From 8ac1404c6bf96d7fa8a41fcd1f3981240d82282e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 2 Jul 2008 00:52:32 +0000 Subject: [PATCH] * Tue Jul 1 2008 Dan Walsh 2.0.50-2 - Remove semodule use within semanage --- .cvsignore | 1 + policycoreutils-rhat.patch | 130 +++++++++++++------------------------ policycoreutils.spec | 5 +- sources | 2 +- 4 files changed, 50 insertions(+), 88 deletions(-) diff --git a/.cvsignore b/.cvsignore index 35ad4da..909414f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -181,3 +181,4 @@ policycoreutils-2.0.47.tgz policycoreutils-2.0.49.tgz policycoreutils-2.0.50.tgz sepolgen-1.0.12.tgz +policycoreutils-2.0.51.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 8af5d66..316d266 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.50/Makefile ---- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400 -+++ policycoreutils-2.0.50/Makefile 2008-07-01 09:43:28.000000000 -0400 +--- nsapolicycoreutils/Makefile 2007-12-19 06:02:52.000000000 -0500 ++++ policycoreutils-2.0.50/Makefile 2008-07-01 14:59:58.000000000 -0400 @@ -1,4 +1,4 @@ -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui @@ -8,8 +8,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.50/restorecond/restorecond.c ---- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.50/restorecond/restorecond.c 2008-07-01 09:43:28.000000000 -0400 +--- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400 ++++ policycoreutils-2.0.50/restorecond/restorecond.c 2008-07-01 14:59:58.000000000 -0400 @@ -210,9 +210,10 @@ } @@ -36,75 +36,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po } free(scontext); close(fd); -diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.50/restorecond/restorecond.init ---- nsapolicycoreutils/restorecond/restorecond.init 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.50/restorecond/restorecond.init 2008-07-01 09:43:28.000000000 -0400 -@@ -2,7 +2,7 @@ - # - # restorecond: Daemon used to maintain path file context - # --# chkconfig: 2345 12 87 -+# chkconfig: - 12 87 - # description: restorecond uses inotify to look for creation of new files \ - # listed in the /etc/selinux/restorecond.conf file, and restores the \ - # correct security context. -diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.50/scripts/fixfiles ---- nsapolicycoreutils/scripts/fixfiles 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.50/scripts/fixfiles 2008-07-01 09:43:28.000000000 -0400 -@@ -138,6 +138,9 @@ - fi - LogReadOnly - ${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE -+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* -+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \; -+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \; - exit $? - } - -@@ -180,6 +183,10 @@ - check) restore -n -v;; - verify) restore -n -o -;; - relabel) relabel;; -+ onboot) -+ touch /.autorelabel -+ echo "System will relabel on next boot" -+ ;; - *) - usage - exit 1 -@@ -189,6 +196,7 @@ - echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] " - echo or - echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }" -+ echo $"Usage: $0 onboot" - } - - if [ $# = 0 ]; then -diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.50/scripts/fixfiles.8 ---- nsapolicycoreutils/scripts/fixfiles.8 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.50/scripts/fixfiles.8 2008-07-01 09:43:28.000000000 -0400 -@@ -7,6 +7,8 @@ - - .B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ] - -+.B fixfiles onboot -+ - .SH "DESCRIPTION" - This manual page describes the - .BR fixfiles -@@ -20,6 +22,9 @@ - as you expect. By default it will relabel all mounted ext2, ext3, xfs and - jfs file systems as long as they do not have a security context mount - option. You can use the -R flag to use rpmpackages as an alternative. -+.P -+.B fixfiles onboot -+will setup the machine to relabel on the next reboot. - - .SH "OPTIONS" - .TP diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.50/semanage/semanage ---- nsapolicycoreutils/semanage/semanage 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.50/semanage/semanage 2008-07-01 09:43:28.000000000 -0400 +--- nsapolicycoreutils/semanage/semanage 2008-05-06 14:33:04.000000000 -0400 ++++ policycoreutils-2.0.50/semanage/semanage 2008-07-01 20:31:40.000000000 -0400 @@ -43,49 +43,52 @@ if __name__ == '__main__': @@ -231,8 +165,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po if modify: diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.50/semanage/semanage.8 ---- nsapolicycoreutils/semanage/semanage.8 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.50/semanage/semanage.8 2008-07-01 09:43:28.000000000 -0400 +--- nsapolicycoreutils/semanage/semanage.8 2008-05-06 14:33:04.000000000 -0400 ++++ policycoreutils-2.0.50/semanage/semanage.8 2008-07-01 20:33:48.000000000 -0400 +@@ -3,7 +3,7 @@ + semanage \- SELinux Policy Management tool + + .SH "SYNOPSIS" +-.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|lC|D} [\-n] ++.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n] [\-S store] + .br + .B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean + .br @@ -17,6 +17,8 @@ .br .B semanage fcontext \-{a|d|m} [\-frst] file_spec @@ -242,7 +185,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po .B semanage translation \-{a|d|m} [\-T] level .P -@@ -101,10 +103,11 @@ +@@ -85,6 +87,9 @@ + .I \-s, \-\-seuser + SELinux user name + .TP ++.I \-S, \-\-store ++Select and alternate SELinux store to manage ++.TP + .I \-t, \-\-type + SELinux Type for the object + .TP +@@ -101,10 +106,11 @@ $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" # Allow Apache to listen on port 81 $ semanage port -a -t http_port_t -p tcp 81 @@ -256,8 +209,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po Examples by Thomas Bleher . - diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.50/semanage/seobject.py ---- nsapolicycoreutils/semanage/seobject.py 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.50/semanage/seobject.py 2008-07-01 09:43:52.000000000 -0400 +--- nsapolicycoreutils/semanage/seobject.py 2008-05-16 10:55:38.000000000 -0400 ++++ policycoreutils-2.0.50/semanage/seobject.py 2008-07-01 20:30:55.000000000 -0400 @@ -1,5 +1,5 @@ #! /usr/bin/python -E -# Copyright (C) 2005, 2006, 2007 Red Hat @@ -275,7 +228,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po import gettext gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.textdomain(PROGNAME) -@@ -246,7 +248,98 @@ +@@ -246,7 +248,103 @@ os.close(fd) os.rename(newfilename, self.filename) os.system("/sbin/service mcstrans reload > /dev/null") @@ -308,11 +261,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po + raise ValueError(_("Could not establish semanage connection")) + + def get_all(self): -+ rc, out = commands.getstatusoutput("semodule -l | grep ^permissive"); + l = [] -+ for i in out.split(): -+ if i.startswith("permissive_"): -+ l.append(i.split("permissive_")[1]) ++ (rc, mlist, number) = semanage_module_list(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not list SELinux modules")) ++ ++ for i in range(number): ++ mod = semanage_module_list_nth(mlist, i) ++ name = semanage_module_get_name(mod) ++ if name and name.startswith("permissive_"): ++ l.append(name.split("permissive_")[1]) + return l + + def list(self,heading = 1, locallist = 0): @@ -360,8 +318,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po + + + def delete(self, name): -+ for i in name.split -+ rc = semanage_module_remove(self.sh, "permissive_%s" % name) ++ for n in name.split(): ++ rc = semanage_module_remove(self.sh, "permissive_%s" % n) + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError(_("Could not remove permissive domain %s") % name) @@ -369,13 +327,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po + def deleteall(self): + l = self.get_all() + if len(l) > 0: -+ all = " permissive_".join(l) ++ all = " ".join(l) + self.delete(all) + class semanageRecords: def __init__(self, store): self.sh = semanage_handle_create() -@@ -464,7 +557,7 @@ +@@ -464,7 +562,7 @@ def __init__(self, store = ""): semanageRecords.__init__(self, store) diff --git a/policycoreutils.spec b/policycoreutils.spec index 458ce6c..861c70d 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -5,7 +5,7 @@ %define sepolgenver 1.0.12 Summary: SELinux policy core utilities Name: policycoreutils -Version: 2.0.50 +Version: 2.0.51 Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base @@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Tue Jul 1 2008 Dan Walsh 2.0.50-2 +- Remove semodule use within semanage + * Mon Jun 30 2008 Dan Walsh 2.0.50-1 - Update to upstream * Fix audit2allow generation of role-type rules from Karl MacMillan. diff --git a/sources b/sources index b745b28..48593b7 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -bf55b96652d47bb2838141130f851477 policycoreutils-2.0.50.tgz 4813a1ed80f19068ed9897165f073e8b sepolgen-1.0.12.tgz +9189683c9449c459ad5d7870d9e22085 policycoreutils-2.0.51.tgz