* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.37-1

- Update to match NSA
- Add chcat to policycoreutils, adding +/- syntax
`
* Tue Dec 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.36-2
- Require new version of libsemanage
This commit is contained in:
Daniel J Walsh 2005-12-07 16:39:21 +00:00
parent f32c1f36b1
commit 80b61a63f9
4 changed files with 241 additions and 27 deletions

View File

@ -72,3 +72,4 @@ policycoreutils-1.27.31.tgz
policycoreutils-1.27.33.tgz
policycoreutils-1.27.35.tgz
policycoreutils-1.27.36.tgz
policycoreutils-1.27.37.tgz

View File

@ -1,23 +1,232 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.31/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2005-12-01 14:18:40.000000000 -0500
+++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 20:19:55.000000000 -0500
@@ -133,7 +133,7 @@
if rc[0] == 0:
return rc[1]+"\n"
else:
- errorExit(string.join("sed error ", rc[1]))
+ errorExit("sed error %s" % rc[1])
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.27.37/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.27.37/scripts/chcat 2005-12-07 11:25:54.000000000 -0500
@@ -0,0 +1,175 @@
+#! /usr/bin/env python
+# Copyright (C) 2005 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# chcat is a script that allows you modify the Security label on a file
+#
+#` Author: Daniel Walsh <dwalsh@redhat.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+import commands, sys, os, pwd, string, getopt, re, selinux
+
+def chcat_add(orig, newcat, files):
+ errors=0
+ cmd='chcon -l '
+ sensitivity=newcat[0]
+ cat=newcat[1]
+ for f in files:
+ (rc, con) = selinux.getfilecon(f)
+ (rc, raw) = selinux.selinux_trans_to_raw_context(con)
+ clist=raw.split(":")[3:]
+ if len(clist) > 1:
+ if clist[0] != sensitivity:
+ print("Can not modify sensitivity levels using '+' on %s" % f)
+ continue
+ cats=clist[1].split(",")
+ if newcat[1] in cats:
+ print "%s is already in %s" % (f, orig)
+ continue
+ cats.append(newcat[1])
+ cats.sort()
+ cat=cats[0]
+ for c in cats[1:]:
+ cat="%s,%s" % (cat, c)
+ cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
+ rc=commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ errors+=1
+ return errors
+
+def chcat_remove(orig, newcat, files):
+ errors=0
+ sensitivity=newcat[0]
+ cat=newcat[1]
+ for f in files:
+ (rc, con) = selinux.getfilecon(f)
+ (rc, raw) = selinux.selinux_trans_to_raw_context(con)
+ clist=raw.split(":")[3:]
+ if len(clist) > 1:
+ if clist[0] != sensitivity:
+ print("Can not modify sensitivity levels using '+' on %s" % f)
+ continue
+ cats=clist[1].split(",")
+ if newcat[1] not in cats:
+ print "%s is not in %s" % (f, orig)
+ continue
+ cats.remove(newcat[1])
+ if len(cats) > 0:
+ cat=cats[0]
+ for c in cats[1:]:
+ cat="%s,%s" % (cat, c)
+ else:
+ cat=""
+ else:
+ print "%s is not in %s" % (f, orig)
+ continue
+
+ if len(cat) == 0:
+ cmd='chcon -l %s %s' % (sensitivity, f)
+ else:
+ cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
+ rc=commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ errors+=1
+ return errors
+
+def chcat(context, files):
+ errors=0
+ for c in context:
+ if len(c) > 0 and c[0] == "+":
+ (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
+ rlist=raw.split(":")
+ if len(rlist) < 5:
+ print "%s must have a sensitivity and at least one category" % c[1:]
+ continue
+ errors += chcat_add(c[1:], rlist[3:], files)
+ continue
+ if len(c) > 0 and c[0] == "-":
+ (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
+ rlist=raw.split(":")
+ if len(rlist) < 5:
+ print "%s must have a sensitivity and at least one category" % c[1:]
+ continue
+ errors += chcat_remove(c[1:], rlist[3:], files)
+ continue
+
+ cmd='chcon -l "%s"' % c
+ for f in files:
+ cmd = "%s %s" % (cmd, f)
+
+ rc=commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+ return errors
+
+def usage():
+ print "Usage %s CATEGORY File ..." % sys.argv[0]
+ print "Usage %s [[+|-]CATEGORY],...]q File ..." % sys.argv[0]
+ print "Usage %s -d File ..." % sys.argv[0]
+ sys.exit(1)
+
+def error(msg):
+ print "%s: %s" % (sys.argv[0], msg)
+ sys.exit(1)
+
+if __name__ == '__main__':
+ if selinux.is_selinux_mls_enabled() != 1:
+ error("Requires a mls enabled system")
+
+ if selinux.is_selinux_enabled() != 1:
+ error("Requires an SELinux enabled system")
+
+ delete_ind=0
+ gopts, cmds = getopt.getopt(sys.argv[1:],
+ 'dh',
+ ['help',
+ 'delete'])
+
+ for o,a in gopts:
+ if o == "-h" or o == "--help":
+ usage()
+ if o == "-d" or o == "--delete":
+ delete_ind=1
+
+ if len(cmds) < 1:
+ usage()
+
+ if delete_ind:
+ sys.exit(chcat([""], cmds))
+
+ if len(cmds) < 2:
+ usage()
+
+ cats=cmds[0].split(",")
+ set_ind=0
+ mod_ind=0
+ for i in cats:
+ if i[0]=='+' or i[0]=="-":
+ mod_ind=1
+ if set_ind == 1:
+ error("You can not use '%s' with previous categories" % i)
+ else:
+ if mod_ind == 1 or set_ind==1:
+ error("You can not use '%s' with previous categories" % i)
+ set_ind=1
+
+ files=cmds[1:]
+ sys.exit(chcat(cats, files))
+
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.27.37/scripts/chcat.8
--- nsapolicycoreutils/scripts/chcat.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.27.37/scripts/chcat.8 2005-12-07 11:28:01.000000000 -0500
@@ -0,0 +1,29 @@
+.TH CHCAT "8" "September 2005" "chcat" "User Commands"
+.SH NAME
+chcat \- change file security category
+.SH SYNOPSIS
+.B chcat
+\fICATEGORY FILE\fR...
+.br
+.B chcat
+\fI[[+|-]CATEGORY],...] FILE\fR...
+.br
+.B chcat
+[\fI-d\fR] \fIFILE\fR...
+.br
+.PP
+Change/Remove the security CATEGORY for each FILE.
+.PP
+Use +/- to add/remove categories from a FILE.
+.TP
+\fB\-d\fR
+delete the category from each file.
+.SH "SEE ALSO"
+.TP
+chcon(1), selinux(8)
+.PP
+.br
+This script wraps the chcon command.
+.SH "FILES"
+/etc/selinux/{SELINUXTYPE}/setrans.conf
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-1.27.37/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2005-01-28 15:24:12.000000000 -0500
+++ policycoreutils-1.27.37/scripts/Makefile 2005-12-07 11:20:00.000000000 -0500
@@ -4,7 +4,7 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
def heading(self):
ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
@@ -329,8 +329,8 @@
selconf.write()
-TARGETS=genhomedircon
+TARGETS=genhomedircon chcat
all: $(TARGETS) fixfiles
@@ -15,6 +15,7 @@
-mkdir -p $(MANDIR)/man8
install -m 644 fixfiles.8 $(MANDIR)/man8/
install -m 644 genhomedircon.8 $(MANDIR)/man8/
+ install -m 644 chcat.8 $(MANDIR)/man8/
clean:
except getopt.error, error:
- errorExit(string.join("Options Error ", error))
+ errorExit("Options Error %s " % error)
except ValueError, error:
- errorExit(string.join("ValueError ", error))
+ errorExit("ValueError %s" % error)
except IndexError, error:
errorExit("IndexError")

View File

@ -1,14 +1,14 @@
%define libsepolver 1.9.41-1
%define libsemanagever 1.3.64-1
%define libselinuxver 1.27.28-1
%define libselinuxver 1.27.28-2
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.27.36
Release: 2
Version: 1.27.37
Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
#Patch: policycoreutils-rhat.patch
Patch: policycoreutils-rhat.patch
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}
PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff
@ -34,7 +34,7 @@ context.
%prep
%setup -q
#%patch -p1 -b .rhat
%patch -p1 -b .rhat
%build
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all
@ -94,6 +94,10 @@ rm -rf ${RPM_BUILD_ROOT}
%config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog
* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.37-1
- Update to match NSA
- Add chcat to policycoreutils, adding +/- syntax
`
* Tue Dec 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.36-2
- Require new version of libsemanage

View File

@ -1 +1 @@
2bcab3803970b2d6d37ea71a311ae642 policycoreutils-1.27.36.tgz
dded21efb17886131262526c772bc1e3 policycoreutils-1.27.37.tgz