diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 5bff95f..4dd7d0a 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,86 +1,38 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.1 policycoreutils-1.23.10/audit2why/audit2why.1 ---- nsapolicycoreutils/audit2why/audit2why.1 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.23.10/audit2why/audit2why.1 2005-05-17 08:31:39.000000000 -0400 -@@ -0,0 +1,62 @@ -+.\" Hey, Emacs! This is an -*- nroff -*- source file. -+.\" Copyright (c) 2005 Dan Walsh -+.\" -+.\" This is free documentation; you can redistribute it and/or -+.\" modify it under the terms of the GNU General Public License as -+.\" published by the Free Software Foundation; either version 2 of -+.\" the License, or (at your option) any later version. -+.\" -+.\" The GNU General Public License's references to "object code" -+.\" and "executables" are to be interpreted as the output of any -+.\" document formatting or typesetting system, including -+.\" intermediate and printed output. -+.\" -+.\" This manual is distributed in the hope that it will be useful, -+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+.\" GNU General Public License for more details. -+.\" -+.\" You should have received a copy of the GNU General Public -+.\" License along with this manual; if not, write to the Free -+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, -+.\" USA. -+.\" -+.\" -+.TH AUDIT2ALLOW "1" "May 2005" "Security Enhanced Linux" NSA -+.SH NAME -+audit2why \- Translates auditmessages into a description of why the access was denied -+.SH SYNOPSIS -+.B audit2why -+.RI [ options "] " -+.SH OPTIONS -+.TP -+ -+.B "\-\-help" -+Print a short usage message -+.TP -+.B "\-p " -+Specify an alternate policy file. -+.SH DESCRIPTION -+.PP -+This utility scans stdin (logfiles) for messages logged when the -+system denied permission for operations, and generates a reason why the -+access was denied -+.PP -+.SH EXAMPLE -+$ /usr/sbin/audit2why < /var/log/audit/audit.log -+ -+type=KERNEL msg=audit(1115316525.803:399552): avc: denied { getattr } for path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir -+ Was caused by: -+ Missing TE allow rule for the type pair (use audit2allow). -+ -+type=KERNEL msg=audit(1115320071.648:606858): avc: denied { append } for name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file -+ Was caused by: -+ Constraint violation (add type attribute to domain to satisfy constraints or alter constraint). -+ -+ -+.PP -+.SH AUTHOR -+This manual page was written by -+.I Dan Walsh , -+.B audit2why -+utility was written by Stephen Smalley . -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-1.23.10/audit2why/Makefile ---- nsapolicycoreutils/audit2why/Makefile 2005-05-16 15:40:11.000000000 -0400 -+++ policycoreutils-1.23.10/audit2why/Makefile 2005-05-17 08:31:39.000000000 -0400 -@@ -17,6 +17,8 @@ - install: all - -mkdir -p $(BINDIR) - install -m 755 $(TARGETS) $(BINDIR) -+ -mkdir -p $(MANDIR)/man1 -+ install -m 644 audit2why.1 $(MANDIR)/man1/ - - clean: - rm -f $(TARGETS) *.o -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.10/newrole/newrole.c ---- nsapolicycoreutils/newrole/newrole.c 2005-01-27 10:01:39.000000000 -0500 -+++ policycoreutils-1.23.10/newrole/newrole.c 2005-05-19 11:51:37.000000000 -0400 -@@ -193,6 +193,11 @@ - result = 1; /* user authenticated OK! */ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-1.23.11/load_policy/load_policy.c +--- nsapolicycoreutils/load_policy/load_policy.c 2005-04-14 07:22:16.000000000 -0400 ++++ policycoreutils-1.23.11/load_policy/load_policy.c 2005-05-26 10:49:44.000000000 -0400 +@@ -103,7 +103,7 @@ + if (errno == ENOENT || errno == EINVAL) { + /* No booleans file or stale booleans in the file; non-fatal. */ + if (! quiet) +- fprintf(stderr, _("%s: Warning! Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno)); ++ fprintf(stderr, _("%s: Warning while setting booleans from %s\n"), argv[0], boolpath); + } else { + fprintf(stderr, _("%s: Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno)); + exit(2); +@@ -115,7 +115,7 @@ + if (ret) { + /* Possibly ok, as there may be no booleans. */ + if (! quiet) +- fprintf(stderr, _("%s: Warning! Error while getting boolean names: %s\n"), argv[0], strerror(errno)); ++ fprintf(stderr, _("%s: Warning! unable to get boolean names: %s\n"), argv[0], strerror(errno)); + goto load; + } + if (!len) +@@ -137,7 +137,7 @@ + if (errno == EINVAL) { + /* Stale booleans in the file; non-fatal. */ + if (! quiet) +- fprintf(stderr, _("%s: Warning! Error while setting booleans: %s\n"), argv[0], strerror(errno)); ++ fprintf(stderr, _("%s: Warning! Unable to reset all booleans\n"), argv[0]); + } else { + fprintf(stderr, _("%s: Error while setting booleans: %s\n"), argv[0], strerror(errno)); + exit(2); +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.11/newrole/newrole.c +--- nsapolicycoreutils/newrole/newrole.c 2005-05-20 13:15:12.000000000 -0400 ++++ policycoreutils-1.23.11/newrole/newrole.c 2005-05-26 08:46:35.000000000 -0400 +@@ -198,6 +198,11 @@ + result = 0; /* user authenticated OK! */ } + /* Ask PAM to verify acct_mgmt */ @@ -91,15 +43,3 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policy /* We're done with PAM. Free `pam_handle'. */ pam_end( pam_handle, PAM_SUCCESS ); -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.23.10/scripts/fixfiles ---- nsapolicycoreutils/scripts/fixfiles 2005-04-29 14:11:23.000000000 -0400 -+++ policycoreutils-1.23.10/scripts/fixfiles 2005-05-17 08:31:39.000000000 -0400 -@@ -164,7 +164,7 @@ - fi - - # See how we were called. --while getopts "C:Fo:R:l:" i; do -+while getopts "C:Ffo:R:l:" i; do - case "$i" in - f) - fullFlag=1 diff --git a/policycoreutils.spec b/policycoreutils.spec index 367c512..4b6c85d 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -3,7 +3,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.23.11 -Release: 1 +Release: 2 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -84,6 +84,9 @@ rm -rf ${RPM_BUILD_ROOT} %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog +* Thu May 26 2005 Dan Walsh 1.23.11-2 +- Fix warning message on reload of booleans + * Fri May 20 2005 Dan Walsh 1.23.11-1 - Update to match NSA * Merged fixfiles and newrole patch from Dan Walsh.