add -e for setfiles and syslog for output

2004-10-01 22:39:03 +00:00 · 2004-10-01 22:39:03 +00:00 · 7cefc43b13
commit 7cefc43b13
parent 1c8e460b14
2 changed files with 160 additions and 4 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,5 +1,5 @@
 --- policycoreutils-1.17.5/restorecon/restorecon.c.rhat	2004-08-30 11:46:46.000000000 -0400
-+++ policycoreutils-1.17.5/restorecon/restorecon.c	2004-09-24 19:14:23.515031544 -0400
+++ policycoreutils-1.17.5/restorecon/restorecon.c	2004-10-01 16:46:18.000000000 -0400
@@ -8,7 +8,7 @@
  * to match the specification returned by matchpathcon.
  *
@ -113,7 +113,7 @@
   }
   if (outfile) 
 --- policycoreutils-1.17.5/restorecon/restorecon.8.rhat	2004-08-30 11:46:46.000000000 -0400
-+++ policycoreutils-1.17.5/restorecon/restorecon.8	2004-09-24 19:23:38.235701184 -0400
+++ policycoreutils-1.17.5/restorecon/restorecon.8	2004-10-01 16:46:18.000000000 -0400
@@ -4,10 +4,10 @@
 
 .SH "SYNOPSIS"
@ -138,7 +138,7 @@
 don't change any file labels.
 .TP 
 --- policycoreutils-1.17.5/scripts/fixfiles.rhat	2004-08-30 11:46:47.000000000 -0400
-+++ policycoreutils-1.17.5/scripts/fixfiles	2004-09-24 18:46:15.672622592 -0400
+++ policycoreutils-1.17.5/scripts/fixfiles	2004-10-01 16:46:18.000000000 -0400
@@ -36,6 +36,8 @@
 FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*\(ro/{print $3}';`
 FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
@ -298,3 +298,155 @@
 
 +rm $FCFILE
 +exit $?
+--- policycoreutils-1.17.5/setfiles/setfiles.8.rhat	2004-10-01 18:37:41.776923384 -0400
+++ policycoreutils-1.17.5/setfiles/setfiles.8	2004-10-01 18:38:38.072735318 -0400
+@@ -4,7 +4,7 @@
+ 
+ .SH "SYNOPSIS"
+ .B setfiles
+-.I [\-d] [\-n] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname...
+.I [\-d] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname...
+ .SH "DESCRIPTION"
+ This manual page describes the
+ .BR setfiles
+@@ -29,6 +29,9 @@
+ .B \-q
+ suppress non-error output.
+ .TP 
+.B \-e directory
+directory to exclude (repeat option for more than one directory.)
+.TP 
+ .B \-o filename
+ save list of files with incorrect context in filename.
+ .TP 
+--- policycoreutils-1.17.5/setfiles/setfiles.c.rhat	2004-08-30 11:46:46.000000000 -0400
+++ policycoreutils-1.17.5/setfiles/setfiles.c	2004-10-01 18:35:17.000000000 -0400
+@@ -12,8 +12,9 @@
+  * the user.  The program does not cross file system boundaries.
+  *
+  * USAGE:
+- * setfiles [-dnpqsvW] [-c policy] [-o filename ] spec_file pathname...
+ * setfiles [-dnpqsvW] [-e directory ] [-c policy] [-o filename ] spec_file pathname...
+  * 
+ * -e   Specify directory to exclude
+  * -c   Verify the specification file using a binary policy
+  * -d   Show what specification matched each file.
+  * -n	Do not change any file labels.
+@@ -69,10 +70,20 @@
+ #include <limits.h>
+ #include <sepol/sepol.h>
+ #include <selinux/selinux.h>
+#include <syslog.h> 
+#include <libgen.h>
+ 
+ static int add_assoc = 1;
+ static FILE *outfile=NULL;
+ 
+#define MAX_EXCLUDES 100
+static int excludeCtr=0;
+struct edir {
+	char *directory;
+        int size;
+};
+static struct edir excludeArray[MAX_EXCLUDES];
+
+ /*
+  * Command-line options.
+  */
+@@ -140,6 +151,18 @@
+ 	return tmp - buf;
+ }
+ 
+static int exclude(const char *file) {
+	int i=0;
+	for(i=0; i < excludeCtr; i++) { 
+		if (strncmp(file,excludeArray[i].directory,excludeArray[i].size)==0) {
+			if (file[excludeArray[i].size]==0 || 
+			    file[excludeArray[i].size]=='/') {
+				return 1;
+			}
+		}
+	}
+	return 0;
+}
+ /* return the length of the text that is the stem of a file name */
+ int get_stem_from_file_name(const char * const buf)
+ {
+@@ -393,6 +416,11 @@
+ 		buf += rootpathlen;
+ 	}
+ 
+	if (excludeCtr > 0) {
+		if (exclude(fullname)) {
+			return -1;
+		}
+	}
+ 	ret = lstat(fullname, sb);
+ 	if (ret) {
+ 		fprintf(stderr, "%s:  unable to stat file %s\n", progname,
+@@ -655,6 +683,8 @@
+ 			       my_file, context, spec_arr[i].context);
+ 		}
+ 	}
+	syslog(LOG_INFO, "%s:  relabeling %s from %s to %s\n", progname,
+	       my_file, context, spec_arr[i].context);
+ 
+ 	freecon(context);
+ 
+@@ -736,8 +766,10 @@
+ 	int opt, items, len, lineno, pass, regerr, i, j;
+ 	spec_t *spec_copy;
+ 
+	memset(excludeArray,0, sizeof(excludeArray));
+
+ 	/* Process any options. */
+-	while ((opt = getopt(argc, argv, "c:dnqrsvWo:")) > 0) {
+	while ((opt = getopt(argc, argv, "c:dnqrsvWe:o:")) > 0) {
+ 		switch (opt) {
+ 		case 'c':
+ 		{
+@@ -761,6 +793,33 @@
+ 			
+ 			break;
+ 		}
+		case 'e':
+		{
+			int len;
+			struct stat sb;
+			if(optarg[0] != '/') {
+				fprintf(stderr, "Full patch required for exclude: %s.\n", 
+					optarg);
+				exit(1);
+			}
+			if(lstat(optarg, &sb)) {
+				fprintf(stderr, "Directory \"%s\" not found.\n", optarg);
+				exit(1);
+			}
+			if ((sb.st_mode & S_IFDIR) == 0 ) {
+				fprintf(stderr, "\"%s\" is not a Directory.%d\n", optarg,sb.st_mode);
+				exit(1);
+			}
+			len=strlen(optarg);
+			excludeArray[excludeCtr].directory = strdup(optarg);
+			excludeArray[excludeCtr++].size = len;
+			if (excludeCtr > MAX_EXCLUDES) {
+				fprintf(stderr, "Maximum excludes %d exceeded.\n", 
+					MAX_EXCLUDES);
+			}
+			break;
+		}
+			
+ 		case 'd':
+ 			debug = 1;
+ 			break;
+@@ -1102,6 +1161,10 @@
+ 	if (outfile) 
+ 		fclose(outfile);
+ 
+	for(i=0; i < excludeCtr; i++) { 
+		free(excludeArray[i].directory);
+	}
+
+ 	QPRINTF("%s:  Done.\n", argv[0]);
+ 
+ 	exit(0);
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -1,7 +1,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.17.5
-Release: 5
+Release: 6
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -77,6 +77,10 @@ rm -rf ${RPM_BUILD_ROOT}


 %changelog
+* Fri Oct 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-6
+- Add -e (exclude directory) switch to setfiles 
+- Add syslog to setfiles
+
 * Fri Sep 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-5
 - Add -R (recursive) switch to restorecon.