From 80b61a63f95947b1fd7e9a9beaf1499c8285e87f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 7 Dec 2005 16:39:21 +0000 Subject: [PATCH] * Wed Dec 7 2005 Dan Walsh 1.27.37-1 - Update to match NSA - Add chcat to policycoreutils, adding +/- syntax ` * Tue Dec 6 2005 Dan Walsh 1.27.36-2 - Require new version of libsemanage --- .cvsignore | 1 + policycoreutils-rhat.patch | 251 +++++++++++++++++++++++++++++++++---- policycoreutils.spec | 14 ++- sources | 2 +- 4 files changed, 241 insertions(+), 27 deletions(-) diff --git a/.cvsignore b/.cvsignore index af57797..1c0f5be 100644 --- a/.cvsignore +++ b/.cvsignore @@ -72,3 +72,4 @@ policycoreutils-1.27.31.tgz policycoreutils-1.27.33.tgz policycoreutils-1.27.35.tgz policycoreutils-1.27.36.tgz +policycoreutils-1.27.37.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index cc2c98b..708569c 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,23 +1,232 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.31/scripts/genhomedircon ---- nsapolicycoreutils/scripts/genhomedircon 2005-12-01 14:18:40.000000000 -0500 -+++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 20:19:55.000000000 -0500 -@@ -133,7 +133,7 @@ - if rc[0] == 0: - return rc[1]+"\n" - else: -- errorExit(string.join("sed error ", rc[1])) -+ errorExit("sed error %s" % rc[1]) +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.27.37/scripts/chcat +--- nsapolicycoreutils/scripts/chcat 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-1.27.37/scripts/chcat 2005-12-07 11:25:54.000000000 -0500 +@@ -0,0 +1,175 @@ ++#! /usr/bin/env python ++# Copyright (C) 2005 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# chcat is a script that allows you modify the Security label on a file ++# ++#` Author: Daniel Walsh ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++import commands, sys, os, pwd, string, getopt, re, selinux ++ ++def chcat_add(orig, newcat, files): ++ errors=0 ++ cmd='chcon -l ' ++ sensitivity=newcat[0] ++ cat=newcat[1] ++ for f in files: ++ (rc, con) = selinux.getfilecon(f) ++ (rc, raw) = selinux.selinux_trans_to_raw_context(con) ++ clist=raw.split(":")[3:] ++ if len(clist) > 1: ++ if clist[0] != sensitivity: ++ print("Can not modify sensitivity levels using '+' on %s" % f) ++ continue ++ cats=clist[1].split(",") ++ if newcat[1] in cats: ++ print "%s is already in %s" % (f, orig) ++ continue ++ cats.append(newcat[1]) ++ cats.sort() ++ cat=cats[0] ++ for c in cats[1:]: ++ cat="%s,%s" % (cat, c) ++ cmd='chcon -l %s:%s %s' % (sensitivity, cat, f) ++ rc=commands.getstatusoutput(cmd) ++ if rc[0] != 0: ++ errors+=1 ++ return errors ++ ++def chcat_remove(orig, newcat, files): ++ errors=0 ++ sensitivity=newcat[0] ++ cat=newcat[1] ++ for f in files: ++ (rc, con) = selinux.getfilecon(f) ++ (rc, raw) = selinux.selinux_trans_to_raw_context(con) ++ clist=raw.split(":")[3:] ++ if len(clist) > 1: ++ if clist[0] != sensitivity: ++ print("Can not modify sensitivity levels using '+' on %s" % f) ++ continue ++ cats=clist[1].split(",") ++ if newcat[1] not in cats: ++ print "%s is not in %s" % (f, orig) ++ continue ++ cats.remove(newcat[1]) ++ if len(cats) > 0: ++ cat=cats[0] ++ for c in cats[1:]: ++ cat="%s,%s" % (cat, c) ++ else: ++ cat="" ++ else: ++ print "%s is not in %s" % (f, orig) ++ continue ++ ++ if len(cat) == 0: ++ cmd='chcon -l %s %s' % (sensitivity, f) ++ else: ++ cmd='chcon -l %s:%s %s' % (sensitivity, cat, f) ++ rc=commands.getstatusoutput(cmd) ++ if rc[0] != 0: ++ errors+=1 ++ return errors ++ ++def chcat(context, files): ++ errors=0 ++ for c in context: ++ if len(c) > 0 and c[0] == "+": ++ (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:]) ++ rlist=raw.split(":") ++ if len(rlist) < 5: ++ print "%s must have a sensitivity and at least one category" % c[1:] ++ continue ++ errors += chcat_add(c[1:], rlist[3:], files) ++ continue ++ if len(c) > 0 and c[0] == "-": ++ (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:]) ++ rlist=raw.split(":") ++ if len(rlist) < 5: ++ print "%s must have a sensitivity and at least one category" % c[1:] ++ continue ++ errors += chcat_remove(c[1:], rlist[3:], files) ++ continue ++ ++ cmd='chcon -l "%s"' % c ++ for f in files: ++ cmd = "%s %s" % (cmd, f) ++ ++ rc=commands.getstatusoutput(cmd) ++ if rc[0] != 0: ++ print rc[1] ++ errors += 1 ++ return errors ++ ++def usage(): ++ print "Usage %s CATEGORY File ..." % sys.argv[0] ++ print "Usage %s [[+|-]CATEGORY],...]q File ..." % sys.argv[0] ++ print "Usage %s -d File ..." % sys.argv[0] ++ sys.exit(1) ++ ++def error(msg): ++ print "%s: %s" % (sys.argv[0], msg) ++ sys.exit(1) ++ ++if __name__ == '__main__': ++ if selinux.is_selinux_mls_enabled() != 1: ++ error("Requires a mls enabled system") ++ ++ if selinux.is_selinux_enabled() != 1: ++ error("Requires an SELinux enabled system") ++ ++ delete_ind=0 ++ gopts, cmds = getopt.getopt(sys.argv[1:], ++ 'dh', ++ ['help', ++ 'delete']) ++ ++ for o,a in gopts: ++ if o == "-h" or o == "--help": ++ usage() ++ if o == "-d" or o == "--delete": ++ delete_ind=1 ++ ++ if len(cmds) < 1: ++ usage() ++ ++ if delete_ind: ++ sys.exit(chcat([""], cmds)) ++ ++ if len(cmds) < 2: ++ usage() ++ ++ cats=cmds[0].split(",") ++ set_ind=0 ++ mod_ind=0 ++ for i in cats: ++ if i[0]=='+' or i[0]=="-": ++ mod_ind=1 ++ if set_ind == 1: ++ error("You can not use '%s' with previous categories" % i) ++ else: ++ if mod_ind == 1 or set_ind==1: ++ error("You can not use '%s' with previous categories" % i) ++ set_ind=1 ++ ++ files=cmds[1:] ++ sys.exit(chcat(cats, files)) ++ ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.27.37/scripts/chcat.8 +--- nsapolicycoreutils/scripts/chcat.8 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-1.27.37/scripts/chcat.8 2005-12-07 11:28:01.000000000 -0500 +@@ -0,0 +1,29 @@ ++.TH CHCAT "8" "September 2005" "chcat" "User Commands" ++.SH NAME ++chcat \- change file security category ++.SH SYNOPSIS ++.B chcat ++\fICATEGORY FILE\fR... ++.br ++.B chcat ++\fI[[+|-]CATEGORY],...] FILE\fR... ++.br ++.B chcat ++[\fI-d\fR] \fIFILE\fR... ++.br ++.PP ++Change/Remove the security CATEGORY for each FILE. ++.PP ++Use +/- to add/remove categories from a FILE. ++.TP ++\fB\-d\fR ++delete the category from each file. ++.SH "SEE ALSO" ++.TP ++chcon(1), selinux(8) ++.PP ++.br ++This script wraps the chcon command. ++.SH "FILES" ++/etc/selinux/{SELINUXTYPE}/setrans.conf ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-1.27.37/scripts/Makefile +--- nsapolicycoreutils/scripts/Makefile 2005-01-28 15:24:12.000000000 -0500 ++++ policycoreutils-1.27.37/scripts/Makefile 2005-12-07 11:20:00.000000000 -0500 +@@ -4,7 +4,7 @@ + MANDIR ?= $(PREFIX)/share/man + LOCALEDIR ?= /usr/share/locale - def heading(self): - ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0] -@@ -329,8 +329,8 @@ - selconf.write() +-TARGETS=genhomedircon ++TARGETS=genhomedircon chcat + + all: $(TARGETS) fixfiles + +@@ -15,6 +15,7 @@ + -mkdir -p $(MANDIR)/man8 + install -m 644 fixfiles.8 $(MANDIR)/man8/ + install -m 644 genhomedircon.8 $(MANDIR)/man8/ ++ install -m 644 chcat.8 $(MANDIR)/man8/ + + clean: - except getopt.error, error: -- errorExit(string.join("Options Error ", error)) -+ errorExit("Options Error %s " % error) - except ValueError, error: -- errorExit(string.join("ValueError ", error)) -+ errorExit("ValueError %s" % error) - except IndexError, error: - errorExit("IndexError") diff --git a/policycoreutils.spec b/policycoreutils.spec index 9ce1445..a2b85b8 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,14 +1,14 @@ %define libsepolver 1.9.41-1 %define libsemanagever 1.3.64-1 -%define libselinuxver 1.27.28-1 +%define libselinuxver 1.27.28-2 Summary: SELinux policy core utilities. Name: policycoreutils -Version: 1.27.36 -Release: 2 +Version: 1.27.37 +Release: 1 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz -#Patch: policycoreutils-rhat.patch +Patch: policycoreutils-rhat.patch BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff @@ -34,7 +34,7 @@ context. %prep %setup -q -#%patch -p1 -b .rhat +%patch -p1 -b .rhat %build make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all @@ -94,6 +94,10 @@ rm -rf ${RPM_BUILD_ROOT} %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog +* Wed Dec 7 2005 Dan Walsh 1.27.37-1 +- Update to match NSA +- Add chcat to policycoreutils, adding +/- syntax +` * Tue Dec 6 2005 Dan Walsh 1.27.36-2 - Require new version of libsemanage diff --git a/sources b/sources index c38179b..5dc2208 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2bcab3803970b2d6d37ea71a311ae642 policycoreutils-1.27.36.tgz +dded21efb17886131262526c772bc1e3 policycoreutils-1.27.37.tgz