* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-14

- Add enable/disable patch
This commit is contained in:
Daniel J Walsh 2009-08-28 18:18:46 +00:00
parent 6c6ee0fad7
commit 7b3ab100a9
2 changed files with 715 additions and 31 deletions

View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500 --- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-28 14:07:24.000000000 -0400
@@ -42,6 +42,8 @@ @@ -42,6 +42,8 @@
from optparse import OptionParser from optparse import OptionParser
@ -40,7 +40,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
f = sys.stdin f = sys.stdin
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 --- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.71/Makefile 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/Makefile 2009-08-28 14:07:24.000000000 -0400
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui +SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@ -49,7 +49,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400 --- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-28 14:07:24.000000000 -0400
@@ -1,17 +1,28 @@ @@ -1,17 +1,28 @@
# Installation directories. # Installation directories.
PREFIX ?= ${DESTDIR}/usr PREFIX ?= ${DESTDIR}/usr
@ -98,14 +98,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
/sbin/restorecon $(SBINDIR)/restorecond /sbin/restorecon $(SBINDIR)/restorecond
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
+[D-BUS Service] +[D-BUS Service]
+Name=org.selinux.Restorecond +Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u +Exec=/usr/sbin/restorecond -u
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400 --- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-28 14:07:24.000000000 -0400
@@ -48,294 +48,38 @@ @@ -48,294 +48,38 @@
#include <signal.h> #include <signal.h>
#include <string.h> #include <string.h>
@ -598,7 +598,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ +
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400 --- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-28 14:07:24.000000000 -0400
@@ -4,8 +4,5 @@ @@ -4,8 +4,5 @@
/etc/mtab /etc/mtab
/var/run/utmp /var/run/utmp
@ -611,7 +611,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
- -
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,7 @@ @@ -0,0 +1,7 @@
+[Desktop Entry] +[Desktop Entry]
+Name=File Context maintainer +Name=File Context maintainer
@ -622,7 +622,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+StartupNotify=false +StartupNotify=false
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400 --- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-28 14:07:24.000000000 -0400
@@ -24,7 +24,21 @@ @@ -24,7 +24,21 @@
#ifndef RESTORED_CONFIG_H #ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H #define RESTORED_CONFIG_H
@ -649,13 +649,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
#endif #endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,2 @@ @@ -0,0 +1,2 @@
+~/* +~/*
+~/public_html/* +~/public_html/*
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/restorecond/user.c 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/restorecond/user.c 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,237 @@ @@ -0,0 +1,237 @@
+/* +/*
+ * restorecond + * restorecond
@ -896,7 +896,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ +
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,254 @@ @@ -0,0 +1,254 @@
+#define _GNU_SOURCE +#define _GNU_SOURCE
+#include <sys/inotify.h> +#include <sys/inotify.h>
@ -1154,7 +1154,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ +
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.71/sandbox/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.71/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,31 @@ @@ -0,0 +1,31 @@
+# Installation directories. +# Installation directories.
+PREFIX ?= ${DESTDIR}/usr +PREFIX ?= ${DESTDIR}/usr
@ -1189,8 +1189,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+relabel: +relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.71/sandbox/sandbox diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.71/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,193 @@ @@ -0,0 +1,202 @@
+#!/usr/bin/python -E +#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil +import os, sys, getopt, socket, random, fcntl, shutil
+import selinux +import selinux
@ -1341,7 +1341,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ break + break
+ +
+ try: + try:
+ newhomedir = None
+ newtmpdir = None
+ if X_ind: + if X_ind:
+ if not os.path.exists("/usr/sbin/seunshare"):
+ raise ValueError("""/usr/sbin/seunshare required for sandbox -X, to install you need to execute
+#yum install /usr/sbin/seunshare""")
+ else:
+ print "exists"
+ import warnings + import warnings
+ warnings.simplefilter("ignore") + warnings.simplefilter("ignore")
+ newhomedir = os.tempnam(".", ".sandbox%s") + newhomedir = os.tempnam(".", ".sandbox%s")
@ -1368,8 +1375,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ selinux.setexeccon(None) + selinux.setexeccon(None)
+ finally: + finally:
+ if X_ind: + if X_ind:
+ shutil.rmtree(newhomedir) + if newhomedir:
+ shutil.rmtree(newtmpdir) + shutil.rmtree(newhomedir)
+ if newtmpdir:
+ shutil.rmtree(newtmpdir)
+ +
+ except getopt.GetoptError, error: + except getopt.GetoptError, error:
+ usage(_("Options Error %s ") % error.msg) + usage(_("Options Error %s ") % error.msg)
@ -1386,7 +1395,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ +
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.71/sandbox/sandbox.8 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.71/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,26 @@ @@ -0,0 +1,26 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands" +.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME +.SH NAME
@ -1416,7 +1425,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+.PP +.PP
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.71/sandbox/sandboxX.sh diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.71/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
+#!/bin/bash +#!/bin/bash
+(Xephyr -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do +(Xephyr -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
@ -1431,10 +1440,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+exit $EXITCODE +exit $EXITCODE
+break +break
+done +done
Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.71/sandbox/seunshare differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.71/sandbox/seunshare.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.71/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-26 17:50:31.000000000 -0400 +++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,203 @@ @@ -0,0 +1,203 @@
+#include <signal.h> +#include <signal.h>
+#include <sys/types.h> +#include <sys/types.h>
@ -1639,10 +1647,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ +
+ return status; + return status;
+} +}
Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.71/sandbox/seunshare.o differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400 --- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
+++ policycoreutils-2.0.71/scripts/chcat 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/scripts/chcat 2009-08-28 14:07:24.000000000 -0400
@@ -435,6 +435,8 @@ @@ -435,6 +435,8 @@
continue continue
except ValueError, e: except ValueError, e:
@ -1654,7 +1661,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400 --- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.71/scripts/Makefile 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/scripts/Makefile 2009-08-28 14:07:24.000000000 -0400
@@ -5,7 +5,7 @@ @@ -5,7 +5,7 @@
MANDIR ?= $(PREFIX)/share/man MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale LOCALEDIR ?= /usr/share/locale
@ -1666,7 +1673,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
-mkdir -p $(BINDIR) -mkdir -p $(BINDIR)
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-08-19 16:35:03.000000000 -0400 --- nsapolicycoreutils/semanage/semanage 2009-08-19 16:35:03.000000000 -0400
+++ policycoreutils-2.0.71/semanage/semanage 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/semanage/semanage 2009-08-28 14:07:24.000000000 -0400
@@ -68,6 +68,7 @@ @@ -68,6 +68,7 @@
-h, --help Display this message -h, --help Display this message
-n, --noheading Do not print heading when listing OBJECTS -n, --noheading Do not print heading when listing OBJECTS
@ -1776,7 +1783,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-08-19 16:35:03.000000000 -0400 --- nsapolicycoreutils/semanage/seobject.py 2009-08-19 16:35:03.000000000 -0400
+++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-28 14:07:24.000000000 -0400
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
#! /usr/bin/python -E #! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat -# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
@ -1903,9 +1910,683 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
class booleanRecords(semanageRecords): class booleanRecords(semanageRecords):
def __init__(self, store = ""): def __init__(self, store = ""):
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.71/semodule/semodule.8
--- nsapolicycoreutils/semodule/semodule.8 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.71/semodule/semodule.8 2009-08-28 14:07:24.000000000 -0400
@@ -35,6 +35,12 @@
.B \-b,\-\-base=MODULE_PKG
install/replace base module package
.TP
+.B \-d,\-\-disable=MODULE_NAME
+disable existing module
+.TP
+.B \-e,\-\-enable=MODULE_NAME
+enable existing module
+.TP
.B \-r,\-\-remove=MODULE_NAME
remove existing module
.TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8.enable policycoreutils-2.0.71/semodule/semodule.8.enable
--- nsapolicycoreutils/semodule/semodule.8.enable 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/semodule/semodule.8.enable 2009-08-12 12:08:15.000000000 -0400
@@ -0,0 +1,79 @@
+.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
+.SH NAME
+semodule \- Manage SELinux policy modules.
+
+.SH SYNOPSIS
+.B semodule [options]... MODE [MODES]...
+.br
+.SH DESCRIPTION
+.PP
+semodule is the tool used to manage SELinux policy modules,
+including installing, upgrading, listing and removing modules.
+semodule may also be used to force a rebuild of policy from the
+module store and/or to force a reload of policy without performing
+any other transaction. semodule acts on module packages created
+by semodule_package. Conventionally, these files have a .pp suffix
+(policy package), although this is not mandated in any way.
+
+.SH "OPTIONS"
+.TP
+.B \-R, \-\-reload
+force a reload of policy
+.TP
+.B \-B, \-\-build
+force a rebuild of policy (also reloads unless -n is used)
+.TP
+.B \-D, \-\-disable_dontaudit
+Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
+.TP
+.B \-i,\-\-install=MODULE_PKG
+install/replace a module package
+.TP
+.B \-u,\-\-upgrade=MODULE_PKG
+upgrade an existing module package
+.TP
+.B \-b,\-\-base=MODULE_PKG
+install/replace base module package
+.TP
+.B \-r,\-\-remove=MODULE_NAME
+remove existing module
+.TP
+.B \-l,\-\-list-modules
+display list of installed modules (other than base)
+.TP
+.B \-s,\-\-store
+name of the store to operate on
+.TP
+.B \-n,\-\-noreload
+do not reload policy after commit
+.TP
+.B \-h,\-\-help
+prints help message and quit
+.TP
+.B \-v,\-\-verbose
+be verbose
+
+.SH EXAMPLE
+.nf
+# Install or replace a base policy package.
+$ semodule -b base.pp
+# Install or replace a non-base policy package.
+$ semodule -i httpd.pp
+# List non-base modules.
+$ semodule -l
+# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
+$ semodule -DB
+# Turn "dontaudit" rules back on.
+$ semodule -B
+# Install or replace all non-base modules in the current directory.
+$ semodule -i *.pp
+# Install or replace all modules in the current directory.
+$ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
+.fi
+
+.SH SEE ALSO
+.B checkmodule(8), semodule_package(8)
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.71/semodule/semodule.c
--- nsapolicycoreutils/semodule/semodule.c 2009-07-07 15:32:32.000000000 -0400
+++ policycoreutils-2.0.71/semodule/semodule.c 2009-08-28 14:08:55.000000000 -0400
@@ -22,12 +22,12 @@
#include <semanage/modules.h>
-enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
+enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
LIST_M, RELOAD
};
/* list of modes in which one ought to commit afterwards */
static const int do_commit[] = {
- 0, 1, 1, 1, 1,
+ 0, 1, 1, 1, 1, 1, 1,
0, 0
};
@@ -106,7 +106,9 @@
printf(" -i,--install=MODULE_PKG install a new module\n");
printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
printf(" -b,--base=MODULE_PKG install new base module\n");
- printf(" -r,--remove=MODULE_NAME remove existing module\n");
+ printf(" -e,--enable=MODULE_PKG enable existing module\n");
+ printf(" -d,--disable=MODULE_PKG disable existing module\n");
+ printf(" -r,--remove=MODULE_NAME remove existing module\n");
printf
(" -l,--list-modules display list of installed modules\n");
printf("Other options:\n");
@@ -152,6 +154,8 @@
{"install", required_argument, NULL, 'i'},
{"list-modules", 0, NULL, 'l'},
{"verbose", 0, NULL, 'v'},
+ {"enable", required_argument, NULL, 'e'},
+ {"disable", required_argument, NULL, 'd'},
{"remove", required_argument, NULL, 'r'},
{"upgrade", required_argument, NULL, 'u'},
{"reload", 0, NULL, 'R'},
@@ -166,7 +170,7 @@
no_reload = 0;
create_store = 0;
while ((i =
- getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
+ getopt_long(argc, argv, "s:b:hi:lvqe:d:r:u:RnBD", opts,
NULL)) != -1) {
switch (i) {
case 'b':
@@ -185,6 +189,12 @@
case 'v':
verbose = 1;
break;
+ case 'e':
+ set_mode(ENABLE_M, optarg);
+ break;
+ case 'd':
+ set_mode(DISABLE_M, optarg);
+ break;
case 'r':
set_mode(REMOVE_M, optarg);
break;
@@ -238,6 +248,10 @@
mode = UPGRADE_M;
} else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
mode = REMOVE_M;
+ } else if (commands && commands[num_commands - 1].mode == ENABLE_M) {
+ mode = ENABLE_M;
+ } else if (commands && commands[num_commands - 1].mode == DISABLE_M) {
+ mode = DISABLE_M;
} else {
fprintf(stderr, "unknown additional arguments:\n");
while (optind < argc)
@@ -352,6 +366,30 @@
semanage_module_install_base_file(sh, mode_arg);
break;
}
+ case ENABLE_M:{
+ if (verbose) {
+ printf
+ ("Attempting to enable module '%s':\n",
+ mode_arg);
+ }
+ result = semanage_module_enable(sh, mode_arg);
+ if ( result == -2 ) {
+ continue;
+ }
+ break;
+ }
+ case DISABLE_M:{
+ if (verbose) {
+ printf
+ ("Attempting to disable module '%s':\n",
+ mode_arg);
+ }
+ result = semanage_module_disable(sh, mode_arg);
+ if ( result == -2 ) {
+ continue;
+ }
+ break;
+ }
case REMOVE_M:{
if (verbose) {
printf
@@ -382,11 +420,12 @@
semanage_module_info_t *m =
semanage_module_list_nth
(modinfo, j);
- printf("%s\t%s\n",
+ printf("%s\t%s\t%s\n",
semanage_module_get_name
(m),
semanage_module_get_version
- (m));
+ (m),
+ (semanage_module_get_enabled(m) ? "" : "Disabled"));
semanage_module_info_datum_destroy
(m);
}
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c.enable policycoreutils-2.0.71/semodule/semodule.c.enable
--- nsapolicycoreutils/semodule/semodule.c.enable 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/semodule/semodule.c.enable 2009-08-12 12:08:15.000000000 -0400
@@ -0,0 +1,454 @@
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2.
+ */
+
+#include <fcntl.h>
+#include <getopt.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include <semanage/modules.h>
+
+enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
+ LIST_M, RELOAD
+};
+/* list of modes in which one ought to commit afterwards */
+static const int do_commit[] = {
+ 0, 1, 1, 1, 1,
+ 0, 0
+};
+
+struct command {
+ enum client_modes mode;
+ char *arg;
+};
+static struct command *commands = NULL;
+static int num_commands = 0;
+
+/* options given on command line */
+static int verbose;
+static int reload;
+static int no_reload;
+static int create_store;
+static int build;
+static int disable_dontaudit;
+
+static semanage_handle_t *sh = NULL;
+static char *store;
+
+extern char *optarg;
+extern int optind;
+
+static void cleanup(void)
+{
+ while (--num_commands >= 0) {
+ free(commands[num_commands].arg);
+ }
+ free(commands);
+}
+
+/* Signal handlers. */
+static void handle_signal(int sig_num)
+{
+ if (sig_num == SIGINT || sig_num == SIGQUIT || sig_num == SIGTERM) {
+ /* catch these signals, and then drop them */
+ }
+}
+
+static void set_store(char *storename)
+{
+ /* For now this only supports a store name, later on this
+ * should support an address for a remote connection */
+
+ if ((store = strdup(storename)) == NULL) {
+ fprintf(stderr, "Out of memory!\n");
+ goto bad;
+ }
+
+ return;
+
+ bad:
+ cleanup();
+ exit(1);
+}
+
+/* Establish signal handlers for the process. */
+static void create_signal_handlers(void)
+{
+ if (signal(SIGINT, handle_signal) == SIG_ERR ||
+ signal(SIGQUIT, handle_signal) == SIG_ERR ||
+ signal(SIGTERM, handle_signal) == SIG_ERR) {
+ fprintf(stderr, "Could not set up signal handler.\n");
+ exit(255);
+ }
+}
+
+static void usage(char *progname)
+{
+ printf("usage: %s [options]... MODE [MODES]...\n", progname);
+ printf("Manage SELinux policy modules.\n");
+ printf("MODES:\n");
+ printf(" -R, --reload reload policy\n");
+ printf(" -B, --build build and reload policy\n");
+ printf(" -i,--install=MODULE_PKG install a new module\n");
+ printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
+ printf(" -b,--base=MODULE_PKG install new base module\n");
+ printf(" -r,--remove=MODULE_NAME remove existing module\n");
+ printf
+ (" -l,--list-modules display list of installed modules\n");
+ printf("Other options:\n");
+ printf(" -s,--store name of the store to operate on\n");
+ printf(" -n,--noreload do not reload policy after commit\n");
+ printf(" -h,--help print this message and quit\n");
+ printf(" -v,--verbose be verbose\n");
+ printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
+}
+
+/* Sets the global mode variable to new_mode, but only if no other
+ * mode has been given. */
+static void set_mode(enum client_modes new_mode, char *arg)
+{
+ struct command *c;
+ char *s;
+ if ((c = realloc(commands, sizeof(*c) * (num_commands + 1))) == NULL) {
+ fprintf(stderr, "Out of memory!\n");
+ cleanup();
+ exit(1);
+ }
+ commands = c;
+ commands[num_commands].mode = new_mode;
+ commands[num_commands].arg = NULL;
+ num_commands++;
+ if (arg != NULL) {
+ if ((s = strdup(arg)) == NULL) {
+ fprintf(stderr, "Out of memory!\n");
+ cleanup();
+ exit(1);
+ }
+ commands[num_commands - 1].arg = s;
+ }
+}
+
+/* Parse command line and set global options. */
+static void parse_command_line(int argc, char **argv)
+{
+ static struct option opts[] = {
+ {"store", required_argument, NULL, 's'},
+ {"base", required_argument, NULL, 'b'},
+ {"help", 0, NULL, 'h'},
+ {"install", required_argument, NULL, 'i'},
+ {"list-modules", 0, NULL, 'l'},
+ {"verbose", 0, NULL, 'v'},
+ {"remove", required_argument, NULL, 'r'},
+ {"upgrade", required_argument, NULL, 'u'},
+ {"reload", 0, NULL, 'R'},
+ {"noreload", 0, NULL, 'n'},
+ {"build", 0, NULL, 'B'},
+ {"disable_dontaudit", 0, NULL, 'D'},
+ {NULL, 0, NULL, 0}
+ };
+ int i;
+ verbose = 0;
+ reload = 0;
+ no_reload = 0;
+ create_store = 0;
+ while ((i =
+ getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
+ NULL)) != -1) {
+ switch (i) {
+ case 'b':
+ set_mode(BASE_M, optarg);
+ create_store = 1;
+ break;
+ case 'h':
+ usage(argv[0]);
+ exit(0);
+ case 'i':
+ set_mode(INSTALL_M, optarg);
+ break;
+ case 'l':
+ set_mode(LIST_M, NULL);
+ break;
+ case 'v':
+ verbose = 1;
+ break;
+ case 'r':
+ set_mode(REMOVE_M, optarg);
+ break;
+ case 'u':
+ set_mode(UPGRADE_M, optarg);
+ break;
+ case 's':
+ set_store(optarg);
+ break;
+ case 'R':
+ reload = 1;
+ break;
+ case 'n':
+ no_reload = 1;
+ break;
+ case 'B':
+ build = 1;
+ break;
+ case 'D':
+ disable_dontaudit = 1;
+ break;
+ case '?':
+ default:{
+ usage(argv[0]);
+ exit(1);
+ }
+ }
+ }
+ if ((build || reload) && num_commands) {
+ fprintf(stderr,
+ "build or reload should not be used with other commands\n");
+ usage(argv[0]);
+ exit(1);
+ }
+ if (num_commands == 0 && reload == 0 && build == 0) {
+ fprintf(stderr, "At least one mode must be specified.\n");
+ usage(argv[0]);
+ exit(1);
+ }
+
+ if (optind < argc) {
+ int mode;
+ /* if -i/u/r was the last command treat any remaining
+ * arguments as args. Will allow 'semodule -i *.pp' to
+ * work as expected.
+ */
+
+ if (commands && commands[num_commands - 1].mode == INSTALL_M) {
+ mode = INSTALL_M;
+ } else if (commands && commands[num_commands - 1].mode == UPGRADE_M) {
+ mode = UPGRADE_M;
+ } else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
+ mode = REMOVE_M;
+ } else {
+ fprintf(stderr, "unknown additional arguments:\n");
+ while (optind < argc)
+ fprintf(stderr, " %s", argv[optind++]);
+ fprintf(stderr, "\n\n");
+ usage(argv[0]);
+ exit(1);
+ }
+ while (optind < argc)
+ set_mode(mode, argv[optind++]);
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ int i, commit = 0;
+ int result;
+ int status = EXIT_FAILURE;
+
+ create_signal_handlers();
+ parse_command_line(argc, argv);
+
+ if (build)
+ commit = 1;
+
+ sh = semanage_handle_create();
+ if (!sh) {
+ fprintf(stderr, "%s: Could not create semanage handle\n",
+ argv[0]);
+ goto cleanup_nohandle;
+ }
+
+ if (store) {
+ /* Set the store we want to connect to, before connecting.
+ * this will always set a direct connection now, an additional
+ * option will need to be used later to specify a policy server
+ * location */
+ semanage_select_store(sh, store, SEMANAGE_CON_DIRECT);
+ }
+
+ /* if installing base module create store if necessary, for bootstrapping */
+ semanage_set_create_store(sh, create_store);
+
+ if (!create_store) {
+ if (!semanage_is_managed(sh)) {
+ fprintf(stderr,
+ "%s: SELinux policy is not managed or store cannot be accessed.\n",
+ argv[0]);
+ goto cleanup;
+ }
+
+ if (semanage_access_check(sh) < SEMANAGE_CAN_READ) {
+ fprintf(stderr, "%s: Cannot read policy store.\n",
+ argv[0]);
+ goto cleanup;
+ }
+ }
+
+ if ((result = semanage_connect(sh)) < 0) {
+ fprintf(stderr, "%s: Could not connect to policy handler\n",
+ argv[0]);
+ goto cleanup;
+ }
+
+ if (reload) {
+ if ((result = semanage_reload_policy(sh)) < 0) {
+ fprintf(stderr, "%s: Could not reload policy\n",
+ argv[0]);
+ goto cleanup;
+ }
+ }
+
+ if (build) {
+ if ((result = semanage_begin_transaction(sh)) < 0) {
+ fprintf(stderr, "%s: Could not begin transaction: %s\n",
+ argv[0], errno ? strerror(errno) : "");
+ goto cleanup;
+ }
+ }
+
+ for (i = 0; i < num_commands; i++) {
+ enum client_modes mode = commands[i].mode;
+ char *mode_arg = commands[i].arg;
+ switch (mode) {
+ case INSTALL_M:{
+ if (verbose) {
+ printf
+ ("Attempting to install module '%s':\n",
+ mode_arg);
+ }
+ result =
+ semanage_module_install_file(sh, mode_arg);
+ break;
+ }
+ case UPGRADE_M:{
+ if (verbose) {
+ printf
+ ("Attempting to upgrade module '%s':\n",
+ mode_arg);
+ }
+ result =
+ semanage_module_upgrade_file(sh, mode_arg);
+ break;
+ }
+ case BASE_M:{
+ if (verbose) {
+ printf
+ ("Attempting to install base module '%s':\n",
+ mode_arg);
+ }
+ result =
+ semanage_module_install_base_file(sh, mode_arg);
+ break;
+ }
+ case REMOVE_M:{
+ if (verbose) {
+ printf
+ ("Attempting to remove module '%s':\n",
+ mode_arg);
+ }
+ result = semanage_module_remove(sh, mode_arg);
+ if ( result == -2 ) {
+ continue;
+ }
+ break;
+ }
+ case LIST_M:{
+ semanage_module_info_t *modinfo;
+ int num_modules;
+ if (verbose) {
+ printf
+ ("Attempting to list active modules:\n");
+ }
+ if ((result =
+ semanage_module_list(sh, &modinfo,
+ &num_modules)) >= 0) {
+ int j;
+ if (num_modules == 0) {
+ printf("No modules.\n");
+ }
+ for (j = 0; j < num_modules; j++) {
+ semanage_module_info_t *m =
+ semanage_module_list_nth
+ (modinfo, j);
+ printf("%s\t%s\n",
+ semanage_module_get_name
+ (m),
+ semanage_module_get_version
+ (m));
+ semanage_module_info_datum_destroy
+ (m);
+ }
+ free(modinfo);
+ }
+ break;
+ }
+ default:{
+ fprintf(stderr,
+ "%s: Unknown mode specified.\n",
+ argv[0]);
+ usage(argv[0]);
+ goto cleanup;
+ }
+ }
+ commit += do_commit[mode];
+ if (result < 0) {
+ fprintf(stderr, "%s: Failed on %s!\n", argv[0],
+ mode_arg ? : "list");
+ goto cleanup;
+ } else if (verbose) {
+ printf("Ok: return value of %d.\n", result);
+ }
+ }
+
+ if (commit) {
+ if (verbose)
+ printf("Committing changes:\n");
+ if (no_reload)
+ semanage_set_reload(sh, 0);
+ if (build)
+ semanage_set_rebuild(sh, 1);
+ if (disable_dontaudit)
+ semanage_set_disable_dontaudit(sh, 1);
+ else if (build)
+ semanage_set_disable_dontaudit(sh, 0);
+
+ result = semanage_commit(sh);
+ }
+
+ if (result < 0) {
+ fprintf(stderr, "%s: Failed!\n", argv[0]);
+ goto cleanup;
+ } else if (commit && verbose) {
+ printf("Ok: transaction number %d.\n", result);
+ }
+
+ if (semanage_disconnect(sh) < 0) {
+ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
+ goto cleanup;
+ }
+ status = EXIT_SUCCESS;
+
+ cleanup:
+ if (semanage_is_connected(sh)) {
+ if (semanage_disconnect(sh) < 0) {
+ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
+ }
+ }
+ semanage_handle_destroy(sh);
+
+ cleanup_nohandle:
+ cleanup();
+ exit(status);
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.71/setfiles/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.71/setfiles/Makefile
--- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400 --- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400
+++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-28 14:07:24.000000000 -0400
@@ -5,7 +5,7 @@ @@ -5,7 +5,7 @@
LIBDIR ?= $(PREFIX)/lib LIBDIR ?= $(PREFIX)/lib
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
@ -1926,7 +2607,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
ln -sf setfiles restorecon ln -sf setfiles restorecon
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.71/setfiles/restore.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.71/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,519 @@ @@ -0,0 +1,519 @@
+#include "restore.h" +#include "restore.h"
+ +
@ -2449,7 +3130,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ +
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,49 @@ @@ -0,0 +1,49 @@
+#ifndef RESTORE_H +#ifndef RESTORE_H
+#define RESTORE_H +#define RESTORE_H
@ -2502,7 +3183,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+#endif +#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400 --- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400
+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-26 17:34:50.000000000 -0400 +++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-28 14:07:24.000000000 -0400
@@ -1,26 +1,12 @@ @@ -1,26 +1,12 @@
-#ifndef _GNU_SOURCE -#ifndef _GNU_SOURCE
-#define _GNU_SOURCE -#define _GNU_SOURCE

View File

@ -1,12 +1,12 @@
%define libauditver 1.4.2-1 %define libauditver 1.4.2-1
%define libsepolver 2.0.19-1 %define libsepolver 2.0.19-1
%define libsemanagever 2.0.28-2 %define libsemanagever 2.0.36-2
%define libselinuxver 2.0.46-5 %define libselinuxver 2.0.46-5
%define sepolgenver 1.0.17 %define sepolgenver 1.0.17
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.0.71 Version: 2.0.71
Release: 13%{?dist} Release: 14%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -295,6 +295,9 @@ fi
exit 0 exit 0
%changelog %changelog
* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-14
- Add enable/disable patch
* Thu Aug 27 2009 Tomas Mraz <tmraz@redhat.com> - 2.0.71-13 * Thu Aug 27 2009 Tomas Mraz <tmraz@redhat.com> - 2.0.71-13
- rebuilt with new audit - rebuilt with new audit