diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index e8a8ba6..4ac60f3 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,5 +1,5 @@ --- policycoreutils-1.17.5/restorecon/restorecon.c.rhat 2004-08-30 11:46:46.000000000 -0400 -+++ policycoreutils-1.17.5/restorecon/restorecon.c 2004-09-24 19:14:23.515031544 -0400 ++++ policycoreutils-1.17.5/restorecon/restorecon.c 2004-10-01 16:46:18.000000000 -0400 @@ -8,7 +8,7 @@ * to match the specification returned by matchpathcon. * @@ -113,7 +113,7 @@ } if (outfile) --- policycoreutils-1.17.5/restorecon/restorecon.8.rhat 2004-08-30 11:46:46.000000000 -0400 -+++ policycoreutils-1.17.5/restorecon/restorecon.8 2004-09-24 19:23:38.235701184 -0400 ++++ policycoreutils-1.17.5/restorecon/restorecon.8 2004-10-01 16:46:18.000000000 -0400 @@ -4,10 +4,10 @@ .SH "SYNOPSIS" @@ -138,7 +138,7 @@ don't change any file labels. .TP --- policycoreutils-1.17.5/scripts/fixfiles.rhat 2004-08-30 11:46:47.000000000 -0400 -+++ policycoreutils-1.17.5/scripts/fixfiles 2004-09-24 18:46:15.672622592 -0400 ++++ policycoreutils-1.17.5/scripts/fixfiles 2004-10-01 16:46:18.000000000 -0400 @@ -36,6 +36,8 @@ FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*\(ro/{print $3}';` FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO" @@ -298,3 +298,155 @@ +rm $FCFILE +exit $? +--- policycoreutils-1.17.5/setfiles/setfiles.8.rhat 2004-10-01 18:37:41.776923384 -0400 ++++ policycoreutils-1.17.5/setfiles/setfiles.8 2004-10-01 18:38:38.072735318 -0400 +@@ -4,7 +4,7 @@ + + .SH "SYNOPSIS" + .B setfiles +-.I [\-d] [\-n] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname... ++.I [\-d] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname... + .SH "DESCRIPTION" + This manual page describes the + .BR setfiles +@@ -29,6 +29,9 @@ + .B \-q + suppress non-error output. + .TP ++.B \-e directory ++directory to exclude (repeat option for more than one directory.) ++.TP + .B \-o filename + save list of files with incorrect context in filename. + .TP +--- policycoreutils-1.17.5/setfiles/setfiles.c.rhat 2004-08-30 11:46:46.000000000 -0400 ++++ policycoreutils-1.17.5/setfiles/setfiles.c 2004-10-01 18:35:17.000000000 -0400 +@@ -12,8 +12,9 @@ + * the user. The program does not cross file system boundaries. + * + * USAGE: +- * setfiles [-dnpqsvW] [-c policy] [-o filename ] spec_file pathname... ++ * setfiles [-dnpqsvW] [-e directory ] [-c policy] [-o filename ] spec_file pathname... + * ++ * -e Specify directory to exclude + * -c Verify the specification file using a binary policy + * -d Show what specification matched each file. + * -n Do not change any file labels. +@@ -69,10 +70,20 @@ + #include + #include + #include ++#include ++#include + + static int add_assoc = 1; + static FILE *outfile=NULL; + ++#define MAX_EXCLUDES 100 ++static int excludeCtr=0; ++struct edir { ++ char *directory; ++ int size; ++}; ++static struct edir excludeArray[MAX_EXCLUDES]; ++ + /* + * Command-line options. + */ +@@ -140,6 +151,18 @@ + return tmp - buf; + } + ++static int exclude(const char *file) { ++ int i=0; ++ for(i=0; i < excludeCtr; i++) { ++ if (strncmp(file,excludeArray[i].directory,excludeArray[i].size)==0) { ++ if (file[excludeArray[i].size]==0 || ++ file[excludeArray[i].size]=='/') { ++ return 1; ++ } ++ } ++ } ++ return 0; ++} + /* return the length of the text that is the stem of a file name */ + int get_stem_from_file_name(const char * const buf) + { +@@ -393,6 +416,11 @@ + buf += rootpathlen; + } + ++ if (excludeCtr > 0) { ++ if (exclude(fullname)) { ++ return -1; ++ } ++ } + ret = lstat(fullname, sb); + if (ret) { + fprintf(stderr, "%s: unable to stat file %s\n", progname, +@@ -655,6 +683,8 @@ + my_file, context, spec_arr[i].context); + } + } ++ syslog(LOG_INFO, "%s: relabeling %s from %s to %s\n", progname, ++ my_file, context, spec_arr[i].context); + + freecon(context); + +@@ -736,8 +766,10 @@ + int opt, items, len, lineno, pass, regerr, i, j; + spec_t *spec_copy; + ++ memset(excludeArray,0, sizeof(excludeArray)); ++ + /* Process any options. */ +- while ((opt = getopt(argc, argv, "c:dnqrsvWo:")) > 0) { ++ while ((opt = getopt(argc, argv, "c:dnqrsvWe:o:")) > 0) { + switch (opt) { + case 'c': + { +@@ -761,6 +793,33 @@ + + break; + } ++ case 'e': ++ { ++ int len; ++ struct stat sb; ++ if(optarg[0] != '/') { ++ fprintf(stderr, "Full patch required for exclude: %s.\n", ++ optarg); ++ exit(1); ++ } ++ if(lstat(optarg, &sb)) { ++ fprintf(stderr, "Directory \"%s\" not found.\n", optarg); ++ exit(1); ++ } ++ if ((sb.st_mode & S_IFDIR) == 0 ) { ++ fprintf(stderr, "\"%s\" is not a Directory.%d\n", optarg,sb.st_mode); ++ exit(1); ++ } ++ len=strlen(optarg); ++ excludeArray[excludeCtr].directory = strdup(optarg); ++ excludeArray[excludeCtr++].size = len; ++ if (excludeCtr > MAX_EXCLUDES) { ++ fprintf(stderr, "Maximum excludes %d exceeded.\n", ++ MAX_EXCLUDES); ++ } ++ break; ++ } ++ + case 'd': + debug = 1; + break; +@@ -1102,6 +1161,10 @@ + if (outfile) + fclose(outfile); + ++ for(i=0; i < excludeCtr; i++) { ++ free(excludeArray[i].directory); ++ } ++ + QPRINTF("%s: Done.\n", argv[0]); + + exit(0); diff --git a/policycoreutils.spec b/policycoreutils.spec index 054fca7..a6f77da 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,7 +1,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.17.5 -Release: 5 +Release: 6 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -77,6 +77,10 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Fri Oct 1 2004 Dan Walsh 1.17.5-6 +- Add -e (exclude directory) switch to setfiles +- Add syslog to setfiles + * Fri Sep 24 2004 Dan Walsh 1.17.5-5 - Add -R (recursive) switch to restorecon.