* Tue Jul 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-2

- Remove semodule use within semanage
This commit is contained in:
Daniel J Walsh 2008-07-02 00:52:32 +00:00
parent ad9ae902cf
commit 8ac1404c6b
4 changed files with 50 additions and 88 deletions

View File

@ -181,3 +181,4 @@ policycoreutils-2.0.47.tgz
policycoreutils-2.0.49.tgz
policycoreutils-2.0.50.tgz
sepolgen-1.0.12.tgz
policycoreutils-2.0.51.tgz

View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.50/Makefile
--- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400
+++ policycoreutils-2.0.50/Makefile 2008-07-01 09:43:28.000000000 -0400
--- nsapolicycoreutils/Makefile 2007-12-19 06:02:52.000000000 -0500
+++ policycoreutils-2.0.50/Makefile 2008-07-01 14:59:58.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@ -8,8 +8,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.50/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/restorecond/restorecond.c 2008-07-01 09:43:28.000000000 -0400
--- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400
+++ policycoreutils-2.0.50/restorecond/restorecond.c 2008-07-01 14:59:58.000000000 -0400
@@ -210,9 +210,10 @@
}
@ -36,75 +36,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
}
free(scontext);
close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.50/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/restorecond/restorecond.init 2008-07-01 09:43:28.000000000 -0400
@@ -2,7 +2,7 @@
#
# restorecond: Daemon used to maintain path file context
#
-# chkconfig: 2345 12 87
+# chkconfig: - 12 87
# description: restorecond uses inotify to look for creation of new files \
# listed in the /etc/selinux/restorecond.conf file, and restores the \
# correct security context.
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.50/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/scripts/fixfiles 2008-07-01 09:43:28.000000000 -0400
@@ -138,6 +138,9 @@
fi
LogReadOnly
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
exit $?
}
@@ -180,6 +183,10 @@
check) restore -n -v;;
verify) restore -n -o -;;
relabel) relabel;;
+ onboot)
+ touch /.autorelabel
+ echo "System will relabel on next boot"
+ ;;
*)
usage
exit 1
@@ -189,6 +196,7 @@
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
echo or
echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
+ echo $"Usage: $0 onboot"
}
if [ $# = 0 ]; then
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.50/scripts/fixfiles.8
--- nsapolicycoreutils/scripts/fixfiles.8 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/scripts/fixfiles.8 2008-07-01 09:43:28.000000000 -0400
@@ -7,6 +7,8 @@
.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
+.B fixfiles onboot
+
.SH "DESCRIPTION"
This manual page describes the
.BR fixfiles
@@ -20,6 +22,9 @@
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
jfs file systems as long as they do not have a security context mount
option. You can use the -R flag to use rpmpackages as an alternative.
+.P
+.B fixfiles onboot
+will setup the machine to relabel on the next reboot.
.SH "OPTIONS"
.TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.50/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/semanage/semanage 2008-07-01 09:43:28.000000000 -0400
--- nsapolicycoreutils/semanage/semanage 2008-05-06 14:33:04.000000000 -0400
+++ policycoreutils-2.0.50/semanage/semanage 2008-07-01 20:31:40.000000000 -0400
@@ -43,49 +43,52 @@
if __name__ == '__main__':
@ -231,8 +165,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
if modify:
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.50/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/semanage/semanage.8 2008-07-01 09:43:28.000000000 -0400
--- nsapolicycoreutils/semanage/semanage.8 2008-05-06 14:33:04.000000000 -0400
+++ policycoreutils-2.0.50/semanage/semanage.8 2008-07-01 20:33:48.000000000 -0400
@@ -3,7 +3,7 @@
semanage \- SELinux Policy Management tool
.SH "SYNOPSIS"
-.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|lC|D} [\-n]
+.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n] [\-S store]
.br
.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
.br
@@ -17,6 +17,8 @@
.br
.B semanage fcontext \-{a|d|m} [\-frst] file_spec
@ -242,7 +185,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
.B semanage translation \-{a|d|m} [\-T] level
.P
@@ -101,10 +103,11 @@
@@ -85,6 +87,9 @@
.I \-s, \-\-seuser
SELinux user name
.TP
+.I \-S, \-\-store
+Select and alternate SELinux store to manage
+.TP
.I \-t, \-\-type
SELinux Type for the object
.TP
@@ -101,10 +106,11 @@
$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
# Allow Apache to listen on port 81
$ semanage port -a -t http_port_t -p tcp 81
@ -256,8 +209,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.50/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/semanage/seobject.py 2008-07-01 09:43:52.000000000 -0400
--- nsapolicycoreutils/semanage/seobject.py 2008-05-16 10:55:38.000000000 -0400
+++ policycoreutils-2.0.50/semanage/seobject.py 2008-07-01 20:30:55.000000000 -0400
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007 Red Hat
@ -275,7 +228,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
@@ -246,7 +248,98 @@
@@ -246,7 +248,103 @@
os.close(fd)
os.rename(newfilename, self.filename)
os.system("/sbin/service mcstrans reload > /dev/null")
@ -308,11 +261,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
+ raise ValueError(_("Could not establish semanage connection"))
+
+ def get_all(self):
+ rc, out = commands.getstatusoutput("semodule -l | grep ^permissive");
+ l = []
+ for i in out.split():
+ if i.startswith("permissive_"):
+ l.append(i.split("permissive_")[1])
+ (rc, mlist, number) = semanage_module_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list SELinux modules"))
+
+ for i in range(number):
+ mod = semanage_module_list_nth(mlist, i)
+ name = semanage_module_get_name(mod)
+ if name and name.startswith("permissive_"):
+ l.append(name.split("permissive_")[1])
+ return l
+
+ def list(self,heading = 1, locallist = 0):
@ -360,8 +318,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
+
+
+ def delete(self, name):
+ for i in name.split
+ rc = semanage_module_remove(self.sh, "permissive_%s" % name)
+ for n in name.split():
+ rc = semanage_module_remove(self.sh, "permissive_%s" % n)
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not remove permissive domain %s") % name)
@ -369,13 +327,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
+ def deleteall(self):
+ l = self.get_all()
+ if len(l) > 0:
+ all = " permissive_".join(l)
+ all = " ".join(l)
+ self.delete(all)
+
class semanageRecords:
def __init__(self, store):
self.sh = semanage_handle_create()
@@ -464,7 +557,7 @@
@@ -464,7 +562,7 @@
def __init__(self, store = ""):
semanageRecords.__init__(self, store)

View File

@ -5,7 +5,7 @@
%define sepolgenver 1.0.12
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.50
Version: 2.0.51
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Tue Jul 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-2
- Remove semodule use within semanage
* Mon Jun 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-1
- Update to upstream
* Fix audit2allow generation of role-type rules from Karl MacMillan.

View File

@ -1,2 +1,2 @@
bf55b96652d47bb2838141130f851477 policycoreutils-2.0.50.tgz
4813a1ed80f19068ed9897165f073e8b sepolgen-1.0.12.tgz
9189683c9449c459ad5d7870d9e22085 policycoreutils-2.0.51.tgz