diff --git a/policycoreutils-2.0.83-disable.patch b/policycoreutils-2.0.83-disable.patch new file mode 100644 index 0000000..78b4b1d --- /dev/null +++ b/policycoreutils-2.0.83-disable.patch @@ -0,0 +1,25 @@ +diff -up policycoreutils-2.0.83/load_policy/load_policy.c.init policycoreutils-2.0.83/load_policy/load_policy.c +--- policycoreutils-2.0.83/load_policy/load_policy.c.init 2010-11-08 13:46:37.000000000 -0500 ++++ policycoreutils-2.0.83/load_policy/load_policy.c 2010-11-22 13:43:58.000000000 -0500 +@@ -74,6 +74,7 @@ int main(int argc, char **argv) + "%s: Warning! Boolean file argument (%s) is no longer supported, installed booleans file is always used. Continuing...\n", + argv[0], argv[optind++]); + } ++ errno = 0; + if (init) { + if (is_selinux_enabled() == 1) { + /* SELinux is already enabled, we should not do an initial load again */ +@@ -98,7 +99,12 @@ int main(int argc, char **argv) + else { + ret = selinux_mkload_policy(1); + } +- if (ret < 0) { ++ ++ /* selinux_init_load_policy returns -1 if it did not load_policy ++ * On SELinux disabled system it will always return -1 ++ * So check errno to see if anything went wrong ++ */ ++ if (ret < 0 && errno != 0) { + char *path=policy_path(); + fprintf(stderr, _("%s: Can't load policy file %s: %s\n"), + argv[0], path, strerror(errno)); diff --git a/policycoreutils.spec b/policycoreutils.spec index e9c76e0..5aa1e67 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.83 -Release: 36%{?dist} +Release: 37%{?dist} License: GPLv2 Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -24,6 +24,7 @@ Patch: policycoreutils-rhat.patch Patch1: policycoreutils-po.patch Patch3: policycoreutils-gui.patch Patch4: policycoreutils-sepolgen.patch +Patch5: policycoreutils-2.0.83-disable.patch Obsoletes: policycoreutils < 2.0.61-2 %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)") @@ -62,6 +63,7 @@ context. %patch1 -p1 -b .rhatpo %patch3 -p1 -b .gui %patch4 -p1 -b .sepolgen +%patch5 -p1 -b .disable %build make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE " LDFLAGS="-pie -Wl,-z,relro" all @@ -327,6 +329,9 @@ fi exit 0 %changelog +* Mon Nov 22 2010 Dan Walsh 2.0.83-37 +- Don't report error on load_policy when system is disabled. + * Mon Nov 8 2010 Dan Walsh 2.0.83-36 - Fix up problems pointed out by solar designer on dropping capabilities