rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

policycoreutils-2.6-5

Browse Source 
- semanage: Unify argument handling (#1398987)
- setfiles: set up a logging callback for libselinux
- setfiles: Fix setfiles progress indicator
- setfiles: stdout messages don't need program prefix
- setfiles: don't scramble stdout and stderr together (#1435894)
- restorecond: Decrease loglevel of termination message (#1264505)
- fixfiles should handle path arguments more robustly
- fixfiles: handle unexpected spaces in command
- fixfiles: remove useless use of cat (#1435894)
- semanage: Add checks if a module name is passed in (#1420707)
- semanage: fix export of fcontext socket entries (#1435127)
- selinux-autorelabel: remove incorrect redirection to /dev/null (#1415674)
This commit is contained in:
Petr Lautrbach 2017-04-06 15:38:16 +02:00
parent db14db8479
commit b185f8151d
2 changed files with 533 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

524
policycoreutils-fedora.patch
View File

@ -42,10 +42,36 @@ index 1d262a9..064001b 100644
except ValueError as e:
self.error(e.message)
return True
diff --git policycoreutils-2.6/gui/portsPage.py policycoreutils-2.6/gui/portsPage.py
index b6445db..ed9d51b 100644
--- policycoreutils-2.6/gui/portsPage.py
+++ policycoreutils-2.6/gui/portsPage.py
@@ -34,6 +34,12 @@ from semanagePage import *
## I18N
##
PROGNAME = "policycoreutils"
+
+TYPE_COL = 0
+PROTOCOL_COL = 1
+MLS_COL = 2
+PORT_COL = 3
+
try:
import gettext
kwargs = {}
diff --git policycoreutils-2.6/hll/pp/pp.c policycoreutils-2.6/hll/pp/pp.c
index 2c9f53f..7f9afb0 100644
index 2c9f53f..bf7582e 100644
--- policycoreutils-2.6/hll/pp/pp.c
+++ policycoreutils-2.6/hll/pp/pp.c
@@ -46,7 +46,7 @@ static void log_err(const char *fmt, ...)
}
}
-static void usage(int err)
+static __attribute__((__noreturn__)) void usage(int err)
{
fprintf(stderr, "Usage: %s [OPTIONS] [IN_FILE [OUT_FILE]]\n", progname);
fprintf(stderr, "\n");
@@ -141,7 +141,7 @@ int main(int argc, char **argv)
if (separator) {
*separator = '\0';
@ -55,6 +81,32 @@ index 2c9f53f..7f9afb0 100644
fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", ifile, mod_name, cil_name);
}
free(cil_path);
diff --git policycoreutils-2.6/load_policy/load_policy.c policycoreutils-2.6/load_policy/load_policy.c
index 47d9b0f..7c2c2a7 100644
--- policycoreutils-2.6/load_policy/load_policy.c
+++ policycoreutils-2.6/load_policy/load_policy.c
@@ -17,7 +17,7 @@
#define PACKAGE "policycoreutils" /* the name of this package lang translation */
#endif
-void usage(char *progname)
+static __attribute__((__noreturn__)) void usage(const char *progname)
{
fprintf(stderr, _("usage: %s [-qi]\n"), progname);
exit(1);
diff --git policycoreutils-2.6/restorecond/watch.c policycoreutils-2.6/restorecond/watch.c
index bdfc99d..b6fa825 100644
--- policycoreutils-2.6/restorecond/watch.c
+++ policycoreutils-2.6/restorecond/watch.c
@@ -179,7 +179,7 @@ int watch(int fd, const char *watch_file)
syslog(LOG_ERR, "Read error (%s)", strerror(errno));
return 0;
}
- syslog(LOG_ERR, "terminated");
+ syslog(LOG_INFO, "terminated");
return -1;
} else if (!len)
/* BUF_LEN too small? */
diff --git policycoreutils-2.6/sandbox/sandboxX.sh policycoreutils-2.6/sandbox/sandboxX.sh
index eaa500d..4774528 100644
--- policycoreutils-2.6/sandbox/sandboxX.sh
@ -69,7 +121,7 @@ index eaa500d..4774528 100644
cat > ~/seremote << __EOF
#!/bin/sh
diff --git policycoreutils-2.6/scripts/fixfiles policycoreutils-2.6/scripts/fixfiles
index fa43a53..301fc34 100755
index fa43a53..cc504b7 100755
--- policycoreutils-2.6/scripts/fixfiles
+++ policycoreutils-2.6/scripts/fixfiles
@@ -116,14 +116,11 @@ exclude_dirs() {
@ -107,7 +159,7 @@ index fa43a53..301fc34 100755
fi
}
#
@@ -244,6 +244,10 @@ then
@@ -244,20 +244,24 @@ then
logit "skipping the directory ${p}"
done
FC=$TEMPFCFILE
@ -118,6 +170,23 @@ index fa43a53..301fc34 100755
fi
if [ ! -z "$RPMFILES" ]; then
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
- rpmlist $i | ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} $* -R -i -f - 2>&1 | cat >> $LOGFILE
+ rpmlist $i | ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} $* -R -i -f - >>$LOGFILE 2>&1
done
exit $?
fi
if [ ! -z "$FILEPATH" ]; then
- ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} -R $* $FILEPATH 2>&1 | cat >> $LOGFILE
+ ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} -R $* -- "$FILEPATH" >>$LOGFILE 2>&1
return
fi
if [ -n "${FILESYSTEMSRW}" ]; then
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
- ${SETFILES} ${VERBOSE} $exclude_dirs -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
+ ${SETFILES} ${VERBOSE} $exclude_dirs -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} >>$LOGFILE 2>&1
else
echo >&2 "fixfiles: No suitable file systems found"
fi
@@ -265,7 +269,7 @@ if [ ${OPTION} != "Relabel" ]; then
return
fi
@ -136,6 +205,129 @@ index fa43a53..301fc34 100755
relabel) relabel;;
onboot)
> /.autorelabel
@@ -382,8 +386,8 @@ done
shift $(( OPTIND - 1 ))
# Check for the command
-command=$1
-if [ -z $command ]; then
+command="$1"
+if [ -z "$command" ]; then
usage
fi
@@ -395,17 +399,17 @@ shift
#
if [ ! -z "$RPMFILES" ]; then
- process $command
+ process "$command"
if [ $# -gt 0 ]; then
usage
fi
else
if [ -z "$1" ]; then
- process $command
+ process "$command"
else
while [ -n "$1" ]; do
- FILEPATH=$1
- process $command
+ FILEPATH="$1"
+ process "$command"
shift
done
fi
diff --git policycoreutils-2.6/secon/secon.c policycoreutils-2.6/secon/secon.c
index 134f4ee..c29d9fb 100644
--- policycoreutils-2.6/secon/secon.c
+++ policycoreutils-2.6/secon/secon.c
@@ -73,7 +73,7 @@ struct {
FALSE, FALSE, FALSE, FALSE, FALSE, FALSE,
FALSE, FALSE, FALSE, OPTS_FROM_ARG, {0} } };
-static void usage(const char *name, int exit_code)
+static __attribute__((__noreturn__)) void usage(const char *name, int exit_code)
{
fprintf(exit_code ? stderr : stdout,
" Usage: %s [-%s] [ context | - ]\n"
diff --git policycoreutils-2.6/semanage/semanage policycoreutils-2.6/semanage/semanage
index 19a6c51..c109716 100644
--- policycoreutils-2.6/semanage/semanage
+++ policycoreutils-2.6/semanage/semanage
@@ -50,7 +50,7 @@ usage_login = "semanage login [-h] [-n] [-N] [-S STORE] ["
usage_login_dict = {' --add': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --modify': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --delete': ('LOGIN',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] ["
-usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC )',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --list': ('[-C]',), ' --extract': ('',), ' --deleteall': ('',)}
usage_user = "semanage user [-h] [-n] [-N] [-S STORE] ["
usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name'')'), ' --delete': ('selinux_name',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
@@ -99,8 +99,8 @@ class seParser(argparse.ArgumentParser):
def error(self, message):
if len(sys.argv) == 2:
self.print_help()
- sys.exit(2)
- self.print_usage()
+ else:
+ self.print_usage()
self.exit(2, ('%s: error: %s\n') % (self.prog, message))
@@ -346,10 +346,7 @@ def handleFcontext(args):
# we can not use mutually for equal because we can define some actions together with equal
fcontext_equal_args = {'equal': [('list', 'locallist', 'type', 'ftype', 'seuser', 'deleteall', 'extract'), ()]}
- if args.action is None:
- print("usage: " + "%s" % generate_custom_usage(usage_fcontext, usage_fcontext_dict))
- sys.exit(2)
- elif args.action and args.equal:
+ if args.action and args.equal:
handle_opts(args, fcontext_equal_args, "equal")
else:
handle_opts(args, fcontext_args, args.action)
@@ -398,7 +395,7 @@ If you do not specify a file type, the file type will default to "all files".
parser_add_noreload(fcontextParser, "fcontext")
parser_add_store(fcontextParser, "fcontext")
- fcontext_action = fcontextParser.add_mutually_exclusive_group(required=False)
+ fcontext_action = fcontextParser.add_mutually_exclusive_group(required=True)
parser_add_add(fcontext_action, "fcontext")
parser_add_delete(fcontext_action, "fcontext")
parser_add_modify(fcontext_action, "fcontext")
@@ -645,19 +642,9 @@ def setupNodeParser(subparsers):
def handleBoolean(args):
- boolean_args = {'list': [('state', 'boolean'), ('')], 'modify': [('localist'), ('')], 'extract': [('locallist', 'state', 'boolean'), ('')], 'deleteall': [('locallist'), ('')], 'state': [('locallist', 'list', 'extract', 'deleteall'), ('modify')]}
- if args.action is None:
- print("Usage: " + "%s" % generate_custom_usage(usage_boolean, usage_boolean_dict))
- sys.exit(2)
- # TODO: should be added to handle_opts logic
- elif args.action is "modify" and not args.boolean:
- print("boolean name required ")
- sys.exit(1)
- elif args.action is "modify" and args.boolean and not args.state:
- print("state option is needed")
- sys.exit(1)
- else:
- handle_opts(args, boolean_args, args.action)
+ boolean_args = {'list': [('state', 'boolean'), ('')], 'modify': [('localist'), ('boolean', 'state')], 'extract': [('locallist', 'state', 'boolean'), ('')], 'deleteall': [('locallist'), ('')], 'state': [('locallist', 'list', 'extract', 'deleteall'), ('modify')]}
+
+ handle_opts(args, boolean_args, args.action)
OBJECT = object_dict['boolean']()
OBJECT.set_reload(args.noreload)
@@ -683,7 +670,7 @@ def setupBooleanParser(subparsers):
parser_add_store(booleanParser, "boolean")
booleanParser.add_argument('boolean', nargs="?", default=None, help=_('boolean'))
- boolean_action = booleanParser.add_mutually_exclusive_group(required=False)
+ boolean_action = booleanParser.add_mutually_exclusive_group(required=True)
#add_add(boolean_action)
parser_add_modify(boolean_action, "boolean")
parser_add_list(boolean_action, "boolean")
diff --git policycoreutils-2.6/semanage/semanage.8 policycoreutils-2.6/semanage/semanage.8
index ac39862..75b782f 100644
--- policycoreutils-2.6/semanage/semanage.8
@ -151,19 +343,56 @@ index ac39862..75b782f 100644
while the semanage user command deals with the mapping from SELinux
user identities to authorized role sets. In most cases, only the
diff --git policycoreutils-2.6/semanage/seobject.py policycoreutils-2.6/semanage/seobject.py
index bb049c0..c836cc5 100644
index bb049c0..a977d68 100644
--- policycoreutils-2.6/semanage/seobject.py
+++ policycoreutils-2.6/semanage/seobject.py
@@ -386,7 +386,7 @@ class moduleRecords(semanageRecords):
@@ -84,7 +84,7 @@ file_type_str_to_option = {"all files": "a",
"directory": "d",
"character device": "c",
"block device": "b",
- "socket file": "s",
+ "socket": "s",
"symbolic link": "l",
"named pipe": "p"}
@@ -385,8 +385,10 @@ class moduleRecords(semanageRecords):
print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
def add(self, file, priority):
+ if not file:
+ raise ValueError(_("You did not define module."))
if not os.path.exists(file):
- raise ValueError(_("Module does not exists %s ") % file)
+ raise ValueError(_("Module does not exist: %s ") % file)
rc = semanage_set_default_priority(self.sh, priority)
if rc < 0:
@@ -492,7 +492,7 @@ class permissiveRecords(semanageRecords):
@@ -397,6 +399,8 @@ class moduleRecords(semanageRecords):
self.commit()
def set_enabled(self, module, enable):
+ if not module:
+ raise ValueError(_("You did not define module name."))
for m in module.split():
rc, key = semanage_module_key_create(self.sh)
if rc < 0:
@@ -415,11 +419,15 @@ class moduleRecords(semanageRecords):
self.commit()
def modify(self, file):
+ if not file:
+ raise ValueError(_("You did not define module."))
rc = semanage_module_update_file(self.sh, file)
if rc >= 0:
self.commit()
def delete(self, module, priority):
+ if not module:
+ raise ValueError(_("You did not define module name."))
rc = semanage_set_default_priority(self.sh, priority)
if rc < 0:
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
@@ -492,7 +500,7 @@ class permissiveRecords(semanageRecords):
try:
import sepolgen.module as module
except ImportError:
@ -172,7 +401,7 @@ index bb049c0..c836cc5 100644
name = "permissive_%s" % type
modtxt = "(typepermissive %s)" % type
@@ -1823,7 +1823,7 @@ class fcontextRecords(semanageRecords):
@@ -1823,7 +1831,7 @@ class fcontextRecords(semanageRecords):
def modify_equal(self, target, substitute):
self.begin()
if target not in self.equiv.keys():
@ -181,7 +410,7 @@ index bb049c0..c836cc5 100644
self.equiv[target] = substitute
self.equal_ind = True
@@ -1953,10 +1953,12 @@ class fcontextRecords(semanageRecords):
@@ -1953,10 +1961,12 @@ class fcontextRecords(semanageRecords):
if not exists:
raise ValueError(_("File context for %s is not defined") % target)
@ -1747,3 +1976,282 @@ index 4b9534d..f267993 100644
"""
if_initscript_admin_types="""
diff --git policycoreutils-2.6/setfiles/.gitignore policycoreutils-2.6/setfiles/.gitignore
index 583eb6c..5e899c9 100644
--- policycoreutils-2.6/setfiles/.gitignore
+++ policycoreutils-2.6/setfiles/.gitignore
@@ -1,2 +1 @@
-restorecon.8.man
setfiles.8.man
diff --git policycoreutils-2.6/setfiles/Makefile policycoreutils-2.6/setfiles/Makefile
index 43364f9..92300c9 100644
--- policycoreutils-2.6/setfiles/Makefile
+++ policycoreutils-2.6/setfiles/Makefile
@@ -5,7 +5,6 @@ MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }')
ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
CFLAGS ?= -g -Werror -Wall -W
@@ -28,8 +27,6 @@ restorecon_xattr: restorecon_xattr.o restore.o
man:
@cp -af setfiles.8 setfiles.8.man
- @cp -af restorecon.8 restorecon.8.man
- @sed -i "s/STAR_COUNT/$(PROGRESS_STEP)/g" setfiles.8.man restorecon.8.man
@sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" setfiles.8.man
install: all
@@ -39,11 +36,11 @@ install: all
(cd $(SBINDIR) && ln -sf setfiles restorecon)
install -m 755 restorecon_xattr $(SBINDIR)
install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
- install -m 644 restorecon.8.man $(MANDIR)/man8/restorecon.8
+ install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
install -m 644 restorecon_xattr.8 $(MANDIR)/man8/restorecon_xattr.8
clean:
- rm -f setfiles restorecon restorecon_xattr *.o setfiles.8.man restorecon.8.man
+ rm -f setfiles restorecon restorecon_xattr *.o setfiles.8.man
indent:
../../scripts/Lindent $(wildcard *.[ch])
diff --git policycoreutils-2.6/setfiles/restore.c policycoreutils-2.6/setfiles/restore.c
index cf04e96..50d192a 100644
--- policycoreutils-2.6/setfiles/restore.c
+++ policycoreutils-2.6/setfiles/restore.c
@@ -35,7 +35,8 @@ void restore_init(struct restore_opts *opts)
r_opts->recurse | r_opts->userealpath |
r_opts->xdev | r_opts->abort_on_error |
r_opts->syslog_changes | r_opts->log_matches |
- r_opts->ignore_noent | r_opts->ignore_mounts;
+ r_opts->ignore_noent | r_opts->ignore_mounts |
+ r_opts->mass_relabel;
/* Use setfiles, restorecon and restorecond own handles */
selinux_restorecon_set_sehandle(r_opts->hnd);
diff --git policycoreutils-2.6/setfiles/restore.h policycoreutils-2.6/setfiles/restore.h
index 97fbdf4..b64042a 100644
--- policycoreutils-2.6/setfiles/restore.h
+++ policycoreutils-2.6/setfiles/restore.h
@@ -17,18 +17,12 @@
#include <limits.h>
#include <stdint.h>
-/*
- * STAR_COUNT is also defined in libselinux/src/selinux_restorecon.c where it
- * is used to output "*" for each number of files processed. Defined here for
- * inclusion in man pages.
-*/
-#define STAR_COUNT 1000
-
/* Things that need to be init'd */
struct restore_opts {
unsigned int nochange;
unsigned int verbose;
unsigned int progress;
+ unsigned int mass_relabel;
unsigned int set_specctx;
unsigned int add_assoc;
unsigned int ignore_digest;
@@ -49,7 +43,6 @@ struct restore_opts {
const char *selabel_opt_path;
const char *selabel_opt_digest;
int debug;
- FILE *outfile;
};
void restore_init(struct restore_opts *opts);
diff --git policycoreutils-2.6/setfiles/restorecon.8 policycoreutils-2.6/setfiles/restorecon.8
index fdb468b..3b28482 100644
--- policycoreutils-2.6/setfiles/restorecon.8
+++ policycoreutils-2.6/setfiles/restorecon.8
@@ -109,10 +109,10 @@ don't change any file labels (passive check). To display the files whose labels
.BR \-v .
.TP
.BI \-o \ outfilename
-Deprecated, SELinux policy will probably block this access. Use shell redirection to save list of files with incorrect context in filename.
+Deprecated - This option is no longer supported.
.TP
.B \-p
-show progress by printing * every STAR_COUNT files unless relabeling the entire
+show progress by printing the number of files in 1k blocks unless relabeling the entire
OS, that will then show the approximate percentage complete. Note that the
.B \-p
and
diff --git policycoreutils-2.6/setfiles/restorecon_xattr.c policycoreutils-2.6/setfiles/restorecon_xattr.c
index 1c39efe..91c087f 100644
--- policycoreutils-2.6/setfiles/restorecon_xattr.c
+++ policycoreutils-2.6/setfiles/restorecon_xattr.c
@@ -14,7 +14,7 @@
#include "restore.h"
-static void usage(const char *progname)
+static __attribute__((__noreturn__)) void usage(const char *progname)
{
fprintf(stderr,
"\nusage: %s [-vnrmdD] [-e directory] [-f specfile] pathname\n"
diff --git policycoreutils-2.6/setfiles/setfiles.8 policycoreutils-2.6/setfiles/setfiles.8
index 6901e13..9501845 100644
--- policycoreutils-2.6/setfiles/setfiles.8
+++ policycoreutils-2.6/setfiles/setfiles.8
@@ -106,11 +106,11 @@ seclabel fs mounted on a directory below this.
.B \-n
don't change any file labels (passive check).
.TP
-.BI \-o \ filename
-Deprecated, SELinux policy will probably block this access. Use shell redirection to save list of files with incorrect context in filename.
+.BI \-o \ outfilename
+Deprecated - This option is no longer supported.
.TP
.B \-p
-show progress by printing * every STAR_COUNT files unless relabeling the entire
+show progress by printing the number of files in 1k blocks unless relabeling the entire
OS, that will then show the approximate percentage complete. Note that the
.B \-p
and
diff --git policycoreutils-2.6/setfiles/setfiles.c policycoreutils-2.6/setfiles/setfiles.c
index 1a2d711..bc83c27 100644
--- policycoreutils-2.6/setfiles/setfiles.c
+++ policycoreutils-2.6/setfiles/setfiles.c
@@ -39,7 +39,7 @@ static int iamrestorecon;
static int ctx_validate; /* Validate contexts */
static const char *altpath; /* Alternate path to file_contexts */
-void usage(const char *const name)
+static __attribute__((__noreturn__)) void usage(const char *const name)
{
if (iamrestorecon) {
fprintf(stderr,
@@ -138,6 +138,26 @@ static void maybe_audit_mass_relabel(int mass_relabel, int mass_relabel_errs)
#endif
}
+static int __attribute__ ((format(printf, 2, 3)))
+log_callback(int type, const char *fmt, ...)
+{
+ int rc;
+ FILE *out;
+ va_list ap;
+
+ if (type == SELINUX_INFO) {
+ out = stdout;
+ } else {
+ out = stderr;
+ fflush(stdout);
+ fprintf(out, "%s: ", r_opts.progname);
+ }
+ va_start(ap, fmt);
+ rc = vfprintf(out, fmt, ap);
+ va_end(ap);
+ return rc;
+}
+
int main(int argc, char **argv)
{
struct stat sb;
@@ -147,10 +167,11 @@ int main(int argc, char **argv)
char *buf = NULL;
size_t buf_len;
const char *base;
- int mass_relabel = 0, errors = 0;
+ int errors = 0;
const char *ropts = "e:f:hiIDlmno:pqrsvFRW0";
const char *sopts = "c:de:f:hiIDlmno:pqr:svFR:W0";
const char *opts;
+ union selinux_callback cb;
/* Initialize variables */
memset(&r_opts, 0, sizeof(r_opts));
@@ -304,19 +325,8 @@ int main(int argc, char **argv)
r_opts.nochange = SELINUX_RESTORECON_NOCHANGE;
break;
case 'o': /* Deprecated */
- if (strcmp(optarg, "-") == 0) {
- r_opts.outfile = stdout;
- break;
- }
-
- r_opts.outfile = fopen(optarg, "w");
- if (!r_opts.outfile) {
- fprintf(stderr, "Error opening %s: %s\n",
- optarg, strerror(errno));
-
- usage(argv[0]);
- }
- __fsetlocking(r_opts.outfile, FSETLOCKING_BYCALLER);
+ fprintf(stderr, "%s: -o option no longer supported\n",
+ r_opts.progname);
break;
case 'q':
/* Deprecated - Was only used to say whether print
@@ -380,9 +390,12 @@ int main(int argc, char **argv)
for (i = optind; i < argc; i++) {
if (!strcmp(argv[i], "/"))
- mass_relabel = 1;
+ r_opts.mass_relabel = SELINUX_RESTORECON_MASS_RELABEL;
}
+ cb.func_log = log_callback;
+ selinux_set_callback(SELINUX_CB_LOG, cb);
+
if (!iamrestorecon) {
if (policyfile) {
if (optind != (argc - 1))
@@ -401,8 +414,8 @@ int main(int argc, char **argv)
* we can support either checking against the active policy or
* checking against a binary policy file.
*/
- selinux_set_callback(SELINUX_CB_VALIDATE,
- (union selinux_callback)&canoncon);
+ cb.func_validate = canoncon;
+ selinux_set_callback(SELINUX_CB_VALIDATE, cb);
if (stat(argv[optind], &sb) < 0) {
perror(argv[optind]);
@@ -449,7 +462,7 @@ int main(int argc, char **argv)
while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
buf[len - 1] = 0;
if (!strcmp(buf, "/"))
- mass_relabel = 1;
+ r_opts.mass_relabel = SELINUX_RESTORECON_MASS_RELABEL;
errors |= process_glob(buf, &r_opts) < 0;
}
if (strcmp(input_filename, "-") != 0)
@@ -459,7 +472,7 @@ int main(int argc, char **argv)
errors |= process_glob(argv[i], &r_opts) < 0;
}
- maybe_audit_mass_relabel(mass_relabel, errors);
+ maybe_audit_mass_relabel(r_opts.mass_relabel, errors);
if (warn_no_match)
selabel_stats(r_opts.hnd);
@@ -467,8 +480,8 @@ int main(int argc, char **argv)
selabel_close(r_opts.hnd);
restore_finish();
- if (r_opts.outfile)
- fclose(r_opts.outfile);
+ if (r_opts.progress)
+ fprintf(stdout, "\n");
exit(errors ? -1 : 0);
}
diff --git policycoreutils-2.6/setsebool/setsebool.c policycoreutils-2.6/setsebool/setsebool.c
index b101f08..53d3566 100644
--- policycoreutils-2.6/setsebool/setsebool.c
+++ policycoreutils-2.6/setsebool/setsebool.c
@@ -23,7 +23,7 @@ int verbose = 0;
int setbool(char **list, size_t start, size_t end);
-void usage(void)
+static __attribute__((__noreturn__)) void usage(void)
{
fputs
("\nUsage: setsebool [ -NPV ] boolean value | bool1=val1 bool2=val2...\n\n",

20
policycoreutils.spec
View File

@ -1,7 +1,7 @@
%global libauditver 2.1.3-4
%global libsepolver 2.6-0
%global libsemanagever 2.6-0
%global libselinuxver 2.6-0
%global libselinuxver 2.6-5
%global sepolgenver 2.6
%global generatorsdir %{_prefix}/lib/systemd/system-generators
@ -9,7 +9,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.6
Release: 4%{?dist}
Release: 5%{?dist}
License: GPLv2
Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases
@ -27,7 +27,7 @@ Source9: selinux-autorelabel-generator.sh
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run:
# $ VERSION=2.6 ./make-fedora-selinux-patch.sh policycoreutils
# FIXME: HEAD https://github.com/fedora-selinux/selinux/commit/223fc83c6e68cead9b3d8d4e5ca7e95a580952e7
# HEAD https://github.com/fedora-selinux/selinux/commit/8a1941594a7221ec948b82b26636ad5a0d2dc724
Patch: policycoreutils-fedora.patch
# $ VERSION=2.6 ./make-fedora-selinux-patch.sh sepolgen
# Patch1: sepolgen-fedora.patch
@ -445,6 +445,20 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Thu Apr 06 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-5
- semanage: Unify argument handling (#1398987)
- setfiles: set up a logging callback for libselinux
- setfiles: Fix setfiles progress indicator
- setfiles: stdout messages don't need program prefix
- setfiles: don't scramble stdout and stderr together (#1435894)
- restorecond: Decrease loglevel of termination message (#1264505)
- fixfiles should handle path arguments more robustly
- fixfiles: handle unexpected spaces in command
- fixfiles: remove useless use of cat (#1435894)
- semanage: Add checks if a module name is passed in (#1420707)
- semanage: fix export of fcontext socket entries (#1435127)
- selinux-autorelabel: remove incorrect redirection to /dev/null (#1415674)
* Fri Mar 17 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-4
- Fix selinux-polgengui (#1432337)
- sepolicy - fix obtaining domain name in HTMLManPages