From afa7adf27e2c374a01006f8619fdab1706d392c7 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 13 Aug 2009 15:51:51 +0000 Subject: [PATCH] * Thu Aug 13 2009 Dan Walsh 2.0.71-1 - Fix chcat to report error on non existing file - Update to upstream * Modify setfiles/restorecon checking of exclude paths. Only check user-supplied exclude paths (not automatically generated ones based on lack of seclabel support), don't require them to be directories, and ignore permission denied errors on them (it is ok to exclude a path to which the caller lacks permission). --- .cvsignore | 1 + policycoreutils-rhat.patch | 820 ++++--------------------------------- policycoreutils.spec | 13 +- sources | 3 +- 4 files changed, 94 insertions(+), 743 deletions(-) diff --git a/.cvsignore b/.cvsignore index 852d7c5..1d1b406 100644 --- a/.cvsignore +++ b/.cvsignore @@ -204,3 +204,4 @@ policycoreutils-2.0.67.tgz policycoreutils-2.0.68.tgz policycoreutils-2.0.70.tgz policycoreutils_man_ru2.tar.bz2 +policycoreutils-2.0.71.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index f94cb1a..4ce25b2 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,15 +1,15 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.70/Makefile +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile --- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.70/Makefile 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/Makefile 2009-08-13 11:48:14.000000000 -0400 @@ -1,4 +1,4 @@ -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.70/restorecond/Makefile +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile --- nsapolicycoreutils/restorecond/Makefile 2009-02-18 16:44:47.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/Makefile 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-13 11:48:14.000000000 -0400 @@ -2,16 +2,23 @@ PREFIX ?= ${DESTDIR}/usr SBINDIR ?= $(PREFIX)/sbin @@ -51,16 +51,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po relabel: install /sbin/restorecon $(SBINDIR)/restorecond -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.70/restorecond/org.selinux.Restorecond.service +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service --- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/org.selinux.Restorecond.service 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,3 @@ +[D-BUS Service] +Name=org.selinux.Restorecond +Exec=/usr/sbin/restorecond -u -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.70/restorecond/restorecond.c +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2009-02-18 16:44:47.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/restorecond.c 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-13 11:48:14.000000000 -0400 @@ -48,294 +48,37 @@ #include #include @@ -173,7 +173,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po - } - firstDir = NULL; -} - +- -/* - Set the file context to the default file context for this system. - Same as restorecon. @@ -288,14 +288,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po - Files specified one per line. Files with "~" will be expanded to the logged in users - homedirs. -*/ -+static char *server_watch_file = "/etc/selinux/restorecond.conf"; -+static char *user_watch_file = "/etc/selinux/restorecond_user.conf"; -+static char *watch_file; - +- -static void read_config(int fd) -{ - char *watch_file_path = "/etc/selinux/restorecond.conf"; -- + - FILE *cfg = NULL; - if (debug_mode) - printf("Read Config\n"); @@ -314,7 +311,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po - if (master_wd == -1) - exitApp("Error watching config file."); -} -+#include ++static char *server_watch_file = "/etc/selinux/restorecond.conf"; ++static char *user_watch_file = "/etc/selinux/restorecond_user.conf"; ++static char *watch_file; -/* - Inotify watch loop @@ -349,21 +348,22 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po - if (event->len) - watch_list_find(event->wd, event->name); - break; -- ++#include + - case 1: /* utmp has changed need to reload */ - read_config(fd); - break; -- -- default: /* No users logged in or out */ -- break; -- } -- } +int debug_mode = 0; +int verbose_mode = 0; +int terminate = 0; +int master_wd = -1; +int run_as_user = 0; +- default: /* No users logged in or out */ +- break; +- } +- } +- - i += EVENT_SIZE + event->len; - } - return 0; @@ -485,7 +485,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po case 'v': verbose_mode = 1; break; -@@ -483,22 +168,40 @@ +@@ -483,20 +168,36 @@ usage(argv[0]); } } @@ -525,13 +525,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if (pidfile) unlink(pidfile); - return 0; - } -+ -+ -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.70/restorecond/restorecond.conf +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf --- nsapolicycoreutils/restorecond/restorecond.conf 2009-05-18 13:53:14.000000000 -0400 -+++ policycoreutils-2.0.70/restorecond/restorecond.conf 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-13 11:48:14.000000000 -0400 @@ -4,8 +4,5 @@ /etc/mtab /var/run/utmp @@ -542,9 +538,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po /root/.ssh/* - - -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.70/restorecond/restorecond.desktop +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop --- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/restorecond.desktop 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=File Context maintainer @@ -553,9 +549,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po +Encoding=UTF-8 +Type=Application +StartupNotify=false -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.70/restorecond/restorecond.h +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h --- nsapolicycoreutils/restorecond/restorecond.h 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.70/restorecond/restorecond.h 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-13 11:48:14.000000000 -0400 @@ -24,7 +24,22 @@ #ifndef RESTORED_CONFIG_H #define RESTORED_CONFIG_H @@ -581,15 +577,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po +extern void watch_list_free(int fd); #endif -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.70/restorecond/restorecond_user.conf +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf --- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/restorecond_user.conf 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,2 @@ +~/* +~/public_html/* -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.70/restorecond/user.c +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c --- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/user.c 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/user.c 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,220 @@ +/* + * restorecond @@ -811,9 +807,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + return 0; +} + -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/walk.c policycoreutils-2.0.70/restorecond/walk.c +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/walk.c policycoreutils-2.0.71/restorecond/walk.c --- nsapolicycoreutils/restorecond/walk.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/walk.c 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/walk.c 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,30 @@ +#define _XOPEN_SOURCE 500 +#include @@ -845,9 +841,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + printf("Total Dirs %d\n",ctr); + exit(EXIT_SUCCESS); +} -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.70/restorecond/watch.c +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c --- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/restorecond/watch.c 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,346 @@ +#define _GNU_SOURCE +#include @@ -1195,9 +1191,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + exitApp("Error watching config file."); +} + -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.70/scripts/Makefile +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat +--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/chcat 2009-08-13 11:48:14.000000000 -0400 +@@ -435,6 +435,8 @@ + continue + except ValueError, e: + error(e) ++ except OSError, e: ++ error(e) + + sys.exit(errors) + +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile --- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.70/scripts/Makefile 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/Makefile 2009-08-13 11:48:14.000000000 -0400 @@ -5,11 +5,12 @@ MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale @@ -1212,9 +1220,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po install -m 755 fixfiles $(DESTDIR)/sbin install -m 755 genhomedircon $(SBINDIR) -mkdir -p $(MANDIR)/man8 -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.70/scripts/sandbox +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.71/scripts/sandbox --- nsapolicycoreutils/scripts/sandbox 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/scripts/sandbox 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/sandbox 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,139 @@ +#!/usr/bin/python -E +import os, sys, getopt, socket, random, fcntl @@ -1355,9 +1363,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + error_exit(error.args[1]) + + sys.exit(rc) -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.70/scripts/sandbox.8 +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.71/scripts/sandbox.8 --- nsapolicycoreutils/scripts/sandbox.8 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/scripts/sandbox.8 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/sandbox.8 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,22 @@ +.TH SANDBOX "8" "May 2009" "chcat" "User Commands" +.SH NAME @@ -1381,9 +1389,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po +.TP +runcon(1) +.PP -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.py policycoreutils-2.0.70/scripts/sandbox.py +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.py policycoreutils-2.0.71/scripts/sandbox.py --- nsapolicycoreutils/scripts/sandbox.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.70/scripts/sandbox.py 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/scripts/sandbox.py 2009-08-13 11:48:14.000000000 -0400 @@ -0,0 +1,67 @@ +#!/usr/bin/python +import os, sys, getopt, socket, random, fcntl @@ -1452,9 +1460,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + mount(mount_src, filecon) + umount(filecon) +os.execvp(cmds[0], cmds) -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.70/semanage/semanage +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2009-05-18 13:53:14.000000000 -0400 -+++ policycoreutils-2.0.70/semanage/semanage 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/semanage/semanage 2009-08-13 11:48:14.000000000 -0400 @@ -44,16 +44,17 @@ text = _(""" semanage [ -S store ] -i [ input_file | - ] @@ -1508,17 +1516,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po valid_option["permissive"] = [] valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ] return valid_option -@@ -192,7 +198,10 @@ +@@ -192,6 +198,9 @@ locallist = False use_file = False store = "" + equal="" - ++ + dontaudit = "" -+ + object = argv[0] option_dict=get_options() - if object not in option_dict.keys(): @@ -201,10 +210,12 @@ args = argv[1:] @@ -1533,23 +1540,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po 'ftype=', 'file', 'help', -@@ -241,16 +252,24 @@ - if modify or add: - raise ValueError(_("%s bad option") % o) - delete = True -+ - if o == "-D" or o == "--deleteall": - if modify: - raise ValueError(_("%s bad option") % o) - deleteall = True -+ +@@ -248,9 +261,15 @@ if o == "-f" or o == "--ftype": -- ftype=a -+ ftype = a -+ + ftype=a + + if o == "-e" or o == "--equal": + equal = a - ++ if o == "-F" or o == "--file": use_file = True @@ -1559,16 +1556,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if o == "-h" or o == "--help": raise ValueError(_("%s bad option") % o) -@@ -323,6 +342,9 @@ - +@@ -324,6 +343,9 @@ if object == "boolean": OBJECT = seobject.booleanRecords(store) -+ + + if object == "module": + OBJECT = seobject.moduleRecords(store) - ++ if object == "translation": OBJECT = seobject.setransRecords() + @@ -341,6 +363,13 @@ OBJECT.deleteall() return @@ -1594,9 +1591,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po OBJECT.add(target, mask, proto, serange, setype) if object == "fcontext": -- OBJECT.add(target, setype, ftype, serange, seuser) + if equal == "": -+ OBJECT.add(target, setype, ftype, serange, seuser) + OBJECT.add(target, setype, ftype, serange, seuser) + else: + OBJECT.add_equal(target, equal) if object == "permissive": @@ -1616,26 +1612,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po OBJECT.modify(target, mask, proto, serange, setype) if object == "fcontext": -- OBJECT.modify(target, setype, ftype, serange, seuser) + if equal == "": -+ OBJECT.modify(target, setype, ftype, serange, seuser) + OBJECT.modify(target, setype, ftype, serange, seuser) + else: + OBJECT.modify_equal(target, equal) return -@@ -405,7 +446,7 @@ - OBJECT.delete(target, proto) - - elif object == "fcontext": -- OBJECT.delete(target, ftype) -+ OBJECT.delete(target, ftype) - - elif object == "node": - OBJECT.delete(target, mask, proto) -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.70/semanage/semanage.8 +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.71/semanage/semanage.8 --- nsapolicycoreutils/semanage/semanage.8 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.70/semanage/semanage.8 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/semanage/semanage.8 2009-08-13 11:48:14.000000000 -0400 @@ -21,6 +21,8 @@ .br .B semanage permissive \-{a|d} type @@ -1645,9 +1631,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po .B semanage translation \-{a|d|m} [\-T] level .P -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.70/semanage/seobject.py +diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2009-05-18 13:53:14.000000000 -0400 -+++ policycoreutils-2.0.70/semanage/seobject.py 2009-08-05 15:24:16.000000000 -0400 ++++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-13 11:48:14.000000000 -0400 @@ -1,5 +1,5 @@ #! /usr/bin/python -E -# Copyright (C) 2005, 2006, 2007, 2008 Red Hat @@ -1655,93 +1641,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po # see file 'COPYING' for use and warranty information # # semanage is a tool for managing SELinux configuration files -@@ -21,16 +21,16 @@ +@@ -21,7 +21,7 @@ # # -import pwd, grp, string, selinux, tempfile, os, re, sys +import pwd, grp, string, selinux, tempfile, os, re, sys, stat from semanage import *; --PROGNAME="policycoreutils" -+PROGNAME = "policycoreutils" + PROGNAME="policycoreutils" import sepolgen.module as module - - import gettext - gettext.bindtextdomain(PROGNAME, "/usr/share/locale") - gettext.textdomain(PROGNAME) - try: -- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) -+ gettext.install(PROGNAME, localedir = "/usr/share/locale", unicode = 1) - except IOError: - import __builtin__ - __builtin__.__dict__['_'] = unicode -@@ -96,7 +96,7 @@ - self.audit_fd = audit.audit_open() - - def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""): -- audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],str(msg), name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success); -+ audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0], str(msg), name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success); - except: - class logger: - def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""): -@@ -104,7 +104,7 @@ - message = "Successful: " - else: - message = "Failed: " -- message += " %s name=%s" % (msg,name) -+ message += " %s name=%s" % (msg, name) - if sename != "": - message += " sename=" + sename - if old_sename != "": -@@ -123,9 +123,9 @@ - - import xml.etree.ElementTree - --booleans_dict={} -+booleans_dict = {} - try: -- tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml") -+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml") - for l in tree.findall("layer"): - for m in l.findall("module"): - for b in m.findall("tunable"): -@@ -160,12 +160,12 @@ - cat_range = category + "(\." + category +")?" - categories = cat_range + "(\," + cat_range + ")*" - reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?" -- return re.search("^" + reg +"$",raw) -+ return re.search("^" + reg +"$", raw) - - def translate(raw, prepend = 1): -- filler="a:b:c:" -+ filler = "a:b:c:" - if prepend == 1: -- context = "%s%s" % (filler,raw) -+ context = "%s%s" % (filler, raw) - else: - context = raw - (rc, trans) = selinux.selinux_raw_to_trans_context(context) -@@ -179,9 +179,9 @@ - return trans - - def untranslate(trans, prepend = 1): -- filler="a:b:c:" -+ filler = "a:b:c:" - if prepend == 1: -- context = "%s%s" % (filler,trans) -+ context = "%s%s" % (filler, trans) - else: - context = trans - -@@ -234,7 +234,7 @@ - rec += "%s=%s\n" % (k, self.ddict[k]) - return rec - -- def list(self,heading = 1, locallist = 0): -+ def list(self, heading = 1, locallist = 0): - if heading: - print "\n%-25s %s\n" % (_("Level"), _("Translation")) - keys = self.ddict.keys() @@ -273,6 +273,7 @@ (fd, newfilename) = tempfile.mkstemp('', self.filename) os.write(fd, self.out()) @@ -1750,15 +1658,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po os.rename(newfilename, self.filename) os.system("/sbin/service mcstrans reload > /dev/null") -@@ -283,7 +284,7 @@ - if handle != None: - self.sh = handle - else: -- self.sh=get_handle(store) -+ self.sh = get_handle(store) - self.transaction = False - - def deleteall(self): @@ -314,6 +315,49 @@ self.transaction = False self.commit() @@ -1809,254 +1708,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po class permissiveRecords(semanageRecords): def __init__(self, store): semanageRecords.__init__(self, store) -@@ -331,7 +375,7 @@ - l.append(name.split("permissive_")[1]) - return l - -- def list(self,heading = 1, locallist = 0): -+ def list(self, heading = 1, locallist = 0): - if heading: - print "\n%-25s\n" % (_("Permissive Types")) - for t in self.get_all(): -@@ -353,7 +397,7 @@ - - permissive %s; - """ % (name, type, type) -- fd = open(filename,'w') -+ fd = open(filename, 'w') - fd.write(modtxt) - fd.close() - mc = module.ModuleCompiler() -@@ -366,7 +410,7 @@ - if rc >= 0: - self.commit() - -- for root, dirs, files in os.walk("tmp", topdown=False): -+ for root, dirs, files in os.walk("tmp", topdown = False): - for name in files: - os.remove(os.path.join(root, name)) - for name in dirs: -@@ -405,11 +449,11 @@ - if sename == "": - sename = "user_u" - -- (rc,k) = semanage_seuser_key_create(self.sh, name) -+ (rc, k) = semanage_seuser_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_seuser_exists(self.sh, k) -+ (rc, exists) = semanage_seuser_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if login mapping for %s is defined") % name) - if exists: -@@ -425,7 +469,7 @@ - except: - raise ValueError(_("Linux User %s does not exist") % name) - -- (rc,u) = semanage_seuser_create(self.sh) -+ (rc, u) = semanage_seuser_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create login mapping for %s") % name) - -@@ -465,17 +509,17 @@ - if sename == "" and serange == "": - raise ValueError(_("Requires seuser or serange")) - -- (rc,k) = semanage_seuser_key_create(self.sh, name) -+ (rc, k) = semanage_seuser_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_seuser_exists(self.sh, k) -+ (rc, exists) = semanage_seuser_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if login mapping for %s is defined") % name) - if not exists: - raise ValueError(_("Login mapping for %s is not defined") % name) - -- (rc,u) = semanage_seuser_query(self.sh, k) -+ (rc, u) = semanage_seuser_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query seuser for %s") % name) - -@@ -498,7 +542,7 @@ - semanage_seuser_key_free(k) - semanage_seuser_free(u) - -- mylog.log(1,"modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange); -+ mylog.log(1, "modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange); - - def modify(self, name, sename = "", serange = ""): - try: -@@ -507,21 +551,21 @@ - self.commit() - - except ValueError, error: -- mylog.log(0,"modify selinux user mapping", name, sename,"", serange, "", "", ""); -+ mylog.log(0, "modify selinux user mapping", name, sename, "", serange, "", "", ""); - raise error - - def __delete(self, name): -- (rc,k) = semanage_seuser_key_create(self.sh, name) -+ (rc, k) = semanage_seuser_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_seuser_exists(self.sh, k) -+ (rc, exists) = semanage_seuser_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if login mapping for %s is defined") % name) - if not exists: - raise ValueError(_("Login mapping for %s is not defined") % name) - -- (rc,exists) = semanage_seuser_exists_local(self.sh, k) -+ (rc, exists) = semanage_seuser_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if login mapping for %s is defined") % name) - if not exists: -@@ -540,10 +584,10 @@ - self.commit() - - except ValueError, error: -- mylog.log(0,"delete SELinux user mapping", name); -+ mylog.log(0, "delete SELinux user mapping", name); - raise error - -- mylog.log(1,"delete SELinux user mapping", name); -+ mylog.log(1, "delete SELinux user mapping", name); - - def get_all(self, locallist = 0): - ddict = {} -@@ -593,17 +637,17 @@ - if len(roles) < 1: - raise ValueError(_("You must add at least one role for %s") % name) - -- (rc,k) = semanage_user_key_create(self.sh, name) -+ (rc, k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_user_exists(self.sh, k) -+ (rc, exists) = semanage_user_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if SELinux user %s is defined") % name) - if exists: - raise ValueError(_("SELinux user %s is already defined") % name) - -- (rc,u) = semanage_user_create(self.sh) -+ (rc, u) = semanage_user_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create SELinux user for %s") % name) - -@@ -627,7 +671,7 @@ - rc = semanage_user_set_prefix(self.sh, u, prefix) - if rc < 0: - raise ValueError(_("Could not add prefix %s for %s") % (r, prefix)) -- (rc,key) = semanage_user_key_extract(self.sh,u) -+ (rc, key) = semanage_user_key_extract(self.sh,u) - if rc < 0: - raise ValueError(_("Could not extract key for %s") % name) - -@@ -660,17 +704,17 @@ - else: - raise ValueError(_("Requires prefix or roles")) - -- (rc,k) = semanage_user_key_create(self.sh, name) -+ (rc, k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_user_exists(self.sh, k) -+ (rc, exists) = semanage_user_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if SELinux user %s is defined") % name) - if not exists: - raise ValueError(_("SELinux user %s is not defined") % name) - -- (rc,u) = semanage_user_query(self.sh, k) -+ (rc, u) = semanage_user_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query user for %s") % name) - -@@ -718,17 +762,17 @@ - raise error - - def __delete(self, name): -- (rc,k) = semanage_user_key_create(self.sh, name) -+ (rc, k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc,exists) = semanage_user_exists(self.sh, k) -+ (rc, exists) = semanage_user_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if SELinux user %s is defined") % name) - if not exists: - raise ValueError(_("SELinux user %s is not defined") % name) - -- (rc,exists) = semanage_user_exists_local(self.sh, k) -+ (rc, exists) = semanage_user_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if SELinux user %s is defined") % name) - if not exists: -@@ -810,7 +854,7 @@ - low = int(ports[0]) - high = int(ports[1]) - -- (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) -+ (rc, k) = semanage_port_key_create(self.sh, low, high, proto_d) - if rc < 0: - raise ValueError(_("Could not create a key for %s/%s") % (proto, port)) - return ( k, proto_d, low, high ) -@@ -827,13 +871,13 @@ - - ( k, proto_d, low, high ) = self.__genkey(port, proto) - -- (rc,exists) = semanage_port_exists(self.sh, k) -+ (rc, exists) = semanage_port_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port)) - if exists: - raise ValueError(_("Port %s/%s already defined") % (proto, port)) - -- (rc,p) = semanage_port_create(self.sh) -+ (rc, p) = semanage_port_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create port for %s/%s") % (proto, port)) - -@@ -886,13 +930,13 @@ - - ( k, proto_d, low, high ) = self.__genkey(port, proto) - -- (rc,exists) = semanage_port_exists(self.sh, k) -+ (rc, exists) = semanage_port_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port)) - if not exists: - raise ValueError(_("Port %s/%s is not defined") % (proto,port)) - -- (rc,p) = semanage_port_query(self.sh, k) -+ (rc, p) = semanage_port_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query port %s/%s") % (proto, port)) - -@@ -941,13 +985,13 @@ - - def __delete(self, port, proto): - ( k, proto_d, low, high ) = self.__genkey(port, proto) -- (rc,exists) = semanage_port_exists(self.sh, k) -+ (rc, exists) = semanage_port_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port)) - if not exists: - raise ValueError(_("Port %s/%s is not defined") % (proto, port)) - -- (rc,exists) = semanage_port_exists_local(self.sh, k) -+ (rc, exists) = semanage_port_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port)) - if not exists: @@ -983,7 +1027,7 @@ proto_str = semanage_port_get_proto_str(proto) low = semanage_port_get_low(port) @@ -2066,132 +1717,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po return ddict def get_all_by_type(self, locallist = 0): -@@ -1053,17 +1097,17 @@ - if ctype == "": - raise ValueError(_("SELinux Type is required")) - -- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) -+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) - if rc < 0: - raise ValueError(_("Could not create key for %s") % addr) - if rc < 0: - raise ValueError(_("Could not check if addr %s is defined") % addr) - -- (rc,exists) = semanage_node_exists(self.sh, k) -+ (rc, exists) = semanage_node_exists(self.sh, k) - if exists: - raise ValueError(_("Addr %s already defined") % addr) - -- (rc,node) = semanage_node_create(self.sh) -+ (rc, node) = semanage_node_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create addr for %s") % addr) - -@@ -1128,17 +1172,17 @@ - if serange == "" and setype == "": - raise ValueError(_("Requires setype or serange")) - -- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) -+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) - if rc < 0: - raise ValueError(_("Could not create key for %s") % addr) - -- (rc,exists) = semanage_node_exists(self.sh, k) -+ (rc, exists) = semanage_node_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if addr %s is defined") % addr) - if not exists: - raise ValueError(_("Addr %s is not defined") % addr) - -- (rc,node) = semanage_node_query(self.sh, k) -+ (rc, node) = semanage_node_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query addr %s") % addr) - -@@ -1175,17 +1219,17 @@ - else: - raise ValueError(_("Unknown or missing protocol")) - -- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) -+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) - if rc < 0: - raise ValueError(_("Could not create key for %s") % addr) - -- (rc,exists) = semanage_node_exists(self.sh, k) -+ (rc, exists) = semanage_node_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if addr %s is defined") % addr) - if not exists: - raise ValueError(_("Addr %s is not defined") % addr) - -- (rc,exists) = semanage_node_exists_local(self.sh, k) -+ (rc, exists) = semanage_node_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if addr %s is defined") % addr) - if not exists: -@@ -1255,17 +1299,17 @@ - if ctype == "": - raise ValueError(_("SELinux Type is required")) - -- (rc,k) = semanage_iface_key_create(self.sh, interface) -+ (rc, k) = semanage_iface_key_create(self.sh, interface) - if rc < 0: - raise ValueError(_("Could not create key for %s") % interface) - -- (rc,exists) = semanage_iface_exists(self.sh, k) -+ (rc, exists) = semanage_iface_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if interface %s is defined") % interface) - if exists: - raise ValueError(_("Interface %s already defined") % interface) - -- (rc,iface) = semanage_iface_create(self.sh) -+ (rc, iface) = semanage_iface_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create interface for %s") % interface) - -@@ -1316,17 +1360,17 @@ - if serange == "" and setype == "": - raise ValueError(_("Requires setype or serange")) - -- (rc,k) = semanage_iface_key_create(self.sh, interface) -+ (rc, k) = semanage_iface_key_create(self.sh, interface) - if rc < 0: - raise ValueError(_("Could not create key for %s") % interface) - -- (rc,exists) = semanage_iface_exists(self.sh, k) -+ (rc, exists) = semanage_iface_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if interface %s is defined") % interface) - if not exists: - raise ValueError(_("Interface %s is not defined") % interface) - -- (rc,iface) = semanage_iface_query(self.sh, k) -+ (rc, iface) = semanage_iface_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query interface %s") % interface) - -@@ -1350,17 +1394,17 @@ - self.commit() - - def __delete(self, interface): -- (rc,k) = semanage_iface_key_create(self.sh, interface) -+ (rc, k) = semanage_iface_key_create(self.sh, interface) - if rc < 0: - raise ValueError(_("Could not create key for %s") % interface) - -- (rc,exists) = semanage_iface_exists(self.sh, k) -+ (rc, exists) = semanage_iface_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if interface %s is defined") % interface) - if not exists: - raise ValueError(_("Interface %s is not defined") % interface) - -- (rc,exists) = semanage_iface_exists_local(self.sh, k) -+ (rc, exists) = semanage_iface_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if interface %s is defined") % interface) - if not exists: @@ -1408,6 +1452,48 @@ class fcontextRecords(semanageRecords): def __init__(self, store = ""): @@ -2241,101 +1766,23 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po def createcon(self, target, seuser = "system_u"): (rc, con) = semanage_context_create(self.sh) -@@ -1444,23 +1530,23 @@ - if type == "": - raise ValueError(_("SELinux Type is required")) - -- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) -+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) - if rc < 0: - raise ValueError(_("Could not create key for %s") % target) - -- (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - - if not exists: -- (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - - if exists: - raise ValueError(_("File context for %s already defined") % target) - -- (rc,fcontext) = semanage_fcontext_create(self.sh) -+ (rc, fcontext) = semanage_fcontext_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create file context for %s") % target) - -@@ -1501,21 +1587,21 @@ - raise ValueError(_("Requires setype, serange or seuser")) - self.validate(target) - -- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) -+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % target) - -- (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - if not exists: -- (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k) - if not exists: - raise ValueError(_("File context for %s is not defined") % target) - -- (rc,fcontext) = semanage_fcontext_query_local(self.sh, k) -+ (rc, fcontext) = semanage_fcontext_query_local(self.sh, k) - if rc < 0: -- (rc,fcontext) = semanage_fcontext_query(self.sh, k) -+ (rc, fcontext) = semanage_fcontext_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query file context for %s") % target) - -@@ -1565,7 +1651,7 @@ - target = semanage_fcontext_get_expr(fcontext) - ftype = semanage_fcontext_get_type(fcontext) - ftype_str = semanage_fcontext_get_type_str(ftype) -- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str]) -+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str]) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % target) - -@@ -1573,19 +1659,26 @@ - if rc < 0: +@@ -1574,9 +1660,16 @@ raise ValueError(_("Could not delete the file context %s") % target) semanage_fcontext_key_free(k) -- -+ + + self.equiv = {} + self.equal_ind = True self.commit() def __delete(self, target, ftype): -- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) + if target in self.equiv.keys(): + self.equiv.pop(target) + self.equal_ind = True + return + -+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) + (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) if rc < 0: raise ValueError(_("Could not create a key for %s") % target) - -- (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - if not exists: -- (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ (rc, exists) = semanage_fcontext_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) - if exists: @@ -1632,11 +1725,11 @@ return ddict @@ -2350,7 +1797,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po for k in keys: if fcon_dict[k]: if is_mls_enabled: -@@ -1645,11 +1738,17 @@ +@@ -1645,6 +1738,12 @@ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2]) else: print "%-50s %-18s <>" % (k[0], k[1]) @@ -2363,108 +1810,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po class booleanRecords(semanageRecords): def __init__(self, store = ""): - semanageRecords.__init__(self, store) -- self.dict={} -+ self.dict = {} - self.dict["TRUE"] = 1 - self.dict["FALSE"] = 0 - self.dict["ON"] = 1 -@@ -1658,16 +1757,16 @@ - self.dict["0"] = 0 - - def __mod(self, name, value): -- (rc,k) = semanage_bool_key_create(self.sh, name) -+ (rc, k) = semanage_bool_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) -- (rc,exists) = semanage_bool_exists(self.sh, k) -+ (rc, exists) = semanage_bool_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if boolean %s is defined") % name) - if not exists: - raise ValueError(_("Boolean %s is not defined") % name) - -- (rc,b) = semanage_bool_query(self.sh, k) -+ (rc, b) = semanage_bool_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query file context %s") % name) - -@@ -1685,7 +1784,7 @@ - semanage_bool_key_free(k) - semanage_bool_free(b) - -- def modify(self, name, value=None, use_file=False): -+ def modify(self, name, value = None, use_file = False): - - self.begin() - -@@ -1709,16 +1808,16 @@ - - def __delete(self, name): - -- (rc,k) = semanage_bool_key_create(self.sh, name) -+ (rc, k) = semanage_bool_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) -- (rc,exists) = semanage_bool_exists(self.sh, k) -+ (rc, exists) = semanage_bool_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if boolean %s is defined") % name) - if not exists: - raise ValueError(_("Boolean %s is not defined") % name) - -- (rc,exists) = semanage_bool_exists_local(self.sh, k) -+ (rc, exists) = semanage_bool_exists_local(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if boolean %s is defined") % name) - if not exists: -@@ -1777,7 +1876,7 @@ - return _("unknown") - - def list(self, heading = True, locallist = False, use_file = False): -- on_off = (_("off"),_("on")) -+ on_off = (_("off"), _("on")) - if use_file: - ddict = self.get_all(locallist) - keys = ddict.keys() -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.70/setfiles/setfiles.c ---- nsapolicycoreutils/setfiles/setfiles.c 2009-08-05 15:10:56.000000000 -0400 -+++ policycoreutils-2.0.70/setfiles/setfiles.c 2009-08-10 11:06:54.000000000 -0400 -@@ -234,7 +234,7 @@ - fl_head = NULL; - } - --static int add_exclude(const char *directory) -+static int add_exclude(const char *directory, int warn) - { - struct stat sb; - size_t len = 0; -@@ -244,8 +244,8 @@ - return 1; - } - if (lstat(directory, &sb)) { -- fprintf(stderr, "Can't stat directory \"%s\", %s.\n", -- directory, strerror(errno)); -+ if (warn) fprintf(stderr, "Can't stat directory \"%s\", %s.\n", -+ directory, strerror(errno)); - return 0; - } - if ((sb.st_mode & S_IFDIR) == 0) { -@@ -727,7 +727,7 @@ - - /* exclude mount points without the seclabel option */ - if (!found) -- add_exclude(mount_info[1]); -+ add_exclude(mount_info[1], 0); - } - - free(buf); -@@ -840,7 +840,7 @@ - } - case 'e': - remove_exclude(optarg); -- if (add_exclude(optarg)) -+ if (add_exclude(optarg, 1)) - exit(1); - break; - case 'f': diff --git a/policycoreutils.spec b/policycoreutils.spec index b4e6c5e..de08890 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -5,8 +5,8 @@ %define sepolgenver 1.0.16 Summary: SELinux policy core utilities Name: policycoreutils -Version: 2.0.70 -Release: 2%{?dist} +Version: 2.0.71 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -266,6 +266,15 @@ else fi %changelog +* Thu Aug 13 2009 Dan Walsh 2.0.71-1 +- Fix chcat to report error on non existing file +- Update to upstream + * Modify setfiles/restorecon checking of exclude paths. Only check + user-supplied exclude paths (not automatically generated ones based on + lack of seclabel support), don't require them to be directories, and + ignore permission denied errors on them (it is ok to exclude a path to + which the caller lacks permission). + * Mon Aug 10 2009 Dan Walsh 2.0.70-2 - Don't warn if the user did not specify the exclude if root can not stat file system diff --git a/sources b/sources index f8b67b5..215d22b 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ e1b5416c3e0d76e5d702b3f54f4def45 sepolgen-1.0.16.tgz -8c4c0c43a9b6c3865e2a8b8bdd222f90 policycoreutils-2.0.70.tgz -4c24e437f254291bc6d1378ee5a5712c policycoreutils_man_ru2.tar.bz2 +00fd9d86bd6a8066da710d6fda910b01 policycoreutils-2.0.71.tgz