rpms/policycoreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

* Tue Jun 13 2006 James Antill <jantill@redhat.com> 1.30.12-5

Browse Source 
- Update audit mass relabel to only compile in when audit is installed.
This commit is contained in:
jantill 2006-06-13 20:25:13 +00:00
parent 030a28bfcf
commit 6ec3e2b290
2 changed files with 1 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
policycoreutils-rhat.patch
View File

@ -3515,101 +3515,3 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
os.rename(newfilename, self.filename) os.rename(newfilename, self.filename)
class semanageRecords: class semanageRecords:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-1.30.12/setfiles/Makefile
--- nsapolicycoreutils/setfiles/Makefile 2006-05-30 09:07:14.000000000 -0400
+++ policycoreutils-1.30.12/setfiles/Makefile 2006-06-07 10:50:41.000000000 -0400
@@ -7,6 +7,7 @@
CFLAGS = -Werror -Wall -W
override CFLAGS += -D_FILE_OFFSET_BITS=64 -I$(PREFIX)/include
LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+LDLIBS += -laudit
all: setfiles
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.30.12/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2006-05-15 09:43:12.000000000 -0400
+++ policycoreutils-1.30.12/setfiles/setfiles.c 2006-06-07 10:50:41.000000000 -0400
@@ -75,6 +75,11 @@
#include <selinux/selinux.h>
#include <syslog.h>
#include <libgen.h>
+#include <libaudit.h>
+
+#ifndef AUDIT_FS_RELABEL
+#define AUDIT_FS_RELABEL 2309
+#endif
static int add_assoc = 1;
static FILE *outfile=NULL;
@@ -395,7 +400,7 @@
/* trim trailing /, if present */
len = strlen(rootpath);
- while ('/' == rootpath[len - 1])
+ while (len && ('/' == rootpath[len - 1]))
rootpath[--len] = 0;
rootpathlen = len;
}
@@ -443,11 +448,35 @@
return 0;
}
+static void maybe_audit_mass_relabel(int done_root, int errs)
+{
+ int audit_fd = -1;
+ int rc = 0;
+
+ if (!done_root) /* only audit a forced full relabel */
+ return;
+
+ audit_fd = audit_open();
+
+ if (audit_fd < 0) {
+ fprintf(stderr, "Error connecting to audit system.\n");
+ return;
+ }
+
+ rc = audit_log_user_message(audit_fd, AUDIT_FS_RELABEL,
+ "op=mass relabel", NULL, NULL, NULL, !errs);
+ if (rc <= 0) {
+ fprintf(stderr, "Error sending audit message: %s.\n", strerror(errno));
+ }
+ audit_close(audit_fd);
+}
+
int main(int argc, char **argv)
{
struct stat sb;
int opt, rc, i;
-
+ int done_root = 0; /* have we processed the / directory as an arg */
+
memset(excludeArray,0, sizeof(excludeArray));
/* Validate all file contexts during matchpathcon_init. */
@@ -618,6 +647,8 @@
}
else for (; optind < argc; optind++)
{
+ done_root |= !strcmp(argv[optind], "/");
+
if (NULL != rootpath) {
qprintf("%s: labeling files, pretending %s is /\n",
argv[0], rootpath);
@@ -648,6 +679,7 @@
fprintf(stderr,
"%s: error while labeling files under %s\n",
argv[0], argv[optind]);
+ maybe_audit_mass_relabel(done_root, 1);
exit(1);
}
}
@@ -664,6 +696,8 @@
matchpathcon_filespec_destroy();
}
+ maybe_audit_mass_relabel(done_root, 0);
+
if (warn_no_match)
matchpathcon_checkmatches(argv[0]);

2
policycoreutils.spec
View File

@ -5,7 +5,7 @@
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.30.12 Version: 1.30.12
Release: 4 Release: 5
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz