rpms/policycoreutils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

* Tue Jan 9 2007 Dan Walsh <dwalsh@redhat.com> 1.33.10-1

Browse Source 
- Update to upstream
	* Merged patch to correctly handle a failure during semanage handle
	  creation from Karl MacMillan.
	* Merged patch to fix seobject role modification from Dan Walsh.
This commit is contained in:
Daniel J Walsh 2007-01-09 15:19:22 +00:00
parent a7ddfb4786
commit 7d7e0bdd54
4 changed files with 62 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -122,3 +122,4 @@ policycoreutils-1.33.5.tgz
policycoreutils-1.33.6.tgz policycoreutils-1.33.6.tgz
policycoreutils-1.33.7.tgz policycoreutils-1.33.7.tgz
policycoreutils-1.33.8.tgz policycoreutils-1.33.8.tgz
policycoreutils-1.33.10.tgz

134
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-1.33.8/gui/booleansPage.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-1.33.10/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/booleansPage.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/booleansPage.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,199 @@ @@ -0,0 +1,199 @@
+# +#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel +# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@ -201,9 +201,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ +
+ setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val) + setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val)
+ commands.getstatusoutput(setsebool) + commands.getstatusoutput(setsebool)
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-1.33.8/gui/fcontextPage.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-1.33.10/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/fcontextPage.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/fcontextPage.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,158 @@ @@ -0,0 +1,158 @@
+## fcontextPage.py - show selinux mappings +## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc. +## Copyright (C) 2006 Red Hat, Inc.
@ -363,9 +363,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ self.store.set_value(iter, 0, fspec) + self.store.set_value(iter, 0, fspec)
+ self.store.set_value(iter, 2, ftype) + self.store.set_value(iter, 2, ftype)
+ self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls)) + self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls))
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-1.33.8/gui/loginsPage.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-1.33.10/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/loginsPage.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/loginsPage.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,161 @@ @@ -0,0 +1,161 @@
+## loginsPage.py - show selinux mappings +## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc. +## Copyright (C) 2006 Red Hat, Inc.
@ -528,9 +528,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ self.store.set_value(iter, 1, seuser) + self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange)) + self.store.set_value(iter, 2, seobject.translate(serange))
+ +
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-1.33.8/gui/Makefile diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-1.33.10/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/Makefile 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/Makefile 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,30 @@ @@ -0,0 +1,30 @@
+# Installation directories. +# Installation directories.
+PREFIX ?= ${DESTDIR}/usr +PREFIX ?= ${DESTDIR}/usr
@ -562,9 +562,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+indent: +indent:
+ +
+relabel: +relabel:
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-1.33.8/gui/mappingsPage.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-1.33.10/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/mappingsPage.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/mappingsPage.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,54 @@ @@ -0,0 +1,54 @@
+## mappingsPage.py - show selinux mappings +## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc. +## Copyright (C) 2006 Red Hat, Inc.
@ -620,9 +620,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ for k in keys: + for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) + print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+ +
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-1.33.8/gui/modulesPage.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-1.33.10/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/modulesPage.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/modulesPage.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,161 @@ @@ -0,0 +1,161 @@
+## modulesPage.py - show selinux mappings +## modulesPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc. +## Copyright (C) 2006 Red Hat, Inc.
@ -785,9 +785,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ +
+ +
+ +
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-1.33.8/gui/portsPage.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-1.33.10/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/portsPage.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/portsPage.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,214 @@ @@ -0,0 +1,214 @@
+## portsPage.py - show selinux mappings +## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc. +## Copyright (C) 2006 Red Hat, Inc.
@ -1003,9 +1003,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ self.store.set_value(iter, MLS_COL, mls) + self.store.set_value(iter, MLS_COL, mls)
+ +
+ +
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-1.33.8/gui/selinux.tbl diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-1.33.10/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/selinux.tbl 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/selinux.tbl 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,265 @@ @@ -0,0 +1,265 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon") +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow") +allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow")
@ -1272,9 +1272,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon") +ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon")
+ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon") +ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon")
+zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon") +zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon")
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-1.33.8/gui/semanagePage.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-1.33.10/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/semanagePage.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/semanagePage.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,109 @@ @@ -0,0 +1,109 @@
+## semanagePage.py - show selinux mappings +## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc. +## Copyright (C) 2006 Red Hat, Inc.
@ -1385,9 +1385,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ self.dialog.hide() + self.dialog.hide()
+ +
+ +
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-1.33.8/gui/statusPage.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-1.33.10/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/statusPage.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/statusPage.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,213 @@ @@ -0,0 +1,213 @@
+## statusPage.py - show selinux status +## statusPage.py - show selinux status
+## Copyright (C) 2006 Red Hat, Inc. +## Copyright (C) 2006 Red Hat, Inc.
@ -1602,9 +1602,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ return self.types[self.selinuxTypeOptionMenu.get_active()] + return self.types[self.selinuxTypeOptionMenu.get_active()]
+ +
+ +
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-1.33.8/gui/system-config-selinux.glade diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-1.33.10/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/system-config-selinux.glade 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/system-config-selinux.glade 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,2803 @@ @@ -0,0 +1,2803 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*--> +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd"> +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@ -4409,9 +4409,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+</widget> +</widget>
+ +
+</glade-interface> +</glade-interface>
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-1.33.8/gui/system-config-selinux.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-1.33.10/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/system-config-selinux.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/system-config-selinux.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,156 @@ @@ -0,0 +1,156 @@
+#!/usr/bin/python +#!/usr/bin/python
+# +#
@ -4569,9 +4569,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ +
+ app = childWindow() + app = childWindow()
+ app.stand_alone() + app.stand_alone()
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-1.33.8/gui/translationsPage.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-1.33.10/gui/translationsPage.py
--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/translationsPage.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/translationsPage.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,109 @@ @@ -0,0 +1,109 @@
+## translationsPage.py - show selinux translations +## translationsPage.py - show selinux translations
+## Copyright (C) 2006 Red Hat, Inc. +## Copyright (C) 2006 Red Hat, Inc.
@ -4682,9 +4682,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ store, iter = self.view.get_selection().get_selected() + store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, level) + self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation) + self.store.set_value(iter, 1, translation)
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-1.33.8/gui/usersPage.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-1.33.10/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.33.8/gui/usersPage.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/gui/usersPage.py 2007-01-09 09:13:43.000000000 -0500
@@ -0,0 +1,155 @@ @@ -0,0 +1,155 @@
+## usersPage.py - show selinux mappings +## usersPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc. +## Copyright (C) 2006 Red Hat, Inc.
@ -4841,66 +4841,45 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ except ValueError, e: + except ValueError, e:
+ self.error(e.args[0]) + self.error(e.args[0])
+ +
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.33.8/Makefile diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.33.10/Makefile
--- nsapolicycoreutils/Makefile 2006-11-16 17:15:00.000000000 -0500 --- nsapolicycoreutils/Makefile 2006-11-16 17:15:00.000000000 -0500
+++ policycoreutils-1.33.8/Makefile 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/Makefile 2007-01-09 09:13:43.000000000 -0500
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po -SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui +SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
all install relabel clean indent: all install relabel clean indent:
@for subdir in $(SUBDIRS); do \ @for subdir in $(SUBDIRS); do \
Binary files nsapolicycoreutils/newrole/newrole and policycoreutils-1.33.8/newrole/newrole differ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.33.10/newrole/newrole.c
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.33.8/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2007-01-04 17:01:41.000000000 -0500 --- nsapolicycoreutils/newrole/newrole.c 2007-01-04 17:01:41.000000000 -0500
+++ policycoreutils-1.33.8/newrole/newrole.c 2007-01-05 11:17:36.000000000 -0500 +++ policycoreutils-1.33.10/newrole/newrole.c 2007-01-09 09:13:43.000000000 -0500
@@ -67,6 +67,7 @@ @@ -741,6 +741,7 @@
#include <selinux/get_context_list.h> /* for SELINUX_DEFAULTUSER */
#include <signal.h>
#include <unistd.h> /* for getuid(), exit(), getopt() */
+#include <sys/stat.h>
#ifdef USE_AUDIT
#include <libaudit.h>
#endif
@@ -733,6 +734,7 @@
security_context_t *new_context,
int *preserve_environment)
{
+ int i; /* index for open file descriptors */
int flag_index; /* flag index in argv[] */
int clflag; /* holds codes for command line flags */
char *role_s = NULL; /* role spec'd by user in argv[] */
@@ -741,6 +743,8 @@
char *level_s = NULL; /* level spec'd by user in argv[] */ char *level_s = NULL; /* level spec'd by user in argv[] */
char *range_ptr = NULL; char *range_ptr = NULL;
security_context_t new_con = NULL; security_context_t new_con = NULL;
+ security_context_t tty_con = NULL; + security_context_t tty_con = NULL;
+ int securetty=0;
context_t context = NULL; /* manipulatable form of new_context */ context_t context = NULL; /* manipulatable form of new_context */
const struct option long_options[] = { const struct option long_options[] = {
{"role", 1, 0, 'r'}, {"role", 1, 0, 'r'},
@@ -793,6 +797,18 @@ @@ -793,6 +794,15 @@
"specified\n")); "specified\n"));
return -1; return -1;
} }
+ for (i=0; i < 3; i++) { + if (fgetfilecon(0,&tty_con) >= 0) {
+ securetty=0; + if (selinux_check_securetty_context(tty_con) != 1) {
+ if (fgetfilecon(i,&tty_con) >= 0) {
+ securetty = (selinux_check_securetty_context(tty_con) == 1);
+ freecon(tty_con);
+ }
+ if (!securetty) {
+ fprintf(stderr, "Error: you are not allowed to change levels on a non secure terminal\n"); + fprintf(stderr, "Error: you are not allowed to change levels on a non secure terminal\n");
+ freecon(tty_con);
+ return -1; + return -1;
+ } + }
+ freecon(tty_con);
+ } + }
+ +
level_s = optarg; level_s = optarg;
break; break;
default: default:
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-1.33.8/restorecond/restorecond.c diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-1.33.10/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2006-11-16 17:14:28.000000000 -0500 --- nsapolicycoreutils/restorecond/restorecond.c 2006-11-16 17:14:28.000000000 -0500
+++ policycoreutils-1.33.8/restorecond/restorecond.c 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/restorecond/restorecond.c 2007-01-09 09:13:43.000000000 -0500
@@ -210,9 +210,10 @@ @@ -210,9 +210,10 @@
} }
@ -4927,18 +4906,18 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
} }
free(scontext); free(scontext);
close(fd); close(fd);
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.33.8/restorecond/restorecond.conf diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.33.10/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2006-11-20 12:19:55.000000000 -0500 --- nsapolicycoreutils/restorecond/restorecond.conf 2006-11-20 12:19:55.000000000 -0500
+++ policycoreutils-1.33.8/restorecond/restorecond.conf 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/restorecond/restorecond.conf 2007-01-09 09:13:43.000000000 -0500
@@ -1,4 +1,5 @@ @@ -1,4 +1,5 @@
/etc/resolv.conf /etc/resolv.conf
+/etc/localtime +/etc/localtime
/etc/samba/secrets.tdb /etc/samba/secrets.tdb
/etc/mtab /etc/mtab
/var/run/utmp /var/run/utmp
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.33.8/scripts/fixfiles diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.33.10/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2006-11-16 17:14:27.000000000 -0500 --- nsapolicycoreutils/scripts/fixfiles 2006-11-16 17:14:27.000000000 -0500
+++ policycoreutils-1.33.8/scripts/fixfiles 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/scripts/fixfiles 2007-01-09 09:13:43.000000000 -0500
@@ -29,6 +29,9 @@ @@ -29,6 +29,9 @@
RPMILES="" RPMILES=""
OUTFILES="" OUTFILES=""
@ -4949,9 +4928,9 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
SYSLOGFLAG="-l" SYSLOGFLAG="-l"
LOGGER=/usr/sbin/logger LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles SETFILES=/sbin/setfiles
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.8/semanage/seobject.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.10/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2006-11-16 17:14:26.000000000 -0500 --- nsapolicycoreutils/semanage/seobject.py 2007-01-09 09:06:59.000000000 -0500
+++ policycoreutils-1.33.8/semanage/seobject.py 2007-01-04 17:10:20.000000000 -0500 +++ policycoreutils-1.33.10/semanage/seobject.py 2007-01-09 09:21:32.000000000 -0500
@@ -94,23 +94,25 @@ @@ -94,23 +94,25 @@
return re.search("^" + reg +"$",raw) return re.search("^" + reg +"$",raw)
@ -4963,8 +4942,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ context = "%s%s" % (filler,raw) + context = "%s%s" % (filler,raw)
else: else:
context = raw context = raw
- (rc, trans) = selinux.selinux_raw_to_trans_context(context) (rc, trans) = selinux.selinux_raw_to_trans_context(context)
+ (rc, trans) = selinux.selinux_raw_to_trans_context(context)
if rc != 0: if rc != 0:
return raw return raw
if prepend: if prepend:
@ -5011,7 +4989,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
class semanageRecords: class semanageRecords:
def __init__(self): def __init__(self):
self.sh = semanage_handle_create() self.sh = semanage_handle_create()
@@ -456,7 +459,8 @@ @@ -459,7 +462,8 @@
rc = semanage_user_set_mlslevel(self.sh, u, selevel) rc = semanage_user_set_mlslevel(self.sh, u, selevel)
if rc < 0: if rc < 0:
raise ValueError(_("Could not set MLS level for %s") % name) raise ValueError(_("Could not set MLS level for %s") % name)
@ -5021,7 +4999,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
rc = semanage_user_set_prefix(self.sh, u, prefix) rc = semanage_user_set_prefix(self.sh, u, prefix)
if rc < 0: if rc < 0:
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix)) raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@@ -522,11 +526,17 @@ @@ -525,7 +529,9 @@
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel)) semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
if prefix != "": if prefix != "":
@ -5031,14 +5009,4 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
+ semanage_user_set_prefix(self.sh, u, prefix) + semanage_user_set_prefix(self.sh, u, prefix)
if len(roles) != 0: if len(roles) != 0:
- for r in roles: for r in rlist:
- semanage_user_add_role(self.sh, u, r)
+ for r in rlist:
+ if r not in roles:
+ semanage_user_del_role(u, r)
+ for r in roles:
+ if r not in rlist:
+ semanage_user_add_role(self.sh, u, r)
rc = semanage_begin_transaction(self.sh)
if rc < 0:

12
policycoreutils.spec
View File

@ -4,7 +4,7 @@
%define libselinuxver 1.33.3-2 %define libselinuxver 1.33.3-2
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.33.8 Version: 1.33.10
Release: 1%{?dist} Release: 1%{?dist}
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
@ -17,9 +17,9 @@ Patch: policycoreutils-rhat.patch
Patch1: policycoreutils-po.patch Patch1: policycoreutils-po.patch
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel gettext BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel gettext
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff /bin/rpm
Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python coreutils audit-libs-python >= %{libauditver} Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python coreutils audit-libs-python >= %{libauditver}
Requires(post): /sbin/service /sbin/chkconfig Requires(post): /sbin/service /sbin/chkconfig
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description %description
@ -168,6 +168,12 @@ fi
[ -x /sbin/service ] && /sbin/service restorecond condrestart > /dev/null [ -x /sbin/service ] && /sbin/service restorecond condrestart > /dev/null
%changelog %changelog
* Tue Jan 9 2007 Dan Walsh <dwalsh@redhat.com> 1.33.10-1
- Update to upstream
* Merged patch to correctly handle a failure during semanage handle
creation from Karl MacMillan.
* Merged patch to fix seobject role modification from Dan Walsh.
* Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> 1.33.8-2 * Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> 1.33.8-2
- Stop newrole -l from working on non secure ttys - Stop newrole -l from working on non secure ttys
Resolves: #200110 Resolves: #200110

2
sources
View File

@ -1 +1 @@
c4c3ebbaf1c11e122441da38fd11478c policycoreutils-1.33.8.tgz 131eadefb07d3e320d860136177578e4 policycoreutils-1.33.10.tgz