rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-1

Browse Source 
- Fix genhomedircon to work in installer
- Update to match NSA
	* Merged patch for chcat script from Dan Walsh.
This commit is contained in:
Daniel J Walsh 2005-12-14 20:34:32 +00:00
parent 6ffca6f764
commit 7238655897
4 changed files with 72 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -75,3 +75,4 @@ policycoreutils-1.27.36.tgz
policycoreutils-1.27.37.tgz policycoreutils-1.27.37.tgz
policycoreutils-1.28.tgz policycoreutils-1.28.tgz
policycoreutils-1.29.1.tgz policycoreutils-1.29.1.tgz
policycoreutils-1.29.2.tgz

284
policycoreutils-rhat.patch
View File

@ -1,232 +1,64 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.1/scripts/chcat diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.1/scripts/genhomedircon
--- nsapolicycoreutils/scripts/chcat 2005-12-08 12:52:47.000000000 -0500 --- nsapolicycoreutils/scripts/genhomedircon 2005-12-07 07:28:00.000000000 -0500
+++ policycoreutils-1.29.1/scripts/chcat 2005-12-09 18:20:29.000000000 -0500 +++ policycoreutils-1.29.1/scripts/genhomedircon 2005-12-14 14:12:00.000000000 -0500
@@ -25,26 +25,20 @@ @@ -29,11 +29,14 @@
import commands, sys, os, pwd, string, getopt, re, selinux import commands, sys, os, pwd, string, getopt, re
from semanage import *;
def chcat_add(orig, newcat, files): -fd=open("/etc/shells", 'r')
+ if len(newcat) == 1: -VALID_SHELLS=fd.read().split('\n')
+ raise ValueError("Requires at least one category") -fd.close()
errors=0 -if "/sbin/nologin" in VALID_SHELLS:
- cmd='chcon -l ' - VALID_SHELLS.remove("/sbin/nologin")
- if len(newcat) > 1: +try:
- sensitivity=newcat[0] + fd=open("/etc/shells", 'r')
- cat=newcat[1] + VALID_SHELLS=fd.read().split('\n')
- else: + fd.close()
- sensitivity=0 + if "/sbin/nologin" in VALID_SHELLS:
- cat=newcat[0] + VALID_SHELLS.remove("/sbin/nologin")
- +except:
- + VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']
+ sensitivity=newcat[0]
+ cat=newcat[1]
+ cmd='chcon -l %s' % sensitivity
for f in files:
- (rc, con) = selinux.getfilecon(f)
- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
- clist=raw.split(":")[3:]
- if sensitivity == 0:
- sensitivity = clist[0]
- if len(clist) > 1:
- if clist[0] != sensitivity:
+ (rc, c) = selinux.getfilecon(f)
+ con=c.split(":")[3:]
+ clist = translate(con)
+ if sensitivity != clist[0]:
print("Can not modify sensitivity levels using '+' on %s" % f)
- continue
+
+ if len(clist) > 1:
cats=clist[1].split(",")
if cat in cats:
print "%s is already in %s" % (f, orig)
@@ -64,23 +58,21 @@
return errors
def chcat_remove(orig, newcat, files): def getStartingUID():
+ if len(newcat) == 1: starting_uid = sys.maxint
+ raise ValueError("Requires at least one category") @@ -163,21 +166,29 @@
errors=0 return role
- if len(newcat) > 1:
- sensitivity=newcat[0]
- cat=newcat[1]
- else:
- sensitivity=0
- cat=newcat[0]
+ sensitivity=newcat[0]
+ cat=newcat[1]
+
for f in files:
- (rc, con) = selinux.getfilecon(f)
- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
- clist=raw.split(":")[3:]
- if sensitivity == 0:
- sensitivity = clist[0]
- if len(clist) > 1:
- if clist[0] != sensitivity:
+ (rc, c) = selinux.getfilecon(f)
+ con=c.split(":")[3:]
+ clist = translate(con)
+ if sensitivity != clist[0]:
print("Can not modify sensitivity levels using '+' on %s" % f)
continue
+
+ if len(clist) > 1:
cats=clist[1].split(",")
if cat not in cats:
print "%s is not in %s" % (f, orig)
@@ -108,51 +100,69 @@
def chcat_replace(orig, newcat, files): def adduser(self, udict, user, seuser, role):
errors=0 + if seuser == "user_u" or user == "__default__":
- if len(newcat) > 1: + return
+ if len(newcat) == 1: + # !!! chooses first role in the list to use in the file context !!!
+ if newcat[0][0] == "s" and newcat[0][1:].isdigit() and int(newcat[0][1:]) in range(0,16): + if role[-2:] == "_r" or role[-2:] == "_u":
+ sensitivity=newcat[0] + role = role[:-2]
+ cmd='chcon -l %s ' % newcat[0] try:
- if seuser == "user_u" or user == "__default__":
- return
- # !!! chooses first role in the list to use in the file context !!!
- if role[-2:] == "_r" or role[-2:] == "_u":
- role = role[:-2]
home = pwd.getpwnam(user)[5]
if home == "/":
- return
- prefs = {}
- prefs["role"] = role
- prefs["home"] = home
- udict[seuser] = prefs
+ # Probably install so hard code to /root
+ if user == "root":
+ home="/root"
+ else: + else:
+ cmd='chcon -l s0:%s ' % newcat[0] + return
except KeyError:
- sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
+ if user == "root":
+ home = "/root"
+ else: + else:
sensitivity=newcat[0] + sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
cat=newcat[1] + return
cmd='chcon -l %s:%s ' % (sensitivity, cat) + prefs = {}
- for f in files: + prefs["role"] = role
- cmd = "%s %s" % (cmd, f) + prefs["home"] = home
- + udict[seuser] = prefs
- rc=commands.getstatusoutput(cmd)
- if rc[0] != 0:
- print rc[1]
- errors += 1
- else:
- cat=newcat[0]
- for f in files:
- (rc, con) = selinux.getfilecon(f)
- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
- clist=raw.split(":")[3:]
- sensitivity=clist[0]
- cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
- rc=commands.getstatusoutput(cmd)
- if rc[0] != 0:
- print rc[1]
- errors+=1
+ for f in files:
+ cmd = "%s %s" % (cmd, f)
+ rc=commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+
return errors
-def chcat(cats, files):
- errors=0
+def check_replace(cats):
+ plus_ind=0
+ replace_ind=0
for c in cats:
- if len(c) > 0 and c[0] == "+":
- (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
- rlist=raw.split(":")
- errors += chcat_add(c[1:], rlist[3:], files)
- continue
- if len(c) > 0 and c[0] == "-":
- (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
- rlist=raw.split(":")
- errors += chcat_remove(c[1:], rlist[3:], files)
- continue
+ if len(c) > 0 and ( c[0] == "+" or c[0] == "-" ):
+ if replace_ind:
+ raise ValueError("Can not combine +/- with other types of categories")
+ plus_ind=1
+ else:
+ replace_ind=1
+ if plus_ind:
+ raise ValueError("Can not combine +/- with other types of categories")
+ return replace_ind
+def translate(cats):
+ newcat=[]
+ for c in cats:
(rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c)
- rlist=raw.split(":")
- errors += chcat_replace(c[1:], rlist[3:], files)
-
- return errors
+ rlist=raw.split(":")[3:]
+ if len(rlist) > 1:
+ if len(newcat) == 0:
+ newcat.append(rlist[0])
+ else:
+ if newcat[0] != rlist[0]:
+ raise ValueError("Can not have multiple sensitivities")
+ newcat.append(rlist[1])
+ else:
+ if rlist[0][0] == "s" and rlist[0][1:].isdigit() and int(rlist[0][1:]) in range(0,16):
+
+ if len(newcat) == 0:
+ newcat.append(rlist[0])
+ else:
+ if newcat[0] != rlist[0]:
+ raise ValueError("Can not have multiple sensitivities")
+ else:
+ if len(newcat) == 0:
+ newcat.append("s0")
+ else:
+ if newcat[0] != "s0":
+ raise ValueError("Can not have multiple sensitivities")
+ newcat.append(rlist[0])
+
+ return newcat
def usage():
print "Usage %s CATEGORY File ..." % sys.argv[0]
@@ -190,26 +200,36 @@
usage()
except:
usage()
+
if delete_ind:
- sys.exit(chcat([""], cmds))
+ sys.exit(chcat_replace(["s0"], ["s0"], cmds))
+
if len(cmds) < 2:
usage()
- cats=cmds[0].split(",")
set_ind=0
+ cats=cmds[0].split(",")
mod_ind=0
- for i in cats:
- if i[0]=='+' or i[0]=="-":
- mod_ind=1
- if set_ind == 1:
- error("You can not use '%s' with previous categories" % i)
- else:
- if mod_ind == 1 or set_ind==1:
- error("You can not use '%s' with previous categories" % i)
- set_ind=1
-
+ errors=0
files=cmds[1:]
- sys.exit(chcat(cats, files))
+ try:
+ if check_replace(cats):
+ errors=chcat_replace(cats,translate(cats), files)
+ else:
+ for c in cats:
+ l=[]
+ l.append(c[1:])
+ if len(c) > 0 and c[0] == "+":
+ errors += chcat_add(c[1:],translate(l), files)
+ continue
+ if len(c) > 0 and c[0] == "-":
+ errors += chcat_remove(c[1:],translate(l), files)
+ continue
+ except ValueError, e:
+ error(e)
+
+ sys.exit(errors)
+
def getUsers(self):
udict = {}

13
policycoreutils.spec
View File

@ -1,10 +1,10 @@
%define libsepolver 1.10-1 %define libsepolver 1.10-1
%define libsemanagever 1.4-1 %define libsemanagever 1.5.3-1
%define libselinuxver 1.29.1-2 %define libselinuxver 1.29.2-1
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.29.1 Version: 1.29.2
Release: 3 Release: 1
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -96,6 +96,11 @@ rm -rf ${RPM_BUILD_ROOT}
%config(noreplace) %{_sysconfdir}/sestatus.conf %config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog %changelog
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-1
- Fix genhomedircon to work in installer
- Update to match NSA
* Merged patch for chcat script from Dan Walsh.
* Fri Dec 9 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-2 * Fri Dec 9 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-2
- More fixes to chcat - More fixes to chcat

2
sources
View File

@ -1 +1 @@
92504be57af5d7dd21191f66014126d7 policycoreutils-1.29.1.tgz db981cfd14f597746ed87ada3a815d0e policycoreutils-1.29.2.tgz