Change separator on -L from ; to :
This commit is contained in:
Dan Walsh
parent
2d6eafee19
commit
64a1a56e71
@ -1,3 +1,15 @@
|
||||
diff --git a/policycoreutils/.gitignore b/policycoreutils/.gitignore
|
||||
index 6f41f6a..50f8b82 100644
|
||||
--- a/policycoreutils/.gitignore
|
||||
+++ b/policycoreutils/.gitignore
|
||||
@@ -9,6 +9,7 @@ semodule_deps/semodule_deps
|
||||
semodule_expand/semodule_expand
|
||||
semodule_link/semodule_link
|
||||
semodule_package/semodule_package
|
||||
+semodule_package/semodule_unpackage
|
||||
sestatus/sestatus
|
||||
setfiles/restorecon
|
||||
setfiles/setfiles
|
||||
diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile
|
||||
index 86ed03f..3e95698 100644
|
||||
--- a/policycoreutils/Makefile
|
||||
@ -1629,10 +1641,10 @@ index e3b7ea7..2b37e63 100644
|
||||
+and
|
||||
+.I Thomas Liu <tliu@fedoraproject.org>
|
||||
diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init
|
||||
index ff8b3ef..66aadfd 100644
|
||||
index ff8b3ef..d1ccdc2 100644
|
||||
--- a/policycoreutils/sandbox/sandbox.init
|
||||
+++ b/policycoreutils/sandbox/sandbox.init
|
||||
@@ -10,17 +10,12 @@
|
||||
@@ -10,25 +10,15 @@
|
||||
#
|
||||
# chkconfig: 345 1 99
|
||||
#
|
||||
@ -1650,13 +1662,21 @@ index ff8b3ef..66aadfd 100644
|
||||
+# description: sandbox, xguest and other apps that want to use pam_namespace \
|
||||
+# require this script be run at boot. This service script does \
|
||||
+# not actually run any service but sets up: \
|
||||
+# /var/tmp, /tmp and home directories to be used by these tools.\
|
||||
+# / to be shared by any app that starts a separate namespace
|
||||
+# If you do not use sandbox, xguest or pam_namespace you can turn \
|
||||
+# this service off.\
|
||||
#
|
||||
|
||||
# Source function library.
|
||||
@@ -41,15 +36,6 @@ start() {
|
||||
-. /etc/init.d/functions
|
||||
-
|
||||
-HOMEDIRS="/home"
|
||||
-
|
||||
-. /etc/sysconfig/sandbox
|
||||
|
||||
LOCKFILE=/var/lock/subsys/sandbox
|
||||
|
||||
@@ -41,15 +31,6 @@ start() {
|
||||
|
||||
touch $LOCKFILE
|
||||
mount --make-rshared / || return $?
|
||||
@ -3004,13 +3024,13 @@ index 0140cd2..2c0cfdd 100644
|
||||
+ except RuntimeError, error:
|
||||
+ errorExit(error.args[0])
|
||||
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
||||
index 6842b07..7f11c4e 100644
|
||||
index 6842b07..e4b6c0d 100644
|
||||
--- a/policycoreutils/semanage/seobject.py
|
||||
+++ b/policycoreutils/semanage/seobject.py
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/python -E
|
||||
-# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat
|
||||
+# Copyright (C) 2005-2011 2009 Red Hat
|
||||
+# Copyright (C) 2005-2011 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# semanage is a tool for managing SELinux configuration files
|
||||
@ -3339,6 +3359,62 @@ index 6842b07..7f11c4e 100644
|
||||
- print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k))
|
||||
-
|
||||
+ print "%-30s (%-5s,%5s) %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k))
|
||||
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
||||
index 81d6a3c..5d662e7 100644
|
||||
--- a/policycoreutils/semodule/semodule.c
|
||||
+++ b/policycoreutils/semodule/semodule.c
|
||||
@@ -45,6 +45,7 @@ static int no_reload;
|
||||
static int create_store;
|
||||
static int build;
|
||||
static int disable_dontaudit;
|
||||
+static int preserve_tunables;
|
||||
|
||||
static semanage_handle_t *sh = NULL;
|
||||
static char *store;
|
||||
@@ -117,6 +118,7 @@ static void usage(char *progname)
|
||||
printf(" -h,--help print this message and quit\n");
|
||||
printf(" -v,--verbose be verbose\n");
|
||||
printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
|
||||
+ printf(" -P,--preserve_tunables Preserve tunables in policy\n");
|
||||
}
|
||||
|
||||
/* Sets the global mode variable to new_mode, but only if no other
|
||||
@@ -162,6 +164,7 @@ static void parse_command_line(int argc, char **argv)
|
||||
{"noreload", 0, NULL, 'n'},
|
||||
{"build", 0, NULL, 'B'},
|
||||
{"disable_dontaudit", 0, NULL, 'D'},
|
||||
+ {"preserve_tunables", 0, NULL, 'P'},
|
||||
{"path", required_argument, NULL, 'p'},
|
||||
{NULL, 0, NULL, 0}
|
||||
};
|
||||
@@ -171,7 +174,7 @@ static void parse_command_line(int argc, char **argv)
|
||||
no_reload = 0;
|
||||
create_store = 0;
|
||||
while ((i =
|
||||
- getopt_long(argc, argv, "p:s:b:hi:lvqe:d:r:u:RnBD", opts,
|
||||
+ getopt_long(argc, argv, "p:s:b:hi:lvqe:d:r:u:RnBDP", opts,
|
||||
NULL)) != -1) {
|
||||
switch (i) {
|
||||
case 'b':
|
||||
@@ -220,6 +223,9 @@ static void parse_command_line(int argc, char **argv)
|
||||
case 'D':
|
||||
disable_dontaudit = 1;
|
||||
break;
|
||||
+ case 'P':
|
||||
+ preserve_tunables = 1;
|
||||
+ break;
|
||||
case '?':
|
||||
default:{
|
||||
usage(argv[0]);
|
||||
@@ -466,6 +472,8 @@ int main(int argc, char *argv[])
|
||||
semanage_set_disable_dontaudit(sh, 1);
|
||||
else if (build)
|
||||
semanage_set_disable_dontaudit(sh, 0);
|
||||
+ if (preserve_tunables)
|
||||
+ semanage_set_preserve_tunables(sh, 1);
|
||||
|
||||
result = semanage_commit(sh);
|
||||
}
|
||||
diff --git a/policycoreutils/sepolgen-ifgen/.gitignore b/policycoreutils/sepolgen-ifgen/.gitignore
|
||||
new file mode 100644
|
||||
index 0000000..3816d2e
|
||||
@ -3616,7 +3692,7 @@ index 0000000..1ce37b0
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
||||
index 48ffcad..7cff7e4 100644
|
||||
index 48ffcad..8066162 100644
|
||||
--- a/policycoreutils/setfiles/restore.c
|
||||
+++ b/policycoreutils/setfiles/restore.c
|
||||
@@ -1,5 +1,6 @@
|
||||
@ -3657,7 +3733,18 @@ index 48ffcad..7cff7e4 100644
|
||||
|
||||
if (match(my_file, ftsent->fts_statp, &newcon) < 0)
|
||||
/* Check for no matching specification. */
|
||||
@@ -143,74 +143,105 @@ static int restore(FTSENT *ftsent)
|
||||
@@ -113,10 +113,6 @@ static int restore(FTSENT *ftsent)
|
||||
|
||||
if (r_opts->progress) {
|
||||
r_opts->count++;
|
||||
- if (r_opts->count % (80 * STAR_COUNT) == 0) {
|
||||
- fprintf(stdout, "\n");
|
||||
- fflush(stdout);
|
||||
- }
|
||||
if (r_opts->count % STAR_COUNT == 0) {
|
||||
fprintf(stdout, "*");
|
||||
fflush(stdout);
|
||||
@@ -143,74 +139,105 @@ static int restore(FTSENT *ftsent)
|
||||
printf("%s: %s matched by %s\n", r_opts->progname, my_file, newcon);
|
||||
}
|
||||
|
||||
@ -3751,22 +3838,22 @@ index 48ffcad..7cff7e4 100644
|
||||
+ freecon(newcon);
|
||||
+ newcon = strdup(context_str(conb));
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
+ context_free(cona);
|
||||
+ context_free(conb);
|
||||
+
|
||||
+ if (!types_differ || err) {
|
||||
+ goto out;
|
||||
}
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (r_opts->verbose) {
|
||||
+ printf("%s reset %s context %s->%s\n",
|
||||
+ r_opts->progname, my_file, curcon ?: "", newcon);
|
||||
}
|
||||
|
||||
- if (r_opts->logging && !user_only_changed) {
|
||||
- if (context)
|
||||
+ if (r_opts->verbose) {
|
||||
+ printf("%s reset %s context %s->%s\n",
|
||||
+ r_opts->progname, my_file, curcon ?: "", newcon);
|
||||
+ }
|
||||
+
|
||||
+ if (r_opts->logging) {
|
||||
+ if (curcon)
|
||||
syslog(LOG_INFO, "relabeling %s from %s to %s\n",
|
||||
@ -3792,7 +3879,7 @@ index 48ffcad..7cff7e4 100644
|
||||
goto out;
|
||||
|
||||
/*
|
||||
@@ -318,11 +349,16 @@ static int process_one(char *name, int recurse_this_path)
|
||||
@@ -318,11 +345,16 @@ static int process_one(char *name, int recurse_this_path)
|
||||
|
||||
|
||||
ftsent = fts_read(fts_handle);
|
||||
@ -3812,7 +3899,7 @@ index 48ffcad..7cff7e4 100644
|
||||
do {
|
||||
rc = 0;
|
||||
/* Skip the post order nodes. */
|
||||
@@ -390,7 +426,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
@@ -390,7 +422,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
{
|
||||
int rc = 0;
|
||||
char *p;
|
||||
@ -3821,7 +3908,7 @@ index 48ffcad..7cff7e4 100644
|
||||
|
||||
if (r_opts == NULL){
|
||||
fprintf(stderr,
|
||||
@@ -401,7 +437,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
@@ -401,7 +433,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
if (!r_opts->expand_realpath) {
|
||||
return process_one(name, recurse);
|
||||
} else {
|
||||
@ -3830,7 +3917,7 @@ index 48ffcad..7cff7e4 100644
|
||||
if (rc < 0) {
|
||||
if (r_opts->ignore_enoent && errno == ENOENT)
|
||||
return 0;
|
||||
@@ -486,22 +522,6 @@ int add_exclude(const char *directory)
|
||||
@@ -486,22 +518,6 @@ int add_exclude(const char *directory)
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -3853,7 +3940,7 @@ index 48ffcad..7cff7e4 100644
|
||||
/*
|
||||
* Evaluate the association hash table distribution.
|
||||
*/
|
||||
@@ -568,7 +588,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
@@ -568,7 +584,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
{
|
||||
file_spec_t *prevfl, *fl;
|
||||
int h, ret;
|
||||
@ -3862,7 +3949,7 @@ index 48ffcad..7cff7e4 100644
|
||||
|
||||
if (!fl_head) {
|
||||
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
|
||||
@@ -581,7 +601,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
@@ -581,7 +597,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
|
||||
prevfl = fl, fl = fl->next) {
|
||||
if (ino == fl->ino) {
|
||||
@ -3945,7 +4032,7 @@ index c8ea4bb..0eb7293 100644
|
||||
.SH "ARGUMENTS"
|
||||
.B pathname...
|
||||
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||
index 7f700ca..5902e8e 100644
|
||||
index 7f700ca..2cc3fba 100644
|
||||
--- a/policycoreutils/setfiles/setfiles.8
|
||||
+++ b/policycoreutils/setfiles/setfiles.8
|
||||
@@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts.
|
||||
@ -3989,12 +4076,12 @@ index 7f700ca..5902e8e 100644
|
||||
-.TP
|
||||
-.B \-vv
|
||||
-show changes in file labels, if type, role, or user are changing.
|
||||
+show changes in file labels
|
||||
+show changes in file labels.
|
||||
.TP
|
||||
.B \-W
|
||||
display warnings about entries that had no matching files.
|
||||
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
|
||||
index fa0cd6a..590a4e0 100644
|
||||
index fa0cd6a..4da428c 100644
|
||||
--- a/policycoreutils/setfiles/setfiles.c
|
||||
+++ b/policycoreutils/setfiles/setfiles.c
|
||||
@@ -39,7 +39,7 @@ void usage(const char *const name)
|
||||
@ -4029,7 +4116,7 @@ index fa0cd6a..590a4e0 100644
|
||||
break;
|
||||
+ case 'L':
|
||||
+ if (r_opts.selabel_opt_subset) {
|
||||
+ if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s;%s",r_opts.selabel_opt_subset,optarg) < 0) {
|
||||
+ if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s:%s",r_opts.selabel_opt_subset,optarg) < 0) {
|
||||
+ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
|
||||
+ optarg, strerror(errno));
|
||||
+ exit(1);
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.5
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -352,6 +352,9 @@ fi
|
||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Wed Sep 14 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-6
|
||||
- Change separator on -L from ; to :
|
||||
|
||||
* Thu Sep 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-5
|
||||
- Add back lockdown wizard for booleans using pywebkitgtk
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user