diff --git a/.cvsignore b/.cvsignore index 852d7c5..1d1b406 100644 --- a/.cvsignore +++ b/.cvsignore @@ -204,3 +204,4 @@ policycoreutils-2.0.67.tgz policycoreutils-2.0.68.tgz policycoreutils-2.0.70.tgz policycoreutils_man_ru2.tar.bz2 +policycoreutils-2.0.71.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index f94cb1a..4ce25b2 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,15 +1,15 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.70/Makefile +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile --- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.70/Makefile 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/Makefile 2009-08-13 11:48:14.000000000 -0400 @@ -1,4 +1,4 @@ -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.70/restorecond/Makefile +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile --- nsapolicycoreutils/restorecond/Makefile 2009-02-18 16:44:47.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/Makefile 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-13 11:48:14.000000000 -0400 @@ -2,16 +2,23 @@ PREFIX ?= ${DESTDIR}/usr SBINDIR ?= $(PREFIX)/sbin @@ -51,16 +51,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po relabel: install /sbin/restorecon $(SBINDIR)/restorecond -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.70/restorecond/org.selinux.Restorecond.service +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service --- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/org.selinux.Restorecond.service 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,3 @@ +[D-BUS Service] +Name=org.selinux.Restorecond +Exec=/usr/sbin/restorecond -u -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.70/restorecond/restorecond.c +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2009-02-18 16:44:47.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/restorecond.c 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-13 11:48:14.000000000 -0400 @@ -48,294 +48,37 @@ #include #include @@ -173,7 +173,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po - } - firstDir = NULL; -} - +- -/* - Set the file context to the default file context for this system. - Same as restorecon. @@ -288,14 +288,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po - Files specified one per line. Files with "~" will be expanded to the logged in users - homedirs. -*/ -+static char *server_watch_file = "/etc/selinux/restorecond.conf"; -+static char *user_watch_file = "/etc/selinux/restorecond_user.conf"; -+static char *watch_file; - +- -static void read_config(int fd) -{ - char *watch_file_path = "/etc/selinux/restorecond.conf"; -- + - FILE *cfg = NULL; - if (debug_mode) - printf("Read Config\n"); @@ -314,7 +311,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po - if (master_wd == -1) - exitApp("Error watching config file."); -} -+#include ++static char *server_watch_file = "/etc/selinux/restorecond.conf"; ++static char *user_watch_file = "/etc/selinux/restorecond_user.conf"; ++static char *watch_file; -/* - Inotify watch loop @@ -349,21 +348,22 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po - if (event->len) - watch_list_find(event->wd, event->name); - break; -- ++#include + - case 1: /* utmp has changed need to reload */ - read_config(fd); - break; -- -- default: /* No users logged in or out */ -- break; -- } -- } +int debug_mode = 0; +int verbose_mode = 0; +int terminate = 0; +int master_wd = -1; +int run_as_user = 0; +- default: /* No users logged in or out */ +- break; +- } +- } +- - i += EVENT_SIZE + event->len; - } - return 0; @@ -485,7 +485,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po case 'v': verbose_mode = 1; break; -@@ -483,22 +168,40 @@ +@@ -483,20 +168,36 @@ usage(argv[0]); } } @@ -525,13 +525,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if (pidfile) unlink(pidfile); - return 0; - } -+ -+ -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.70/restorecond/restorecond.conf +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf --- nsapolicycoreutils/restorecond/restorecond.conf 2009-05-18 13:53:14.000000000 -0400 -+++ policycoreutils-2.0.70/restorecond/restorecond.conf 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-13 11:48:14.000000000 -0400 @@ -4,8 +4,5 @@ /etc/mtab /var/run/utmp @@ -542,9 +538,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po /root/.ssh/* - - -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.70/restorecond/restorecond.desktop +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop --- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/restorecond.desktop 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=File Context maintainer @@ -553,9 +549,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po +Encoding=UTF-8 +Type=Application +StartupNotify=false -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.70/restorecond/restorecond.h +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h --- nsapolicycoreutils/restorecond/restorecond.h 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.70/restorecond/restorecond.h 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-13 11:48:14.000000000 -0400 @@ -24,7 +24,22 @@ #ifndef RESTORED_CONFIG_H #define RESTORED_CONFIG_H @@ -581,15 +577,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po +extern void watch_list_free(int fd); #endif -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.70/restorecond/restorecond_user.conf +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf --- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/restorecond_user.conf 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,2 @@ +~/* +~/public_html/* -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.70/restorecond/user.c +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c --- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/user.c 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/user.c 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,220 @@ +/* + * restorecond @@ -811,9 +807,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + return 0; +} + -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/walk.c policycoreutils-2.0.70/restorecond/walk.c +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/walk.c policycoreutils-2.0.71/restorecond/walk.c --- nsapolicycoreutils/restorecond/walk.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/walk.c 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/walk.c 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,30 @@ +#define _XOPEN_SOURCE 500 +#include @@ -845,9 +841,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + printf("Total Dirs %d\n",ctr); + exit(EXIT_SUCCESS); +} -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.70/restorecond/watch.c +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c --- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/watch.c 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,346 @@ +#define _GNU_SOURCE +#include @@ -1195,9 +1191,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + exitApp("Error watching config file."); +} + -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.70/scripts/Makefile +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat +--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/chcat 2009-08-13 11:48:14.000000000 -0400 +@@ -435,6 +435,8 @@ + continue + except ValueError, e: + error(e) ++ except OSError, e: ++ error(e) + + sys.exit(errors) + +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile --- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.70/scripts/Makefile 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/Makefile 2009-08-13 11:48:14.000000000 -0400 @@ -5,11 +5,12 @@ MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale @@ -1212,9 +1220,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po install -m 755 fixfiles $(DESTDIR)/sbin install -m 755 genhomedircon $(SBINDIR) -mkdir -p $(MANDIR)/man8 -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.70/scripts/sandbox +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.71/scripts/sandbox --- nsapolicycoreutils/scripts/sandbox 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/scripts/sandbox 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/sandbox 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,139 @@ +#!/usr/bin/python -E +import os, sys, getopt, socket, random, fcntl @@ -1355,9 +1363,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + error_exit(error.args[1]) + + sys.exit(rc) -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.70/scripts/sandbox.8 +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.71/scripts/sandbox.8 --- nsapolicycoreutils/scripts/sandbox.8 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/scripts/sandbox.8 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/sandbox.8 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,22 @@ +.TH SANDBOX "8" "May 2009" "chcat" "User Commands" +.SH NAME @@ -1381,9 +1389,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po +.TP +runcon(1) +.PP -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.py policycoreutils-2.0.70/scripts/sandbox.py +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.py policycoreutils-2.0.71/scripts/sandbox.py --- nsapolicycoreutils/scripts/sandbox.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/scripts/sandbox.py 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/sandbox.py 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,67 @@ +#!/usr/bin/python +import os, sys, getopt, socket, random, fcntl @@ -1452,9 +1460,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + mount(mount_src, filecon) + umount(filecon) +os.execvp(cmds[0], cmds) -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.70/semanage/semanage +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2009-05-18 13:53:14.000000000 -0400 -+++ policycoreutils-2.0.70/semanage/semanage 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/semanage/semanage 2009-08-13 11:48:14.000000000 -0400 @@ -44,16 +44,17 @@ text = _(""" semanage [ -S store ] -i [ input_file | - ] @@ -1508,17 +1516,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po valid_option["permissive"] = [] valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ] return valid_option -@@ -192,7 +198,10 @@ +@@ -192,6 +198,9 @@ locallist = False use_file = False store = "" + equal="" - ++ + dontaudit = "" -+ + object = argv[0] option_dict=get_options() - if object not in option_dict.keys(): @@ -201,10 +210,12 @@ args = argv[1:] @@ -1533,23 +1540,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po 'ftype=', 'file', 'help', -@@ -241,16 +252,24 @@ - if modify or add: - raise ValueError(_("%s bad option") % o) - delete = True -+ - if o == "-D" or o == "--deleteall": - if modify: - raise ValueError(_("%s bad option") % o) - deleteall = True -+ +@@ -248,9 +261,15 @@ if o == "-f" or o == "--ftype": -- ftype=a -+ ftype = a -+ + ftype=a + + if o == "-e" or o == "--equal": + equal = a - ++ if o == "-F" or o == "--file": use_file = True @@ -1559,16 +1556,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if o == "-h" or o == "--help": raise ValueError(_("%s bad option") % o) -@@ -323,6 +342,9 @@ - +@@ -324,6 +343,9 @@ if object == "boolean": OBJECT = seobject.booleanRecords(store) -+ + + if object == "module": + OBJECT = seobject.moduleRecords(store) - ++ if object == "translation": OBJECT = seobject.setransRecords() + @@ -341,6 +363,13 @@ OBJECT.deleteall() return @@ -1594,9 +1591,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po OBJECT.add(target, mask, proto, serange, setype) if object == "fcontext": -- OBJECT.add(target, setype, ftype, serange, seuser) + if equal == "": -+ OBJECT.add(target, setype, ftype, serange, seuser) + OBJECT.add(target, setype, ftype, serange, seuser) + else: + OBJECT.add_equal(target, equal) if object == "permissive": @@ -1616,26 +1612,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po OBJECT.modify(target, mask, proto, serange, setype) if object == "fcontext": -- OBJECT.modify(target, setype, ftype, serange, seuser) + if equal == "": -+ OBJECT.modify(target, setype, ftype, serange, seuser) + OBJECT.modify(target, setype, ftype, serange, seuser) + else: + OBJECT.modify_equal(target, equal) return -@@ -405,7 +446,7 @@ - OBJECT.delete(target, proto) - - elif object == "fcontext": -- OBJECT.delete(target, ftype) -+ OBJECT.delete(target, ftype) - - elif object == "node": - OBJECT.delete(target, mask, proto) -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.70/semanage/semanage.8 +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.71/semanage/semanage.8 --- nsapolicycoreutils/semanage/semanage.8 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.70/semanage/semanage.8 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/semanage/semanage.8 2009-08-13 11:48:14.000000000 -0400 @@ -21,6 +21,8 @@ .br .B semanage permissive \-{a|d} type @@ -1645,9 +1631,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po .B semanage translation \-{a|d|m} [\-T] level .P -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.70/semanage/seobject.py +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2009-05-18 13:53:14.000000000 -0400 -+++ policycoreutils-2.0.70/semanage/seobject.py 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-13 11:48:14.000000000 -0400 @@ -1,5 +1,5 @@ #! /usr/bin/python -E -# Copyright (C) 2005, 2006, 2007, 2008 Red Hat @@ -1655,93 +1641,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po # see file 'COPYING' for use and warranty information # # semanage is a tool for managing SELinux configuration files -@@ -21,16 +21,16 @@ +@@ -21,7 +21,7 @@ # # -import pwd, grp, string, selinux, tempfile, os, re, sys +import pwd, grp, string, selinux, tempfile, os, re, sys, stat from semanage import *; --PROGNAME="policycoreutils" -+PROGNAME = "policycoreutils" + PROGNAME="policycoreutils" import sepolgen.module as module - - import gettext - gettext.bindtextdomain(PROGNAME, "/usr/share/locale") - gettext.textdomain(PROGNAME) - try: -- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) -+ gettext.install(PROGNAME, localedir = "/usr/share/locale", unicode = 1) - except IOError: - import __builtin__ - __builtin__.__dict__['_'] = unicode -@@ -96,7 +96,7 @@ - self.audit_fd = audit.audit_open() - - def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""): -- audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],str(msg), name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success); -+ audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0], str(msg), name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success); - except: - class logger: - def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""): -@@ -104,7 +104,7 @@ - message = "Successful: " - else: - message = "Failed: " -- message += " %s name=%s" % (msg,name) -+ message += " %s name=%s" % (msg, name) - if sename != "": - message += " sename=" + sename - if old_sename != "": -@@ -123,9 +123,9 @@ - - import xml.etree.ElementTree - --booleans_dict={} -+booleans_dict = {} - try: -- tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml") -+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml") - for l in tree.findall("layer"): - for m in l.findall("module"): - for b in m.findall("tunable"): -@@ -160,12 +160,12 @@ - cat_range = category + "(\." + category +")?" - categories = cat_range + "(\," + cat_range + ")*" - reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?" -- return re.search("^" + reg +"$",raw) -+ return re.search("^" + reg +"$", raw) - - def translate(raw, prepend = 1): -- filler="a:b:c:" -+ filler = "a:b:c:" - if prepend == 1: -- context = "%s%s" % (filler,raw) -+ context = "%s%s" % (filler, raw) - else: - context = raw - (rc, trans) = selinux.selinux_raw_to_trans_context(context) -@@ -179,9 +179,9 @@ - return trans - - def untranslate(trans, prepend = 1): -- filler="a:b:c:" -+ filler = "a:b:c:" - if prepend == 1: -- context = "%s%s" % (filler,trans) -+ context = "%s%s" % (filler, trans) - else: - context = trans - -@@ -234,7 +234,7 @@ - rec += "%s=%s\n" % (k, self.ddict[k]) - return rec - -- def list(self,heading = 1, locallist = 0): -+ def list(self, heading = 1, locallist = 0): - if heading: - print "\n%-25s %s\n" % (_("Level"), _("Translation")) - keys = self.ddict.keys() @@ -273,6 +273,7 @@ (fd, newfilename) = tempfile.mkstemp('', self.filename) os.write(fd, self.out()) @@ -1750,15 +1658,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po os.rename(newfilename, self.filename) os.system("/sbin/service mcstrans reload > /dev/null") -@@ -283,7 +284,7 @@ - if handle != None: - self.sh = handle - else: -- self.sh=get_handle(store) -+ self.sh = get_handle(store) - self.transaction = False - - def deleteall(self): @@ -314,6 +315,49 @@ self.transaction = False self.commit() @@ -1809,254 +1708,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po class permissiveRecords(semanageRecords): def __init__(self, store): semanageRecords.__init__(self, store) -@@ -331,7 +375,7 @@ - l.append(name.split("permissive_")[1]) - return l - -- def list(self,heading = 1, locallist = 0): -+ def list(self, heading = 1, locallist = 0): - if heading: - print "\n%-25s\n" % (_("Permissive Types")) - for t in self.get_all(): -@@ -353,7 +397,7 @@ - - permissive %s; - """ % (name, type, type) -- fd = open(filename,'w') -+ fd = open(filename, 'w') - fd.write(modtxt) - fd.close() - mc = module.ModuleCompiler() -@@ -366,7 +410,7 @@ - if rc >= 0: - self.commit() - -- for root, dirs, files in os.walk("tmp", topdown=False): -+ for root, dirs, files in os.walk("tmp", topdown = False): - for name in files: - os.remove(os.path.join(root, name)) - for name in dirs: -@@ -405,11 +449,11 @@ - if sename == "": - sename = "user_u" - -- (rc,k) = semanage_seuser_key_create(self.sh, name) -+ (rc, k) = semanage_seuser_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_seuser_exists(self.sh, k) -+ (rc, exists) = semanage_seuser_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if login mapping for %s is defined") % name) - if exists: -@@ -425,7 +469,7 @@ - except: - raise ValueError(_("Linux User %s does not exist") % name) - -- (rc,u) = semanage_seuser_create(self.sh) -+ (rc, u) = semanage_seuser_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create login mapping for %s") % name) - -@@ -465,17 +509,17 @@ - if sename == "" and serange == "": - raise ValueError(_("Requires seuser or serange")) - -- (rc,k) = semanage_seuser_key_create(self.sh, name) -+ (rc, k) = semanage_seuser_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_seuser_exists(self.sh, k) -+ (rc, exists) = semanage_seuser_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if login mapping for %s is defined") % name) - if not exists: - raise ValueError(_("Login mapping for %s is not defined") % name) - -- (rc,u) = semanage_seuser_query(self.sh, k) -+ (rc, u) = semanage_seuser_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query seuser for %s") % name) - -@@ -498,7 +542,7 @@ - semanage_seuser_key_free(k) - semanage_seuser_free(u) - -- mylog.log(1,"modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange); -+ mylog.log(1, "modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange); - - def modify(self, name, sename = "", serange = ""): - try: -@@ -507,21 +551,21 @@ - self.commit() - - except ValueError, error: -- mylog.log(0,"modify selinux user mapping", name, sename,"", serange, "", "", ""); -+ mylog.log(0, "modify selinux user mapping", name, sename, "", serange, "", "", ""); - raise error - - def __delete(self, name): -- (rc,k) = semanage_seuser_key_create(self.sh, name) -+ (rc, k) = semanage_seuser_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_seuser_exists(self.sh, k) -+ (rc, exists) = semanage_seuser_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if login mapping for %s is defined") % name) - if not exists: - raise ValueError(_("Login mapping for %s is not defined") % name) - -- (rc,exists) = semanage_seuser_exists_local(self.sh, k) -+ (rc, exists) = semanage_seuser_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if login mapping for %s is defined") % name) - if not exists: -@@ -540,10 +584,10 @@ - self.commit() - - except ValueError, error: -- mylog.log(0,"delete SELinux user mapping", name); -+ mylog.log(0, "delete SELinux user mapping", name); - raise error - -- mylog.log(1,"delete SELinux user mapping", name); -+ mylog.log(1, "delete SELinux user mapping", name); - - def get_all(self, locallist = 0): - ddict = {} -@@ -593,17 +637,17 @@ - if len(roles) < 1: - raise ValueError(_("You must add at least one role for %s") % name) - -- (rc,k) = semanage_user_key_create(self.sh, name) -+ (rc, k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_user_exists(self.sh, k) -+ (rc, exists) = semanage_user_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if SELinux user %s is defined") % name) - if exists: - raise ValueError(_("SELinux user %s is already defined") % name) - -- (rc,u) = semanage_user_create(self.sh) -+ (rc, u) = semanage_user_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create SELinux user for %s") % name) - -@@ -627,7 +671,7 @@ - rc = semanage_user_set_prefix(self.sh, u, prefix) - if rc < 0: - raise ValueError(_("Could not add prefix %s for %s") % (r, prefix)) -- (rc,key) = semanage_user_key_extract(self.sh,u) -+ (rc, key) = semanage_user_key_extract(self.sh,u) - if rc < 0: - raise ValueError(_("Could not extract key for %s") % name) - -@@ -660,17 +704,17 @@ - else: - raise ValueError(_("Requires prefix or roles")) - -- (rc,k) = semanage_user_key_create(self.sh, name) -+ (rc, k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_user_exists(self.sh, k) -+ (rc, exists) = semanage_user_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if SELinux user %s is defined") % name) - if not exists: - raise ValueError(_("SELinux user %s is not defined") % name) - -- (rc,u) = semanage_user_query(self.sh, k) -+ (rc, u) = semanage_user_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query user for %s") % name) - -@@ -718,17 +762,17 @@ - raise error - - def __delete(self, name): -- (rc,k) = semanage_user_key_create(self.sh, name) -+ (rc, k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_user_exists(self.sh, k) -+ (rc, exists) = semanage_user_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if SELinux user %s is defined") % name) - if not exists: - raise ValueError(_("SELinux user %s is not defined") % name) - -- (rc,exists) = semanage_user_exists_local(self.sh, k) -+ (rc, exists) = semanage_user_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if SELinux user %s is defined") % name) - if not exists: -@@ -810,7 +854,7 @@ - low = int(ports[0]) - high = int(ports[1]) - -- (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) -+ (rc, k) = semanage_port_key_create(self.sh, low, high, proto_d) - if rc < 0: - raise ValueError(_("Could not create a key for %s/%s") % (proto, port)) - return ( k, proto_d, low, high ) -@@ -827,13 +871,13 @@ - - ( k, proto_d, low, high ) = self.__genkey(port, proto) - -- (rc,exists) = semanage_port_exists(self.sh, k) -+ (rc, exists) = semanage_port_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port)) - if exists: - raise ValueError(_("Port %s/%s already defined") % (proto, port)) - -- (rc,p) = semanage_port_create(self.sh) -+ (rc, p) = semanage_port_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create port for %s/%s") % (proto, port)) - -@@ -886,13 +930,13 @@ - - ( k, proto_d, low, high ) = self.__genkey(port, proto) - -- (rc,exists) = semanage_port_exists(self.sh, k) -+ (rc, exists) = semanage_port_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port)) - if not exists: - raise ValueError(_("Port %s/%s is not defined") % (proto,port)) - -- (rc,p) = semanage_port_query(self.sh, k) -+ (rc, p) = semanage_port_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query port %s/%s") % (proto, port)) - -@@ -941,13 +985,13 @@ - - def __delete(self, port, proto): - ( k, proto_d, low, high ) = self.__genkey(port, proto) -- (rc,exists) = semanage_port_exists(self.sh, k) -+ (rc, exists) = semanage_port_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port)) - if not exists: - raise ValueError(_("Port %s/%s is not defined") % (proto, port)) - -- (rc,exists) = semanage_port_exists_local(self.sh, k) -+ (rc, exists) = semanage_port_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port)) - if not exists: @@ -983,7 +1027,7 @@ proto_str = semanage_port_get_proto_str(proto) low = semanage_port_get_low(port) @@ -2066,132 +1717,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po return ddict def get_all_by_type(self, locallist = 0): -@@ -1053,17 +1097,17 @@ - if ctype == "": - raise ValueError(_("SELinux Type is required")) - -- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) -+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) - if rc < 0: - raise ValueError(_("Could not create key for %s") % addr) - if rc < 0: - raise ValueError(_("Could not check if addr %s is defined") % addr) - -- (rc,exists) = semanage_node_exists(self.sh, k) -+ (rc, exists) = semanage_node_exists(self.sh, k) - if exists: - raise ValueError(_("Addr %s already defined") % addr) - -- (rc,node) = semanage_node_create(self.sh) -+ (rc, node) = semanage_node_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create addr for %s") % addr) - -@@ -1128,17 +1172,17 @@ - if serange == "" and setype == "": - raise ValueError(_("Requires setype or serange")) - -- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) -+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) - if rc < 0: - raise ValueError(_("Could not create key for %s") % addr) - -- (rc,exists) = semanage_node_exists(self.sh, k) -+ (rc, exists) = semanage_node_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if addr %s is defined") % addr) - if not exists: - raise ValueError(_("Addr %s is not defined") % addr) - -- (rc,node) = semanage_node_query(self.sh, k) -+ (rc, node) = semanage_node_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query addr %s") % addr) - -@@ -1175,17 +1219,17 @@ - else: - raise ValueError(_("Unknown or missing protocol")) - -- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) -+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) - if rc < 0: - raise ValueError(_("Could not create key for %s") % addr) - -- (rc,exists) = semanage_node_exists(self.sh, k) -+ (rc, exists) = semanage_node_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if addr %s is defined") % addr) - if not exists: - raise ValueError(_("Addr %s is not defined") % addr) - -- (rc,exists) = semanage_node_exists_local(self.sh, k) -+ (rc, exists) = semanage_node_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if addr %s is defined") % addr) - if not exists: -@@ -1255,17 +1299,17 @@ - if ctype == "": - raise ValueError(_("SELinux Type is required")) - -- (rc,k) = semanage_iface_key_create(self.sh, interface) -+ (rc, k) = semanage_iface_key_create(self.sh, interface) - if rc < 0: - raise ValueError(_("Could not create key for %s") % interface) - -- (rc,exists) = semanage_iface_exists(self.sh, k) -+ (rc, exists) = semanage_iface_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if interface %s is defined") % interface) - if exists: - raise ValueError(_("Interface %s already defined") % interface) - -- (rc,iface) = semanage_iface_create(self.sh) -+ (rc, iface) = semanage_iface_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create interface for %s") % interface) - -@@ -1316,17 +1360,17 @@ - if serange == "" and setype == "": - raise ValueError(_("Requires setype or serange")) - -- (rc,k) = semanage_iface_key_create(self.sh, interface) -+ (rc, k) = semanage_iface_key_create(self.sh, interface) - if rc < 0: - raise ValueError(_("Could not create key for %s") % interface) - -- (rc,exists) = semanage_iface_exists(self.sh, k) -+ (rc, exists) = semanage_iface_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if interface %s is defined") % interface) - if not exists: - raise ValueError(_("Interface %s is not defined") % interface) - -- (rc,iface) = semanage_iface_query(self.sh, k) -+ (rc, iface) = semanage_iface_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query interface %s") % interface) - -@@ -1350,17 +1394,17 @@ - self.commit() - - def __delete(self, interface): -- (rc,k) = semanage_iface_key_create(self.sh, interface) -+ (rc, k) = semanage_iface_key_create(self.sh, interface) - if rc < 0: - raise ValueError(_("Could not create key for %s") % interface) - -- (rc,exists) = semanage_iface_exists(self.sh, k) -+ (rc, exists) = semanage_iface_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if interface %s is defined") % interface) - if not exists: - raise ValueError(_("Interface %s is not defined") % interface) - -- (rc,exists) = semanage_iface_exists_local(self.sh, k) -+ (rc, exists) = semanage_iface_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if interface %s is defined") % interface) - if not exists: @@ -1408,6 +1452,48 @@ class fcontextRecords(semanageRecords): def __init__(self, store = ""): @@ -2241,101 +1766,23 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po def createcon(self, target, seuser = "system_u"): (rc, con) = semanage_context_create(self.sh) -@@ -1444,23 +1530,23 @@ - if type == "": - raise ValueError(_("SELinux Type is required")) - -- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) -+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) - if rc < 0: - raise ValueError(_("Could not create key for %s") % target) - -- (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - - if not exists: -- (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - - if exists: - raise ValueError(_("File context for %s already defined") % target) - -- (rc,fcontext) = semanage_fcontext_create(self.sh) -+ (rc, fcontext) = semanage_fcontext_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create file context for %s") % target) - -@@ -1501,21 +1587,21 @@ - raise ValueError(_("Requires setype, serange or seuser")) - self.validate(target) - -- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) -+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % target) - -- (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - if not exists: -- (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k) - if not exists: - raise ValueError(_("File context for %s is not defined") % target) - -- (rc,fcontext) = semanage_fcontext_query_local(self.sh, k) -+ (rc, fcontext) = semanage_fcontext_query_local(self.sh, k) - if rc < 0: -- (rc,fcontext) = semanage_fcontext_query(self.sh, k) -+ (rc, fcontext) = semanage_fcontext_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query file context for %s") % target) - -@@ -1565,7 +1651,7 @@ - target = semanage_fcontext_get_expr(fcontext) - ftype = semanage_fcontext_get_type(fcontext) - ftype_str = semanage_fcontext_get_type_str(ftype) -- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str]) -+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str]) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % target) - -@@ -1573,19 +1659,26 @@ - if rc < 0: +@@ -1574,9 +1660,16 @@ raise ValueError(_("Could not delete the file context %s") % target) semanage_fcontext_key_free(k) -- -+ + + self.equiv = {} + self.equal_ind = True self.commit() def __delete(self, target, ftype): -- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) + if target in self.equiv.keys(): + self.equiv.pop(target) + self.equal_ind = True + return + -+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) + (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) if rc < 0: raise ValueError(_("Could not create a key for %s") % target) - -- (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - if not exists: -- (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - if exists: @@ -1632,11 +1725,11 @@ return ddict @@ -2350,7 +1797,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po for k in keys: if fcon_dict[k]: if is_mls_enabled: -@@ -1645,11 +1738,17 @@ +@@ -1645,6 +1738,12 @@ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2]) else: print "%-50s %-18s <>" % (k[0], k[1]) @@ -2363,108 +1810,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po class booleanRecords(semanageRecords): def __init__(self, store = ""): - semanageRecords.__init__(self, store) -- self.dict={} -+ self.dict = {} - self.dict["TRUE"] = 1 - self.dict["FALSE"] = 0 - self.dict["ON"] = 1 -@@ -1658,16 +1757,16 @@ - self.dict["0"] = 0 - - def __mod(self, name, value): -- (rc,k) = semanage_bool_key_create(self.sh, name) -+ (rc, k) = semanage_bool_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) -- (rc,exists) = semanage_bool_exists(self.sh, k) -+ (rc, exists) = semanage_bool_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if boolean %s is defined") % name) - if not exists: - raise ValueError(_("Boolean %s is not defined") % name) - -- (rc,b) = semanage_bool_query(self.sh, k) -+ (rc, b) = semanage_bool_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query file context %s") % name) - -@@ -1685,7 +1784,7 @@ - semanage_bool_key_free(k) - semanage_bool_free(b) - -- def modify(self, name, value=None, use_file=False): -+ def modify(self, name, value = None, use_file = False): - - self.begin() - -@@ -1709,16 +1808,16 @@ - - def __delete(self, name): - -- (rc,k) = semanage_bool_key_create(self.sh, name) -+ (rc, k) = semanage_bool_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) -- (rc,exists) = semanage_bool_exists(self.sh, k) -+ (rc, exists) = semanage_bool_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if boolean %s is defined") % name) - if not exists: - raise ValueError(_("Boolean %s is not defined") % name) - -- (rc,exists) = semanage_bool_exists_local(self.sh, k) -+ (rc, exists) = semanage_bool_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if boolean %s is defined") % name) - if not exists: -@@ -1777,7 +1876,7 @@ - return _("unknown") - - def list(self, heading = True, locallist = False, use_file = False): -- on_off = (_("off"),_("on")) -+ on_off = (_("off"), _("on")) - if use_file: - ddict = self.get_all(locallist) - keys = ddict.keys() -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.70/setfiles/setfiles.c ---- nsapolicycoreutils/setfiles/setfiles.c 2009-08-05 15:10:56.000000000 -0400 -+++ policycoreutils-2.0.70/setfiles/setfiles.c 2009-08-10 11:06:54.000000000 -0400 -@@ -234,7 +234,7 @@ - fl_head = NULL; - } - --static int add_exclude(const char *directory) -+static int add_exclude(const char *directory, int warn) - { - struct stat sb; - size_t len = 0; -@@ -244,8 +244,8 @@ - return 1; - } - if (lstat(directory, &sb)) { -- fprintf(stderr, "Can't stat directory \"%s\", %s.\n", -- directory, strerror(errno)); -+ if (warn) fprintf(stderr, "Can't stat directory \"%s\", %s.\n", -+ directory, strerror(errno)); - return 0; - } - if ((sb.st_mode & S_IFDIR) == 0) { -@@ -727,7 +727,7 @@ - - /* exclude mount points without the seclabel option */ - if (!found) -- add_exclude(mount_info[1]); -+ add_exclude(mount_info[1], 0); - } - - free(buf); -@@ -840,7 +840,7 @@ - } - case 'e': - remove_exclude(optarg); -- if (add_exclude(optarg)) -+ if (add_exclude(optarg, 1)) - exit(1); - break; - case 'f': diff --git a/policycoreutils.spec b/policycoreutils.spec index b4e6c5e..de08890 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -5,8 +5,8 @@ %define sepolgenver 1.0.16 Summary: SELinux policy core utilities Name: policycoreutils -Version: 2.0.70 -Release: 2%{?dist} +Version: 2.0.71 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -266,6 +266,15 @@ else fi %changelog +* Thu Aug 13 2009 Dan Walsh 2.0.71-1 +- Fix chcat to report error on non existing file +- Update to upstream + * Modify setfiles/restorecon checking of exclude paths. Only check + user-supplied exclude paths (not automatically generated ones based on + lack of seclabel support), don't require them to be directories, and + ignore permission denied errors on them (it is ok to exclude a path to + which the caller lacks permission). + * Mon Aug 10 2009 Dan Walsh 2.0.70-2 - Don't warn if the user did not specify the exclude if root can not stat file system diff --git a/sources b/sources index f8b67b5..215d22b 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ e1b5416c3e0d76e5d702b3f54f4def45 sepolgen-1.0.16.tgz -8c4c0c43a9b6c3865e2a8b8bdd222f90 policycoreutils-2.0.70.tgz -4c24e437f254291bc6d1378ee5a5712c policycoreutils_man_ru2.tar.bz2 +00fd9d86bd6a8066da710d6fda910b01 policycoreutils-2.0.71.tgz