* Fri Feb 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-3

- Add messages for audit2allow DONTAUDIT
2008-02-08 19:59:45 +00:00 · 2008-02-08 19:59:45 +00:00 · 813c122421
commit 813c122421
parent 0568ee7f2d
3 changed files with 25 additions and 7 deletions
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@ -9976,7 +9976,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
 +"""
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.42/gui/templates/executable.py
 --- nsapolicycoreutils/gui/templates/executable.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.42/gui/templates/executable.py	2008-02-05 16:11:05.000000000 -0500
+++ policycoreutils-2.0.42/gui/templates/executable.py	2008-02-08 14:55:16.000000000 -0500
@@ -0,0 +1,328 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -10067,7 +10067,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +# Init script handling
 +domain_use_interactive_fds(TEMPLATETYPE_t)
 +
-+## internal communication is often done using fifo and unix sockets.
+# internal communication is often done using fifo and unix sockets.
 +allow TEMPLATETYPE_t self:fifo_file rw_file_perms;
 +allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
 +
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,15 +1,30 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.38/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.42/audit2allow/audit2allow
+--- nsapolicycoreutils/audit2allow/audit2allow	2008-01-28 16:52:25.000000000 -0500
+++ policycoreutils-2.0.42/audit2allow/audit2allow	2008-02-08 10:43:47.000000000 -0500
+@@ -247,6 +247,11 @@
+                     print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
+                     print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
+                     continue
+                if rc == audit2why.DONTAUDIT:
+                    print "\t\tUnknown - should be dontaudit'd by active policy\n",
+                    print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
+                    print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
+                    continue
+                 if rc == audit2why.BOOLEAN:
+                     if len(bools) > 1:
+                         print "\tOne of the following booleans was set incorrectly."
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.42/Makefile
 --- nsapolicycoreutils/Makefile	2007-12-19 06:02:52.000000000 -0500
-+++ policycoreutils-2.0.38/Makefile	2008-01-24 15:31:27.000000000 -0500
+++ policycoreutils-2.0.42/Makefile	2008-02-05 16:09:43.000000000 -0500
@@ -1,4 +1,4 @@
 -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
 
 INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
 
-diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.38/restorecond/restorecond.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.42/restorecond/restorecond.c
 --- nsapolicycoreutils/restorecond/restorecond.c	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.38/restorecond/restorecond.c	2008-01-24 15:31:27.000000000 -0500
+++ policycoreutils-2.0.42/restorecond/restorecond.c	2008-02-05 16:09:43.000000000 -0500
@@ -210,9 +210,10 @@
 			}
 
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.42
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then
 fi

 %changelog
+* Fri Feb 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-3
+- Add messages for audit2allow DONTAUDIT
+
 * Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-2
 - Add ability to transition to roles via polgengui