From 85e2ce7e5a53c311f0cdd7fa3fa6a56ba3d79331 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 1 Aug 2007 13:42:41 +0000 Subject: [PATCH] * Wed Aug 1 2007 Dan Walsh 2.0.22-12 - Allow semanage fcontext -a -t <> /path to work --- policycoreutils-rhat.patch | 130 +++++++++++++++++++++++++++++++------ policycoreutils.spec | 6 +- 2 files changed, 115 insertions(+), 21 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index a8cbd7f..3e2a565 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-2.0.22/audit2allow/Makefile --- nsapolicycoreutils/audit2allow/Makefile 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/audit2allow/Makefile 2007-07-23 10:40:06.000000000 -0400 ++++ policycoreutils-2.0.22/audit2allow/Makefile 2007-07-31 15:45:57.000000000 -0400 @@ -1,6 +1,7 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr @@ -18,9 +18,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -mkdir -p $(MANDIR)/man1 install -m 644 audit2allow.1 $(MANDIR)/man1/ +diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/ChangeLog policycoreutils-2.0.22/ChangeLog +--- nsapolicycoreutils/ChangeLog 2007-07-16 14:20:43.000000000 -0400 ++++ policycoreutils-2.0.22/ChangeLog 2007-06-21 05:17:13.000000000 -0400 +@@ -91,7 +91,6 @@ + 1.33.15 2007-01-17 + * Merged unicode-to-string fix for seobject audit from Dan Walsh. + * Merged man page updates to make "apropos selinux" work from Dan Walsh. +- + 1.33.14 2007-01-16 + * Merged newrole man page patch from Michael Thompson. + diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.22/Makefile --- nsapolicycoreutils/Makefile 2007-07-16 14:20:43.000000000 -0400 -+++ policycoreutils-2.0.22/Makefile 2007-07-23 10:40:06.000000000 -0400 ++++ policycoreutils-2.0.22/Makefile 2007-07-31 15:45:57.000000000 -0400 @@ -1,4 +1,4 @@ -SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui @@ -29,7 +40,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po @for subdir in $(SUBDIRS); do \ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.22/restorecond/Makefile --- nsapolicycoreutils/restorecond/Makefile 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/restorecond/Makefile 2007-07-23 10:40:06.000000000 -0400 ++++ policycoreutils-2.0.22/restorecond/Makefile 2007-07-31 15:45:57.000000000 -0400 @@ -22,7 +22,7 @@ -mkdir -p $(INITDIR) install -m 644 restorecond.init $(INITDIR)/restorecond @@ -41,7 +52,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po /sbin/restorecon $(SBINDIR)/restorecond diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.22/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/restorecond/restorecond.c 2007-07-23 10:40:06.000000000 -0400 ++++ policycoreutils-2.0.22/restorecond/restorecond.c 2007-07-31 15:45:57.000000000 -0400 @@ -210,9 +210,10 @@ } @@ -70,7 +81,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po close(fd); diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/run_init/Makefile policycoreutils-2.0.22/run_init/Makefile --- nsapolicycoreutils/run_init/Makefile 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/run_init/Makefile 2007-07-23 10:40:06.000000000 -0400 ++++ policycoreutils-2.0.22/run_init/Makefile 2007-07-31 15:45:57.000000000 -0400 @@ -34,8 +34,8 @@ install: all test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) @@ -84,7 +95,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po ifeq (${PAMH}, /usr/include/security/pam_appl.h) diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.22/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/scripts/chcat 2007-07-23 10:40:06.000000000 -0400 ++++ policycoreutils-2.0.22/scripts/chcat 2007-07-31 15:45:57.000000000 -0400 @@ -77,7 +77,7 @@ if len(cats) > 0: @@ -105,7 +116,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po if add_ind: diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.22/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/scripts/fixfiles 2007-07-31 15:36:53.000000000 -0400 ++++ policycoreutils-2.0.22/scripts/fixfiles 2007-07-31 15:45:57.000000000 -0400 @@ -88,7 +88,7 @@ esac; \ fi; \ @@ -125,7 +136,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po # diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.22/scripts/genhomedircon --- nsapolicycoreutils/scripts/genhomedircon 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/scripts/genhomedircon 2007-07-23 10:40:06.000000000 -0400 ++++ policycoreutils-2.0.22/scripts/genhomedircon 2007-07-31 15:45:57.000000000 -0400 @@ -302,7 +302,7 @@ regex = re.sub("\(\/\.\*\)\?", "", regex) @@ -137,7 +148,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po continue diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.22/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/semanage/semanage 2007-07-23 10:40:06.000000000 -0400 ++++ policycoreutils-2.0.22/semanage/semanage 2007-07-31 15:45:57.000000000 -0400 @@ -34,7 +34,10 @@ sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace') @@ -152,7 +163,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po __builtin__.__dict__['_'] = unicode diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.22/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.22/semanage/seobject.py 2007-07-31 09:55:36.000000000 -0400 ++++ policycoreutils-2.0.22/semanage/seobject.py 2007-08-01 09:23:28.000000000 -0400 @@ -210,6 +210,7 @@ os.write(fd, self.out()) os.close(fd) @@ -161,7 +172,33 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po class semanageRecords: def __init__(self): -@@ -1051,26 +1052,30 @@ +@@ -1024,6 +1025,25 @@ + def __init__(self): + semanageRecords.__init__(self) + ++ def createcon(self): ++ (rc, con) = semanage_context_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create context for %s") % target) ++ rc = semanage_context_set_user(self.sh, con, "system_u") ++ if rc < 0: ++ raise ValueError(_("Could not set user in file context for %s") % target) ++ ++ rc = semanage_context_set_role(self.sh, con, "object_r") ++ if rc < 0: ++ raise ValueError(_("Could not set role in file context for %s") % target) ++ ++ if is_mls_enabled == 1: ++ rc = semanage_context_set_mls(self.sh, con, "s0") ++ if rc < 0: ++ raise ValueError(_("Could not set mls fields in file context for %s") % target) ++ ++ return con ++ + def add(self, target, type, ftype = "", serange = "", seuser = "system_u"): + if seuser == "": + seuser = "system_u" +@@ -1051,33 +1071,30 @@ raise ValueError(_("Could not create file context for %s") % target) rc = semanage_fcontext_set_expr(self.sh, fcontext, target) @@ -185,14 +222,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po - rc = semanage_context_set_mls(self.sh, con, serange) - if rc < 0: - raise ValueError(_("Could not set mls fields in file context for %s") % target) -+ if type == "<>": -+ rc, con = semanage_context_from_string(self.sh, type) -+ if rc < 0: -+ raise ValueError(_("Could not set context from string %s for %s") % (type, target)) -+ else: -+ (rc, con) = semanage_context_create(self.sh) -+ if rc < 0: -+ raise ValueError(_("Could not create context for %s") % target) ++ if type != "<>": ++ con = self.createcon() + rc = semanage_context_set_user(self.sh, con, seuser) + if rc < 0: + raise ValueError(_("Could not set user in file context for %s") % target) @@ -209,10 +240,69 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po + rc = semanage_context_set_mls(self.sh, con, serange) + if rc < 0: + raise ValueError(_("Could not set mls fields in file context for %s") % target) ++ rc = semanage_fcontext_set_con(self.sh, fcontext, con) ++ if rc < 0: ++ raise ValueError(_("Could not set file context for %s") % target) semanage_fcontext_set_type(fcontext, file_types[ftype]) -@@ -1283,9 +1288,12 @@ +- rc = semanage_fcontext_set_con(self.sh, fcontext, con) +- if rc < 0: +- raise ValueError(_("Could not set file context for %s") % target) +- + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError(_("Could not start semanage transaction")) +@@ -1090,7 +1107,8 @@ + if rc < 0: + raise ValueError(_("Could not add file context for %s") % target) + +- semanage_context_free(con) ++ if type != "<>": ++ semanage_context_free(con) + semanage_fcontext_key_free(k) + semanage_fcontext_free(fcontext) + +@@ -1112,16 +1130,29 @@ + if rc < 0: + raise ValueError(_("Could not query file context for %s") % target) + +- con = semanage_fcontext_get_con(fcontext) ++ if setype != "<>": ++ print setype ++ con = semanage_fcontext_get_con(fcontext) + +- if serange != "": +- semanage_context_set_mls(self.sh, con, untranslate(serange)) +- if seuser != "": +- semanage_context_set_user(self.sh, con, seuser) +- if setype != "": +- semanage_context_set_type(self.sh, con, setype) +- +- rc = semanage_begin_transaction(self.sh) ++ if con == None: ++ con = self.createcon() ++ ++ if serange != "": ++ semanage_context_set_mls(self.sh, con, untranslate(serange)) ++ if seuser != "": ++ semanage_context_set_user(self.sh, con, seuser) ++ if setype != "": ++ semanage_context_set_type(self.sh, con, setype) ++ ++ rc = semanage_fcontext_set_con(self.sh, fcontext, con) ++ if rc < 0: ++ raise ValueError(_("Could not set file context for %s") % target) ++ else: ++ rc = semanage_fcontext_set_con(self.sh, fcontext, None) ++ if rc < 0: ++ raise ValueError(_("Could not set file context for %s") % target) ++ ++ rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError(_("Could not start semanage transaction")) + +@@ -1283,9 +1314,12 @@ raise ValueError(_("Could not list booleans")) for boolean in self.blist: diff --git a/policycoreutils.spec b/policycoreutils.spec index 4a8049f..0e57d62 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.22 -Release: 11%{?dist} +Release: 12%{?dist} License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -192,6 +192,10 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Wed Aug 1 2007 Dan Walsh 2.0.22-12 +- Allow semanage fcontext -a -t <> /path to work + + * Fri Jul 27 2007 Dan Walsh 2.0.22-11 - Fixfiles update required to match new regex