* Wed Oct 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-8

- Validate semanage fcontext input - Fix template names for log files in gui
2007-10-31 10:57:59 +00:00 · 2007-10-31 10:57:59 +00:00 · 7791fd5472
commit 7791fd5472
parent 95c2ff0c21
3 changed files with 38 additions and 33 deletions
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@ -11118,8 +11118,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
 +"""
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.31/gui/templates/var_log.py
 --- nsapolicycoreutils/gui/templates/var_log.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.31/gui/templates/var_log.py	2007-10-18 17:46:44.000000000 -0400
+++ policycoreutils-2.0.31/gui/templates/var_log.py	2007-10-25 16:52:06.000000000 -0400
-@@ -0,0 +1,112 @@
+@@ -0,0 +1,110 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
 +#
@ -11174,8 +11174,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
 +	')
 +
 +	logging_search_logs($1)
-+	allow $1 TEMPLATETYPE_log_t:dir r_dir_perms;
+        read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
 +	allow $1 TEMPLATETYPE_log_t:file { read getattr lock };
 +')
 +
 +########################################
@ -11195,8 +11194,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
 +	')
 +
 +	logging_search_logs($1)
-+	allow $1 TEMPLATETYPE_log_t:dir r_dir_perms;
+        append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
 +	allow $1 TEMPLATETYPE_log_t:file { getattr append };
 +')
 +
 +########################################
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,6 +1,6 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.29/audit2why/audit2why.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.31/audit2why/audit2why.c
 --- nsapolicycoreutils/audit2why/audit2why.c	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.29/audit2why/audit2why.c	2007-10-08 08:37:08.000000000 -0400
+++ policycoreutils-2.0.31/audit2why/audit2why.c	2007-10-15 16:55:02.000000000 -0400
@@ -137,6 +137,8 @@
 	/* Process the audit messages. */
 	while (getline(&buffer, &len, stdin) > 0) {
@ -97,18 +97,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 		if (!tclass) {
 			fprintf(stderr,
 				"Invalid %s%s on line %u, skipping...\n",
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.29/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.31/Makefile
 --- nsapolicycoreutils/Makefile	2007-07-16 14:20:43.000000000 -0400
-+++ policycoreutils-2.0.29/Makefile	2007-10-08 08:36:41.000000000 -0400
+++ policycoreutils-2.0.31/Makefile	2007-10-15 16:55:02.000000000 -0400
@@ -1,4 +1,4 @@
 -SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
 all install relabel clean indent:
 	@for subdir in $(SUBDIRS); do \
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.29/restorecond/restorecond.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.31/restorecond/restorecond.c
 --- nsapolicycoreutils/restorecond/restorecond.c	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.29/restorecond/restorecond.c	2007-10-08 08:36:41.000000000 -0400
+++ policycoreutils-2.0.31/restorecond/restorecond.c	2007-10-15 16:55:02.000000000 -0400
@@ -210,9 +210,10 @@
 			}
@ -135,25 +135,28 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 	}
 	free(scontext);
 	close(fd);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.29/semanage/seobject.py
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.31/semanage/seobject.py
 --- nsapolicycoreutils/semanage/seobject.py	2007-10-07 21:46:43.000000000 -0400
-+++ policycoreutils-2.0.29/semanage/seobject.py	2007-10-08 08:36:41.000000000 -0400
+++ policycoreutils-2.0.31/semanage/seobject.py	2007-10-31 06:52:51.000000000 -0400
-@@ -139,7 +139,7 @@
+@@ -1095,7 +1092,13 @@
 			translations = fd.readlines()
 			fd.close()
 		except IOError, e:
 -			raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
 +			raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) )
- 		self.ddict = {}
+                 return con
- 		self.comments = []
+                
-@@ -236,9 +236,6 @@
+        def validate(self, target):
 +               if target == "" or target.find("\n") >= 0:
 +                      raise ValueError(_("Invalid file specification"))
 +                      
 	def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
 +                self.validate(target)
 +
 		if is_mls_enabled == 1:
                        serange = untranslate(serange)
@@ -1154,6 +1157,7 @@
 	def modify(self, target, setype, ftype, serange, seuser):
 		if serange == "" and setype == "" and seuser == "":
 			raise ValueError(_("Requires setype, serange or seuser"))
 +                self.validate(target)
 		(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
 		if rc < 0:
 			semanage_handle_destroy(self.sh)
 			raise ValueError(_("Could not establish semanage connection"))
 -        def deleteall(self):
 -               raise ValueError(_("Not yet implemented"))
 -               
 class loginRecords(semanageRecords):
 	def __init__(self, store = ""):
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.31
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -207,6 +207,10 @@ if [ "$1" -ge "1" ]; then
 fi
 %changelog
 * Wed Oct 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-8
 - Validate semanage fcontext input
 - Fix template names for log files in gui
 * Fri Oct 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-7
 - Fix consolekit link to selinux-polgengui