* Tue Jun 13 2006 James Antill <jantill@redhat.com> 1.30.12-5
- Update audit mass relabel to only compile in when audit is installed.
This commit is contained in:
		
							parent
							
								
									030a28bfcf
								
							
						
					
					
						commit
						6ec3e2b290
					
				| @ -3515,101 +3515,3 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol | ||||
|  		os.rename(newfilename, self.filename) | ||||
|   | ||||
|  class semanageRecords: | ||||
| diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-1.30.12/setfiles/Makefile
 | ||||
| --- nsapolicycoreutils/setfiles/Makefile	2006-05-30 09:07:14.000000000 -0400
 | ||||
| +++ policycoreutils-1.30.12/setfiles/Makefile	2006-06-07 10:50:41.000000000 -0400
 | ||||
| @@ -7,6 +7,7 @@
 | ||||
|  CFLAGS = -Werror -Wall -W  | ||||
|  override CFLAGS += -D_FILE_OFFSET_BITS=64 -I$(PREFIX)/include | ||||
|  LDLIBS = -lselinux -lsepol -L$(LIBDIR) | ||||
| +LDLIBS += -laudit
 | ||||
|   | ||||
|  all: setfiles | ||||
|   | ||||
| diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.30.12/setfiles/setfiles.c
 | ||||
| --- nsapolicycoreutils/setfiles/setfiles.c	2006-05-15 09:43:12.000000000 -0400
 | ||||
| +++ policycoreutils-1.30.12/setfiles/setfiles.c	2006-06-07 10:50:41.000000000 -0400
 | ||||
| @@ -75,6 +75,11 @@
 | ||||
|  #include <selinux/selinux.h> | ||||
|  #include <syslog.h>  | ||||
|  #include <libgen.h> | ||||
| +#include <libaudit.h>
 | ||||
| +
 | ||||
| +#ifndef AUDIT_FS_RELABEL
 | ||||
| +#define AUDIT_FS_RELABEL 2309
 | ||||
| +#endif
 | ||||
|   | ||||
|  static int add_assoc = 1; | ||||
|  static FILE *outfile=NULL; | ||||
| @@ -395,7 +400,7 @@
 | ||||
|   | ||||
|  	/* trim trailing /, if present */ | ||||
|  	len = strlen(rootpath); | ||||
| -	while ('/' == rootpath[len - 1])
 | ||||
| +	while (len && ('/' == rootpath[len - 1]))
 | ||||
|  		rootpath[--len] = 0; | ||||
|  	rootpathlen = len; | ||||
|  } | ||||
| @@ -443,11 +448,35 @@
 | ||||
|    return 0; | ||||
|  } | ||||
|   | ||||
| +static void maybe_audit_mass_relabel(int done_root, int errs)
 | ||||
| +{
 | ||||
| +  int audit_fd = -1;
 | ||||
| +  int rc = 0;
 | ||||
| +  
 | ||||
| +  if (!done_root) /* only audit a forced full relabel */
 | ||||
| +    return;
 | ||||
| +  
 | ||||
| +  audit_fd = audit_open();
 | ||||
| +
 | ||||
| +  if (audit_fd < 0) {
 | ||||
| +    fprintf(stderr, "Error connecting to audit system.\n");
 | ||||
| +    return;
 | ||||
| +  }
 | ||||
| +
 | ||||
| +  rc = audit_log_user_message(audit_fd, AUDIT_FS_RELABEL,
 | ||||
| +                              "op=mass relabel", NULL, NULL, NULL, !errs);
 | ||||
| +  if (rc <= 0) {
 | ||||
| +    fprintf(stderr, "Error sending audit message: %s.\n", strerror(errno));
 | ||||
| +  }
 | ||||
| +  audit_close(audit_fd);
 | ||||
| +}
 | ||||
| +
 | ||||
|  int main(int argc, char **argv) | ||||
|  { | ||||
|  	struct stat sb; | ||||
|  	int opt, rc, i; | ||||
| -
 | ||||
| +        int done_root = 0; /* have we processed the / directory as an arg */
 | ||||
| +        
 | ||||
|  	memset(excludeArray,0, sizeof(excludeArray)); | ||||
|   | ||||
|  	/* Validate all file contexts during matchpathcon_init. */ | ||||
| @@ -618,6 +647,8 @@
 | ||||
|  	} | ||||
|  	else for (; optind < argc; optind++) | ||||
|  	{ | ||||
| +                done_root |= !strcmp(argv[optind], "/");
 | ||||
| +                
 | ||||
|  		if (NULL != rootpath) { | ||||
|  			qprintf("%s:  labeling files, pretending %s is /\n", | ||||
|  				argv[0], rootpath); | ||||
| @@ -648,6 +679,7 @@
 | ||||
|  				fprintf(stderr, | ||||
|  				"%s:  error while labeling files under %s\n", | ||||
|  				argv[0], argv[optind]); | ||||
| +				maybe_audit_mass_relabel(done_root, 1);
 | ||||
|  				exit(1); | ||||
|  			} | ||||
|  		} | ||||
| @@ -664,6 +696,8 @@
 | ||||
|  		matchpathcon_filespec_destroy(); | ||||
|  	} | ||||
|   | ||||
| +        maybe_audit_mass_relabel(done_root, 0);
 | ||||
| +
 | ||||
|  	if (warn_no_match) | ||||
|  		matchpathcon_checkmatches(argv[0]); | ||||
|   | ||||
|  | ||||
| @ -5,7 +5,7 @@ | ||||
| Summary: SELinux policy core utilities. | ||||
| Name: policycoreutils | ||||
| Version: 1.30.12 | ||||
| Release: 4 | ||||
| Release: 5 | ||||
| License: GPL | ||||
| Group: System Environment/Base | ||||
| Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user