* Tue Jul 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-2
- Remove semodule use within semanage
This commit is contained in:
parent
ad9ae902cf
commit
8ac1404c6b
@ -181,3 +181,4 @@ policycoreutils-2.0.47.tgz
|
||||
policycoreutils-2.0.49.tgz
|
||||
policycoreutils-2.0.50.tgz
|
||||
sepolgen-1.0.12.tgz
|
||||
policycoreutils-2.0.51.tgz
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.50/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/Makefile 2008-07-01 09:43:28.000000000 -0400
|
||||
--- nsapolicycoreutils/Makefile 2007-12-19 06:02:52.000000000 -0500
|
||||
+++ policycoreutils-2.0.50/Makefile 2008-07-01 14:59:58.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||
@ -8,8 +8,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
|
||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.50/restorecond/restorecond.c
|
||||
--- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/restorecond/restorecond.c 2008-07-01 09:43:28.000000000 -0400
|
||||
--- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/restorecond/restorecond.c 2008-07-01 14:59:58.000000000 -0400
|
||||
@@ -210,9 +210,10 @@
|
||||
}
|
||||
|
||||
@ -36,75 +36,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
|
||||
}
|
||||
free(scontext);
|
||||
close(fd);
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.50/restorecond/restorecond.init
|
||||
--- nsapolicycoreutils/restorecond/restorecond.init 2008-06-12 23:25:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/restorecond/restorecond.init 2008-07-01 09:43:28.000000000 -0400
|
||||
@@ -2,7 +2,7 @@
|
||||
#
|
||||
# restorecond: Daemon used to maintain path file context
|
||||
#
|
||||
-# chkconfig: 2345 12 87
|
||||
+# chkconfig: - 12 87
|
||||
# description: restorecond uses inotify to look for creation of new files \
|
||||
# listed in the /etc/selinux/restorecond.conf file, and restores the \
|
||||
# correct security context.
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.50/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2008-06-12 23:25:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/scripts/fixfiles 2008-07-01 09:43:28.000000000 -0400
|
||||
@@ -138,6 +138,9 @@
|
||||
fi
|
||||
LogReadOnly
|
||||
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
|
||||
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
|
||||
+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
|
||||
+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
|
||||
exit $?
|
||||
}
|
||||
|
||||
@@ -180,6 +183,10 @@
|
||||
check) restore -n -v;;
|
||||
verify) restore -n -o -;;
|
||||
relabel) relabel;;
|
||||
+ onboot)
|
||||
+ touch /.autorelabel
|
||||
+ echo "System will relabel on next boot"
|
||||
+ ;;
|
||||
*)
|
||||
usage
|
||||
exit 1
|
||||
@@ -189,6 +196,7 @@
|
||||
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
|
||||
echo or
|
||||
echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
|
||||
+ echo $"Usage: $0 onboot"
|
||||
}
|
||||
|
||||
if [ $# = 0 ]; then
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.50/scripts/fixfiles.8
|
||||
--- nsapolicycoreutils/scripts/fixfiles.8 2008-06-12 23:25:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/scripts/fixfiles.8 2008-07-01 09:43:28.000000000 -0400
|
||||
@@ -7,6 +7,8 @@
|
||||
|
||||
.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
|
||||
|
||||
+.B fixfiles onboot
|
||||
+
|
||||
.SH "DESCRIPTION"
|
||||
This manual page describes the
|
||||
.BR fixfiles
|
||||
@@ -20,6 +22,9 @@
|
||||
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
|
||||
jfs file systems as long as they do not have a security context mount
|
||||
option. You can use the -R flag to use rpmpackages as an alternative.
|
||||
+.P
|
||||
+.B fixfiles onboot
|
||||
+will setup the machine to relabel on the next reboot.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.50/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2008-06-12 23:25:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/semanage/semanage 2008-07-01 09:43:28.000000000 -0400
|
||||
--- nsapolicycoreutils/semanage/semanage 2008-05-06 14:33:04.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/semanage/semanage 2008-07-01 20:31:40.000000000 -0400
|
||||
@@ -43,49 +43,52 @@
|
||||
if __name__ == '__main__':
|
||||
|
||||
@ -231,8 +165,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
|
||||
|
||||
if modify:
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.50/semanage/semanage.8
|
||||
--- nsapolicycoreutils/semanage/semanage.8 2008-06-12 23:25:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/semanage/semanage.8 2008-07-01 09:43:28.000000000 -0400
|
||||
--- nsapolicycoreutils/semanage/semanage.8 2008-05-06 14:33:04.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/semanage/semanage.8 2008-07-01 20:33:48.000000000 -0400
|
||||
@@ -3,7 +3,7 @@
|
||||
semanage \- SELinux Policy Management tool
|
||||
|
||||
.SH "SYNOPSIS"
|
||||
-.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|lC|D} [\-n]
|
||||
+.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n] [\-S store]
|
||||
.br
|
||||
.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
|
||||
.br
|
||||
@@ -17,6 +17,8 @@
|
||||
.br
|
||||
.B semanage fcontext \-{a|d|m} [\-frst] file_spec
|
||||
@ -242,7 +185,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
|
||||
.B semanage translation \-{a|d|m} [\-T] level
|
||||
.P
|
||||
|
||||
@@ -101,10 +103,11 @@
|
||||
@@ -85,6 +87,9 @@
|
||||
.I \-s, \-\-seuser
|
||||
SELinux user name
|
||||
.TP
|
||||
+.I \-S, \-\-store
|
||||
+Select and alternate SELinux store to manage
|
||||
+.TP
|
||||
.I \-t, \-\-type
|
||||
SELinux Type for the object
|
||||
.TP
|
||||
@@ -101,10 +106,11 @@
|
||||
$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
|
||||
# Allow Apache to listen on port 81
|
||||
$ semanage port -a -t http_port_t -p tcp 81
|
||||
@ -256,8 +209,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
|
||||
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
|
||||
-
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.50/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-06-12 23:25:21.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/semanage/seobject.py 2008-07-01 09:43:52.000000000 -0400
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-05-16 10:55:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.50/semanage/seobject.py 2008-07-01 20:30:55.000000000 -0400
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/python -E
|
||||
-# Copyright (C) 2005, 2006, 2007 Red Hat
|
||||
@ -275,7 +228,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
|
||||
import gettext
|
||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
gettext.textdomain(PROGNAME)
|
||||
@@ -246,7 +248,98 @@
|
||||
@@ -246,7 +248,103 @@
|
||||
os.close(fd)
|
||||
os.rename(newfilename, self.filename)
|
||||
os.system("/sbin/service mcstrans reload > /dev/null")
|
||||
@ -308,11 +261,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
|
||||
+ raise ValueError(_("Could not establish semanage connection"))
|
||||
+
|
||||
+ def get_all(self):
|
||||
+ rc, out = commands.getstatusoutput("semodule -l | grep ^permissive");
|
||||
+ l = []
|
||||
+ for i in out.split():
|
||||
+ if i.startswith("permissive_"):
|
||||
+ l.append(i.split("permissive_")[1])
|
||||
+ (rc, mlist, number) = semanage_module_list(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not list SELinux modules"))
|
||||
+
|
||||
+ for i in range(number):
|
||||
+ mod = semanage_module_list_nth(mlist, i)
|
||||
+ name = semanage_module_get_name(mod)
|
||||
+ if name and name.startswith("permissive_"):
|
||||
+ l.append(name.split("permissive_")[1])
|
||||
+ return l
|
||||
+
|
||||
+ def list(self,heading = 1, locallist = 0):
|
||||
@ -360,8 +318,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
|
||||
+
|
||||
+
|
||||
+ def delete(self, name):
|
||||
+ for i in name.split
|
||||
+ rc = semanage_module_remove(self.sh, "permissive_%s" % name)
|
||||
+ for n in name.split():
|
||||
+ rc = semanage_module_remove(self.sh, "permissive_%s" % n)
|
||||
+ rc = semanage_commit(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not remove permissive domain %s") % name)
|
||||
@ -369,13 +327,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
|
||||
+ def deleteall(self):
|
||||
+ l = self.get_all()
|
||||
+ if len(l) > 0:
|
||||
+ all = " permissive_".join(l)
|
||||
+ all = " ".join(l)
|
||||
+ self.delete(all)
|
||||
+
|
||||
class semanageRecords:
|
||||
def __init__(self, store):
|
||||
self.sh = semanage_handle_create()
|
||||
@@ -464,7 +557,7 @@
|
||||
@@ -464,7 +562,7 @@
|
||||
def __init__(self, store = ""):
|
||||
semanageRecords.__init__(self, store)
|
||||
|
||||
|
@ -5,7 +5,7 @@
|
||||
%define sepolgenver 1.0.12
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.50
|
||||
Version: 2.0.51
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Tue Jul 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-2
|
||||
- Remove semodule use within semanage
|
||||
|
||||
* Mon Jun 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-1
|
||||
- Update to upstream
|
||||
* Fix audit2allow generation of role-type rules from Karl MacMillan.
|
||||
|
Loading…
Reference in New Issue
Block a user