Update to upstream

* Use correct color range in mcstrand by Richard Haines.
2011-04-13 16:52:53 -04:00 · 2011-04-13 16:52:53 -04:00 · 9f65a26864
commit 9f65a26864
parent 5898ea81d9
4 changed files with 75 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -223,3 +223,4 @@ sepolgen-1.0.23.tgz
 policycoreutils-2.0.83.tgz
 /policycoreutils-2.0.84.tgz
 /policycoreutils-2.0.85.tgz
+/policycoreutils-2.0.86.tgz
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -3194,10 +3194,10 @@ index 3f9efba..7c6d75a 100644
 +/etc/selinux/{SELINUXTYPE}/seusers
 
 diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
-index ae519fc..0890811 100755
+index ae519fc..7d21ea3 100755
 --- a/policycoreutils/scripts/fixfiles
 +++ b/policycoreutils/scripts/fixfiles
-@@ -21,6 +21,25 @@
+@@ -21,6 +21,44 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
 #
@ -3210,12 +3210,31 @@ index ae519fc..0890811 100755
 +    grep --silent "$i ".*seclabel /proc/self/mounts && echo $i
 +done
 +}
-+
+exclude_dirs_from_relabelling() {
+    exclude_from_relabelling= 
+    if [ -e /etc/selinux/fixfiles_exclude_dirs ]
+    then
+        while read i
+        do
+          # skip blank line and comment
+          # skip not absolute path
+          # skip not directory
+          [ -z "${i}" ] && continue
+          [[ "${i}" =~ "^[[:blank:]]*#" ]] && continue
+          [[ ! "${i}" =~ ^/.* ]] && continue
+          [[ ! -d "${i}" ]] && continue
+          exclude_from_relabelling="$exclude_from_relabelling -e $i"
+          logit "skipping the directory $i from relabelling"
+        done < /etc/selinux/fixfiles_exclude_dirs
+    fi
+    echo "$exclude_from_relabelling"
+}
 +exclude_dirs() {
 +    exclude= 
 +    for i in /var/lib/BackupPC /home /tmp /dev; do 
 +        [ -e $i ]  && exclude="$exclude -e $i"; 
 +    done 
+    exclude="$exclude `exclude_dirs_from_relabelling`"
 +    echo "$exclude"
 +}
 +
@ -3223,7 +3242,7 @@ index ae519fc..0890811 100755
 # Set global Variables
 #
 fullFlag=0
-@@ -35,9 +54,7 @@ SYSLOGFLAG="-l"
+@@ -35,9 +73,7 @@ SYSLOGFLAG="-l"
 LOGGER=/usr/sbin/logger
 SETFILES=/sbin/setfiles
 RESTORECON=/sbin/restorecon
@ -3234,7 +3253,7 @@ index ae519fc..0890811 100755
 SELINUXTYPE="targeted"
 if [ -e /etc/selinux/config ]; then
     . /etc/selinux/config
-@@ -87,23 +104,10 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
+@@ -87,23 +123,10 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
                   esac; \
                fi; \
             done | \
@ -3259,7 +3278,7 @@ index ae519fc..0890811 100755
 
 rpmlist() {
 rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
-@@ -121,23 +125,16 @@ if [ ! -z "$PREFC" ]; then
+@@ -121,24 +144,34 @@ if [ ! -z "$PREFC" ]; then
 fi
 if [ ! -z "$RPMFILES" ]; then
     for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
@ -3282,11 +3301,30 @@ index ae519fc..0890811 100755
 [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
 -LogReadOnly
 -${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+-rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+#
+exclude_dirs="`exclude_dirs_from_relabelling`"
+if [ -n "${exclude_dirs}" ] 
+then 
+	TEMPFCFILE=`mktemp ${FC}.XXXXXXXXXX`
+	test -z "$TEMPFCFILE" && exit
+	/bin/cp -p ${FC} ${TEMPFCFILE} &>/dev/null || exit 
+	exclude_dirs=${exclude_dirs//-e/}
+	for p in ${exclude_dirs}
+	do
+       	 p="${p%/}"
+       	 p1="${p}(/.*)? -- <<none>>"
+       	 echo "${p1}" >> $TEMPFCFILE
+       	 logit "skipping the directory ${p} from relabelling"
+	done
+FC=$TEMPFCFILE
+fi
 +${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMS} 2>&1 | cat >> $LOGFILE
- rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE
 find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
 find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
-@@ -146,8 +143,7 @@ exit $?
+ exit $?
+@@ -146,8 +179,7 @@ exit $?
 
 fullrelabel() {
     logit "Cleaning out /tmp"
@ -3296,6 +3334,19 @@ index ae519fc..0890811 100755
     restore
 }
 
+diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
+index dfe8aa9..0b4cbaa 100644
+--- a/policycoreutils/scripts/fixfiles.8
+++ b/policycoreutils/scripts/fixfiles.8
+@@ -29,6 +29,8 @@ new policy, or  just check whether the file contexts are all
+ as you expect.  By default it will relabel all mounted ext2, ext3, xfs and 
+ jfs file systems as long as they do not have a security context mount 
+ option.  You can use the -R flag to use rpmpackages as an alternative.
+The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
+excluded from relabelling.
+ .P
+ .B fixfiles onboot 
+ will setup the machine to relabel on the next reboot.
 diff --git a/policycoreutils/scripts/genhomedircon.8 b/policycoreutils/scripts/genhomedircon.8
 new file mode 100644
 index 0000000..6331660
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -1,13 +1,13 @@
 %define	libauditver	1.4.2-1
-%define libsepolver 	2.0.42-3
+%define libsepolver 	2.0.43-2
 %define	libsemanagever	2.0.43-4
 %define	libselinuxver	2.0.90-3
 %define	sepolgenver	1.0.23

 Summary: SELinux policy core utilities
 Name:	 policycoreutils
-Version: 2.0.85
-Release: 28%{?dist}
+Version: 2.0.86
+Release: 1%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -163,7 +163,7 @@ Requires(post): /sbin/chkconfig
 BuildRequires: libcap-ng-devel

 %description sandbox
-The policycoreutils-python package contains the scripts to create graphical sandboxes
+The policycoreutils-sandbox package contains the scripts to create graphical sandboxes

 %files sandbox
 %defattr(-,root,root,-)
@ -331,6 +331,16 @@ fi
 exit 0

 %changelog
+* Tue Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-1
+- Update to upstream 
+	* Use correct color range in mcstrand by Richard Haines.
+
+* Mon Apr 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-30
+- Add Elia Pinto patches to allow user to specify directories to ignore
+
+* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-29
+- Fix policycoreutils-sandbox description
+
 * Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-28
 - rsynccmd should run outside of execcon

--- a/2
+++ b/2
@ -1,3 +1,3 @@
 49faa2e5f343317bcfcf34d7286f6037  sepolgen-1.0.23.tgz
 59d33101d57378ce69889cc078addf90  policycoreutils_man_ru2.tar.bz2
-92fa615448d443b22c4ad6ecf89fc974  policycoreutils-2.0.85.tgz
+13d864a8a6f8a933ef7aee7baf4a9662  policycoreutils-2.0.86.tgz