* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-14
- Add enable/disable patch
This commit is contained in:
parent
6c6ee0fad7
commit
7b3ab100a9
@ -1,6 +1,6 @@
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -42,6 +42,8 @@
|
||||
from optparse import OptionParser
|
||||
|
||||
@ -40,7 +40,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
f = sys.stdin
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/Makefile 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/Makefile 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||
@ -49,7 +49,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile
|
||||
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -1,17 +1,28 @@
|
||||
# Installation directories.
|
||||
PREFIX ?= ${DESTDIR}/usr
|
||||
@ -98,14 +98,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
/sbin/restorecon $(SBINDIR)/restorecond
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service
|
||||
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,3 @@
|
||||
+[D-BUS Service]
|
||||
+Name=org.selinux.Restorecond
|
||||
+Exec=/usr/sbin/restorecond -u
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
|
||||
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -48,294 +48,38 @@
|
||||
#include <signal.h>
|
||||
#include <string.h>
|
||||
@ -598,7 +598,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf
|
||||
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -4,8 +4,5 @@
|
||||
/etc/mtab
|
||||
/var/run/utmp
|
||||
@ -611,7 +611,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
-
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop
|
||||
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+[Desktop Entry]
|
||||
+Name=File Context maintainer
|
||||
@ -622,7 +622,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+StartupNotify=false
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h
|
||||
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -24,7 +24,21 @@
|
||||
#ifndef RESTORED_CONFIG_H
|
||||
#define RESTORED_CONFIG_H
|
||||
@ -649,13 +649,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
#endif
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf
|
||||
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,2 @@
|
||||
+~/*
|
||||
+~/public_html/*
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c
|
||||
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/restorecond/user.c 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/user.c 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,237 @@
|
||||
+/*
|
||||
+ * restorecond
|
||||
@ -896,7 +896,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c
|
||||
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,254 @@
|
||||
+#define _GNU_SOURCE
|
||||
+#include <sys/inotify.h>
|
||||
@ -1154,7 +1154,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.71/sandbox/Makefile
|
||||
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,31 @@
|
||||
+# Installation directories.
|
||||
+PREFIX ?= ${DESTDIR}/usr
|
||||
@ -1189,8 +1189,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+relabel:
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.71/sandbox/sandbox
|
||||
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-26 17:34:50.000000000 -0400
|
||||
@@ -0,0 +1,193 @@
|
||||
+++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,202 @@
|
||||
+#!/usr/bin/python -E
|
||||
+import os, sys, getopt, socket, random, fcntl, shutil
|
||||
+import selinux
|
||||
@ -1341,7 +1341,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+ break
|
||||
+
|
||||
+ try:
|
||||
+ newhomedir = None
|
||||
+ newtmpdir = None
|
||||
+ if X_ind:
|
||||
+ if not os.path.exists("/usr/sbin/seunshare"):
|
||||
+ raise ValueError("""/usr/sbin/seunshare required for sandbox -X, to install you need to execute
|
||||
+#yum install /usr/sbin/seunshare""")
|
||||
+ else:
|
||||
+ print "exists"
|
||||
+ import warnings
|
||||
+ warnings.simplefilter("ignore")
|
||||
+ newhomedir = os.tempnam(".", ".sandbox%s")
|
||||
@ -1368,8 +1375,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+ selinux.setexeccon(None)
|
||||
+ finally:
|
||||
+ if X_ind:
|
||||
+ shutil.rmtree(newhomedir)
|
||||
+ shutil.rmtree(newtmpdir)
|
||||
+ if newhomedir:
|
||||
+ shutil.rmtree(newhomedir)
|
||||
+ if newtmpdir:
|
||||
+ shutil.rmtree(newtmpdir)
|
||||
+
|
||||
+ except getopt.GetoptError, error:
|
||||
+ usage(_("Options Error %s ") % error.msg)
|
||||
@ -1386,7 +1395,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.71/sandbox/sandbox.8
|
||||
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,26 @@
|
||||
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
|
||||
+.SH NAME
|
||||
@ -1416,7 +1425,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+.PP
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.71/sandbox/sandboxX.sh
|
||||
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,13 @@
|
||||
+#!/bin/bash
|
||||
+(Xephyr -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
@ -1431,10 +1440,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+exit $EXITCODE
|
||||
+break
|
||||
+done
|
||||
Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.71/sandbox/seunshare differ
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.71/sandbox/seunshare.c
|
||||
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-26 17:50:31.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,203 @@
|
||||
+#include <signal.h>
|
||||
+#include <sys/types.h>
|
||||
@ -1639,10 +1647,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+
|
||||
+ return status;
|
||||
+}
|
||||
Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.71/sandbox/seunshare.o differ
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/scripts/chcat 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/scripts/chcat 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -435,6 +435,8 @@
|
||||
continue
|
||||
except ValueError, e:
|
||||
@ -1654,7 +1661,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile
|
||||
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/scripts/Makefile 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/scripts/Makefile 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -5,7 +5,7 @@
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
LOCALEDIR ?= /usr/share/locale
|
||||
@ -1666,7 +1673,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
-mkdir -p $(BINDIR)
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2009-08-19 16:35:03.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/semanage/semanage 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/semanage/semanage 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -68,6 +68,7 @@
|
||||
-h, --help Display this message
|
||||
-n, --noheading Do not print heading when listing OBJECTS
|
||||
@ -1776,7 +1783,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2009-08-19 16:35:03.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/python -E
|
||||
-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
|
||||
@ -1903,9 +1910,683 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
|
||||
class booleanRecords(semanageRecords):
|
||||
def __init__(self, store = ""):
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.71/semodule/semodule.8
|
||||
--- nsapolicycoreutils/semodule/semodule.8 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/semodule/semodule.8 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -35,6 +35,12 @@
|
||||
.B \-b,\-\-base=MODULE_PKG
|
||||
install/replace base module package
|
||||
.TP
|
||||
+.B \-d,\-\-disable=MODULE_NAME
|
||||
+disable existing module
|
||||
+.TP
|
||||
+.B \-e,\-\-enable=MODULE_NAME
|
||||
+enable existing module
|
||||
+.TP
|
||||
.B \-r,\-\-remove=MODULE_NAME
|
||||
remove existing module
|
||||
.TP
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8.enable policycoreutils-2.0.71/semodule/semodule.8.enable
|
||||
--- nsapolicycoreutils/semodule/semodule.8.enable 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/semodule/semodule.8.enable 2009-08-12 12:08:15.000000000 -0400
|
||||
@@ -0,0 +1,79 @@
|
||||
+.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
|
||||
+.SH NAME
|
||||
+semodule \- Manage SELinux policy modules.
|
||||
+
|
||||
+.SH SYNOPSIS
|
||||
+.B semodule [options]... MODE [MODES]...
|
||||
+.br
|
||||
+.SH DESCRIPTION
|
||||
+.PP
|
||||
+semodule is the tool used to manage SELinux policy modules,
|
||||
+including installing, upgrading, listing and removing modules.
|
||||
+semodule may also be used to force a rebuild of policy from the
|
||||
+module store and/or to force a reload of policy without performing
|
||||
+any other transaction. semodule acts on module packages created
|
||||
+by semodule_package. Conventionally, these files have a .pp suffix
|
||||
+(policy package), although this is not mandated in any way.
|
||||
+
|
||||
+.SH "OPTIONS"
|
||||
+.TP
|
||||
+.B \-R, \-\-reload
|
||||
+force a reload of policy
|
||||
+.TP
|
||||
+.B \-B, \-\-build
|
||||
+force a rebuild of policy (also reloads unless -n is used)
|
||||
+.TP
|
||||
+.B \-D, \-\-disable_dontaudit
|
||||
+Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
|
||||
+.TP
|
||||
+.B \-i,\-\-install=MODULE_PKG
|
||||
+install/replace a module package
|
||||
+.TP
|
||||
+.B \-u,\-\-upgrade=MODULE_PKG
|
||||
+upgrade an existing module package
|
||||
+.TP
|
||||
+.B \-b,\-\-base=MODULE_PKG
|
||||
+install/replace base module package
|
||||
+.TP
|
||||
+.B \-r,\-\-remove=MODULE_NAME
|
||||
+remove existing module
|
||||
+.TP
|
||||
+.B \-l,\-\-list-modules
|
||||
+display list of installed modules (other than base)
|
||||
+.TP
|
||||
+.B \-s,\-\-store
|
||||
+name of the store to operate on
|
||||
+.TP
|
||||
+.B \-n,\-\-noreload
|
||||
+do not reload policy after commit
|
||||
+.TP
|
||||
+.B \-h,\-\-help
|
||||
+prints help message and quit
|
||||
+.TP
|
||||
+.B \-v,\-\-verbose
|
||||
+be verbose
|
||||
+
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+# Install or replace a base policy package.
|
||||
+$ semodule -b base.pp
|
||||
+# Install or replace a non-base policy package.
|
||||
+$ semodule -i httpd.pp
|
||||
+# List non-base modules.
|
||||
+$ semodule -l
|
||||
+# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
|
||||
+$ semodule -DB
|
||||
+# Turn "dontaudit" rules back on.
|
||||
+$ semodule -B
|
||||
+# Install or replace all non-base modules in the current directory.
|
||||
+$ semodule -i *.pp
|
||||
+# Install or replace all modules in the current directory.
|
||||
+$ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
|
||||
+.fi
|
||||
+
|
||||
+.SH SEE ALSO
|
||||
+.B checkmodule(8), semodule_package(8)
|
||||
+.SH AUTHORS
|
||||
+.nf
|
||||
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||||
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.71/semodule/semodule.c
|
||||
--- nsapolicycoreutils/semodule/semodule.c 2009-07-07 15:32:32.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/semodule/semodule.c 2009-08-28 14:08:55.000000000 -0400
|
||||
@@ -22,12 +22,12 @@
|
||||
|
||||
#include <semanage/modules.h>
|
||||
|
||||
-enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
|
||||
+enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
|
||||
LIST_M, RELOAD
|
||||
};
|
||||
/* list of modes in which one ought to commit afterwards */
|
||||
static const int do_commit[] = {
|
||||
- 0, 1, 1, 1, 1,
|
||||
+ 0, 1, 1, 1, 1, 1, 1,
|
||||
0, 0
|
||||
};
|
||||
|
||||
@@ -106,7 +106,9 @@
|
||||
printf(" -i,--install=MODULE_PKG install a new module\n");
|
||||
printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
|
||||
printf(" -b,--base=MODULE_PKG install new base module\n");
|
||||
- printf(" -r,--remove=MODULE_NAME remove existing module\n");
|
||||
+ printf(" -e,--enable=MODULE_PKG enable existing module\n");
|
||||
+ printf(" -d,--disable=MODULE_PKG disable existing module\n");
|
||||
+ printf(" -r,--remove=MODULE_NAME remove existing module\n");
|
||||
printf
|
||||
(" -l,--list-modules display list of installed modules\n");
|
||||
printf("Other options:\n");
|
||||
@@ -152,6 +154,8 @@
|
||||
{"install", required_argument, NULL, 'i'},
|
||||
{"list-modules", 0, NULL, 'l'},
|
||||
{"verbose", 0, NULL, 'v'},
|
||||
+ {"enable", required_argument, NULL, 'e'},
|
||||
+ {"disable", required_argument, NULL, 'd'},
|
||||
{"remove", required_argument, NULL, 'r'},
|
||||
{"upgrade", required_argument, NULL, 'u'},
|
||||
{"reload", 0, NULL, 'R'},
|
||||
@@ -166,7 +170,7 @@
|
||||
no_reload = 0;
|
||||
create_store = 0;
|
||||
while ((i =
|
||||
- getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
|
||||
+ getopt_long(argc, argv, "s:b:hi:lvqe:d:r:u:RnBD", opts,
|
||||
NULL)) != -1) {
|
||||
switch (i) {
|
||||
case 'b':
|
||||
@@ -185,6 +189,12 @@
|
||||
case 'v':
|
||||
verbose = 1;
|
||||
break;
|
||||
+ case 'e':
|
||||
+ set_mode(ENABLE_M, optarg);
|
||||
+ break;
|
||||
+ case 'd':
|
||||
+ set_mode(DISABLE_M, optarg);
|
||||
+ break;
|
||||
case 'r':
|
||||
set_mode(REMOVE_M, optarg);
|
||||
break;
|
||||
@@ -238,6 +248,10 @@
|
||||
mode = UPGRADE_M;
|
||||
} else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
|
||||
mode = REMOVE_M;
|
||||
+ } else if (commands && commands[num_commands - 1].mode == ENABLE_M) {
|
||||
+ mode = ENABLE_M;
|
||||
+ } else if (commands && commands[num_commands - 1].mode == DISABLE_M) {
|
||||
+ mode = DISABLE_M;
|
||||
} else {
|
||||
fprintf(stderr, "unknown additional arguments:\n");
|
||||
while (optind < argc)
|
||||
@@ -352,6 +366,30 @@
|
||||
semanage_module_install_base_file(sh, mode_arg);
|
||||
break;
|
||||
}
|
||||
+ case ENABLE_M:{
|
||||
+ if (verbose) {
|
||||
+ printf
|
||||
+ ("Attempting to enable module '%s':\n",
|
||||
+ mode_arg);
|
||||
+ }
|
||||
+ result = semanage_module_enable(sh, mode_arg);
|
||||
+ if ( result == -2 ) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ break;
|
||||
+ }
|
||||
+ case DISABLE_M:{
|
||||
+ if (verbose) {
|
||||
+ printf
|
||||
+ ("Attempting to disable module '%s':\n",
|
||||
+ mode_arg);
|
||||
+ }
|
||||
+ result = semanage_module_disable(sh, mode_arg);
|
||||
+ if ( result == -2 ) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ break;
|
||||
+ }
|
||||
case REMOVE_M:{
|
||||
if (verbose) {
|
||||
printf
|
||||
@@ -382,11 +420,12 @@
|
||||
semanage_module_info_t *m =
|
||||
semanage_module_list_nth
|
||||
(modinfo, j);
|
||||
- printf("%s\t%s\n",
|
||||
+ printf("%s\t%s\t%s\n",
|
||||
semanage_module_get_name
|
||||
(m),
|
||||
semanage_module_get_version
|
||||
- (m));
|
||||
+ (m),
|
||||
+ (semanage_module_get_enabled(m) ? "" : "Disabled"));
|
||||
semanage_module_info_datum_destroy
|
||||
(m);
|
||||
}
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c.enable policycoreutils-2.0.71/semodule/semodule.c.enable
|
||||
--- nsapolicycoreutils/semodule/semodule.c.enable 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/semodule/semodule.c.enable 2009-08-12 12:08:15.000000000 -0400
|
||||
@@ -0,0 +1,454 @@
|
||||
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
|
||||
+ * Joshua Brindle <jbrindle@tresys.com>
|
||||
+ * Jason Tang <jtang@tresys.com>
|
||||
+ *
|
||||
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
|
||||
+ * This program is free software; you can redistribute it and/or
|
||||
+ * modify it under the terms of the GNU General Public License as
|
||||
+ * published by the Free Software Foundation, version 2.
|
||||
+ */
|
||||
+
|
||||
+#include <fcntl.h>
|
||||
+#include <getopt.h>
|
||||
+#include <signal.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <errno.h>
|
||||
+#include <string.h>
|
||||
+#include <unistd.h>
|
||||
+#include <sys/mman.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <sys/types.h>
|
||||
+
|
||||
+#include <semanage/modules.h>
|
||||
+
|
||||
+enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
|
||||
+ LIST_M, RELOAD
|
||||
+};
|
||||
+/* list of modes in which one ought to commit afterwards */
|
||||
+static const int do_commit[] = {
|
||||
+ 0, 1, 1, 1, 1,
|
||||
+ 0, 0
|
||||
+};
|
||||
+
|
||||
+struct command {
|
||||
+ enum client_modes mode;
|
||||
+ char *arg;
|
||||
+};
|
||||
+static struct command *commands = NULL;
|
||||
+static int num_commands = 0;
|
||||
+
|
||||
+/* options given on command line */
|
||||
+static int verbose;
|
||||
+static int reload;
|
||||
+static int no_reload;
|
||||
+static int create_store;
|
||||
+static int build;
|
||||
+static int disable_dontaudit;
|
||||
+
|
||||
+static semanage_handle_t *sh = NULL;
|
||||
+static char *store;
|
||||
+
|
||||
+extern char *optarg;
|
||||
+extern int optind;
|
||||
+
|
||||
+static void cleanup(void)
|
||||
+{
|
||||
+ while (--num_commands >= 0) {
|
||||
+ free(commands[num_commands].arg);
|
||||
+ }
|
||||
+ free(commands);
|
||||
+}
|
||||
+
|
||||
+/* Signal handlers. */
|
||||
+static void handle_signal(int sig_num)
|
||||
+{
|
||||
+ if (sig_num == SIGINT || sig_num == SIGQUIT || sig_num == SIGTERM) {
|
||||
+ /* catch these signals, and then drop them */
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void set_store(char *storename)
|
||||
+{
|
||||
+ /* For now this only supports a store name, later on this
|
||||
+ * should support an address for a remote connection */
|
||||
+
|
||||
+ if ((store = strdup(storename)) == NULL) {
|
||||
+ fprintf(stderr, "Out of memory!\n");
|
||||
+ goto bad;
|
||||
+ }
|
||||
+
|
||||
+ return;
|
||||
+
|
||||
+ bad:
|
||||
+ cleanup();
|
||||
+ exit(1);
|
||||
+}
|
||||
+
|
||||
+/* Establish signal handlers for the process. */
|
||||
+static void create_signal_handlers(void)
|
||||
+{
|
||||
+ if (signal(SIGINT, handle_signal) == SIG_ERR ||
|
||||
+ signal(SIGQUIT, handle_signal) == SIG_ERR ||
|
||||
+ signal(SIGTERM, handle_signal) == SIG_ERR) {
|
||||
+ fprintf(stderr, "Could not set up signal handler.\n");
|
||||
+ exit(255);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void usage(char *progname)
|
||||
+{
|
||||
+ printf("usage: %s [options]... MODE [MODES]...\n", progname);
|
||||
+ printf("Manage SELinux policy modules.\n");
|
||||
+ printf("MODES:\n");
|
||||
+ printf(" -R, --reload reload policy\n");
|
||||
+ printf(" -B, --build build and reload policy\n");
|
||||
+ printf(" -i,--install=MODULE_PKG install a new module\n");
|
||||
+ printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
|
||||
+ printf(" -b,--base=MODULE_PKG install new base module\n");
|
||||
+ printf(" -r,--remove=MODULE_NAME remove existing module\n");
|
||||
+ printf
|
||||
+ (" -l,--list-modules display list of installed modules\n");
|
||||
+ printf("Other options:\n");
|
||||
+ printf(" -s,--store name of the store to operate on\n");
|
||||
+ printf(" -n,--noreload do not reload policy after commit\n");
|
||||
+ printf(" -h,--help print this message and quit\n");
|
||||
+ printf(" -v,--verbose be verbose\n");
|
||||
+ printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
|
||||
+}
|
||||
+
|
||||
+/* Sets the global mode variable to new_mode, but only if no other
|
||||
+ * mode has been given. */
|
||||
+static void set_mode(enum client_modes new_mode, char *arg)
|
||||
+{
|
||||
+ struct command *c;
|
||||
+ char *s;
|
||||
+ if ((c = realloc(commands, sizeof(*c) * (num_commands + 1))) == NULL) {
|
||||
+ fprintf(stderr, "Out of memory!\n");
|
||||
+ cleanup();
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ commands = c;
|
||||
+ commands[num_commands].mode = new_mode;
|
||||
+ commands[num_commands].arg = NULL;
|
||||
+ num_commands++;
|
||||
+ if (arg != NULL) {
|
||||
+ if ((s = strdup(arg)) == NULL) {
|
||||
+ fprintf(stderr, "Out of memory!\n");
|
||||
+ cleanup();
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ commands[num_commands - 1].arg = s;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+/* Parse command line and set global options. */
|
||||
+static void parse_command_line(int argc, char **argv)
|
||||
+{
|
||||
+ static struct option opts[] = {
|
||||
+ {"store", required_argument, NULL, 's'},
|
||||
+ {"base", required_argument, NULL, 'b'},
|
||||
+ {"help", 0, NULL, 'h'},
|
||||
+ {"install", required_argument, NULL, 'i'},
|
||||
+ {"list-modules", 0, NULL, 'l'},
|
||||
+ {"verbose", 0, NULL, 'v'},
|
||||
+ {"remove", required_argument, NULL, 'r'},
|
||||
+ {"upgrade", required_argument, NULL, 'u'},
|
||||
+ {"reload", 0, NULL, 'R'},
|
||||
+ {"noreload", 0, NULL, 'n'},
|
||||
+ {"build", 0, NULL, 'B'},
|
||||
+ {"disable_dontaudit", 0, NULL, 'D'},
|
||||
+ {NULL, 0, NULL, 0}
|
||||
+ };
|
||||
+ int i;
|
||||
+ verbose = 0;
|
||||
+ reload = 0;
|
||||
+ no_reload = 0;
|
||||
+ create_store = 0;
|
||||
+ while ((i =
|
||||
+ getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
|
||||
+ NULL)) != -1) {
|
||||
+ switch (i) {
|
||||
+ case 'b':
|
||||
+ set_mode(BASE_M, optarg);
|
||||
+ create_store = 1;
|
||||
+ break;
|
||||
+ case 'h':
|
||||
+ usage(argv[0]);
|
||||
+ exit(0);
|
||||
+ case 'i':
|
||||
+ set_mode(INSTALL_M, optarg);
|
||||
+ break;
|
||||
+ case 'l':
|
||||
+ set_mode(LIST_M, NULL);
|
||||
+ break;
|
||||
+ case 'v':
|
||||
+ verbose = 1;
|
||||
+ break;
|
||||
+ case 'r':
|
||||
+ set_mode(REMOVE_M, optarg);
|
||||
+ break;
|
||||
+ case 'u':
|
||||
+ set_mode(UPGRADE_M, optarg);
|
||||
+ break;
|
||||
+ case 's':
|
||||
+ set_store(optarg);
|
||||
+ break;
|
||||
+ case 'R':
|
||||
+ reload = 1;
|
||||
+ break;
|
||||
+ case 'n':
|
||||
+ no_reload = 1;
|
||||
+ break;
|
||||
+ case 'B':
|
||||
+ build = 1;
|
||||
+ break;
|
||||
+ case 'D':
|
||||
+ disable_dontaudit = 1;
|
||||
+ break;
|
||||
+ case '?':
|
||||
+ default:{
|
||||
+ usage(argv[0]);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ if ((build || reload) && num_commands) {
|
||||
+ fprintf(stderr,
|
||||
+ "build or reload should not be used with other commands\n");
|
||||
+ usage(argv[0]);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ if (num_commands == 0 && reload == 0 && build == 0) {
|
||||
+ fprintf(stderr, "At least one mode must be specified.\n");
|
||||
+ usage(argv[0]);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ if (optind < argc) {
|
||||
+ int mode;
|
||||
+ /* if -i/u/r was the last command treat any remaining
|
||||
+ * arguments as args. Will allow 'semodule -i *.pp' to
|
||||
+ * work as expected.
|
||||
+ */
|
||||
+
|
||||
+ if (commands && commands[num_commands - 1].mode == INSTALL_M) {
|
||||
+ mode = INSTALL_M;
|
||||
+ } else if (commands && commands[num_commands - 1].mode == UPGRADE_M) {
|
||||
+ mode = UPGRADE_M;
|
||||
+ } else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
|
||||
+ mode = REMOVE_M;
|
||||
+ } else {
|
||||
+ fprintf(stderr, "unknown additional arguments:\n");
|
||||
+ while (optind < argc)
|
||||
+ fprintf(stderr, " %s", argv[optind++]);
|
||||
+ fprintf(stderr, "\n\n");
|
||||
+ usage(argv[0]);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ while (optind < argc)
|
||||
+ set_mode(mode, argv[optind++]);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+int main(int argc, char *argv[])
|
||||
+{
|
||||
+ int i, commit = 0;
|
||||
+ int result;
|
||||
+ int status = EXIT_FAILURE;
|
||||
+
|
||||
+ create_signal_handlers();
|
||||
+ parse_command_line(argc, argv);
|
||||
+
|
||||
+ if (build)
|
||||
+ commit = 1;
|
||||
+
|
||||
+ sh = semanage_handle_create();
|
||||
+ if (!sh) {
|
||||
+ fprintf(stderr, "%s: Could not create semanage handle\n",
|
||||
+ argv[0]);
|
||||
+ goto cleanup_nohandle;
|
||||
+ }
|
||||
+
|
||||
+ if (store) {
|
||||
+ /* Set the store we want to connect to, before connecting.
|
||||
+ * this will always set a direct connection now, an additional
|
||||
+ * option will need to be used later to specify a policy server
|
||||
+ * location */
|
||||
+ semanage_select_store(sh, store, SEMANAGE_CON_DIRECT);
|
||||
+ }
|
||||
+
|
||||
+ /* if installing base module create store if necessary, for bootstrapping */
|
||||
+ semanage_set_create_store(sh, create_store);
|
||||
+
|
||||
+ if (!create_store) {
|
||||
+ if (!semanage_is_managed(sh)) {
|
||||
+ fprintf(stderr,
|
||||
+ "%s: SELinux policy is not managed or store cannot be accessed.\n",
|
||||
+ argv[0]);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (semanage_access_check(sh) < SEMANAGE_CAN_READ) {
|
||||
+ fprintf(stderr, "%s: Cannot read policy store.\n",
|
||||
+ argv[0]);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if ((result = semanage_connect(sh)) < 0) {
|
||||
+ fprintf(stderr, "%s: Could not connect to policy handler\n",
|
||||
+ argv[0]);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ if (reload) {
|
||||
+ if ((result = semanage_reload_policy(sh)) < 0) {
|
||||
+ fprintf(stderr, "%s: Could not reload policy\n",
|
||||
+ argv[0]);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (build) {
|
||||
+ if ((result = semanage_begin_transaction(sh)) < 0) {
|
||||
+ fprintf(stderr, "%s: Could not begin transaction: %s\n",
|
||||
+ argv[0], errno ? strerror(errno) : "");
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; i < num_commands; i++) {
|
||||
+ enum client_modes mode = commands[i].mode;
|
||||
+ char *mode_arg = commands[i].arg;
|
||||
+ switch (mode) {
|
||||
+ case INSTALL_M:{
|
||||
+ if (verbose) {
|
||||
+ printf
|
||||
+ ("Attempting to install module '%s':\n",
|
||||
+ mode_arg);
|
||||
+ }
|
||||
+ result =
|
||||
+ semanage_module_install_file(sh, mode_arg);
|
||||
+ break;
|
||||
+ }
|
||||
+ case UPGRADE_M:{
|
||||
+ if (verbose) {
|
||||
+ printf
|
||||
+ ("Attempting to upgrade module '%s':\n",
|
||||
+ mode_arg);
|
||||
+ }
|
||||
+ result =
|
||||
+ semanage_module_upgrade_file(sh, mode_arg);
|
||||
+ break;
|
||||
+ }
|
||||
+ case BASE_M:{
|
||||
+ if (verbose) {
|
||||
+ printf
|
||||
+ ("Attempting to install base module '%s':\n",
|
||||
+ mode_arg);
|
||||
+ }
|
||||
+ result =
|
||||
+ semanage_module_install_base_file(sh, mode_arg);
|
||||
+ break;
|
||||
+ }
|
||||
+ case REMOVE_M:{
|
||||
+ if (verbose) {
|
||||
+ printf
|
||||
+ ("Attempting to remove module '%s':\n",
|
||||
+ mode_arg);
|
||||
+ }
|
||||
+ result = semanage_module_remove(sh, mode_arg);
|
||||
+ if ( result == -2 ) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ break;
|
||||
+ }
|
||||
+ case LIST_M:{
|
||||
+ semanage_module_info_t *modinfo;
|
||||
+ int num_modules;
|
||||
+ if (verbose) {
|
||||
+ printf
|
||||
+ ("Attempting to list active modules:\n");
|
||||
+ }
|
||||
+ if ((result =
|
||||
+ semanage_module_list(sh, &modinfo,
|
||||
+ &num_modules)) >= 0) {
|
||||
+ int j;
|
||||
+ if (num_modules == 0) {
|
||||
+ printf("No modules.\n");
|
||||
+ }
|
||||
+ for (j = 0; j < num_modules; j++) {
|
||||
+ semanage_module_info_t *m =
|
||||
+ semanage_module_list_nth
|
||||
+ (modinfo, j);
|
||||
+ printf("%s\t%s\n",
|
||||
+ semanage_module_get_name
|
||||
+ (m),
|
||||
+ semanage_module_get_version
|
||||
+ (m));
|
||||
+ semanage_module_info_datum_destroy
|
||||
+ (m);
|
||||
+ }
|
||||
+ free(modinfo);
|
||||
+ }
|
||||
+ break;
|
||||
+ }
|
||||
+ default:{
|
||||
+ fprintf(stderr,
|
||||
+ "%s: Unknown mode specified.\n",
|
||||
+ argv[0]);
|
||||
+ usage(argv[0]);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ }
|
||||
+ commit += do_commit[mode];
|
||||
+ if (result < 0) {
|
||||
+ fprintf(stderr, "%s: Failed on %s!\n", argv[0],
|
||||
+ mode_arg ? : "list");
|
||||
+ goto cleanup;
|
||||
+ } else if (verbose) {
|
||||
+ printf("Ok: return value of %d.\n", result);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (commit) {
|
||||
+ if (verbose)
|
||||
+ printf("Committing changes:\n");
|
||||
+ if (no_reload)
|
||||
+ semanage_set_reload(sh, 0);
|
||||
+ if (build)
|
||||
+ semanage_set_rebuild(sh, 1);
|
||||
+ if (disable_dontaudit)
|
||||
+ semanage_set_disable_dontaudit(sh, 1);
|
||||
+ else if (build)
|
||||
+ semanage_set_disable_dontaudit(sh, 0);
|
||||
+
|
||||
+ result = semanage_commit(sh);
|
||||
+ }
|
||||
+
|
||||
+ if (result < 0) {
|
||||
+ fprintf(stderr, "%s: Failed!\n", argv[0]);
|
||||
+ goto cleanup;
|
||||
+ } else if (commit && verbose) {
|
||||
+ printf("Ok: transaction number %d.\n", result);
|
||||
+ }
|
||||
+
|
||||
+ if (semanage_disconnect(sh) < 0) {
|
||||
+ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ status = EXIT_SUCCESS;
|
||||
+
|
||||
+ cleanup:
|
||||
+ if (semanage_is_connected(sh)) {
|
||||
+ if (semanage_disconnect(sh) < 0) {
|
||||
+ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
|
||||
+ }
|
||||
+ }
|
||||
+ semanage_handle_destroy(sh);
|
||||
+
|
||||
+ cleanup_nohandle:
|
||||
+ cleanup();
|
||||
+ exit(status);
|
||||
+}
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.71/setfiles/Makefile
|
||||
--- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -5,7 +5,7 @@
|
||||
LIBDIR ?= $(PREFIX)/lib
|
||||
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
|
||||
@ -1926,7 +2607,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
ln -sf setfiles restorecon
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.71/setfiles/restore.c
|
||||
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,519 @@
|
||||
+#include "restore.h"
|
||||
+
|
||||
@ -2449,7 +3130,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h
|
||||
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -0,0 +1,49 @@
|
||||
+#ifndef RESTORE_H
|
||||
+#define RESTORE_H
|
||||
@ -2502,7 +3183,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+#endif
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c
|
||||
--- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-26 17:34:50.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-28 14:07:24.000000000 -0400
|
||||
@@ -1,26 +1,12 @@
|
||||
-#ifndef _GNU_SOURCE
|
||||
-#define _GNU_SOURCE
|
||||
|
@ -1,12 +1,12 @@
|
||||
%define libauditver 1.4.2-1
|
||||
%define libsepolver 2.0.19-1
|
||||
%define libsemanagever 2.0.28-2
|
||||
%define libsemanagever 2.0.36-2
|
||||
%define libselinuxver 2.0.46-5
|
||||
%define sepolgenver 1.0.17
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.71
|
||||
Release: 13%{?dist}
|
||||
Release: 14%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -295,6 +295,9 @@ fi
|
||||
exit 0
|
||||
|
||||
%changelog
|
||||
* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-14
|
||||
- Add enable/disable patch
|
||||
|
||||
* Thu Aug 27 2009 Tomas Mraz <tmraz@redhat.com> - 2.0.71-13
|
||||
- rebuilt with new audit
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user