auto-import changelog data from policycoreutils-1.14.1-1.src.rpm
* Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1 - Update from NSA - Add cron capability to fixfiles * Fri Jun 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13.4-1 - Update from NSA
This commit is contained in:
parent
952623e6f2
commit
a2b2c59f77
@ -1 +1 @@
|
|||||||
policycoreutils-1.13.3.tgz
|
policycoreutils-1.14.1.tgz
|
||||||
|
@ -1,254 +1,147 @@
|
|||||||
--- policycoreutils-1.13.3/setfiles/setfiles.c.rhat 2004-06-23 09:21:44.000000000 -0400
|
--- policycoreutils-1.14.1/scripts/Makefile.rhat 2004-06-30 12:03:27.000000000 -0400
|
||||||
+++ policycoreutils-1.13.3/setfiles/setfiles.c 2004-06-23 09:49:12.000000000 -0400
|
+++ policycoreutils-1.14.1/scripts/Makefile 2004-06-30 13:14:42.776075168 -0400
|
||||||
@@ -12,7 +12,7 @@
|
@@ -12,6 +12,7 @@
|
||||||
* the user. The program does not cross file system boundaries.
|
-mkdir -p $(BINDIR)
|
||||||
*
|
install -m 755 $(TARGETS) $(BINDIR)
|
||||||
* USAGE:
|
install -m 755 fixfiles $(DESTDIR)/sbin
|
||||||
- * setfiles [-dnpqsvW] spec_file pathname...
|
+ install -D -m 755 fixfiles.cron $(DESTDIR)/etc/cron.daily/fixfiles.cron
|
||||||
+ * setfiles [-dnpqsvW] [-o filename ] spec_file pathname...
|
-mkdir -p $(MANDIR)/man8
|
||||||
*
|
install -m 644 fixfiles.8.gz $(MANDIR)/man8/
|
||||||
* -d Show what specification matched each file.
|
|
||||||
* -n Do not change any file labels.
|
|
||||||
@@ -21,6 +21,7 @@
|
|
||||||
* -s Use stdin for a list of files instead of searching a partition.
|
|
||||||
* -v Show changes in file labels.
|
|
||||||
* -W Warn about entries that have no matching file.
|
|
||||||
+ * -o filename write out file names with wrong context.
|
|
||||||
*
|
|
||||||
* spec_file The specification file.
|
|
||||||
* pathname... The file systems to label (omit if using -s).
|
|
||||||
@@ -68,6 +69,7 @@
|
|
||||||
#include <selinux/selinux.h>
|
|
||||||
|
|
||||||
static int add_assoc = 1;
|
--- policycoreutils-1.14.1/scripts/fixfiles.cron.rhat 2004-06-30 13:12:42.062426432 -0400
|
||||||
+static FILE *outfile=NULL;
|
+++ policycoreutils-1.14.1/scripts/fixfiles.cron 2004-06-30 13:28:28.507544904 -0400
|
||||||
|
@@ -0,0 +1,15 @@
|
||||||
/*
|
+#!/bin/sh
|
||||||
* Command-line options.
|
|
||||||
@@ -480,8 +482,8 @@
|
|
||||||
void usage(const char * const name)
|
|
||||||
{
|
|
||||||
fprintf(stderr,
|
|
||||||
- "usage: %s [-dnqvW] spec_file pathname...\n"
|
|
||||||
- "usage: %s -s [-dnqvW] spec_file\n", name, name);
|
|
||||||
+ "usage: %s [-dnqvW] [-o filename] spec_file pathname...\n"
|
|
||||||
+ "usage: %s -s [-dnqvW] [-o filename ] spec_file\n", name, name);
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -652,6 +654,9 @@
|
|
||||||
|
|
||||||
freecon(context);
|
|
||||||
|
|
||||||
+ if (outfile)
|
|
||||||
+ fprintf(outfile, "%s\n", my_file);
|
|
||||||
+
|
+
|
||||||
/*
|
+CRONTYPE="check"
|
||||||
* Do not relabel the file if -n was used.
|
+INVALIDFILE=/var/tmp/badcontext
|
||||||
*/
|
+CRONMAILTO="root"
|
||||||
@@ -705,7 +710,7 @@
|
|
||||||
spec_t *spec_copy;
|
|
||||||
|
|
||||||
/* Process any options. */
|
|
||||||
- while ((opt = getopt(argc, argv, "dnqrsvW")) > 0) {
|
|
||||||
+ while ((opt = getopt(argc, argv, "dnqrsvWo:")) > 0) {
|
|
||||||
switch (opt) {
|
|
||||||
case 'd':
|
|
||||||
debug = 1;
|
|
||||||
@@ -713,6 +718,15 @@
|
|
||||||
case 'n':
|
|
||||||
change = 0;
|
|
||||||
break;
|
|
||||||
+ case 'o':
|
|
||||||
+ outfile = fopen(optarg,"w");
|
|
||||||
+ if (!outfile) {
|
|
||||||
+ fprintf(stderr, "Error opening %s: %s\n",
|
|
||||||
+ optarg, strerror(errno));
|
|
||||||
+
|
+
|
||||||
+ usage(argv[0]);
|
+. /etc/selinux/config
|
||||||
+ }
|
+
|
||||||
+ break;
|
+renice +19 -p $$ >/dev/null 2>&1
|
||||||
case 'q':
|
+OUTFILE=`mktemp ${INVALIDFILE}.XXXXXXXXXX` || exit 1
|
||||||
quiet = 1;
|
+/sbin/fixfiles -o $OUTFILE $CRONTYPE
|
||||||
break;
|
+mv -f $OUTFILE $INVALIDFILE
|
||||||
@@ -1039,6 +1053,8 @@
|
+if [ -s $INVALIDFILE ]; then
|
||||||
}
|
+ mail ${MAILTO} -s "Invalid File Contexts" < $INVALIDFILE
|
||||||
}
|
+fi
|
||||||
}
|
--- policycoreutils-1.14.1/scripts/fixfiles.rhat 2004-06-30 13:10:21.630775288 -0400
|
||||||
+ if (outfile)
|
+++ policycoreutils-1.14.1/scripts/fixfiles 2004-06-30 13:11:46.932807408 -0400
|
||||||
+ fclose(outfile);
|
@@ -19,25 +19,37 @@
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
QPRINTF("%s: Done.\n", argv[0]);
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
--- policycoreutils-1.13.3/setfiles/setfiles.8.rhat 2004-06-23 09:21:44.000000000 -0400
|
+#
|
||||||
+++ policycoreutils-1.13.3/setfiles/setfiles.8 2004-06-23 09:46:15.000000000 -0400
|
+# Set global Variables
|
||||||
@@ -4,8 +4,7 @@
|
+#
|
||||||
|
+checkFlag=0
|
||||||
.SH "SYNOPSIS"
|
+restoreFlag=0
|
||||||
.B setfiles
|
+relabelFlag=0
|
||||||
-.I [\-d] [\-n] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname...
|
+fullFlag=0
|
||||||
-
|
+rpmFlag=0
|
||||||
+.I [\-d] [\-n] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname...
|
+rpmFiles=""
|
||||||
.SH "DESCRIPTION"
|
+outfileFlag=0
|
||||||
This manual page describes the
|
+OUTFILES=""
|
||||||
.BR setfiles
|
+LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1
|
||||||
@@ -30,6 +29,9 @@
|
+SETFILES=/usr/sbin/setfiles
|
||||||
.B \-q
|
+FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`
|
||||||
suppress non-error output.
|
SELINUXTYPE="targeted"
|
||||||
.TP
|
+
|
||||||
+.B \-o filename
|
if [ -e /etc/selinux/config ]; then
|
||||||
+save list of files with incorrect context in filename.
|
. /etc/selinux/config
|
||||||
+.TP
|
FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
|
||||||
.B \-s
|
else
|
||||||
take a list of files from standard input instead of using a pathname on the
|
FC=/etc/security/selinux/file_contexts
|
||||||
command line.
|
fi
|
||||||
--- policycoreutils-1.13.3/scripts/fixfiles.rhat 2004-06-23 09:21:44.000000000 -0400
|
-LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1
|
||||||
+++ policycoreutils-1.13.3/scripts/fixfiles 2004-06-24 13:11:07.359579384 -0400
|
-SETFILES=/usr/sbin/setfiles
|
||||||
@@ -32,7 +32,7 @@
|
-FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`
|
||||||
|
|
||||||
checkLabels () {
|
checkLabels () {
|
||||||
echo "logging to $LOGFILE"
|
echo "logging to $LOGFILE"
|
||||||
-if [ $1 != "" ]; then
|
if [ ! -z "$1" ]; then
|
||||||
+if [ "x$1" != "x" ]; then
|
|
||||||
for i in `echo $1 | sed 's/,/ /g'`; do
|
for i in `echo $1 | sed 's/,/ /g'`; do
|
||||||
rpm -q -l $i | restorecon -n -v -f - 2>&1 | tee $LOGFILE
|
- rpm -q -l $i | restorecon -n -v -f - 2>&1 | tee $LOGFILE
|
||||||
|
+ rpm -q -l $i | restorecon ${OUTFILES} -n -v -f - 2>&1 | tee $LOGFILE
|
||||||
done
|
done
|
||||||
@@ -43,7 +43,7 @@
|
|
||||||
|
|
||||||
restoreLabels () {
|
|
||||||
echo "logging to $LOGFILE"
|
|
||||||
-if [ $1 != "" ]; then
|
|
||||||
+if [ "x$1" != "x" ]; then
|
|
||||||
for i in `echo $1 | sed 's/,/ /g'`; do
|
|
||||||
rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
|
|
||||||
done
|
|
||||||
@@ -56,7 +56,7 @@
|
|
||||||
echo "logging to $LOGFILE"
|
|
||||||
echo "Cleaning out /tmp"
|
|
||||||
rm -rf /tmp/.??* /tmp/*
|
|
||||||
-if [ $1 != "" ]; then
|
|
||||||
+if [ "x$1" != "x" ]; then
|
|
||||||
for i in `echo $1 | sed 's/,/ /g'`; do
|
|
||||||
rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
|
|
||||||
done
|
|
||||||
@@ -73,9 +73,9 @@
|
|
||||||
Do you wish to clean out the /tmp directory [N]? "
|
|
||||||
read answer
|
|
||||||
if [ "$answer" = y -o "$answer" = Y ]; then
|
|
||||||
- relabel $1
|
|
||||||
+ relabel "$1"
|
|
||||||
else
|
else
|
||||||
- restoreLabels $1
|
- ${SETFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
|
||||||
+ restoreLabels "$1"
|
+ ${SETFILES} ${OUTFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
--- policycoreutils-1.13.3/restorecon/restorecon.8.rhat 2004-06-23 09:21:44.000000000 -0400
|
|
||||||
+++ policycoreutils-1.13.3/restorecon/restorecon.8 2004-06-23 09:46:48.000000000 -0400
|
|
||||||
@@ -4,7 +4,10 @@
|
|
||||||
|
|
||||||
.SH "SYNOPSIS"
|
@@ -45,10 +57,10 @@
|
||||||
.B restorecon
|
echo "logging to $LOGFILE"
|
||||||
-.I [\-n] [\-v] pathname...
|
if [ ! -z "$1" ]; then
|
||||||
+.I [\-o outfilename ] [\-n] [\-v] pathname...
|
for i in `echo $1 | sed 's/,/ /g'`; do
|
||||||
+.P
|
- rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
|
||||||
+.B restorecon
|
+ rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
|
||||||
+.I \-f infilename [\-o outfilename ] [\-n] [\-v]
|
done
|
||||||
|
else
|
||||||
.SH "DESCRIPTION"
|
- ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
|
||||||
This manual page describes the
|
+ ${SETFILES} ${OUTFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
|
||||||
@@ -20,9 +23,15 @@
|
fi
|
||||||
|
|
||||||
.SH "OPTIONS"
|
|
||||||
.TP
|
|
||||||
+.B \-f infilename
|
|
||||||
+infilename contains a list of files to be processed by application. Use \- for stdin.
|
|
||||||
+.TP
|
|
||||||
.B \-n
|
|
||||||
don't change any file labels.
|
|
||||||
.TP
|
|
||||||
+.B \-o outfilename
|
|
||||||
+save list of files with incorrect context in outfilename.
|
|
||||||
+.TP
|
|
||||||
.B \-v
|
|
||||||
show changes in file labels.
|
|
||||||
.TP
|
|
||||||
--- policycoreutils-1.13.3/restorecon/restorecon.c.rhat 2004-06-23 09:21:44.000000000 -0400
|
|
||||||
+++ policycoreutils-1.13.3/restorecon/restorecon.c 2004-06-23 09:48:44.000000000 -0400
|
|
||||||
@@ -12,6 +12,7 @@
|
|
||||||
*
|
|
||||||
* -n Do not change any file labels.
|
|
||||||
* -v Show changes in file labels.
|
|
||||||
+ * -o filename save list of files with incorrect context
|
|
||||||
*
|
|
||||||
* pathname... The file(s) to label
|
|
||||||
*
|
|
||||||
@@ -41,7 +42,7 @@
|
|
||||||
"usage: %s [-nv] [-f filename | pathname... ]\n", name);
|
|
||||||
exit(1);
|
|
||||||
}
|
}
|
||||||
-int restore(char *filename, int change, int verbose) {
|
|
||||||
+int restore(char *filename, int change, int verbose, FILE *outfile) {
|
|
||||||
int retcontext=0;
|
|
||||||
int retval=0;
|
|
||||||
int errors=0;
|
|
||||||
@@ -72,6 +73,9 @@
|
|
||||||
|
|
||||||
if (retcontext >= 0 || errno == ENODATA) {
|
@@ -58,10 +70,10 @@
|
||||||
if (retcontext < 0 || strcmp(prev_context,scontext) != 0) {
|
rm -rf /tmp/.??* /tmp/*
|
||||||
+ if (outfile) {
|
if [ ! -z "$1" ]; then
|
||||||
+ fprintf(outfile, "%s\n", filename);
|
for i in `echo $1 | sed 's/,/ /g'`; do
|
||||||
+ }
|
- rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
|
||||||
if (change) {
|
+ rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
|
||||||
retval=lsetfilecon(filename,scontext);
|
done
|
||||||
}
|
else
|
||||||
@@ -106,6 +110,7 @@
|
- ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
|
||||||
int verbose=0;
|
+ ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
|
||||||
int file=0;
|
fi
|
||||||
char opt;
|
|
||||||
+ FILE *outfile=NULL;
|
|
||||||
char buf[PATH_MAX];
|
|
||||||
|
|
||||||
progname=argv[0];
|
|
||||||
@@ -114,11 +119,19 @@
|
|
||||||
|
|
||||||
memset(buf,0, sizeof(buf));
|
|
||||||
|
|
||||||
- while ((opt = getopt(argc, argv, "nvf:")) > 0) {
|
|
||||||
+ while ((opt = getopt(argc, argv, "nvf:o:")) > 0) {
|
|
||||||
switch (opt) {
|
|
||||||
case 'n':
|
|
||||||
change = 0;
|
|
||||||
break;
|
|
||||||
+ case 'o':
|
|
||||||
+ outfile = fopen(optarg,"w");
|
|
||||||
+ if (!outfile) {
|
|
||||||
+ fprintf(stderr, "Error opening %s: %s\n",
|
|
||||||
+ optarg, strerror(errno));
|
|
||||||
+ usage(argv[0]);
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
case 'v':
|
|
||||||
verbose = 1;
|
|
||||||
break;
|
|
||||||
@@ -141,15 +154,18 @@
|
|
||||||
}
|
|
||||||
while(fgets(buf,PATH_MAX,f)) {
|
|
||||||
buf[strlen(buf)-1]=0;
|
|
||||||
- errors=errors+restore(buf,change, verbose);
|
|
||||||
+ errors=errors+restore(buf, change, verbose, outfile);
|
|
||||||
}
|
|
||||||
if (strcmp(file_name,"-")!=0)
|
|
||||||
fclose(f);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
for (i=optind; i< argc; i++) {
|
|
||||||
- errors=errors+restore(argv[i],change, verbose);
|
|
||||||
+ errors=errors+restore(argv[i], change, verbose, outfile);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ if (outfile)
|
|
||||||
+ fclose(outfile);
|
|
||||||
+
|
|
||||||
return errors;
|
|
||||||
}
|
}
|
||||||
|
relabelCheck() {
|
||||||
|
@@ -81,16 +93,9 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
- echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] |check|restore|[-F] relabel}"
|
||||||
|
+ echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] |check|restore|[-F] relabel}"
|
||||||
|
}
|
||||||
|
|
||||||
|
-checkFlag=0
|
||||||
|
-restoreFlag=0
|
||||||
|
-relabelFlag=0
|
||||||
|
-fullFlag=0
|
||||||
|
-rpmFlag=0
|
||||||
|
-rpmFiles=""
|
||||||
|
-
|
||||||
|
# See how we were called.
|
||||||
|
for i in $@; do
|
||||||
|
if [ $rpmFlag = 2 ]; then
|
||||||
|
@@ -98,6 +103,16 @@
|
||||||
|
rpmFlag=1
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
+if [ $outfileFlag = 2 ]; then
|
||||||
|
+ OUTFILES="-o $i"
|
||||||
|
+ outfileFlag=1
|
||||||
|
+ continue
|
||||||
|
+fi
|
||||||
|
+if [ $logfileFlag = 2 ]; then
|
||||||
|
+ LOGFILE="$i"
|
||||||
|
+ logfileFlag=1
|
||||||
|
+ continue
|
||||||
|
+fi
|
||||||
|
case "$i" in
|
||||||
|
check)
|
||||||
|
checkFlag=1
|
||||||
|
@@ -114,6 +129,12 @@
|
||||||
|
-R)
|
||||||
|
rpmFlag=2
|
||||||
|
;;
|
||||||
|
+ -o)
|
||||||
|
+ outfileFlag=2
|
||||||
|
+ ;;
|
||||||
|
+ -l)
|
||||||
|
+ logfileFlag=2
|
||||||
|
+ ;;
|
||||||
|
*)
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Summary: SELinux policy core utilities.
|
Summary: SELinux policy core utilities.
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 1.13.3
|
Version: 1.14.1
|
||||||
Release: 2
|
Release: 1
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -66,13 +66,22 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%{_bindir}/newrole
|
%{_bindir}/newrole
|
||||||
%{_bindir}/audit2allow
|
%{_bindir}/audit2allow
|
||||||
%{_mandir}/man1/newrole.1.gz
|
%{_mandir}/man1/newrole.1.gz
|
||||||
|
%{_sysconfdir}/cron.daily/fixfiles.cron
|
||||||
%config %{_sysconfdir}/pam.d/newrole
|
%config %{_sysconfdir}/pam.d/newrole
|
||||||
%{_sbindir}/run_init
|
%{_sbindir}/run_init
|
||||||
%config %{_sysconfdir}/pam.d/run_init
|
%config %{_sysconfdir}/pam.d/run_init
|
||||||
%{_mandir}/man8/run_init.8.gz
|
%{_mandir}/man8/run_init.8.gz
|
||||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1
|
||||||
|
- Update from NSA
|
||||||
|
- Add cron capability to fixfiles
|
||||||
|
|
||||||
|
* Fri Jun 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13.4-1
|
||||||
|
- Update from NSA
|
||||||
|
|
||||||
* Thu Jun 24 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-2
|
* Thu Jun 24 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-2
|
||||||
- Fix fixfiles to handle no rpm file on relabel
|
- Fix fixfiles to handle no rpm file on relabel
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user