* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4
- Handle files with spaces in fixfiles
This commit is contained in:
parent
ec80e1ce63
commit
60ad59cab9
@ -72,8 +72,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
Binary files nsapolicycoreutils/audit2why/audit2why and policycoreutils-2.0.34/audit2why/audit2why differ
|
Binary files nsapolicycoreutils/audit2why/audit2why and policycoreutils-2.0.34/audit2why/audit2why differ
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.34/audit2why/audit2why.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.34/audit2why/audit2why.c
|
||||||
--- nsapolicycoreutils/audit2why/audit2why.c 2007-07-16 14:20:41.000000000 -0400
|
--- nsapolicycoreutils/audit2why/audit2why.c 2007-07-16 14:20:41.000000000 -0400
|
||||||
+++ policycoreutils-2.0.34/audit2why/audit2why.c 2007-12-20 11:04:10.000000000 -0500
|
+++ policycoreutils-2.0.34/audit2why/audit2why.c 2007-12-31 11:12:23.000000000 -0500
|
||||||
@@ -22,27 +22,151 @@
|
@@ -22,27 +22,146 @@
|
||||||
exit(rc);
|
exit(rc);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -116,7 +116,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
+ if (!foundlist) {
|
+ if (!foundlist) {
|
||||||
+ fprintf(stderr,
|
+ fprintf(stderr,
|
||||||
+ "Out of memory.\n");
|
+ "Out of memory.\n");
|
||||||
+ return -1;
|
+ return fcnt;
|
||||||
+ }
|
+ }
|
||||||
+ for (i=0; i < boolcnt; i++) {
|
+ for (i=0; i < boolcnt; i++) {
|
||||||
+ char *name = boollist[i]->name;
|
+ char *name = boollist[i]->name;
|
||||||
@ -128,7 +128,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
+ if (rc < 0) {
|
+ if (rc < 0) {
|
||||||
+ fprintf(stderr,
|
+ fprintf(stderr,
|
||||||
+ "Could not create boolean key.\n");
|
+ "Could not create boolean key.\n");
|
||||||
+ rc = -1;
|
|
||||||
+ break;
|
+ break;
|
||||||
+ }
|
+ }
|
||||||
+ sepol_bool_set_value(boolean, !active);
|
+ sepol_bool_set_value(boolean, !active);
|
||||||
@ -140,7 +139,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
+ if (rc < 0) {
|
+ if (rc < 0) {
|
||||||
+ fprintf(stderr,
|
+ fprintf(stderr,
|
||||||
+ "Could not set boolean data %s.\n", name);
|
+ "Could not set boolean data %s.\n", name);
|
||||||
+ rc = -1;
|
|
||||||
+ break;
|
+ break;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
@ -149,13 +147,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
+ if (rc < 0) {
|
+ if (rc < 0) {
|
||||||
+ fprintf(stderr,
|
+ fprintf(stderr,
|
||||||
+ "Error during access vector computation, skipping...\n");
|
+ "Error during access vector computation, skipping...\n");
|
||||||
+ rc = -1;
|
|
||||||
+ break;
|
+ break;
|
||||||
+ } else {
|
+ } else {
|
||||||
+ if (!reason) {
|
+ if (!reason) {
|
||||||
+ foundlist[fcnt] = i;
|
+ foundlist[fcnt] = i;
|
||||||
+ fcnt++;
|
+ fcnt++;
|
||||||
+ rc = 0;
|
|
||||||
+ }
|
+ }
|
||||||
+ sepol_bool_set_value((sepol_bool_t*)boolean, active);
|
+ sepol_bool_set_value((sepol_bool_t*)boolean, active);
|
||||||
+ rc = sepol_bool_set(access->handle,
|
+ rc = sepol_bool_set(access->handle,
|
||||||
@ -165,7 +161,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
+ if (rc < 0) {
|
+ if (rc < 0) {
|
||||||
+ fprintf(stderr,
|
+ fprintf(stderr,
|
||||||
+ "Could not set boolean data %s.\n", name);
|
+ "Could not set boolean data %s.\n", name);
|
||||||
+ rc = -1;
|
|
||||||
+ break;
|
+ break;
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
@ -187,7 +182,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ free(foundlist);
|
+ free(foundlist);
|
||||||
+ return rc;
|
+ return fcnt;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+
|
+
|
||||||
@ -229,7 +224,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
case 'p':
|
case 'p':
|
||||||
set_path = 1;
|
set_path = 1;
|
||||||
strncpy(path, optarg, PATH_MAX);
|
strncpy(path, optarg, PATH_MAX);
|
||||||
@@ -110,7 +234,6 @@
|
@@ -110,7 +229,6 @@
|
||||||
}
|
}
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
sepol_set_policydb(&policydb);
|
sepol_set_policydb(&policydb);
|
||||||
@ -237,7 +232,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
if (!set_path) {
|
if (!set_path) {
|
||||||
/* If they didn't specify a full path of a binary policy file,
|
/* If they didn't specify a full path of a binary policy file,
|
||||||
then also try loading any boolean settings and user
|
then also try loading any boolean settings and user
|
||||||
@@ -125,6 +248,30 @@
|
@@ -125,6 +243,30 @@
|
||||||
(void)sepol_genusers_policydb(&policydb, selinux_users_path());
|
(void)sepol_genusers_policydb(&policydb, selinux_users_path());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -268,7 +263,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
/* Initialize the sidtab for subsequent use by sepol_context_to_sid
|
/* Initialize the sidtab for subsequent use by sepol_context_to_sid
|
||||||
and sepol_compute_av_reason. */
|
and sepol_compute_av_reason. */
|
||||||
rc = sepol_sidtab_init(&sidtab);
|
rc = sepol_sidtab_init(&sidtab);
|
||||||
@@ -135,8 +282,10 @@
|
@@ -135,8 +277,10 @@
|
||||||
sepol_set_sidtab(&sidtab);
|
sepol_set_sidtab(&sidtab);
|
||||||
|
|
||||||
/* Process the audit messages. */
|
/* Process the audit messages. */
|
||||||
@ -280,7 +275,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
if (buffer[len2 - 1] == '\n')
|
if (buffer[len2 - 1] == '\n')
|
||||||
buffer[len2 - 1] = 0;
|
buffer[len2 - 1] = 0;
|
||||||
@@ -179,6 +328,7 @@
|
@@ -179,6 +323,7 @@
|
||||||
}
|
}
|
||||||
*p++ = 0;
|
*p++ = 0;
|
||||||
|
|
||||||
@ -288,7 +283,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
/* Get scontext and convert to SID. */
|
/* Get scontext and convert to SID. */
|
||||||
while (*p && strncmp(p, SCONTEXT, sizeof(SCONTEXT) - 1))
|
while (*p && strncmp(p, SCONTEXT, sizeof(SCONTEXT) - 1))
|
||||||
p++;
|
p++;
|
||||||
@@ -188,11 +338,14 @@
|
@@ -188,11 +333,14 @@
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
p += sizeof(SCONTEXT) - 1;
|
p += sizeof(SCONTEXT) - 1;
|
||||||
@ -306,7 +301,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
|
rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
@@ -201,6 +354,10 @@
|
@@ -201,6 +349,10 @@
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -317,7 +312,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
/* Get tcontext and convert to SID. */
|
/* Get tcontext and convert to SID. */
|
||||||
while (*p && strncmp(p, TCONTEXT, sizeof(TCONTEXT) - 1))
|
while (*p && strncmp(p, TCONTEXT, sizeof(TCONTEXT) - 1))
|
||||||
p++;
|
p++;
|
||||||
@@ -210,11 +367,15 @@
|
@@ -210,11 +362,15 @@
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
p += sizeof(TCONTEXT) - 1;
|
p += sizeof(TCONTEXT) - 1;
|
||||||
@ -336,7 +331,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
|
rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
@@ -222,6 +383,9 @@
|
@@ -222,6 +378,9 @@
|
||||||
TCONTEXT, tcon, lineno);
|
TCONTEXT, tcon, lineno);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -346,7 +341,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
/* Get tclass= and convert to value. */
|
/* Get tclass= and convert to value. */
|
||||||
while (*p && strncmp(p, TCLASS, sizeof(TCLASS) - 1))
|
while (*p && strncmp(p, TCLASS, sizeof(TCLASS) - 1))
|
||||||
@@ -232,12 +396,17 @@
|
@@ -232,12 +391,17 @@
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
p += sizeof(TCLASS) - 1;
|
p += sizeof(TCLASS) - 1;
|
||||||
@ -367,7 +362,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
if (!tclass) {
|
if (!tclass) {
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"Invalid %s%s on line %u, skipping...\n",
|
"Invalid %s%s on line %u, skipping...\n",
|
||||||
@@ -286,11 +455,16 @@
|
@@ -286,11 +450,16 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
if (reason & SEPOL_COMPUTEAV_TE) {
|
if (reason & SEPOL_COMPUTEAV_TE) {
|
||||||
@ -381,7 +376,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
+ access.tclass = tclass;
|
+ access.tclass = tclass;
|
||||||
+ access.av = av;
|
+ access.av = av;
|
||||||
+
|
+
|
||||||
+ if (check_booleans(&access) < 0) {
|
+ if (check_booleans(&access) == 0) {
|
||||||
+ printf("\t\tMissing or disabled TE allow rule.\n");
|
+ printf("\t\tMissing or disabled TE allow rule.\n");
|
||||||
+ printf
|
+ printf
|
||||||
+ ("\t\tYou can see the necessary allow rules by running audit2allow with this audit message as input.\n");
|
+ ("\t\tYou can see the necessary allow rules by running audit2allow with this audit message as input.\n");
|
||||||
@ -389,7 +384,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (reason & SEPOL_COMPUTEAV_CONS) {
|
if (reason & SEPOL_COMPUTEAV_CONS) {
|
||||||
@@ -309,5 +483,8 @@
|
@@ -309,5 +478,8 @@
|
||||||
}
|
}
|
||||||
free(buffer);
|
free(buffer);
|
||||||
free(bufcopy);
|
free(bufcopy);
|
||||||
@ -450,6 +445,82 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
gettext.install('policycoreutils')
|
gettext.install('policycoreutils')
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.34/scripts/fixfiles
|
||||||
|
--- nsapolicycoreutils/scripts/fixfiles 2007-12-10 21:42:28.000000000 -0500
|
||||||
|
+++ policycoreutils-2.0.34/scripts/fixfiles 2007-12-31 10:54:13.000000000 -0500
|
||||||
|
@@ -126,17 +126,15 @@
|
||||||
|
done
|
||||||
|
exit $?
|
||||||
|
fi
|
||||||
|
-if [ ! -z "$DIRS" ]; then
|
||||||
|
+if [ ! -z "$PATH" ]; then
|
||||||
|
if [ -x /usr/bin/find ]; then
|
||||||
|
- for d in ${DIRS} ; do find $d \
|
||||||
|
+ /usr/bin/find "$PATH" \
|
||||||
|
! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
|
||||||
|
${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
|
||||||
|
- done
|
||||||
|
else
|
||||||
|
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>&1 >> $LOGFILE
|
||||||
|
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $PATH 2>&1 >> $LOGFILE
|
||||||
|
fi
|
||||||
|
-
|
||||||
|
- exit $?
|
||||||
|
+ return
|
||||||
|
fi
|
||||||
|
LogReadOnly
|
||||||
|
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
|
||||||
|
@@ -173,6 +171,20 @@
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
+process() {
|
||||||
|
+#
|
||||||
|
+# Make sure they specified one of the three valid commands
|
||||||
|
+#
|
||||||
|
+case "$1" in
|
||||||
|
+ restore) restore -p ;;
|
||||||
|
+ check) restore -n -v;;
|
||||||
|
+ verify) restore -n -o -;;
|
||||||
|
+ relabel) relabel;;
|
||||||
|
+ *)
|
||||||
|
+ usage
|
||||||
|
+ exit 1
|
||||||
|
+esac
|
||||||
|
+}
|
||||||
|
usage() {
|
||||||
|
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
|
||||||
|
echo or
|
||||||
|
@@ -229,22 +241,15 @@
|
||||||
|
|
||||||
|
shift 1
|
||||||
|
if [ ! -z "$RPMFILES" ]; then
|
||||||
|
+ process $command
|
||||||
|
if [ $# -gt 0 ]; then
|
||||||
|
usage
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
- DIRS=$*
|
||||||
|
+ while [ -n "$1" ]; do
|
||||||
|
+ PATH=$1
|
||||||
|
+ process $command
|
||||||
|
+ shift
|
||||||
|
+ done
|
||||||
|
fi
|
||||||
|
-
|
||||||
|
-#
|
||||||
|
-# Make sure they specified one of the three valid commands
|
||||||
|
-#
|
||||||
|
-case "$command" in
|
||||||
|
- restore) restore -p ;;
|
||||||
|
- check) restore -n -v ;;
|
||||||
|
- verify) restore -n -o -;;
|
||||||
|
- relabel) relabel;;
|
||||||
|
- *)
|
||||||
|
- usage
|
||||||
|
- exit 1
|
||||||
|
-esac
|
||||||
|
+exit $?
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.34/semanage/semanage
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.34/semanage/semanage
|
||||||
--- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400
|
--- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400
|
||||||
+++ policycoreutils-2.0.34/semanage/semanage 2007-12-19 06:05:50.000000000 -0500
|
+++ policycoreutils-2.0.34/semanage/semanage 2007-12-19 06:05:50.000000000 -0500
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.34
|
Version: 2.0.34
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -193,6 +193,9 @@ if [ "$1" -ge "1" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4
|
||||||
|
- Handle files with spaces in fixfiles
|
||||||
|
|
||||||
* Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-3
|
* Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-3
|
||||||
- Catch SELINUX_ERR with audit2allow and generate policy
|
- Catch SELINUX_ERR with audit2allow and generate policy
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user