auto-import changelog data from policycoreutils-1.14.1-1.src.rpm

* Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1
- Update from NSA
- Add cron capability to fixfiles

* Fri Jun 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13.4-1
- Update from NSA
This commit is contained in:
cvsdist 2004-09-09 10:35:33 +00:00
parent 952623e6f2
commit a2b2c59f77
4 changed files with 145 additions and 243 deletions

View File

@ -1 +1 @@
policycoreutils-1.13.3.tgz policycoreutils-1.14.1.tgz

View File

@ -1,254 +1,147 @@
--- policycoreutils-1.13.3/setfiles/setfiles.c.rhat 2004-06-23 09:21:44.000000000 -0400 --- policycoreutils-1.14.1/scripts/Makefile.rhat 2004-06-30 12:03:27.000000000 -0400
+++ policycoreutils-1.13.3/setfiles/setfiles.c 2004-06-23 09:49:12.000000000 -0400 +++ policycoreutils-1.14.1/scripts/Makefile 2004-06-30 13:14:42.776075168 -0400
@@ -12,7 +12,7 @@ @@ -12,6 +12,7 @@
* the user. The program does not cross file system boundaries. -mkdir -p $(BINDIR)
* install -m 755 $(TARGETS) $(BINDIR)
* USAGE: install -m 755 fixfiles $(DESTDIR)/sbin
- * setfiles [-dnpqsvW] spec_file pathname... + install -D -m 755 fixfiles.cron $(DESTDIR)/etc/cron.daily/fixfiles.cron
+ * setfiles [-dnpqsvW] [-o filename ] spec_file pathname... -mkdir -p $(MANDIR)/man8
* install -m 644 fixfiles.8.gz $(MANDIR)/man8/
* -d Show what specification matched each file.
* -n Do not change any file labels.
@@ -21,6 +21,7 @@
* -s Use stdin for a list of files instead of searching a partition.
* -v Show changes in file labels.
* -W Warn about entries that have no matching file.
+ * -o filename write out file names with wrong context.
*
* spec_file The specification file.
* pathname... The file systems to label (omit if using -s).
@@ -68,6 +69,7 @@
#include <selinux/selinux.h>
static int add_assoc = 1; --- policycoreutils-1.14.1/scripts/fixfiles.cron.rhat 2004-06-30 13:12:42.062426432 -0400
+static FILE *outfile=NULL; +++ policycoreutils-1.14.1/scripts/fixfiles.cron 2004-06-30 13:28:28.507544904 -0400
@@ -0,0 +1,15 @@
/* +#!/bin/sh
* Command-line options.
@@ -480,8 +482,8 @@
void usage(const char * const name)
{
fprintf(stderr,
- "usage: %s [-dnqvW] spec_file pathname...\n"
- "usage: %s -s [-dnqvW] spec_file\n", name, name);
+ "usage: %s [-dnqvW] [-o filename] spec_file pathname...\n"
+ "usage: %s -s [-dnqvW] [-o filename ] spec_file\n", name, name);
exit(1);
}
@@ -652,6 +654,9 @@
freecon(context);
+ if (outfile)
+ fprintf(outfile, "%s\n", my_file);
+ +
/* +CRONTYPE="check"
* Do not relabel the file if -n was used. +INVALIDFILE=/var/tmp/badcontext
*/ +CRONMAILTO="root"
@@ -705,7 +710,7 @@
spec_t *spec_copy;
/* Process any options. */
- while ((opt = getopt(argc, argv, "dnqrsvW")) > 0) {
+ while ((opt = getopt(argc, argv, "dnqrsvWo:")) > 0) {
switch (opt) {
case 'd':
debug = 1;
@@ -713,6 +718,15 @@
case 'n':
change = 0;
break;
+ case 'o':
+ outfile = fopen(optarg,"w");
+ if (!outfile) {
+ fprintf(stderr, "Error opening %s: %s\n",
+ optarg, strerror(errno));
+ +
+ usage(argv[0]); +. /etc/selinux/config
+ } +
+ break; +renice +19 -p $$ >/dev/null 2>&1
case 'q': +OUTFILE=`mktemp ${INVALIDFILE}.XXXXXXXXXX` || exit 1
quiet = 1; +/sbin/fixfiles -o $OUTFILE $CRONTYPE
break; +mv -f $OUTFILE $INVALIDFILE
@@ -1039,6 +1053,8 @@ +if [ -s $INVALIDFILE ]; then
} + mail ${MAILTO} -s "Invalid File Contexts" < $INVALIDFILE
} +fi
} --- policycoreutils-1.14.1/scripts/fixfiles.rhat 2004-06-30 13:10:21.630775288 -0400
+ if (outfile) +++ policycoreutils-1.14.1/scripts/fixfiles 2004-06-30 13:11:46.932807408 -0400
+ fclose(outfile); @@ -19,25 +19,37 @@
# You should have received a copy of the GNU General Public License
QPRINTF("%s: Done.\n", argv[0]); # along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
--- policycoreutils-1.13.3/setfiles/setfiles.8.rhat 2004-06-23 09:21:44.000000000 -0400 +#
+++ policycoreutils-1.13.3/setfiles/setfiles.8 2004-06-23 09:46:15.000000000 -0400 +# Set global Variables
@@ -4,8 +4,7 @@ +#
+checkFlag=0
.SH "SYNOPSIS" +restoreFlag=0
.B setfiles +relabelFlag=0
-.I [\-d] [\-n] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname... +fullFlag=0
- +rpmFlag=0
+.I [\-d] [\-n] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname... +rpmFiles=""
.SH "DESCRIPTION" +outfileFlag=0
This manual page describes the +OUTFILES=""
.BR setfiles +LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1
@@ -30,6 +29,9 @@ +SETFILES=/usr/sbin/setfiles
.B \-q +FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`
suppress non-error output. SELINUXTYPE="targeted"
.TP +
+.B \-o filename if [ -e /etc/selinux/config ]; then
+save list of files with incorrect context in filename. . /etc/selinux/config
+.TP FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
.B \-s else
take a list of files from standard input instead of using a pathname on the FC=/etc/security/selinux/file_contexts
command line. fi
--- policycoreutils-1.13.3/scripts/fixfiles.rhat 2004-06-23 09:21:44.000000000 -0400 -LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1
+++ policycoreutils-1.13.3/scripts/fixfiles 2004-06-24 13:11:07.359579384 -0400 -SETFILES=/usr/sbin/setfiles
@@ -32,7 +32,7 @@ -FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`
checkLabels () { checkLabels () {
echo "logging to $LOGFILE" echo "logging to $LOGFILE"
-if [ $1 != "" ]; then if [ ! -z "$1" ]; then
+if [ "x$1" != "x" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do for i in `echo $1 | sed 's/,/ /g'`; do
rpm -q -l $i | restorecon -n -v -f - 2>&1 | tee $LOGFILE - rpm -q -l $i | restorecon -n -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -n -v -f - 2>&1 | tee $LOGFILE
done done
@@ -43,7 +43,7 @@
restoreLabels () {
echo "logging to $LOGFILE"
-if [ $1 != "" ]; then
+if [ "x$1" != "x" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
done
@@ -56,7 +56,7 @@
echo "logging to $LOGFILE"
echo "Cleaning out /tmp"
rm -rf /tmp/.??* /tmp/*
-if [ $1 != "" ]; then
+if [ "x$1" != "x" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
done
@@ -73,9 +73,9 @@
Do you wish to clean out the /tmp directory [N]? "
read answer
if [ "$answer" = y -o "$answer" = Y ]; then
- relabel $1
+ relabel "$1"
else else
- restoreLabels $1 - ${SETFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ restoreLabels "$1" + ${SETFILES} ${OUTFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi fi
}
@@ -45,10 +57,10 @@
echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
- rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
done
else
- ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi
} }
--- policycoreutils-1.13.3/restorecon/restorecon.8.rhat 2004-06-23 09:21:44.000000000 -0400
+++ policycoreutils-1.13.3/restorecon/restorecon.8 2004-06-23 09:46:48.000000000 -0400
@@ -4,7 +4,10 @@
.SH "SYNOPSIS" @@ -58,10 +70,10 @@
.B restorecon rm -rf /tmp/.??* /tmp/*
-.I [\-n] [\-v] pathname... if [ ! -z "$1" ]; then
+.I [\-o outfilename ] [\-n] [\-v] pathname... for i in `echo $1 | sed 's/,/ /g'`; do
+.P - rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
+.B restorecon + rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
+.I \-f infilename [\-o outfilename ] [\-n] [\-v] done
else
- ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi
}
relabelCheck() {
@@ -81,16 +93,9 @@
}
.SH "DESCRIPTION" usage() {
This manual page describes the - echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] |check|restore|[-F] relabel}"
@@ -20,9 +23,15 @@ + echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] |check|restore|[-F] relabel}"
}
.SH "OPTIONS" -checkFlag=0
.TP -restoreFlag=0
+.B \-f infilename -relabelFlag=0
+infilename contains a list of files to be processed by application. Use \- for stdin. -fullFlag=0
+.TP -rpmFlag=0
.B \-n -rpmFiles=""
don't change any file labels. -
.TP # See how we were called.
+.B \-o outfilename for i in $@; do
+save list of files with incorrect context in outfilename. if [ $rpmFlag = 2 ]; then
+.TP @@ -98,6 +103,16 @@
.B \-v rpmFlag=1
show changes in file labels. continue
.TP fi
--- policycoreutils-1.13.3/restorecon/restorecon.c.rhat 2004-06-23 09:21:44.000000000 -0400 +if [ $outfileFlag = 2 ]; then
+++ policycoreutils-1.13.3/restorecon/restorecon.c 2004-06-23 09:48:44.000000000 -0400 + OUTFILES="-o $i"
@@ -12,6 +12,7 @@ + outfileFlag=1
* + continue
* -n Do not change any file labels. +fi
* -v Show changes in file labels. +if [ $logfileFlag = 2 ]; then
+ * -o filename save list of files with incorrect context + LOGFILE="$i"
* + logfileFlag=1
* pathname... The file(s) to label + continue
* +fi
@@ -41,7 +42,7 @@ case "$i" in
"usage: %s [-nv] [-f filename | pathname... ]\n", name); check)
exit(1); checkFlag=1
} @@ -114,6 +129,12 @@
-int restore(char *filename, int change, int verbose) { -R)
+int restore(char *filename, int change, int verbose, FILE *outfile) { rpmFlag=2
int retcontext=0; ;;
int retval=0; + -o)
int errors=0; + outfileFlag=2
@@ -72,6 +73,9 @@ + ;;
+ -l)
if (retcontext >= 0 || errno == ENODATA) { + logfileFlag=2
if (retcontext < 0 || strcmp(prev_context,scontext) != 0) { + ;;
+ if (outfile) { *)
+ fprintf(outfile, "%s\n", filename); usage
+ } exit 1
if (change) {
retval=lsetfilecon(filename,scontext);
}
@@ -106,6 +110,7 @@
int verbose=0;
int file=0;
char opt;
+ FILE *outfile=NULL;
char buf[PATH_MAX];
progname=argv[0];
@@ -114,11 +119,19 @@
memset(buf,0, sizeof(buf));
- while ((opt = getopt(argc, argv, "nvf:")) > 0) {
+ while ((opt = getopt(argc, argv, "nvf:o:")) > 0) {
switch (opt) {
case 'n':
change = 0;
break;
+ case 'o':
+ outfile = fopen(optarg,"w");
+ if (!outfile) {
+ fprintf(stderr, "Error opening %s: %s\n",
+ optarg, strerror(errno));
+ usage(argv[0]);
+ }
+ break;
case 'v':
verbose = 1;
break;
@@ -141,15 +154,18 @@
}
while(fgets(buf,PATH_MAX,f)) {
buf[strlen(buf)-1]=0;
- errors=errors+restore(buf,change, verbose);
+ errors=errors+restore(buf, change, verbose, outfile);
}
if (strcmp(file_name,"-")!=0)
fclose(f);
}
else {
for (i=optind; i< argc; i++) {
- errors=errors+restore(argv[i],change, verbose);
+ errors=errors+restore(argv[i], change, verbose, outfile);
}
}
+ if (outfile)
+ fclose(outfile);
+
return errors;
}

View File

@ -1,7 +1,7 @@
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.13.3 Version: 1.14.1
Release: 2 Release: 1
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -66,13 +66,22 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/newrole %{_bindir}/newrole
%{_bindir}/audit2allow %{_bindir}/audit2allow
%{_mandir}/man1/newrole.1.gz %{_mandir}/man1/newrole.1.gz
%{_sysconfdir}/cron.daily/fixfiles.cron
%config %{_sysconfdir}/pam.d/newrole %config %{_sysconfdir}/pam.d/newrole
%{_sbindir}/run_init %{_sbindir}/run_init
%config %{_sysconfdir}/pam.d/run_init %config %{_sysconfdir}/pam.d/run_init
%{_mandir}/man8/run_init.8.gz %{_mandir}/man8/run_init.8.gz
%config(noreplace) %{_sysconfdir}/sestatus.conf %config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog %changelog
* Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1
- Update from NSA
- Add cron capability to fixfiles
* Fri Jun 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13.4-1
- Update from NSA
* Thu Jun 24 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-2 * Thu Jun 24 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-2
- Fix fixfiles to handle no rpm file on relabel - Fix fixfiles to handle no rpm file on relabel

View File

@ -1 +1 @@
1a6794d323aed0b2277e88fdcdd0bd4b policycoreutils-1.13.3.tgz 82646a87e75a879802709d3ea1ffcbff policycoreutils-1.14.1.tgz