z "$RPMFILES" ]; then ++ process $command + if [ $# -gt 0 ]; then + usage + fi + else +- DIRS=$* ++ while [ -n "$1" ]; do ++ PATH=$1 ++ process $command ++ shift ++ done + fi +- +-# +-# Make sure they specified one of the three valid commands +-# +-case "$command" in +- restore) restore -p ;; +- check) restore -n -v ;; +- verify) restore -n -o -;; +- relabel) relabel;; +- *) +- usage +- exit 1 +-esac ++exit $? diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.34/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400 +++ policycoreutils-2.0.34/semanage/semanage 2007-12-19 06:05:50.000000000 -0500 diff --git a/policycoreutils.spec b/policycoreutils.spec index e168af1..d695409 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.34 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -193,6 +193,9 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Mon Dec 31 2007 Dan Walsh 2.0.34-4 +- Handle files with spaces in fixfiles + * Fri Dec 21 2007 Dan Walsh 2.0.34-3 - Catch SELINUX_ERR with audit2allow and generate policy