rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3

Browse Source 
- Fix fixfiles patch
- Upgrade to latest from NSA
	* Prevent overflow of spec array in setfiles.
- Add diff comparason between file_contexts to fixfiles
- Allow restorecon to give an warning on file not found instead of exiting
This commit is contained in:
Daniel J Walsh 2005-01-28 21:07:49 +00:00
parent aba4d96b05
commit 91c40446f1
2 changed files with 27 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.7/restorecon/restorecon.c diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.7/restorecon/restorecon.c
--- nsapolicycoreutils/restorecon/restorecon.c 2005-01-25 10:32:01.000000000 -0500 --- nsapolicycoreutils/restorecon/restorecon.c 2005-01-25 10:32:01.000000000 -0500
+++ policycoreutils-1.21.7/restorecon/restorecon.c 2005-01-28 11:38:00.000000000 -0500 +++ policycoreutils-1.21.7/restorecon/restorecon.c 2005-01-28 15:37:27.000000000 -0500
@@ -188,7 +188,7 @@ @@ -188,7 +188,7 @@
fprintf(stderr, fprintf(stderr,
"%s: error while labeling files under %s\n", "%s: error while labeling files under %s\n",
@ -12,23 +12,29 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c
else else
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.7/scripts/fixfiles diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.7/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2005-01-26 11:30:57.000000000 -0500 --- nsapolicycoreutils/scripts/fixfiles 2005-01-26 11:30:57.000000000 -0500
+++ policycoreutils-1.21.7/scripts/fixfiles 2005-01-28 15:21:23.000000000 -0500 +++ policycoreutils-1.21.7/scripts/fixfiles 2005-01-28 16:05:01.000000000 -0500
@@ -37,10 +37,12 @@ @@ -37,19 +37,11 @@
SELINUXTYPE="targeted" SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then if [ -e /etc/selinux/config ]; then
. /etc/selinux/config . /etc/selinux/config
+ FILE_CONTEXT=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts - FC=`mktemp /etc/selinux/${SELINUXTYPE}/contexts/files/file_context.XXXXXX`
FC=`mktemp /etc/selinux/${SELINUXTYPE}/contexts/files/file_context.XXXXXX`
- cat /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local > $FC 2> /dev/null - cat /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local > $FC 2> /dev/null
+ cat ${FILE_CONTEXT} ${FILE_CONTEXT}.local > $FC 2> /dev/null + FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
else else
- FC=/etc/security/selinux/file_contexts FC=/etc/security/selinux/file_contexts
+ FILE_CONTEXT=/etc/security/selinux/file_contexts
+ FC=${FILE_CONTEXT}
fi fi
cleanup() { -cleanup() {
@@ -60,7 +62,23 @@ - if [ -e /etc/selinux/config -a -f "$FC" ]; then
- rm -f $FC
- fi
-}
-trap "cleanup" 0 1 2 3 13 15
-
#
# Log to either syslog or a LOGFILE
#
@@ -60,7 +52,24 @@
echo $1 >> $LOGFILE echo $1 >> $LOGFILE
fi fi
} }
@ -39,21 +45,22 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
+# +#
+diff_filecontext() { +diff_filecontext() {
+if [ -f ${PREFC} -a -x /usr/bin/diff ]; then +if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
+ TEMPFILE=`mktemp ${FILE_CONTEXT}.XXXXXXXXXX` + TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
+ test -z "$TEMPFILE" && exit + test -z "$TEMPFILE" && exit
+ /usr/bin/diff $PREFC $FILE_CONTEXT | egrep '^[<>]'|cut -c3-| grep ^/ | \ + /usr/bin/diff $PREFC $FC | egrep '^[<>]'|cut -c3-| grep ^/ | \
+ grep -v -e ^/root -e ^/home -e ^/tmp -e ^/var/tmp | \
+ sed -e 's,\\.*,*,g' -e 's,(.*,*,g' -e 's,\[.*,*,g' -e 's,\..*,*,g' \ + sed -e 's,\\.*,*,g' -e 's,(.*,*,g' -e 's,\[.*,*,g' -e 's,\..*,*,g' \
+ -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \ + -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \
+ while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done | \ + while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done | \
+ while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \ + while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \
+ ${RESTORECON} $2 -v -f -R - + ${RESTORECON} -R $2 -v -f -
+ rm -f ${TEMPFILE} + rm -f ${TEMPFILE}
+fi +fi
+} +}
# #
# Log all Read Only file systems # Log all Read Only file systems
# #
@@ -80,6 +98,10 @@ @@ -80,6 +89,10 @@
# if called with -n will only check file context # if called with -n will only check file context
# #
restore () { restore () {
@ -64,7 +71,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
if [ ! -z "$RPMFILES" ]; then if [ ! -z "$RPMFILES" ]; then
for i in `echo $RPMFILES | sed 's/,/ /g'`; do for i in `echo $RPMFILES | sed 's/,/ /g'`; do
rpmlist $i | ${RESTORECON} ${OUTFILES} -R $1 -v -f - 2>&1 >> $LOGFILE rpmlist $i | ${RESTORECON} ${OUTFILES} -R $1 -v -f - 2>&1 >> $LOGFILE
@@ -128,7 +150,7 @@ @@ -128,7 +141,7 @@
usage() { usage() {
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] " echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
echo or echo or
@ -73,7 +80,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
} }
if [ $# = 0 ]; then if [ $# = 0 ]; then
@@ -137,7 +159,7 @@ @@ -137,7 +150,7 @@
fi fi
# See how we were called. # See how we were called.
@ -82,7 +89,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
case "$i" in case "$i" in
F) F)
fullFlag=1 fullFlag=1
@@ -151,6 +173,9 @@ @@ -151,6 +164,9 @@
l) l)
LOGFILE=$OPTARG LOGFILE=$OPTARG
;; ;;
@ -92,72 +99,3 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc
*) *)
usage usage
exit 1 exit 1
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-1.21.7/scripts/fixfiles.8
--- nsapolicycoreutils/scripts/fixfiles.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.21.7/scripts/fixfiles.8 2005-01-28 11:47:18.000000000 -0500
@@ -0,0 +1,64 @@
+.TH "fixfiles" "8" "2002031409" "" ""
+.SH "NAME"
+fixfiles \- fix file security contexts.
+
+.SH "SYNOPSIS"
+.B fixfiles [ -R rpmpackagename[,rpmpackagename...] ] [ -C PREVIOUS_FILECONTEXT ] [-l logfile ] [-o outputfile ] { check | restore | [-F] relabel }"
+
+.B fixfiles [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir/file] ... ]
+
+.SH "DESCRIPTION"
+This manual page describes the
+.BR fixfiles
+script.
+.P
+This script is primarily used to correct the security context
+database (extended attributes) on filesystems.
+.P
+It can also be run at any time to relabel when adding support for
+new policy, or just check whether the file contexts are all
+as you expect. By default it will relabel all mounted ext2, ext3, xfs and
+reiser file systems as long as they do not have a security context mount
+option. You can use the -R flag to use rpmpackages as an alternative.
+
+.SH "OPTIONS"
+.TP
+.B -l logfile
+Save the output to the specified logfile
+.TP
+.B -o outputfile
+Save all files that have file_context that differs from the default, in outputfile.
+
+.TP
+.B -F
+Don't prompt for removal of /tmp directory.
+
+.TP
+.B -R rpmpackagename[,rpmpackagename...]
+Use the rpm database to discover all files within the specified packages and restore the file contexts. (-a will get all files in the RPM database).
+.TP
+.B -C PREVIOUS_FILECONTEXT
+Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and restore the context of all affected files.
+
+.SH "ARGUMENTS"
+One of:
+.TP
+.B check
+show any incorrect file context labels but do not change them.
+.TP
+.B restore
+change any incorrect file context labels.
+.TP
+.B relabel
+Prompt for removal of contents of /tmp directory and then change any inccorect file context labels to match the install file_contexts file.
+.TP
+.B [[dir/file] ... ]
+List of files or directories trees that you wish to check file context on.
+
+.SH "AUTHOR"
+This man page was written by Richard Hally <rhally@mindspring.com>.
+The script was written by Dan Walsh <dwalsh@redhat.com>
+
+.SH "SEE ALSO"
+.BR setfiles (8), restorecon(8)
+
Binary files nsapolicycoreutils/scripts/fixfiles.8.gz and policycoreutils-1.21.7/scripts/fixfiles.8.gz differ

4
policycoreutils.spec
View File

@ -1,7 +1,7 @@
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.21.7 Version: 1.21.7
Release: 2 Release: 3
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -80,7 +80,7 @@ rm -rf ${RPM_BUILD_ROOT}
%config(noreplace) %{_sysconfdir}/sestatus.conf %config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog %changelog
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 * Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3
- Fix fixfiles patch - Fix fixfiles patch
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Prevent overflow of spec array in setfiles. * Prevent overflow of spec array in setfiles.