Change separator on -L from ; to :
This commit is contained in:
		
							parent
							
								
									2d6eafee19
								
							
						
					
					
						commit
						64a1a56e71
					
				| @ -1,3 +1,15 @@ | ||||
| diff --git a/policycoreutils/.gitignore b/policycoreutils/.gitignore
 | ||||
| index 6f41f6a..50f8b82 100644
 | ||||
| --- a/policycoreutils/.gitignore
 | ||||
| +++ b/policycoreutils/.gitignore
 | ||||
| @@ -9,6 +9,7 @@ semodule_deps/semodule_deps
 | ||||
|  semodule_expand/semodule_expand | ||||
|  semodule_link/semodule_link | ||||
|  semodule_package/semodule_package | ||||
| +semodule_package/semodule_unpackage
 | ||||
|  sestatus/sestatus | ||||
|  setfiles/restorecon | ||||
|  setfiles/setfiles | ||||
| diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile
 | ||||
| index 86ed03f..3e95698 100644
 | ||||
| --- a/policycoreutils/Makefile
 | ||||
| @ -1629,10 +1641,10 @@ index e3b7ea7..2b37e63 100644 | ||||
| +and
 | ||||
| +.I Thomas Liu <tliu@fedoraproject.org>
 | ||||
| diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init
 | ||||
| index ff8b3ef..66aadfd 100644
 | ||||
| index ff8b3ef..d1ccdc2 100644
 | ||||
| --- a/policycoreutils/sandbox/sandbox.init
 | ||||
| +++ b/policycoreutils/sandbox/sandbox.init
 | ||||
| @@ -10,17 +10,12 @@
 | ||||
| @@ -10,25 +10,15 @@
 | ||||
|  # | ||||
|  # chkconfig: 345 1 99 | ||||
|  # | ||||
| @ -1650,13 +1662,21 @@ index ff8b3ef..66aadfd 100644 | ||||
| +# description: sandbox, xguest and other apps that want to use pam_namespace \
 | ||||
| +#              require this script be run at boot.  This service script does \
 | ||||
| +#              not actually run any service but sets up: \
 | ||||
| +#              /var/tmp, /tmp and home directories to be used by these tools.\
 | ||||
| +#              / to be shared by any app that starts a separate namespace
 | ||||
| +#              If you do not use sandbox, xguest or pam_namespace you can turn \
 | ||||
| +#              this service off.\
 | ||||
|  # | ||||
|   | ||||
|  # Source function library. | ||||
| @@ -41,15 +36,6 @@ start() {
 | ||||
| -. /etc/init.d/functions
 | ||||
| -
 | ||||
| -HOMEDIRS="/home"
 | ||||
| -
 | ||||
| -. /etc/sysconfig/sandbox
 | ||||
|   | ||||
|  LOCKFILE=/var/lock/subsys/sandbox | ||||
|   | ||||
| @@ -41,15 +31,6 @@ start() {
 | ||||
|   | ||||
|  	touch $LOCKFILE | ||||
|  	mount --make-rshared / || return $?  | ||||
| @ -3004,13 +3024,13 @@ index 0140cd2..2c0cfdd 100644 | ||||
| +	except RuntimeError, error:
 | ||||
| +		errorExit(error.args[0])
 | ||||
| diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
 | ||||
| index 6842b07..7f11c4e 100644
 | ||||
| index 6842b07..e4b6c0d 100644
 | ||||
| --- a/policycoreutils/semanage/seobject.py
 | ||||
| +++ b/policycoreutils/semanage/seobject.py
 | ||||
| @@ -1,5 +1,5 @@
 | ||||
|  #! /usr/bin/python -E | ||||
| -# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat 
 | ||||
| +# Copyright (C) 2005-2011 2009 Red Hat 
 | ||||
| +# Copyright (C) 2005-2011 Red Hat 
 | ||||
|  # see file 'COPYING' for use and warranty information | ||||
|  # | ||||
|  # semanage is a tool for managing SELinux configuration files | ||||
| @ -3339,6 +3359,62 @@ index 6842b07..7f11c4e 100644 | ||||
| -				print "%-30s -> %-5s %s" %  (k, on_off[ddict[k][2]], self.get_desc(k))
 | ||||
| -
 | ||||
| +				print "%-30s (%-5s,%5s)  %s" %  (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k))
 | ||||
| diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
 | ||||
| index 81d6a3c..5d662e7 100644
 | ||||
| --- a/policycoreutils/semodule/semodule.c
 | ||||
| +++ b/policycoreutils/semodule/semodule.c
 | ||||
| @@ -45,6 +45,7 @@ static int no_reload;
 | ||||
|  static int create_store; | ||||
|  static int build; | ||||
|  static int disable_dontaudit; | ||||
| +static int preserve_tunables;
 | ||||
|   | ||||
|  static semanage_handle_t *sh = NULL; | ||||
|  static char *store; | ||||
| @@ -117,6 +118,7 @@ static void usage(char *progname)
 | ||||
|  	printf("  -h,--help        print this message and quit\n"); | ||||
|  	printf("  -v,--verbose     be verbose\n"); | ||||
|  	printf("  -D,--disable_dontaudit	Remove dontaudits from policy\n"); | ||||
| +	printf("  -P,--preserve_tunables	Preserve tunables in policy\n");
 | ||||
|  } | ||||
|   | ||||
|  /* Sets the global mode variable to new_mode, but only if no other | ||||
| @@ -162,6 +164,7 @@ static void parse_command_line(int argc, char **argv)
 | ||||
|  		{"noreload", 0, NULL, 'n'}, | ||||
|  		{"build", 0, NULL, 'B'}, | ||||
|  		{"disable_dontaudit", 0, NULL, 'D'}, | ||||
| +		{"preserve_tunables", 0, NULL, 'P'},
 | ||||
|  		{"path", required_argument, NULL, 'p'}, | ||||
|  		{NULL, 0, NULL, 0} | ||||
|  	}; | ||||
| @@ -171,7 +174,7 @@ static void parse_command_line(int argc, char **argv)
 | ||||
|  	no_reload = 0; | ||||
|  	create_store = 0; | ||||
|  	while ((i = | ||||
| -		getopt_long(argc, argv, "p:s:b:hi:lvqe:d:r:u:RnBD", opts,
 | ||||
| +		getopt_long(argc, argv, "p:s:b:hi:lvqe:d:r:u:RnBDP", opts,
 | ||||
|  			    NULL)) != -1) { | ||||
|  		switch (i) { | ||||
|  		case 'b': | ||||
| @@ -220,6 +223,9 @@ static void parse_command_line(int argc, char **argv)
 | ||||
|  		case 'D': | ||||
|  			disable_dontaudit = 1; | ||||
|  			break; | ||||
| +		case 'P':
 | ||||
| +			preserve_tunables = 1;
 | ||||
| +			break;
 | ||||
|  		case '?': | ||||
|  		default:{ | ||||
|  				usage(argv[0]); | ||||
| @@ -466,6 +472,8 @@ int main(int argc, char *argv[])
 | ||||
|  			semanage_set_disable_dontaudit(sh, 1); | ||||
|  		else if (build) | ||||
|  			semanage_set_disable_dontaudit(sh, 0); | ||||
| +		if (preserve_tunables)
 | ||||
| +			semanage_set_preserve_tunables(sh, 1);
 | ||||
|   | ||||
|  		result = semanage_commit(sh); | ||||
|  	} | ||||
| diff --git a/policycoreutils/sepolgen-ifgen/.gitignore b/policycoreutils/sepolgen-ifgen/.gitignore
 | ||||
| new file mode 100644 | ||||
| index 0000000..3816d2e
 | ||||
| @ -3616,7 +3692,7 @@ index 0000000..1ce37b0 | ||||
| +	return 0;
 | ||||
| +}
 | ||||
| diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
 | ||||
| index 48ffcad..7cff7e4 100644
 | ||||
| index 48ffcad..8066162 100644
 | ||||
| --- a/policycoreutils/setfiles/restore.c
 | ||||
| +++ b/policycoreutils/setfiles/restore.c
 | ||||
| @@ -1,5 +1,6 @@
 | ||||
| @ -3657,7 +3733,18 @@ index 48ffcad..7cff7e4 100644 | ||||
|   | ||||
|  	if (match(my_file, ftsent->fts_statp, &newcon) < 0) | ||||
|  		/* Check for no matching specification. */ | ||||
| @@ -143,74 +143,105 @@ static int restore(FTSENT *ftsent)
 | ||||
| @@ -113,10 +113,6 @@ static int restore(FTSENT *ftsent)
 | ||||
|   | ||||
|  	if (r_opts->progress) { | ||||
|  		r_opts->count++; | ||||
| -		if (r_opts->count % (80 * STAR_COUNT) == 0) {
 | ||||
| -			fprintf(stdout, "\n");
 | ||||
| -			fflush(stdout);
 | ||||
| -		}
 | ||||
|  		if (r_opts->count % STAR_COUNT == 0) { | ||||
|  			fprintf(stdout, "*"); | ||||
|  			fflush(stdout); | ||||
| @@ -143,74 +139,105 @@ static int restore(FTSENT *ftsent)
 | ||||
|  		printf("%s:  %s matched by %s\n", r_opts->progname, my_file, newcon); | ||||
|  	} | ||||
|   | ||||
| @ -3751,22 +3838,22 @@ index 48ffcad..7cff7e4 100644 | ||||
| +				freecon(newcon);
 | ||||
| +				newcon = strdup(context_str(conb));
 | ||||
| +			}
 | ||||
| +		}
 | ||||
|  		} | ||||
| +		context_free(cona);
 | ||||
| +		context_free(conb);
 | ||||
| +		
 | ||||
| +		if (!types_differ || err) {
 | ||||
| +			goto out;
 | ||||
|  		} | ||||
| +		}
 | ||||
| +	}
 | ||||
| +
 | ||||
| +	if (r_opts->verbose) {
 | ||||
| +		printf("%s reset %s context %s->%s\n",
 | ||||
| +		       r_opts->progname, my_file, curcon ?: "", newcon);
 | ||||
|  	} | ||||
|   | ||||
| -	if (r_opts->logging && !user_only_changed) {
 | ||||
| -		if (context)
 | ||||
| +	if (r_opts->verbose) {
 | ||||
| +		printf("%s reset %s context %s->%s\n",
 | ||||
| +		       r_opts->progname, my_file, curcon ?: "", newcon);
 | ||||
| +	}
 | ||||
| +
 | ||||
| +	if (r_opts->logging) {
 | ||||
| +		if (curcon)
 | ||||
|  			syslog(LOG_INFO, "relabeling %s from %s to %s\n", | ||||
| @ -3792,7 +3879,7 @@ index 48ffcad..7cff7e4 100644 | ||||
|  		goto out; | ||||
|   | ||||
|  	/* | ||||
| @@ -318,11 +349,16 @@ static int process_one(char *name, int recurse_this_path)
 | ||||
| @@ -318,11 +345,16 @@ static int process_one(char *name, int recurse_this_path)
 | ||||
|   | ||||
|   | ||||
|  	ftsent = fts_read(fts_handle); | ||||
| @ -3812,7 +3899,7 @@ index 48ffcad..7cff7e4 100644 | ||||
|  	do { | ||||
|  		rc = 0; | ||||
|  		/* Skip the post order nodes. */ | ||||
| @@ -390,7 +426,7 @@ int process_one_realpath(char *name, int recurse)
 | ||||
| @@ -390,7 +422,7 @@ int process_one_realpath(char *name, int recurse)
 | ||||
|  { | ||||
|  	int rc = 0; | ||||
|  	char *p; | ||||
| @ -3821,7 +3908,7 @@ index 48ffcad..7cff7e4 100644 | ||||
|   | ||||
|  	if (r_opts == NULL){ | ||||
|  		fprintf(stderr, | ||||
| @@ -401,7 +437,7 @@ int process_one_realpath(char *name, int recurse)
 | ||||
| @@ -401,7 +433,7 @@ int process_one_realpath(char *name, int recurse)
 | ||||
|  	if (!r_opts->expand_realpath) { | ||||
|  		return process_one(name, recurse); | ||||
|  	} else { | ||||
| @ -3830,7 +3917,7 @@ index 48ffcad..7cff7e4 100644 | ||||
|  		if (rc < 0) { | ||||
|  			if (r_opts->ignore_enoent && errno == ENOENT) | ||||
|  				return 0; | ||||
| @@ -486,22 +522,6 @@ int add_exclude(const char *directory)
 | ||||
| @@ -486,22 +518,6 @@ int add_exclude(const char *directory)
 | ||||
|  	return 0; | ||||
|  } | ||||
|   | ||||
| @ -3853,7 +3940,7 @@ index 48ffcad..7cff7e4 100644 | ||||
|  /* | ||||
|   * Evaluate the association hash table distribution. | ||||
|   */ | ||||
| @@ -568,7 +588,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
 | ||||
| @@ -568,7 +584,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
 | ||||
|  { | ||||
|  	file_spec_t *prevfl, *fl; | ||||
|  	int h, ret; | ||||
| @ -3862,7 +3949,7 @@ index 48ffcad..7cff7e4 100644 | ||||
|   | ||||
|  	if (!fl_head) { | ||||
|  		fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS); | ||||
| @@ -581,7 +601,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
 | ||||
| @@ -581,7 +597,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
 | ||||
|  	for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; | ||||
|  	     prevfl = fl, fl = fl->next) { | ||||
|  		if (ino == fl->ino) { | ||||
| @ -3945,7 +4032,7 @@ index c8ea4bb..0eb7293 100644 | ||||
|  .SH "ARGUMENTS" | ||||
|  .B pathname... | ||||
| diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
 | ||||
| index 7f700ca..5902e8e 100644
 | ||||
| index 7f700ca..2cc3fba 100644
 | ||||
| --- a/policycoreutils/setfiles/setfiles.8
 | ||||
| +++ b/policycoreutils/setfiles/setfiles.8
 | ||||
| @@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts.
 | ||||
| @ -3989,12 +4076,12 @@ index 7f700ca..5902e8e 100644 | ||||
| -.TP 
 | ||||
| -.B \-vv
 | ||||
| -show changes in file labels, if type, role, or user are changing.
 | ||||
| +show changes in file labels
 | ||||
| +show changes in file labels.
 | ||||
|  .TP  | ||||
|  .B \-W | ||||
|  display warnings about entries that had no matching files. | ||||
| diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
 | ||||
| index fa0cd6a..590a4e0 100644
 | ||||
| index fa0cd6a..4da428c 100644
 | ||||
| --- a/policycoreutils/setfiles/setfiles.c
 | ||||
| +++ b/policycoreutils/setfiles/setfiles.c
 | ||||
| @@ -39,7 +39,7 @@ void usage(const char *const name)
 | ||||
| @ -4029,7 +4116,7 @@ index fa0cd6a..590a4e0 100644 | ||||
|  			break; | ||||
| +		case 'L':
 | ||||
| +			if (r_opts.selabel_opt_subset) {
 | ||||
| +				if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s;%s",r_opts.selabel_opt_subset,optarg) < 0) {
 | ||||
| +				if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s:%s",r_opts.selabel_opt_subset,optarg) < 0) {
 | ||||
| +					fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
 | ||||
| +					optarg, strerror(errno));
 | ||||
| +					exit(1);
 | ||||
|  | ||||
| @ -7,7 +7,7 @@ | ||||
| Summary: SELinux policy core utilities | ||||
| Name:	 policycoreutils | ||||
| Version: 2.1.5 | ||||
| Release: 5%{?dist} | ||||
| Release: 6%{?dist} | ||||
| License: GPLv2 | ||||
| Group:	 System Environment/Base | ||||
| # Based on git repository with tag 20101221 | ||||
| @ -352,6 +352,9 @@ fi | ||||
| /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : | ||||
| 
 | ||||
| %changelog | ||||
| * Wed Sep 14 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-6 | ||||
| - Change separator on -L from ; to : | ||||
| 
 | ||||
| * Thu Sep 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-5 | ||||
| - Add back lockdown wizard for booleans using pywebkitgtk | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user