* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.37-1
- Update to match NSA - Add chcat to policycoreutils, adding +/- syntax ` * Tue Dec 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.36-2 - Require new version of libsemanage
This commit is contained in:
parent
f32c1f36b1
commit
80b61a63f9
@ -72,3 +72,4 @@ policycoreutils-1.27.31.tgz
|
||||
policycoreutils-1.27.33.tgz
|
||||
policycoreutils-1.27.35.tgz
|
||||
policycoreutils-1.27.36.tgz
|
||||
policycoreutils-1.27.37.tgz
|
||||
|
@ -1,23 +1,232 @@
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.31/scripts/genhomedircon
|
||||
--- nsapolicycoreutils/scripts/genhomedircon 2005-12-01 14:18:40.000000000 -0500
|
||||
+++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 20:19:55.000000000 -0500
|
||||
@@ -133,7 +133,7 @@
|
||||
if rc[0] == 0:
|
||||
return rc[1]+"\n"
|
||||
else:
|
||||
- errorExit(string.join("sed error ", rc[1]))
|
||||
+ errorExit("sed error %s" % rc[1])
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.27.37/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-1.27.37/scripts/chcat 2005-12-07 11:25:54.000000000 -0500
|
||||
@@ -0,0 +1,175 @@
|
||||
+#! /usr/bin/env python
|
||||
+# Copyright (C) 2005 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# chcat is a script that allows you modify the Security label on a file
|
||||
+#
|
||||
+#` Author: Daniel Walsh <dwalsh@redhat.com>
|
||||
+#
|
||||
+# This program is free software; you can redistribute it and/or
|
||||
+# modify it under the terms of the GNU General Public License as
|
||||
+# published by the Free Software Foundation; either version 2 of
|
||||
+# the License, or (at your option) any later version.
|
||||
+#
|
||||
+# This program is distributed in the hope that it will be useful,
|
||||
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+# GNU General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License
|
||||
+# along with this program; if not, write to the Free Software
|
||||
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
+# 02111-1307 USA
|
||||
+#
|
||||
+#
|
||||
+import commands, sys, os, pwd, string, getopt, re, selinux
|
||||
+
|
||||
+def chcat_add(orig, newcat, files):
|
||||
+ errors=0
|
||||
+ cmd='chcon -l '
|
||||
+ sensitivity=newcat[0]
|
||||
+ cat=newcat[1]
|
||||
+ for f in files:
|
||||
+ (rc, con) = selinux.getfilecon(f)
|
||||
+ (rc, raw) = selinux.selinux_trans_to_raw_context(con)
|
||||
+ clist=raw.split(":")[3:]
|
||||
+ if len(clist) > 1:
|
||||
+ if clist[0] != sensitivity:
|
||||
+ print("Can not modify sensitivity levels using '+' on %s" % f)
|
||||
+ continue
|
||||
+ cats=clist[1].split(",")
|
||||
+ if newcat[1] in cats:
|
||||
+ print "%s is already in %s" % (f, orig)
|
||||
+ continue
|
||||
+ cats.append(newcat[1])
|
||||
+ cats.sort()
|
||||
+ cat=cats[0]
|
||||
+ for c in cats[1:]:
|
||||
+ cat="%s,%s" % (cat, c)
|
||||
+ cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
|
||||
+ rc=commands.getstatusoutput(cmd)
|
||||
+ if rc[0] != 0:
|
||||
+ errors+=1
|
||||
+ return errors
|
||||
+
|
||||
+def chcat_remove(orig, newcat, files):
|
||||
+ errors=0
|
||||
+ sensitivity=newcat[0]
|
||||
+ cat=newcat[1]
|
||||
+ for f in files:
|
||||
+ (rc, con) = selinux.getfilecon(f)
|
||||
+ (rc, raw) = selinux.selinux_trans_to_raw_context(con)
|
||||
+ clist=raw.split(":")[3:]
|
||||
+ if len(clist) > 1:
|
||||
+ if clist[0] != sensitivity:
|
||||
+ print("Can not modify sensitivity levels using '+' on %s" % f)
|
||||
+ continue
|
||||
+ cats=clist[1].split(",")
|
||||
+ if newcat[1] not in cats:
|
||||
+ print "%s is not in %s" % (f, orig)
|
||||
+ continue
|
||||
+ cats.remove(newcat[1])
|
||||
+ if len(cats) > 0:
|
||||
+ cat=cats[0]
|
||||
+ for c in cats[1:]:
|
||||
+ cat="%s,%s" % (cat, c)
|
||||
+ else:
|
||||
+ cat=""
|
||||
+ else:
|
||||
+ print "%s is not in %s" % (f, orig)
|
||||
+ continue
|
||||
+
|
||||
+ if len(cat) == 0:
|
||||
+ cmd='chcon -l %s %s' % (sensitivity, f)
|
||||
+ else:
|
||||
+ cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
|
||||
+ rc=commands.getstatusoutput(cmd)
|
||||
+ if rc[0] != 0:
|
||||
+ errors+=1
|
||||
+ return errors
|
||||
+
|
||||
+def chcat(context, files):
|
||||
+ errors=0
|
||||
+ for c in context:
|
||||
+ if len(c) > 0 and c[0] == "+":
|
||||
+ (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
|
||||
+ rlist=raw.split(":")
|
||||
+ if len(rlist) < 5:
|
||||
+ print "%s must have a sensitivity and at least one category" % c[1:]
|
||||
+ continue
|
||||
+ errors += chcat_add(c[1:], rlist[3:], files)
|
||||
+ continue
|
||||
+ if len(c) > 0 and c[0] == "-":
|
||||
+ (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
|
||||
+ rlist=raw.split(":")
|
||||
+ if len(rlist) < 5:
|
||||
+ print "%s must have a sensitivity and at least one category" % c[1:]
|
||||
+ continue
|
||||
+ errors += chcat_remove(c[1:], rlist[3:], files)
|
||||
+ continue
|
||||
+
|
||||
+ cmd='chcon -l "%s"' % c
|
||||
+ for f in files:
|
||||
+ cmd = "%s %s" % (cmd, f)
|
||||
+
|
||||
+ rc=commands.getstatusoutput(cmd)
|
||||
+ if rc[0] != 0:
|
||||
+ print rc[1]
|
||||
+ errors += 1
|
||||
+ return errors
|
||||
+
|
||||
+def usage():
|
||||
+ print "Usage %s CATEGORY File ..." % sys.argv[0]
|
||||
+ print "Usage %s [[+|-]CATEGORY],...]q File ..." % sys.argv[0]
|
||||
+ print "Usage %s -d File ..." % sys.argv[0]
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+def error(msg):
|
||||
+ print "%s: %s" % (sys.argv[0], msg)
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+if __name__ == '__main__':
|
||||
+ if selinux.is_selinux_mls_enabled() != 1:
|
||||
+ error("Requires a mls enabled system")
|
||||
+
|
||||
+ if selinux.is_selinux_enabled() != 1:
|
||||
+ error("Requires an SELinux enabled system")
|
||||
+
|
||||
+ delete_ind=0
|
||||
+ gopts, cmds = getopt.getopt(sys.argv[1:],
|
||||
+ 'dh',
|
||||
+ ['help',
|
||||
+ 'delete'])
|
||||
+
|
||||
+ for o,a in gopts:
|
||||
+ if o == "-h" or o == "--help":
|
||||
+ usage()
|
||||
+ if o == "-d" or o == "--delete":
|
||||
+ delete_ind=1
|
||||
+
|
||||
+ if len(cmds) < 1:
|
||||
+ usage()
|
||||
+
|
||||
+ if delete_ind:
|
||||
+ sys.exit(chcat([""], cmds))
|
||||
+
|
||||
+ if len(cmds) < 2:
|
||||
+ usage()
|
||||
+
|
||||
+ cats=cmds[0].split(",")
|
||||
+ set_ind=0
|
||||
+ mod_ind=0
|
||||
+ for i in cats:
|
||||
+ if i[0]=='+' or i[0]=="-":
|
||||
+ mod_ind=1
|
||||
+ if set_ind == 1:
|
||||
+ error("You can not use '%s' with previous categories" % i)
|
||||
+ else:
|
||||
+ if mod_ind == 1 or set_ind==1:
|
||||
+ error("You can not use '%s' with previous categories" % i)
|
||||
+ set_ind=1
|
||||
+
|
||||
+ files=cmds[1:]
|
||||
+ sys.exit(chcat(cats, files))
|
||||
+
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.27.37/scripts/chcat.8
|
||||
--- nsapolicycoreutils/scripts/chcat.8 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-1.27.37/scripts/chcat.8 2005-12-07 11:28:01.000000000 -0500
|
||||
@@ -0,0 +1,29 @@
|
||||
+.TH CHCAT "8" "September 2005" "chcat" "User Commands"
|
||||
+.SH NAME
|
||||
+chcat \- change file security category
|
||||
+.SH SYNOPSIS
|
||||
+.B chcat
|
||||
+\fICATEGORY FILE\fR...
|
||||
+.br
|
||||
+.B chcat
|
||||
+\fI[[+|-]CATEGORY],...] FILE\fR...
|
||||
+.br
|
||||
+.B chcat
|
||||
+[\fI-d\fR] \fIFILE\fR...
|
||||
+.br
|
||||
+.PP
|
||||
+Change/Remove the security CATEGORY for each FILE.
|
||||
+.PP
|
||||
+Use +/- to add/remove categories from a FILE.
|
||||
+.TP
|
||||
+\fB\-d\fR
|
||||
+delete the category from each file.
|
||||
+.SH "SEE ALSO"
|
||||
+.TP
|
||||
+chcon(1), selinux(8)
|
||||
+.PP
|
||||
+.br
|
||||
+This script wraps the chcon command.
|
||||
+.SH "FILES"
|
||||
+/etc/selinux/{SELINUXTYPE}/setrans.conf
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-1.27.37/scripts/Makefile
|
||||
--- nsapolicycoreutils/scripts/Makefile 2005-01-28 15:24:12.000000000 -0500
|
||||
+++ policycoreutils-1.27.37/scripts/Makefile 2005-12-07 11:20:00.000000000 -0500
|
||||
@@ -4,7 +4,7 @@
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
LOCALEDIR ?= /usr/share/locale
|
||||
|
||||
def heading(self):
|
||||
ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
|
||||
@@ -329,8 +329,8 @@
|
||||
selconf.write()
|
||||
-TARGETS=genhomedircon
|
||||
+TARGETS=genhomedircon chcat
|
||||
|
||||
all: $(TARGETS) fixfiles
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
-mkdir -p $(MANDIR)/man8
|
||||
install -m 644 fixfiles.8 $(MANDIR)/man8/
|
||||
install -m 644 genhomedircon.8 $(MANDIR)/man8/
|
||||
+ install -m 644 chcat.8 $(MANDIR)/man8/
|
||||
|
||||
clean:
|
||||
|
||||
except getopt.error, error:
|
||||
- errorExit(string.join("Options Error ", error))
|
||||
+ errorExit("Options Error %s " % error)
|
||||
except ValueError, error:
|
||||
- errorExit(string.join("ValueError ", error))
|
||||
+ errorExit("ValueError %s" % error)
|
||||
except IndexError, error:
|
||||
errorExit("IndexError")
|
||||
|
@ -1,14 +1,14 @@
|
||||
%define libsepolver 1.9.41-1
|
||||
%define libsemanagever 1.3.64-1
|
||||
%define libselinuxver 1.27.28-1
|
||||
%define libselinuxver 1.27.28-2
|
||||
Summary: SELinux policy core utilities.
|
||||
Name: policycoreutils
|
||||
Version: 1.27.36
|
||||
Release: 2
|
||||
Version: 1.27.37
|
||||
Release: 1
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
#Patch: policycoreutils-rhat.patch
|
||||
Patch: policycoreutils-rhat.patch
|
||||
|
||||
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}
|
||||
PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff
|
||||
@ -34,7 +34,7 @@ context.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
#%patch -p1 -b .rhat
|
||||
%patch -p1 -b .rhat
|
||||
|
||||
%build
|
||||
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all
|
||||
@ -94,6 +94,10 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||
|
||||
%changelog
|
||||
* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.37-1
|
||||
- Update to match NSA
|
||||
- Add chcat to policycoreutils, adding +/- syntax
|
||||
`
|
||||
* Tue Dec 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.36-2
|
||||
- Require new version of libsemanage
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user