* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-14
- Add enable/disable patch
This commit is contained in:
parent
6c6ee0fad7
commit
7b3ab100a9
@ -1,6 +1,6 @@
|
|||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
|
||||||
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
|
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -42,6 +42,8 @@
|
@@ -42,6 +42,8 @@
|
||||||
from optparse import OptionParser
|
from optparse import OptionParser
|
||||||
|
|
||||||
@ -40,7 +40,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
f = sys.stdin
|
f = sys.stdin
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
|
||||||
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/Makefile 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/Makefile 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -1,4 +1,4 @@
|
@@ -1,4 +1,4 @@
|
||||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||||
+SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
+SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||||
@ -49,7 +49,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile
|
||||||
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -1,17 +1,28 @@
|
@@ -1,17 +1,28 @@
|
||||||
# Installation directories.
|
# Installation directories.
|
||||||
PREFIX ?= ${DESTDIR}/usr
|
PREFIX ?= ${DESTDIR}/usr
|
||||||
@ -98,14 +98,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
/sbin/restorecon $(SBINDIR)/restorecond
|
/sbin/restorecon $(SBINDIR)/restorecond
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service
|
||||||
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,3 @@
|
@@ -0,0 +1,3 @@
|
||||||
+[D-BUS Service]
|
+[D-BUS Service]
|
||||||
+Name=org.selinux.Restorecond
|
+Name=org.selinux.Restorecond
|
||||||
+Exec=/usr/sbin/restorecond -u
|
+Exec=/usr/sbin/restorecond -u
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -48,294 +48,38 @@
|
@@ -48,294 +48,38 @@
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
@ -598,7 +598,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -4,8 +4,5 @@
|
@@ -4,8 +4,5 @@
|
||||||
/etc/mtab
|
/etc/mtab
|
||||||
/var/run/utmp
|
/var/run/utmp
|
||||||
@ -611,7 +611,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
-
|
-
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,7 @@
|
@@ -0,0 +1,7 @@
|
||||||
+[Desktop Entry]
|
+[Desktop Entry]
|
||||||
+Name=File Context maintainer
|
+Name=File Context maintainer
|
||||||
@ -622,7 +622,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+StartupNotify=false
|
+StartupNotify=false
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -24,7 +24,21 @@
|
@@ -24,7 +24,21 @@
|
||||||
#ifndef RESTORED_CONFIG_H
|
#ifndef RESTORED_CONFIG_H
|
||||||
#define RESTORED_CONFIG_H
|
#define RESTORED_CONFIG_H
|
||||||
@ -649,13 +649,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
#endif
|
#endif
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf
|
||||||
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,2 @@
|
@@ -0,0 +1,2 @@
|
||||||
+~/*
|
+~/*
|
||||||
+~/public_html/*
|
+~/public_html/*
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c
|
||||||
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/restorecond/user.c 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/restorecond/user.c 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,237 @@
|
@@ -0,0 +1,237 @@
|
||||||
+/*
|
+/*
|
||||||
+ * restorecond
|
+ * restorecond
|
||||||
@ -896,7 +896,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c
|
||||||
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,254 @@
|
@@ -0,0 +1,254 @@
|
||||||
+#define _GNU_SOURCE
|
+#define _GNU_SOURCE
|
||||||
+#include <sys/inotify.h>
|
+#include <sys/inotify.h>
|
||||||
@ -1154,7 +1154,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.71/sandbox/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.71/sandbox/Makefile
|
||||||
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,31 @@
|
@@ -0,0 +1,31 @@
|
||||||
+# Installation directories.
|
+# Installation directories.
|
||||||
+PREFIX ?= ${DESTDIR}/usr
|
+PREFIX ?= ${DESTDIR}/usr
|
||||||
@ -1189,8 +1189,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+relabel:
|
+relabel:
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.71/sandbox/sandbox
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.71/sandbox/sandbox
|
||||||
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,193 @@
|
@@ -0,0 +1,202 @@
|
||||||
+#!/usr/bin/python -E
|
+#!/usr/bin/python -E
|
||||||
+import os, sys, getopt, socket, random, fcntl, shutil
|
+import os, sys, getopt, socket, random, fcntl, shutil
|
||||||
+import selinux
|
+import selinux
|
||||||
@ -1341,7 +1341,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+ break
|
+ break
|
||||||
+
|
+
|
||||||
+ try:
|
+ try:
|
||||||
|
+ newhomedir = None
|
||||||
|
+ newtmpdir = None
|
||||||
+ if X_ind:
|
+ if X_ind:
|
||||||
|
+ if not os.path.exists("/usr/sbin/seunshare"):
|
||||||
|
+ raise ValueError("""/usr/sbin/seunshare required for sandbox -X, to install you need to execute
|
||||||
|
+#yum install /usr/sbin/seunshare""")
|
||||||
|
+ else:
|
||||||
|
+ print "exists"
|
||||||
+ import warnings
|
+ import warnings
|
||||||
+ warnings.simplefilter("ignore")
|
+ warnings.simplefilter("ignore")
|
||||||
+ newhomedir = os.tempnam(".", ".sandbox%s")
|
+ newhomedir = os.tempnam(".", ".sandbox%s")
|
||||||
@ -1368,7 +1375,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+ selinux.setexeccon(None)
|
+ selinux.setexeccon(None)
|
||||||
+ finally:
|
+ finally:
|
||||||
+ if X_ind:
|
+ if X_ind:
|
||||||
|
+ if newhomedir:
|
||||||
+ shutil.rmtree(newhomedir)
|
+ shutil.rmtree(newhomedir)
|
||||||
|
+ if newtmpdir:
|
||||||
+ shutil.rmtree(newtmpdir)
|
+ shutil.rmtree(newtmpdir)
|
||||||
+
|
+
|
||||||
+ except getopt.GetoptError, error:
|
+ except getopt.GetoptError, error:
|
||||||
@ -1386,7 +1395,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.71/sandbox/sandbox.8
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.71/sandbox/sandbox.8
|
||||||
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,26 @@
|
@@ -0,0 +1,26 @@
|
||||||
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
|
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
|
||||||
+.SH NAME
|
+.SH NAME
|
||||||
@ -1416,7 +1425,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+.PP
|
+.PP
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.71/sandbox/sandboxX.sh
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.71/sandbox/sandboxX.sh
|
||||||
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,13 @@
|
@@ -0,0 +1,13 @@
|
||||||
+#!/bin/bash
|
+#!/bin/bash
|
||||||
+(Xephyr -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
+(Xephyr -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||||
@ -1431,10 +1440,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+exit $EXITCODE
|
+exit $EXITCODE
|
||||||
+break
|
+break
|
||||||
+done
|
+done
|
||||||
Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.71/sandbox/seunshare differ
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.71/sandbox/seunshare.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.71/sandbox/seunshare.c
|
||||||
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-26 17:50:31.000000000 -0400
|
+++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,203 @@
|
@@ -0,0 +1,203 @@
|
||||||
+#include <signal.h>
|
+#include <signal.h>
|
||||||
+#include <sys/types.h>
|
+#include <sys/types.h>
|
||||||
@ -1639,10 +1647,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
+ return status;
|
+ return status;
|
||||||
+}
|
+}
|
||||||
Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.71/sandbox/seunshare.o differ
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat
|
||||||
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
|
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/scripts/chcat 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/scripts/chcat 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -435,6 +435,8 @@
|
@@ -435,6 +435,8 @@
|
||||||
continue
|
continue
|
||||||
except ValueError, e:
|
except ValueError, e:
|
||||||
@ -1654,7 +1661,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile
|
||||||
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
|
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/scripts/Makefile 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/scripts/Makefile 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -5,7 +5,7 @@
|
@@ -5,7 +5,7 @@
|
||||||
MANDIR ?= $(PREFIX)/share/man
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
LOCALEDIR ?= /usr/share/locale
|
LOCALEDIR ?= /usr/share/locale
|
||||||
@ -1666,7 +1673,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
-mkdir -p $(BINDIR)
|
-mkdir -p $(BINDIR)
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage
|
||||||
--- nsapolicycoreutils/semanage/semanage 2009-08-19 16:35:03.000000000 -0400
|
--- nsapolicycoreutils/semanage/semanage 2009-08-19 16:35:03.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/semanage/semanage 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/semanage/semanage 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -68,6 +68,7 @@
|
@@ -68,6 +68,7 @@
|
||||||
-h, --help Display this message
|
-h, --help Display this message
|
||||||
-n, --noheading Do not print heading when listing OBJECTS
|
-n, --noheading Do not print heading when listing OBJECTS
|
||||||
@ -1776,7 +1783,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py
|
||||||
--- nsapolicycoreutils/semanage/seobject.py 2009-08-19 16:35:03.000000000 -0400
|
--- nsapolicycoreutils/semanage/seobject.py 2009-08-19 16:35:03.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -1,5 +1,5 @@
|
@@ -1,5 +1,5 @@
|
||||||
#! /usr/bin/python -E
|
#! /usr/bin/python -E
|
||||||
-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
|
-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
|
||||||
@ -1903,9 +1910,683 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
class booleanRecords(semanageRecords):
|
class booleanRecords(semanageRecords):
|
||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.71/semodule/semodule.8
|
||||||
|
--- nsapolicycoreutils/semodule/semodule.8 2008-08-28 09:34:24.000000000 -0400
|
||||||
|
+++ policycoreutils-2.0.71/semodule/semodule.8 2009-08-28 14:07:24.000000000 -0400
|
||||||
|
@@ -35,6 +35,12 @@
|
||||||
|
.B \-b,\-\-base=MODULE_PKG
|
||||||
|
install/replace base module package
|
||||||
|
.TP
|
||||||
|
+.B \-d,\-\-disable=MODULE_NAME
|
||||||
|
+disable existing module
|
||||||
|
+.TP
|
||||||
|
+.B \-e,\-\-enable=MODULE_NAME
|
||||||
|
+enable existing module
|
||||||
|
+.TP
|
||||||
|
.B \-r,\-\-remove=MODULE_NAME
|
||||||
|
remove existing module
|
||||||
|
.TP
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8.enable policycoreutils-2.0.71/semodule/semodule.8.enable
|
||||||
|
--- nsapolicycoreutils/semodule/semodule.8.enable 1969-12-31 19:00:00.000000000 -0500
|
||||||
|
+++ policycoreutils-2.0.71/semodule/semodule.8.enable 2009-08-12 12:08:15.000000000 -0400
|
||||||
|
@@ -0,0 +1,79 @@
|
||||||
|
+.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
|
||||||
|
+.SH NAME
|
||||||
|
+semodule \- Manage SELinux policy modules.
|
||||||
|
+
|
||||||
|
+.SH SYNOPSIS
|
||||||
|
+.B semodule [options]... MODE [MODES]...
|
||||||
|
+.br
|
||||||
|
+.SH DESCRIPTION
|
||||||
|
+.PP
|
||||||
|
+semodule is the tool used to manage SELinux policy modules,
|
||||||
|
+including installing, upgrading, listing and removing modules.
|
||||||
|
+semodule may also be used to force a rebuild of policy from the
|
||||||
|
+module store and/or to force a reload of policy without performing
|
||||||
|
+any other transaction. semodule acts on module packages created
|
||||||
|
+by semodule_package. Conventionally, these files have a .pp suffix
|
||||||
|
+(policy package), although this is not mandated in any way.
|
||||||
|
+
|
||||||
|
+.SH "OPTIONS"
|
||||||
|
+.TP
|
||||||
|
+.B \-R, \-\-reload
|
||||||
|
+force a reload of policy
|
||||||
|
+.TP
|
||||||
|
+.B \-B, \-\-build
|
||||||
|
+force a rebuild of policy (also reloads unless -n is used)
|
||||||
|
+.TP
|
||||||
|
+.B \-D, \-\-disable_dontaudit
|
||||||
|
+Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
|
||||||
|
+.TP
|
||||||
|
+.B \-i,\-\-install=MODULE_PKG
|
||||||
|
+install/replace a module package
|
||||||
|
+.TP
|
||||||
|
+.B \-u,\-\-upgrade=MODULE_PKG
|
||||||
|
+upgrade an existing module package
|
||||||
|
+.TP
|
||||||
|
+.B \-b,\-\-base=MODULE_PKG
|
||||||
|
+install/replace base module package
|
||||||
|
+.TP
|
||||||
|
+.B \-r,\-\-remove=MODULE_NAME
|
||||||
|
+remove existing module
|
||||||
|
+.TP
|
||||||
|
+.B \-l,\-\-list-modules
|
||||||
|
+display list of installed modules (other than base)
|
||||||
|
+.TP
|
||||||
|
+.B \-s,\-\-store
|
||||||
|
+name of the store to operate on
|
||||||
|
+.TP
|
||||||
|
+.B \-n,\-\-noreload
|
||||||
|
+do not reload policy after commit
|
||||||
|
+.TP
|
||||||
|
+.B \-h,\-\-help
|
||||||
|
+prints help message and quit
|
||||||
|
+.TP
|
||||||
|
+.B \-v,\-\-verbose
|
||||||
|
+be verbose
|
||||||
|
+
|
||||||
|
+.SH EXAMPLE
|
||||||
|
+.nf
|
||||||
|
+# Install or replace a base policy package.
|
||||||
|
+$ semodule -b base.pp
|
||||||
|
+# Install or replace a non-base policy package.
|
||||||
|
+$ semodule -i httpd.pp
|
||||||
|
+# List non-base modules.
|
||||||
|
+$ semodule -l
|
||||||
|
+# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
|
||||||
|
+$ semodule -DB
|
||||||
|
+# Turn "dontaudit" rules back on.
|
||||||
|
+$ semodule -B
|
||||||
|
+# Install or replace all non-base modules in the current directory.
|
||||||
|
+$ semodule -i *.pp
|
||||||
|
+# Install or replace all modules in the current directory.
|
||||||
|
+$ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
|
||||||
|
+.fi
|
||||||
|
+
|
||||||
|
+.SH SEE ALSO
|
||||||
|
+.B checkmodule(8), semodule_package(8)
|
||||||
|
+.SH AUTHORS
|
||||||
|
+.nf
|
||||||
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||||||
|
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.71/semodule/semodule.c
|
||||||
|
--- nsapolicycoreutils/semodule/semodule.c 2009-07-07 15:32:32.000000000 -0400
|
||||||
|
+++ policycoreutils-2.0.71/semodule/semodule.c 2009-08-28 14:08:55.000000000 -0400
|
||||||
|
@@ -22,12 +22,12 @@
|
||||||
|
|
||||||
|
#include <semanage/modules.h>
|
||||||
|
|
||||||
|
-enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
|
||||||
|
+enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
|
||||||
|
LIST_M, RELOAD
|
||||||
|
};
|
||||||
|
/* list of modes in which one ought to commit afterwards */
|
||||||
|
static const int do_commit[] = {
|
||||||
|
- 0, 1, 1, 1, 1,
|
||||||
|
+ 0, 1, 1, 1, 1, 1, 1,
|
||||||
|
0, 0
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -106,7 +106,9 @@
|
||||||
|
printf(" -i,--install=MODULE_PKG install a new module\n");
|
||||||
|
printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
|
||||||
|
printf(" -b,--base=MODULE_PKG install new base module\n");
|
||||||
|
- printf(" -r,--remove=MODULE_NAME remove existing module\n");
|
||||||
|
+ printf(" -e,--enable=MODULE_PKG enable existing module\n");
|
||||||
|
+ printf(" -d,--disable=MODULE_PKG disable existing module\n");
|
||||||
|
+ printf(" -r,--remove=MODULE_NAME remove existing module\n");
|
||||||
|
printf
|
||||||
|
(" -l,--list-modules display list of installed modules\n");
|
||||||
|
printf("Other options:\n");
|
||||||
|
@@ -152,6 +154,8 @@
|
||||||
|
{"install", required_argument, NULL, 'i'},
|
||||||
|
{"list-modules", 0, NULL, 'l'},
|
||||||
|
{"verbose", 0, NULL, 'v'},
|
||||||
|
+ {"enable", required_argument, NULL, 'e'},
|
||||||
|
+ {"disable", required_argument, NULL, 'd'},
|
||||||
|
{"remove", required_argument, NULL, 'r'},
|
||||||
|
{"upgrade", required_argument, NULL, 'u'},
|
||||||
|
{"reload", 0, NULL, 'R'},
|
||||||
|
@@ -166,7 +170,7 @@
|
||||||
|
no_reload = 0;
|
||||||
|
create_store = 0;
|
||||||
|
while ((i =
|
||||||
|
- getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
|
||||||
|
+ getopt_long(argc, argv, "s:b:hi:lvqe:d:r:u:RnBD", opts,
|
||||||
|
NULL)) != -1) {
|
||||||
|
switch (i) {
|
||||||
|
case 'b':
|
||||||
|
@@ -185,6 +189,12 @@
|
||||||
|
case 'v':
|
||||||
|
verbose = 1;
|
||||||
|
break;
|
||||||
|
+ case 'e':
|
||||||
|
+ set_mode(ENABLE_M, optarg);
|
||||||
|
+ break;
|
||||||
|
+ case 'd':
|
||||||
|
+ set_mode(DISABLE_M, optarg);
|
||||||
|
+ break;
|
||||||
|
case 'r':
|
||||||
|
set_mode(REMOVE_M, optarg);
|
||||||
|
break;
|
||||||
|
@@ -238,6 +248,10 @@
|
||||||
|
mode = UPGRADE_M;
|
||||||
|
} else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
|
||||||
|
mode = REMOVE_M;
|
||||||
|
+ } else if (commands && commands[num_commands - 1].mode == ENABLE_M) {
|
||||||
|
+ mode = ENABLE_M;
|
||||||
|
+ } else if (commands && commands[num_commands - 1].mode == DISABLE_M) {
|
||||||
|
+ mode = DISABLE_M;
|
||||||
|
} else {
|
||||||
|
fprintf(stderr, "unknown additional arguments:\n");
|
||||||
|
while (optind < argc)
|
||||||
|
@@ -352,6 +366,30 @@
|
||||||
|
semanage_module_install_base_file(sh, mode_arg);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
+ case ENABLE_M:{
|
||||||
|
+ if (verbose) {
|
||||||
|
+ printf
|
||||||
|
+ ("Attempting to enable module '%s':\n",
|
||||||
|
+ mode_arg);
|
||||||
|
+ }
|
||||||
|
+ result = semanage_module_enable(sh, mode_arg);
|
||||||
|
+ if ( result == -2 ) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ case DISABLE_M:{
|
||||||
|
+ if (verbose) {
|
||||||
|
+ printf
|
||||||
|
+ ("Attempting to disable module '%s':\n",
|
||||||
|
+ mode_arg);
|
||||||
|
+ }
|
||||||
|
+ result = semanage_module_disable(sh, mode_arg);
|
||||||
|
+ if ( result == -2 ) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
case REMOVE_M:{
|
||||||
|
if (verbose) {
|
||||||
|
printf
|
||||||
|
@@ -382,11 +420,12 @@
|
||||||
|
semanage_module_info_t *m =
|
||||||
|
semanage_module_list_nth
|
||||||
|
(modinfo, j);
|
||||||
|
- printf("%s\t%s\n",
|
||||||
|
+ printf("%s\t%s\t%s\n",
|
||||||
|
semanage_module_get_name
|
||||||
|
(m),
|
||||||
|
semanage_module_get_version
|
||||||
|
- (m));
|
||||||
|
+ (m),
|
||||||
|
+ (semanage_module_get_enabled(m) ? "" : "Disabled"));
|
||||||
|
semanage_module_info_datum_destroy
|
||||||
|
(m);
|
||||||
|
}
|
||||||
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c.enable policycoreutils-2.0.71/semodule/semodule.c.enable
|
||||||
|
--- nsapolicycoreutils/semodule/semodule.c.enable 1969-12-31 19:00:00.000000000 -0500
|
||||||
|
+++ policycoreutils-2.0.71/semodule/semodule.c.enable 2009-08-12 12:08:15.000000000 -0400
|
||||||
|
@@ -0,0 +1,454 @@
|
||||||
|
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
|
||||||
|
+ * Joshua Brindle <jbrindle@tresys.com>
|
||||||
|
+ * Jason Tang <jtang@tresys.com>
|
||||||
|
+ *
|
||||||
|
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
|
||||||
|
+ * This program is free software; you can redistribute it and/or
|
||||||
|
+ * modify it under the terms of the GNU General Public License as
|
||||||
|
+ * published by the Free Software Foundation, version 2.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include <fcntl.h>
|
||||||
|
+#include <getopt.h>
|
||||||
|
+#include <signal.h>
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <errno.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
+#include <sys/mman.h>
|
||||||
|
+#include <sys/stat.h>
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+
|
||||||
|
+#include <semanage/modules.h>
|
||||||
|
+
|
||||||
|
+enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
|
||||||
|
+ LIST_M, RELOAD
|
||||||
|
+};
|
||||||
|
+/* list of modes in which one ought to commit afterwards */
|
||||||
|
+static const int do_commit[] = {
|
||||||
|
+ 0, 1, 1, 1, 1,
|
||||||
|
+ 0, 0
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+struct command {
|
||||||
|
+ enum client_modes mode;
|
||||||
|
+ char *arg;
|
||||||
|
+};
|
||||||
|
+static struct command *commands = NULL;
|
||||||
|
+static int num_commands = 0;
|
||||||
|
+
|
||||||
|
+/* options given on command line */
|
||||||
|
+static int verbose;
|
||||||
|
+static int reload;
|
||||||
|
+static int no_reload;
|
||||||
|
+static int create_store;
|
||||||
|
+static int build;
|
||||||
|
+static int disable_dontaudit;
|
||||||
|
+
|
||||||
|
+static semanage_handle_t *sh = NULL;
|
||||||
|
+static char *store;
|
||||||
|
+
|
||||||
|
+extern char *optarg;
|
||||||
|
+extern int optind;
|
||||||
|
+
|
||||||
|
+static void cleanup(void)
|
||||||
|
+{
|
||||||
|
+ while (--num_commands >= 0) {
|
||||||
|
+ free(commands[num_commands].arg);
|
||||||
|
+ }
|
||||||
|
+ free(commands);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* Signal handlers. */
|
||||||
|
+static void handle_signal(int sig_num)
|
||||||
|
+{
|
||||||
|
+ if (sig_num == SIGINT || sig_num == SIGQUIT || sig_num == SIGTERM) {
|
||||||
|
+ /* catch these signals, and then drop them */
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void set_store(char *storename)
|
||||||
|
+{
|
||||||
|
+ /* For now this only supports a store name, later on this
|
||||||
|
+ * should support an address for a remote connection */
|
||||||
|
+
|
||||||
|
+ if ((store = strdup(storename)) == NULL) {
|
||||||
|
+ fprintf(stderr, "Out of memory!\n");
|
||||||
|
+ goto bad;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ bad:
|
||||||
|
+ cleanup();
|
||||||
|
+ exit(1);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* Establish signal handlers for the process. */
|
||||||
|
+static void create_signal_handlers(void)
|
||||||
|
+{
|
||||||
|
+ if (signal(SIGINT, handle_signal) == SIG_ERR ||
|
||||||
|
+ signal(SIGQUIT, handle_signal) == SIG_ERR ||
|
||||||
|
+ signal(SIGTERM, handle_signal) == SIG_ERR) {
|
||||||
|
+ fprintf(stderr, "Could not set up signal handler.\n");
|
||||||
|
+ exit(255);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void usage(char *progname)
|
||||||
|
+{
|
||||||
|
+ printf("usage: %s [options]... MODE [MODES]...\n", progname);
|
||||||
|
+ printf("Manage SELinux policy modules.\n");
|
||||||
|
+ printf("MODES:\n");
|
||||||
|
+ printf(" -R, --reload reload policy\n");
|
||||||
|
+ printf(" -B, --build build and reload policy\n");
|
||||||
|
+ printf(" -i,--install=MODULE_PKG install a new module\n");
|
||||||
|
+ printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
|
||||||
|
+ printf(" -b,--base=MODULE_PKG install new base module\n");
|
||||||
|
+ printf(" -r,--remove=MODULE_NAME remove existing module\n");
|
||||||
|
+ printf
|
||||||
|
+ (" -l,--list-modules display list of installed modules\n");
|
||||||
|
+ printf("Other options:\n");
|
||||||
|
+ printf(" -s,--store name of the store to operate on\n");
|
||||||
|
+ printf(" -n,--noreload do not reload policy after commit\n");
|
||||||
|
+ printf(" -h,--help print this message and quit\n");
|
||||||
|
+ printf(" -v,--verbose be verbose\n");
|
||||||
|
+ printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* Sets the global mode variable to new_mode, but only if no other
|
||||||
|
+ * mode has been given. */
|
||||||
|
+static void set_mode(enum client_modes new_mode, char *arg)
|
||||||
|
+{
|
||||||
|
+ struct command *c;
|
||||||
|
+ char *s;
|
||||||
|
+ if ((c = realloc(commands, sizeof(*c) * (num_commands + 1))) == NULL) {
|
||||||
|
+ fprintf(stderr, "Out of memory!\n");
|
||||||
|
+ cleanup();
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ commands = c;
|
||||||
|
+ commands[num_commands].mode = new_mode;
|
||||||
|
+ commands[num_commands].arg = NULL;
|
||||||
|
+ num_commands++;
|
||||||
|
+ if (arg != NULL) {
|
||||||
|
+ if ((s = strdup(arg)) == NULL) {
|
||||||
|
+ fprintf(stderr, "Out of memory!\n");
|
||||||
|
+ cleanup();
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ commands[num_commands - 1].arg = s;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* Parse command line and set global options. */
|
||||||
|
+static void parse_command_line(int argc, char **argv)
|
||||||
|
+{
|
||||||
|
+ static struct option opts[] = {
|
||||||
|
+ {"store", required_argument, NULL, 's'},
|
||||||
|
+ {"base", required_argument, NULL, 'b'},
|
||||||
|
+ {"help", 0, NULL, 'h'},
|
||||||
|
+ {"install", required_argument, NULL, 'i'},
|
||||||
|
+ {"list-modules", 0, NULL, 'l'},
|
||||||
|
+ {"verbose", 0, NULL, 'v'},
|
||||||
|
+ {"remove", required_argument, NULL, 'r'},
|
||||||
|
+ {"upgrade", required_argument, NULL, 'u'},
|
||||||
|
+ {"reload", 0, NULL, 'R'},
|
||||||
|
+ {"noreload", 0, NULL, 'n'},
|
||||||
|
+ {"build", 0, NULL, 'B'},
|
||||||
|
+ {"disable_dontaudit", 0, NULL, 'D'},
|
||||||
|
+ {NULL, 0, NULL, 0}
|
||||||
|
+ };
|
||||||
|
+ int i;
|
||||||
|
+ verbose = 0;
|
||||||
|
+ reload = 0;
|
||||||
|
+ no_reload = 0;
|
||||||
|
+ create_store = 0;
|
||||||
|
+ while ((i =
|
||||||
|
+ getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
|
||||||
|
+ NULL)) != -1) {
|
||||||
|
+ switch (i) {
|
||||||
|
+ case 'b':
|
||||||
|
+ set_mode(BASE_M, optarg);
|
||||||
|
+ create_store = 1;
|
||||||
|
+ break;
|
||||||
|
+ case 'h':
|
||||||
|
+ usage(argv[0]);
|
||||||
|
+ exit(0);
|
||||||
|
+ case 'i':
|
||||||
|
+ set_mode(INSTALL_M, optarg);
|
||||||
|
+ break;
|
||||||
|
+ case 'l':
|
||||||
|
+ set_mode(LIST_M, NULL);
|
||||||
|
+ break;
|
||||||
|
+ case 'v':
|
||||||
|
+ verbose = 1;
|
||||||
|
+ break;
|
||||||
|
+ case 'r':
|
||||||
|
+ set_mode(REMOVE_M, optarg);
|
||||||
|
+ break;
|
||||||
|
+ case 'u':
|
||||||
|
+ set_mode(UPGRADE_M, optarg);
|
||||||
|
+ break;
|
||||||
|
+ case 's':
|
||||||
|
+ set_store(optarg);
|
||||||
|
+ break;
|
||||||
|
+ case 'R':
|
||||||
|
+ reload = 1;
|
||||||
|
+ break;
|
||||||
|
+ case 'n':
|
||||||
|
+ no_reload = 1;
|
||||||
|
+ break;
|
||||||
|
+ case 'B':
|
||||||
|
+ build = 1;
|
||||||
|
+ break;
|
||||||
|
+ case 'D':
|
||||||
|
+ disable_dontaudit = 1;
|
||||||
|
+ break;
|
||||||
|
+ case '?':
|
||||||
|
+ default:{
|
||||||
|
+ usage(argv[0]);
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if ((build || reload) && num_commands) {
|
||||||
|
+ fprintf(stderr,
|
||||||
|
+ "build or reload should not be used with other commands\n");
|
||||||
|
+ usage(argv[0]);
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ if (num_commands == 0 && reload == 0 && build == 0) {
|
||||||
|
+ fprintf(stderr, "At least one mode must be specified.\n");
|
||||||
|
+ usage(argv[0]);
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (optind < argc) {
|
||||||
|
+ int mode;
|
||||||
|
+ /* if -i/u/r was the last command treat any remaining
|
||||||
|
+ * arguments as args. Will allow 'semodule -i *.pp' to
|
||||||
|
+ * work as expected.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ if (commands && commands[num_commands - 1].mode == INSTALL_M) {
|
||||||
|
+ mode = INSTALL_M;
|
||||||
|
+ } else if (commands && commands[num_commands - 1].mode == UPGRADE_M) {
|
||||||
|
+ mode = UPGRADE_M;
|
||||||
|
+ } else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
|
||||||
|
+ mode = REMOVE_M;
|
||||||
|
+ } else {
|
||||||
|
+ fprintf(stderr, "unknown additional arguments:\n");
|
||||||
|
+ while (optind < argc)
|
||||||
|
+ fprintf(stderr, " %s", argv[optind++]);
|
||||||
|
+ fprintf(stderr, "\n\n");
|
||||||
|
+ usage(argv[0]);
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ while (optind < argc)
|
||||||
|
+ set_mode(mode, argv[optind++]);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int main(int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+ int i, commit = 0;
|
||||||
|
+ int result;
|
||||||
|
+ int status = EXIT_FAILURE;
|
||||||
|
+
|
||||||
|
+ create_signal_handlers();
|
||||||
|
+ parse_command_line(argc, argv);
|
||||||
|
+
|
||||||
|
+ if (build)
|
||||||
|
+ commit = 1;
|
||||||
|
+
|
||||||
|
+ sh = semanage_handle_create();
|
||||||
|
+ if (!sh) {
|
||||||
|
+ fprintf(stderr, "%s: Could not create semanage handle\n",
|
||||||
|
+ argv[0]);
|
||||||
|
+ goto cleanup_nohandle;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (store) {
|
||||||
|
+ /* Set the store we want to connect to, before connecting.
|
||||||
|
+ * this will always set a direct connection now, an additional
|
||||||
|
+ * option will need to be used later to specify a policy server
|
||||||
|
+ * location */
|
||||||
|
+ semanage_select_store(sh, store, SEMANAGE_CON_DIRECT);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* if installing base module create store if necessary, for bootstrapping */
|
||||||
|
+ semanage_set_create_store(sh, create_store);
|
||||||
|
+
|
||||||
|
+ if (!create_store) {
|
||||||
|
+ if (!semanage_is_managed(sh)) {
|
||||||
|
+ fprintf(stderr,
|
||||||
|
+ "%s: SELinux policy is not managed or store cannot be accessed.\n",
|
||||||
|
+ argv[0]);
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (semanage_access_check(sh) < SEMANAGE_CAN_READ) {
|
||||||
|
+ fprintf(stderr, "%s: Cannot read policy store.\n",
|
||||||
|
+ argv[0]);
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if ((result = semanage_connect(sh)) < 0) {
|
||||||
|
+ fprintf(stderr, "%s: Could not connect to policy handler\n",
|
||||||
|
+ argv[0]);
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (reload) {
|
||||||
|
+ if ((result = semanage_reload_policy(sh)) < 0) {
|
||||||
|
+ fprintf(stderr, "%s: Could not reload policy\n",
|
||||||
|
+ argv[0]);
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (build) {
|
||||||
|
+ if ((result = semanage_begin_transaction(sh)) < 0) {
|
||||||
|
+ fprintf(stderr, "%s: Could not begin transaction: %s\n",
|
||||||
|
+ argv[0], errno ? strerror(errno) : "");
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < num_commands; i++) {
|
||||||
|
+ enum client_modes mode = commands[i].mode;
|
||||||
|
+ char *mode_arg = commands[i].arg;
|
||||||
|
+ switch (mode) {
|
||||||
|
+ case INSTALL_M:{
|
||||||
|
+ if (verbose) {
|
||||||
|
+ printf
|
||||||
|
+ ("Attempting to install module '%s':\n",
|
||||||
|
+ mode_arg);
|
||||||
|
+ }
|
||||||
|
+ result =
|
||||||
|
+ semanage_module_install_file(sh, mode_arg);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ case UPGRADE_M:{
|
||||||
|
+ if (verbose) {
|
||||||
|
+ printf
|
||||||
|
+ ("Attempting to upgrade module '%s':\n",
|
||||||
|
+ mode_arg);
|
||||||
|
+ }
|
||||||
|
+ result =
|
||||||
|
+ semanage_module_upgrade_file(sh, mode_arg);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ case BASE_M:{
|
||||||
|
+ if (verbose) {
|
||||||
|
+ printf
|
||||||
|
+ ("Attempting to install base module '%s':\n",
|
||||||
|
+ mode_arg);
|
||||||
|
+ }
|
||||||
|
+ result =
|
||||||
|
+ semanage_module_install_base_file(sh, mode_arg);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ case REMOVE_M:{
|
||||||
|
+ if (verbose) {
|
||||||
|
+ printf
|
||||||
|
+ ("Attempting to remove module '%s':\n",
|
||||||
|
+ mode_arg);
|
||||||
|
+ }
|
||||||
|
+ result = semanage_module_remove(sh, mode_arg);
|
||||||
|
+ if ( result == -2 ) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ case LIST_M:{
|
||||||
|
+ semanage_module_info_t *modinfo;
|
||||||
|
+ int num_modules;
|
||||||
|
+ if (verbose) {
|
||||||
|
+ printf
|
||||||
|
+ ("Attempting to list active modules:\n");
|
||||||
|
+ }
|
||||||
|
+ if ((result =
|
||||||
|
+ semanage_module_list(sh, &modinfo,
|
||||||
|
+ &num_modules)) >= 0) {
|
||||||
|
+ int j;
|
||||||
|
+ if (num_modules == 0) {
|
||||||
|
+ printf("No modules.\n");
|
||||||
|
+ }
|
||||||
|
+ for (j = 0; j < num_modules; j++) {
|
||||||
|
+ semanage_module_info_t *m =
|
||||||
|
+ semanage_module_list_nth
|
||||||
|
+ (modinfo, j);
|
||||||
|
+ printf("%s\t%s\n",
|
||||||
|
+ semanage_module_get_name
|
||||||
|
+ (m),
|
||||||
|
+ semanage_module_get_version
|
||||||
|
+ (m));
|
||||||
|
+ semanage_module_info_datum_destroy
|
||||||
|
+ (m);
|
||||||
|
+ }
|
||||||
|
+ free(modinfo);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ default:{
|
||||||
|
+ fprintf(stderr,
|
||||||
|
+ "%s: Unknown mode specified.\n",
|
||||||
|
+ argv[0]);
|
||||||
|
+ usage(argv[0]);
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ commit += do_commit[mode];
|
||||||
|
+ if (result < 0) {
|
||||||
|
+ fprintf(stderr, "%s: Failed on %s!\n", argv[0],
|
||||||
|
+ mode_arg ? : "list");
|
||||||
|
+ goto cleanup;
|
||||||
|
+ } else if (verbose) {
|
||||||
|
+ printf("Ok: return value of %d.\n", result);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (commit) {
|
||||||
|
+ if (verbose)
|
||||||
|
+ printf("Committing changes:\n");
|
||||||
|
+ if (no_reload)
|
||||||
|
+ semanage_set_reload(sh, 0);
|
||||||
|
+ if (build)
|
||||||
|
+ semanage_set_rebuild(sh, 1);
|
||||||
|
+ if (disable_dontaudit)
|
||||||
|
+ semanage_set_disable_dontaudit(sh, 1);
|
||||||
|
+ else if (build)
|
||||||
|
+ semanage_set_disable_dontaudit(sh, 0);
|
||||||
|
+
|
||||||
|
+ result = semanage_commit(sh);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (result < 0) {
|
||||||
|
+ fprintf(stderr, "%s: Failed!\n", argv[0]);
|
||||||
|
+ goto cleanup;
|
||||||
|
+ } else if (commit && verbose) {
|
||||||
|
+ printf("Ok: transaction number %d.\n", result);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (semanage_disconnect(sh) < 0) {
|
||||||
|
+ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ status = EXIT_SUCCESS;
|
||||||
|
+
|
||||||
|
+ cleanup:
|
||||||
|
+ if (semanage_is_connected(sh)) {
|
||||||
|
+ if (semanage_disconnect(sh) < 0) {
|
||||||
|
+ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ semanage_handle_destroy(sh);
|
||||||
|
+
|
||||||
|
+ cleanup_nohandle:
|
||||||
|
+ cleanup();
|
||||||
|
+ exit(status);
|
||||||
|
+}
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.71/setfiles/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.71/setfiles/Makefile
|
||||||
--- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400
|
--- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -5,7 +5,7 @@
|
@@ -5,7 +5,7 @@
|
||||||
LIBDIR ?= $(PREFIX)/lib
|
LIBDIR ?= $(PREFIX)/lib
|
||||||
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
|
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
|
||||||
@ -1926,7 +2607,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
ln -sf setfiles restorecon
|
ln -sf setfiles restorecon
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.71/setfiles/restore.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.71/setfiles/restore.c
|
||||||
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,519 @@
|
@@ -0,0 +1,519 @@
|
||||||
+#include "restore.h"
|
+#include "restore.h"
|
||||||
+
|
+
|
||||||
@ -2449,7 +3130,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h
|
||||||
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -0,0 +1,49 @@
|
@@ -0,0 +1,49 @@
|
||||||
+#ifndef RESTORE_H
|
+#ifndef RESTORE_H
|
||||||
+#define RESTORE_H
|
+#define RESTORE_H
|
||||||
@ -2502,7 +3183,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+#endif
|
+#endif
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c
|
||||||
--- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400
|
--- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400
|
||||||
+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-26 17:34:50.000000000 -0400
|
+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-28 14:07:24.000000000 -0400
|
||||||
@@ -1,26 +1,12 @@
|
@@ -1,26 +1,12 @@
|
||||||
-#ifndef _GNU_SOURCE
|
-#ifndef _GNU_SOURCE
|
||||||
-#define _GNU_SOURCE
|
-#define _GNU_SOURCE
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
%define libauditver 1.4.2-1
|
%define libauditver 1.4.2-1
|
||||||
%define libsepolver 2.0.19-1
|
%define libsepolver 2.0.19-1
|
||||||
%define libsemanagever 2.0.28-2
|
%define libsemanagever 2.0.36-2
|
||||||
%define libselinuxver 2.0.46-5
|
%define libselinuxver 2.0.46-5
|
||||||
%define sepolgenver 1.0.17
|
%define sepolgenver 1.0.17
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.71
|
Version: 2.0.71
|
||||||
Release: 13%{?dist}
|
Release: 14%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -295,6 +295,9 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-14
|
||||||
|
- Add enable/disable patch
|
||||||
|
|
||||||
* Thu Aug 27 2009 Tomas Mraz <tmraz@redhat.com> - 2.0.71-13
|
* Thu Aug 27 2009 Tomas Mraz <tmraz@redhat.com> - 2.0.71-13
|
||||||
- rebuilt with new audit
|
- rebuilt with new audit
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user