rpms/policycoreutils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

* Thu May 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-2

Browse Source 
- Fix warning message on reload of booleans
This commit is contained in:
Daniel J Walsh 2005-05-26 14:52:39 +00:00
parent 77b3c784ce
commit 6124877e2e
2 changed files with 39 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
policycoreutils-rhat.patch
View File

@ -1,86 +1,38 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.1 policycoreutils-1.23.10/audit2why/audit2why.1 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-1.23.11/load_policy/load_policy.c
--- nsapolicycoreutils/audit2why/audit2why.1 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/load_policy/load_policy.c 2005-04-14 07:22:16.000000000 -0400
+++ policycoreutils-1.23.10/audit2why/audit2why.1 2005-05-17 08:31:39.000000000 -0400 +++ policycoreutils-1.23.11/load_policy/load_policy.c 2005-05-26 10:49:44.000000000 -0400
@@ -0,0 +1,62 @@ @@ -103,7 +103,7 @@
+.\" Hey, Emacs! This is an -*- nroff -*- source file. if (errno == ENOENT || errno == EINVAL) {
+.\" Copyright (c) 2005 Dan Walsh <dwalsh@redhat.com> /* No booleans file or stale booleans in the file; non-fatal. */
+.\" if (! quiet)
+.\" This is free documentation; you can redistribute it and/or - fprintf(stderr, _("%s: Warning! Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
+.\" modify it under the terms of the GNU General Public License as + fprintf(stderr, _("%s: Warning while setting booleans from %s\n"), argv[0], boolpath);
+.\" published by the Free Software Foundation; either version 2 of } else {
+.\" the License, or (at your option) any later version. fprintf(stderr, _("%s: Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
+.\" exit(2);
+.\" The GNU General Public License's references to "object code" @@ -115,7 +115,7 @@
+.\" and "executables" are to be interpreted as the output of any if (ret) {
+.\" document formatting or typesetting system, including /* Possibly ok, as there may be no booleans. */
+.\" intermediate and printed output. if (! quiet)
+.\" - fprintf(stderr, _("%s: Warning! Error while getting boolean names: %s\n"), argv[0], strerror(errno));
+.\" This manual is distributed in the hope that it will be useful, + fprintf(stderr, _("%s: Warning! unable to get boolean names: %s\n"), argv[0], strerror(errno));
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of goto load;
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the }
+.\" GNU General Public License for more details. if (!len)
+.\" @@ -137,7 +137,7 @@
+.\" You should have received a copy of the GNU General Public if (errno == EINVAL) {
+.\" License along with this manual; if not, write to the Free /* Stale booleans in the file; non-fatal. */
+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, if (! quiet)
+.\" USA. - fprintf(stderr, _("%s: Warning! Error while setting booleans: %s\n"), argv[0], strerror(errno));
+.\" + fprintf(stderr, _("%s: Warning! Unable to reset all booleans\n"), argv[0]);
+.\" } else {
+.TH AUDIT2ALLOW "1" "May 2005" "Security Enhanced Linux" NSA fprintf(stderr, _("%s: Error while setting booleans: %s\n"), argv[0], strerror(errno));
+.SH NAME exit(2);
+audit2why \- Translates auditmessages into a description of why the access was denied diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.11/newrole/newrole.c
+.SH SYNOPSIS --- nsapolicycoreutils/newrole/newrole.c 2005-05-20 13:15:12.000000000 -0400
+.B audit2why +++ policycoreutils-1.23.11/newrole/newrole.c 2005-05-26 08:46:35.000000000 -0400
+.RI [ options "] " @@ -198,6 +198,11 @@
+.SH OPTIONS result = 0; /* user authenticated OK! */
+.TP
+
+.B "\-\-help"
+Print a short usage message
+.TP
+.B "\-p <policyfile>"
+Specify an alternate policy file.
+.SH DESCRIPTION
+.PP
+This utility scans stdin (logfiles) for messages logged when the
+system denied permission for operations, and generates a reason why the
+access was denied
+.PP
+.SH EXAMPLE
+$ /usr/sbin/audit2why < /var/log/audit/audit.log
+
+type=KERNEL msg=audit(1115316525.803:399552): avc: denied { getattr } for path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir
+ Was caused by:
+ Missing TE allow rule for the type pair (use audit2allow).
+
+type=KERNEL msg=audit(1115320071.648:606858): avc: denied { append } for name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+ Was caused by:
+ Constraint violation (add type attribute to domain to satisfy constraints or alter constraint).
+
+
+.PP
+.SH AUTHOR
+This manual page was written by
+.I Dan Walsh <dwalsh@redhat.com>,
+.B audit2why
+utility was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-1.23.10/audit2why/Makefile
--- nsapolicycoreutils/audit2why/Makefile 2005-05-16 15:40:11.000000000 -0400
+++ policycoreutils-1.23.10/audit2why/Makefile 2005-05-17 08:31:39.000000000 -0400
@@ -17,6 +17,8 @@
install: all
-mkdir -p $(BINDIR)
install -m 755 $(TARGETS) $(BINDIR)
+ -mkdir -p $(MANDIR)/man1
+ install -m 644 audit2why.1 $(MANDIR)/man1/
clean:
rm -f $(TARGETS) *.o
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.10/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2005-01-27 10:01:39.000000000 -0500
+++ policycoreutils-1.23.10/newrole/newrole.c 2005-05-19 11:51:37.000000000 -0400
@@ -193,6 +193,11 @@
result = 1; /* user authenticated OK! */
} }
+ /* Ask PAM to verify acct_mgmt */ + /* Ask PAM to verify acct_mgmt */
@ -91,15 +43,3 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policy
/* We're done with PAM. Free `pam_handle'. */ /* We're done with PAM. Free `pam_handle'. */
pam_end( pam_handle, PAM_SUCCESS ); pam_end( pam_handle, PAM_SUCCESS );
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.23.10/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2005-04-29 14:11:23.000000000 -0400
+++ policycoreutils-1.23.10/scripts/fixfiles 2005-05-17 08:31:39.000000000 -0400
@@ -164,7 +164,7 @@
fi
# See how we were called.
-while getopts "C:Fo:R:l:" i; do
+while getopts "C:Ffo:R:l:" i; do
case "$i" in
f)
fullFlag=1

5
policycoreutils.spec
View File

@ -3,7 +3,7 @@
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.23.11 Version: 1.23.11
Release: 1 Release: 2
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -84,6 +84,9 @@ rm -rf ${RPM_BUILD_ROOT}
%config(noreplace) %{_sysconfdir}/sestatus.conf %config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog %changelog
* Thu May 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-2
- Fix warning message on reload of booleans
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1 * Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1
- Update to match NSA - Update to match NSA
* Merged fixfiles and newrole patch from Dan Walsh. * Merged fixfiles and newrole patch from Dan Walsh.