rpms/policycoreutils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Change separator on -L from ; to :

Browse Source
This commit is contained in:
Dan Walsh 2011-09-14 22:08:19 -04:00
parent 2d6eafee19
commit 64a1a56e71
2 changed files with 116 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
policycoreutils-rhat.patch
View File

@ -1,3 +1,15 @@
diff --git a/policycoreutils/.gitignore b/policycoreutils/.gitignore
index 6f41f6a..50f8b82 100644
--- a/policycoreutils/.gitignore
+++ b/policycoreutils/.gitignore
@@ -9,6 +9,7 @@ semodule_deps/semodule_deps
semodule_expand/semodule_expand
semodule_link/semodule_link
semodule_package/semodule_package
+semodule_package/semodule_unpackage
sestatus/sestatus
setfiles/restorecon
setfiles/setfiles
diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile
index 86ed03f..3e95698 100644 index 86ed03f..3e95698 100644
--- a/policycoreutils/Makefile --- a/policycoreutils/Makefile
@ -1629,10 +1641,10 @@ index e3b7ea7..2b37e63 100644
+and +and
+.I Thomas Liu <tliu@fedoraproject.org> +.I Thomas Liu <tliu@fedoraproject.org>
diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init
index ff8b3ef..66aadfd 100644 index ff8b3ef..d1ccdc2 100644
--- a/policycoreutils/sandbox/sandbox.init --- a/policycoreutils/sandbox/sandbox.init
+++ b/policycoreutils/sandbox/sandbox.init +++ b/policycoreutils/sandbox/sandbox.init
@@ -10,17 +10,12 @@ @@ -10,25 +10,15 @@
# #
# chkconfig: 345 1 99 # chkconfig: 345 1 99
# #
@ -1650,13 +1662,21 @@ index ff8b3ef..66aadfd 100644
+# description: sandbox, xguest and other apps that want to use pam_namespace \ +# description: sandbox, xguest and other apps that want to use pam_namespace \
+# require this script be run at boot. This service script does \ +# require this script be run at boot. This service script does \
+# not actually run any service but sets up: \ +# not actually run any service but sets up: \
+# /var/tmp, /tmp and home directories to be used by these tools.\ +# / to be shared by any app that starts a separate namespace
+# If you do not use sandbox, xguest or pam_namespace you can turn \ +# If you do not use sandbox, xguest or pam_namespace you can turn \
+# this service off.\ +# this service off.\
# #
# Source function library. # Source function library.
@@ -41,15 +36,6 @@ start() { -. /etc/init.d/functions
-
-HOMEDIRS="/home"
-
-. /etc/sysconfig/sandbox
LOCKFILE=/var/lock/subsys/sandbox
@@ -41,15 +31,6 @@ start() {
touch $LOCKFILE touch $LOCKFILE
mount --make-rshared / || return $? mount --make-rshared / || return $?
@ -3004,13 +3024,13 @@ index 0140cd2..2c0cfdd 100644
+ except RuntimeError, error: + except RuntimeError, error:
+ errorExit(error.args[0]) + errorExit(error.args[0])
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 6842b07..7f11c4e 100644 index 6842b07..e4b6c0d 100644
--- a/policycoreutils/semanage/seobject.py --- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
#! /usr/bin/python -E #! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat -# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat
+# Copyright (C) 2005-2011 2009 Red Hat +# Copyright (C) 2005-2011 Red Hat
# see file 'COPYING' for use and warranty information # see file 'COPYING' for use and warranty information
# #
# semanage is a tool for managing SELinux configuration files # semanage is a tool for managing SELinux configuration files
@ -3339,6 +3359,62 @@ index 6842b07..7f11c4e 100644
- print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k)) - print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k))
- -
+ print "%-30s (%-5s,%5s) %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k)) + print "%-30s (%-5s,%5s) %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k))
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
index 81d6a3c..5d662e7 100644
--- a/policycoreutils/semodule/semodule.c
+++ b/policycoreutils/semodule/semodule.c
@@ -45,6 +45,7 @@ static int no_reload;
static int create_store;
static int build;
static int disable_dontaudit;
+static int preserve_tunables;
static semanage_handle_t *sh = NULL;
static char *store;
@@ -117,6 +118,7 @@ static void usage(char *progname)
printf(" -h,--help print this message and quit\n");
printf(" -v,--verbose be verbose\n");
printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
+ printf(" -P,--preserve_tunables Preserve tunables in policy\n");
}
/* Sets the global mode variable to new_mode, but only if no other
@@ -162,6 +164,7 @@ static void parse_command_line(int argc, char **argv)
{"noreload", 0, NULL, 'n'},
{"build", 0, NULL, 'B'},
{"disable_dontaudit", 0, NULL, 'D'},
+ {"preserve_tunables", 0, NULL, 'P'},
{"path", required_argument, NULL, 'p'},
{NULL, 0, NULL, 0}
};
@@ -171,7 +174,7 @@ static void parse_command_line(int argc, char **argv)
no_reload = 0;
create_store = 0;
while ((i =
- getopt_long(argc, argv, "p:s:b:hi:lvqe:d:r:u:RnBD", opts,
+ getopt_long(argc, argv, "p:s:b:hi:lvqe:d:r:u:RnBDP", opts,
NULL)) != -1) {
switch (i) {
case 'b':
@@ -220,6 +223,9 @@ static void parse_command_line(int argc, char **argv)
case 'D':
disable_dontaudit = 1;
break;
+ case 'P':
+ preserve_tunables = 1;
+ break;
case '?':
default:{
usage(argv[0]);
@@ -466,6 +472,8 @@ int main(int argc, char *argv[])
semanage_set_disable_dontaudit(sh, 1);
else if (build)
semanage_set_disable_dontaudit(sh, 0);
+ if (preserve_tunables)
+ semanage_set_preserve_tunables(sh, 1);
result = semanage_commit(sh);
}
diff --git a/policycoreutils/sepolgen-ifgen/.gitignore b/policycoreutils/sepolgen-ifgen/.gitignore diff --git a/policycoreutils/sepolgen-ifgen/.gitignore b/policycoreutils/sepolgen-ifgen/.gitignore
new file mode 100644 new file mode 100644
index 0000000..3816d2e index 0000000..3816d2e
@ -3616,7 +3692,7 @@ index 0000000..1ce37b0
+ return 0; + return 0;
+} +}
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index 48ffcad..7cff7e4 100644 index 48ffcad..8066162 100644
--- a/policycoreutils/setfiles/restore.c --- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c
@@ -1,5 +1,6 @@ @@ -1,5 +1,6 @@
@ -3657,7 +3733,18 @@ index 48ffcad..7cff7e4 100644
if (match(my_file, ftsent->fts_statp, &newcon) < 0) if (match(my_file, ftsent->fts_statp, &newcon) < 0)
/* Check for no matching specification. */ /* Check for no matching specification. */
@@ -143,74 +143,105 @@ static int restore(FTSENT *ftsent) @@ -113,10 +113,6 @@ static int restore(FTSENT *ftsent)
if (r_opts->progress) {
r_opts->count++;
- if (r_opts->count % (80 * STAR_COUNT) == 0) {
- fprintf(stdout, "\n");
- fflush(stdout);
- }
if (r_opts->count % STAR_COUNT == 0) {
fprintf(stdout, "*");
fflush(stdout);
@@ -143,74 +139,105 @@ static int restore(FTSENT *ftsent)
printf("%s: %s matched by %s\n", r_opts->progname, my_file, newcon); printf("%s: %s matched by %s\n", r_opts->progname, my_file, newcon);
} }
@ -3751,22 +3838,22 @@ index 48ffcad..7cff7e4 100644
+ freecon(newcon); + freecon(newcon);
+ newcon = strdup(context_str(conb)); + newcon = strdup(context_str(conb));
+ } + }
+ } }
+ context_free(cona); + context_free(cona);
+ context_free(conb); + context_free(conb);
+ +
+ if (!types_differ || err) { + if (!types_differ || err) {
+ goto out; + goto out;
} + }
+ }
+
+ if (r_opts->verbose) {
+ printf("%s reset %s context %s->%s\n",
+ r_opts->progname, my_file, curcon ?: "", newcon);
} }
- if (r_opts->logging && !user_only_changed) { - if (r_opts->logging && !user_only_changed) {
- if (context) - if (context)
+ if (r_opts->verbose) {
+ printf("%s reset %s context %s->%s\n",
+ r_opts->progname, my_file, curcon ?: "", newcon);
+ }
+
+ if (r_opts->logging) { + if (r_opts->logging) {
+ if (curcon) + if (curcon)
syslog(LOG_INFO, "relabeling %s from %s to %s\n", syslog(LOG_INFO, "relabeling %s from %s to %s\n",
@ -3792,7 +3879,7 @@ index 48ffcad..7cff7e4 100644
goto out; goto out;
/* /*
@@ -318,11 +349,16 @@ static int process_one(char *name, int recurse_this_path) @@ -318,11 +345,16 @@ static int process_one(char *name, int recurse_this_path)
ftsent = fts_read(fts_handle); ftsent = fts_read(fts_handle);
@ -3812,7 +3899,7 @@ index 48ffcad..7cff7e4 100644
do { do {
rc = 0; rc = 0;
/* Skip the post order nodes. */ /* Skip the post order nodes. */
@@ -390,7 +426,7 @@ int process_one_realpath(char *name, int recurse) @@ -390,7 +422,7 @@ int process_one_realpath(char *name, int recurse)
{ {
int rc = 0; int rc = 0;
char *p; char *p;
@ -3821,7 +3908,7 @@ index 48ffcad..7cff7e4 100644
if (r_opts == NULL){ if (r_opts == NULL){
fprintf(stderr, fprintf(stderr,
@@ -401,7 +437,7 @@ int process_one_realpath(char *name, int recurse) @@ -401,7 +433,7 @@ int process_one_realpath(char *name, int recurse)
if (!r_opts->expand_realpath) { if (!r_opts->expand_realpath) {
return process_one(name, recurse); return process_one(name, recurse);
} else { } else {
@ -3830,7 +3917,7 @@ index 48ffcad..7cff7e4 100644
if (rc < 0) { if (rc < 0) {
if (r_opts->ignore_enoent && errno == ENOENT) if (r_opts->ignore_enoent && errno == ENOENT)
return 0; return 0;
@@ -486,22 +522,6 @@ int add_exclude(const char *directory) @@ -486,22 +518,6 @@ int add_exclude(const char *directory)
return 0; return 0;
} }
@ -3853,7 +3940,7 @@ index 48ffcad..7cff7e4 100644
/* /*
* Evaluate the association hash table distribution. * Evaluate the association hash table distribution.
*/ */
@@ -568,7 +588,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil @@ -568,7 +584,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
{ {
file_spec_t *prevfl, *fl; file_spec_t *prevfl, *fl;
int h, ret; int h, ret;
@ -3862,7 +3949,7 @@ index 48ffcad..7cff7e4 100644
if (!fl_head) { if (!fl_head) {
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS); fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
@@ -581,7 +601,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil @@ -581,7 +597,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
prevfl = fl, fl = fl->next) { prevfl = fl, fl = fl->next) {
if (ino == fl->ino) { if (ino == fl->ino) {
@ -3945,7 +4032,7 @@ index c8ea4bb..0eb7293 100644
.SH "ARGUMENTS" .SH "ARGUMENTS"
.B pathname... .B pathname...
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
index 7f700ca..5902e8e 100644 index 7f700ca..2cc3fba 100644
--- a/policycoreutils/setfiles/setfiles.8 --- a/policycoreutils/setfiles/setfiles.8
+++ b/policycoreutils/setfiles/setfiles.8 +++ b/policycoreutils/setfiles/setfiles.8
@@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts. @@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts.
@ -3989,12 +4076,12 @@ index 7f700ca..5902e8e 100644
-.TP -.TP
-.B \-vv -.B \-vv
-show changes in file labels, if type, role, or user are changing. -show changes in file labels, if type, role, or user are changing.
+show changes in file labels +show changes in file labels.
.TP .TP
.B \-W .B \-W
display warnings about entries that had no matching files. display warnings about entries that had no matching files.
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
index fa0cd6a..590a4e0 100644 index fa0cd6a..4da428c 100644
--- a/policycoreutils/setfiles/setfiles.c --- a/policycoreutils/setfiles/setfiles.c
+++ b/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c
@@ -39,7 +39,7 @@ void usage(const char *const name) @@ -39,7 +39,7 @@ void usage(const char *const name)
@ -4029,7 +4116,7 @@ index fa0cd6a..590a4e0 100644
break; break;
+ case 'L': + case 'L':
+ if (r_opts.selabel_opt_subset) { + if (r_opts.selabel_opt_subset) {
+ if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s;%s",r_opts.selabel_opt_subset,optarg) < 0) { + if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s:%s",r_opts.selabel_opt_subset,optarg) < 0) {
+ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n", + fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
+ optarg, strerror(errno)); + optarg, strerror(errno));
+ exit(1); + exit(1);

5
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.5 Version: 2.1.5
Release: 5%{?dist} Release: 6%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -352,6 +352,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Wed Sep 14 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-6
- Change separator on -L from ; to :
* Thu Sep 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-5 * Thu Sep 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-5
- Add back lockdown wizard for booleans using pywebkitgtk - Add back lockdown wizard for booleans using pywebkitgtk