diff --git a/.cvsignore b/.cvsignore index 2d12eb6..f9240db 100644 --- a/.cvsignore +++ b/.cvsignore @@ -69,3 +69,4 @@ policycoreutils-1.27.28.tgz policycoreutils-1.27.29.tgz policycoreutils-1.27.30.tgz policycoreutils-1.27.31.tgz +policycoreutils-1.27.33.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 5438642..cc2c98b 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,670 +1,23 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.31/audit2allow/audit2allow ---- nsapolicycoreutils/audit2allow/audit2allow 2005-11-29 13:43:42.000000000 -0500 -+++ policycoreutils-1.27.31/audit2allow/audit2allow 2005-11-30 14:51:35.000000000 -0500 -@@ -25,8 +25,9 @@ - # - # - import commands, sys, os, pwd, string, getopt, re, selinux --class allow: -- def __init__(self, source, target, seclass): -+class serule: -+ def __init__(self, type, source, target, seclass): -+ self.type=type - self.source=source - self.target=target - self.seclass=seclass -@@ -52,7 +53,7 @@ - return ret - def out(self, verbose=0): - ret="" -- ret=ret+"allow %s %s:%s %s;" % (self.source, self.gettarget(), self.seclass, self.getAccess()) -+ ret=ret+"%s %s %s:%s %s;" % (self.type, self.source, self.gettarget(), self.seclass, self.getAccess()) - if verbose: - keys=self.avcinfo.keys() - keys.sort() -@@ -72,38 +73,104 @@ - else: - return self.target - --class allowRecords: -- def __init__(self, input, last_reload=0, verbose=0): -+class seruleRecords: -+ def __init__(self, input, last_reload=0, verbose=0, te_ind=0): - self.last_reload=last_reload -- self.allowRules={} -+ self.seRules={} - self.seclasses={} - self.types=[] - self.roles=[] -- self.load(input) -+ self.load(input, te_ind) - - def warning(self, error): - sys.stderr.write("%s: " % sys.argv[0]) - sys.stderr.write("%s\n" % error) - sys.stderr.flush() - -- def load(self, input): -+ def load(self, input, te_ind=0): -+ VALID_CMDS=("allow", "dontaudit", "auditallow", "role") -+ - avc=[] - found=0 - line = input.readline() -- while line: -- rec=line.split() -- for i in rec: -- if i=="avc:" or i=="message=avc:": -- found=1 -- else: -- avc.append(i) -- if found: -- self.add(avc) -- found=0 -- avc=[] -- line = input.readline() -+ if te_ind: -+ while line: -+ rec=line.split() -+ if len(rec) and rec[0] in VALID_CMDS: -+ self.add_terule(line) -+ line = input.readline() -+ -+ else: -+ while line: -+ rec=line.split() -+ for i in rec: -+ if i=="avc:" or i=="message=avc:": -+ found=1 -+ else: -+ avc.append(i) -+ if found: -+ self.add(avc) -+ found=0 -+ avc=[] -+ line = input.readline() - - -+ def get_target(self, i, rule): -+ target=[] -+ if rule[i][0] == "{": -+ for t in rule[i].split("{"): -+ if len(t): -+ target.append(t) -+ i=i+1 -+ for s in rule[i:]: -+ if s.find("}") >= 0: -+ for s1 in s.split("}"): -+ if len(s1): -+ target.append(s1) -+ i=i+1 -+ return (i, target) -+ -+ target.append(s) -+ i=i+1 -+ else: -+ if rule[i].find(";") >= 0: -+ for s1 in rule[i].split(";"): -+ if len(s1): -+ target.append(s1) -+ else: -+ target.append(rule[i]) -+ -+ i=i+1 -+ return (i, target) -+ -+ def rules_split(self, rules): -+ (idx, target ) = self.get_target(0, rules) -+ (idx, subject) = self.get_target(idx, rules) -+ return (target, subject) -+ -+ def add_terule(self, rule): -+ rc = rule.split(":") -+ rules=rc[0].split() -+ type=rules[0] -+ if type == "role": -+ print type -+ (sources, targets) = self.rules_split(rules[1:]) -+ rules=rc[1].split() -+ (seclasses, access) = self.rules_split(rules) -+ for scon in sources: -+ for tcon in targets: -+ for seclass in seclasses: -+ self.add_rule(type, scon, tcon, seclass,access) -+ -+ def add_rule(self, rule_type, scon, tcon, seclass, access, msg="", comm="", name=""): -+ self.add_seclass(seclass, access) -+ self.add_type(tcon) -+ self.add_type(scon) -+ if (type, scon, tcon, seclass) not in self.seRules.keys(): -+ self.seRules[(rule_type, scon, tcon, seclass)]=serule(rule_type, scon, tcon, seclass) -+ -+ self.seRules[(rule_type, scon, tcon, seclass)].add((access, msg, comm, name )) -+ - def add(self,avc): - scon="" - tcon="" -@@ -117,7 +184,7 @@ - - if "granted" in avc: - if "load_policy" in avc and self.last_reload: -- self.allowRules={} -+ self.seRules={} - return - try: - for i in range (0, len(avc)): -@@ -160,16 +227,9 @@ - self.warning("Bad AVC Line: %s" % avc) - return - -- self.add_seclass(seclass, access) -- self.add_type(tcon) -- self.add_type(scon) - self.add_role(srole) - self.add_role(trole) -- -- if (scon, tcon, seclass) not in self.allowRules.keys(): -- self.allowRules[(scon, tcon, seclass)]=allow(scon, tcon, seclass) -- -- self.allowRules[(scon, tcon, seclass)].add((access, msg, comm, name )) -+ self.add_rule("allow", scon, tcon, seclass, access, msg, comm, name) - - def add_seclass(self,seclass, access): - if seclass not in self.seclasses.keys(): -@@ -195,17 +255,23 @@ - keys=self.seclasses.keys() - keys.sort() - rec="\n\nrequire {\n" -- for i in self.roles: -- rec += "\trole %s; \n" % i -- rec += "\n\n" -+ if len(self.roles) > 0: -+ for i in self.roles: -+ rec += "\trole %s; \n" % i -+ rec += "\n" -+ - for i in keys: - access=self.seclasses[i] -- access.sort() -- rec += "\tclass %s { " % i -- for a in access: -- rec += " %s" % a -- rec += " }; \n" -- rec += "\n\n" -+ if len(access) > 1: -+ access.sort() -+ rec += "\tclass %s {" % i -+ for a in access: -+ rec += " %s" % a -+ rec += " }; \n" -+ else: -+ rec += "\tclass %s %s;\n" % (i, access[0]) -+ -+ rec += "\n" - - for i in self.types: - rec += "\ttype %s; \n" % i -@@ -214,17 +280,19 @@ - - def out(self, require=0, module=""): - rec="" -- if len(self.allowRules.keys())==0: -+ if len(self.seRules.keys())==0: - raise(ValueError("No AVC messages found.")) -- if module!="": -+ if module != "": - rec += self.gen_module(module) - rec += self.gen_requires() - else: - if requires: - rec+=self.gen_requires() -- -- for i in self.allowRules.keys(): -- rec += self.allowRules[i].out(verbose)+"\n" -+ -+ keys=self.seRules.keys() -+ keys.sort() -+ for i in keys: -+ rec += self.seRules[i].out(verbose)+"\n" - return rec - - if __name__ == '__main__': -@@ -235,8 +303,8 @@ - else: - return "" - -- def usage(): -- print 'audit2allow [-adhilrv] [-i ] [[-m|-M] ] [-o ]\n\ -+ def usage(msg=""): -+ print 'audit2allow [-adhilrv] [-t file ] [ -f fcfile ] [-i ] [[-m|-M] ] [-o ]\n\ - -a, --all read input from audit and message log, conflicts with -i\n\ - -d, --dmesg read input from output of /bin/dmesg\n\ - -h, --help display this message\n\ -@@ -246,8 +314,12 @@ - -M generate loadable module package, conflicts with -o\n\ - -o, --output append output to , conflicts with -M\n\ - -r, --requires generate require output \n\ -+ -t, --tefile Indicates input is Existing Type Enforcement file\n\ -+ -f, --fcfile Existing Type Enforcement file, requires -M\n\ - -v, --verbose verbose output\n\ - ' -+ if msg != "": -+ print msg - sys.exit(1) - - def errorExit(error): -@@ -270,41 +342,50 @@ - buildPP=0 - input_ind=0 - output_ind=0 -+ te_ind=0 -+ -+ fc_file="" - gopts, cmds = getopt.getopt(sys.argv[1:], -- 'adhi:lm:M:o:rv', -+ 'adf:hi:lm:M:o:rtv', - ['all', - 'dmesg', -+ 'fcfile=', - 'help', - 'input=', - 'lastreload', - 'module=', - 'output=', - 'requires' -+ 'tefile', - 'verbose' - ]) - for o,a in gopts: - if o == "-a" or o == "--all": -- if input_ind: -+ if input_ind or te_ind: - usage() - input=open("/var/log/messages", "r") - auditlogs=1 - if o == "-d" or o == "--dmesg": - input=os.popen("/bin/dmesg", "r") -+ if o == "-f" or o == "--fcfile": -+ if a[0]=="-": -+ usage() -+ fc_file=a - if o == "-h" or o == "--help": - usage() - if o == "-i"or o == "--input": -- if auditlogs: -+ if auditlogs or a[0]=="-": - usage() - input_ind=1 - input=open(a, "r") - if o == '--lastreload' or o == "-l": - last_reload=1 - if o == "-m" or o == "--module": -- if module != "": -+ if module != "" or a[0]=="-": - usage() - module=a - if o == "-M": -- if module != "" or output_ind: -+ if module != "" or output_ind or a[0]=="-": - usage() - module=a - outfile=a+".te" -@@ -312,19 +393,30 @@ - output=open(outfile, "w") - if o == "-r" or o == "--requires": - requires=1 -+ if o == "-t" or o == "--tefile": -+ if auditlogs: -+ usage() -+ te_ind=1 - if o == "-o" or o == "--output": -- if module != "": -+ if module != "" or a[0]=="-": - usage() - output=open(a, "a") - output_ind=1 - if o == "-v" or o == "--verbose": - verbose=1 -- if len(cmds) != 0: -- usage() -- out=allowRecords(input, last_reload, verbose) -+ -+ if len(cmds) != 0: -+ usage() -+ -+ if fc_file != "" and not buildPP: -+ usage("Error %s: Option -fc requires -M" % sys.argv[0]) -+ -+ out=seruleRecords(input, last_reload, verbose, te_ind) -+ - if auditlogs: -- input=open("/var/log/audit/audit.log", "r") -- out.load(input) -+ input=os.popen("ausearch -m avc") -+ out.load(input) -+ - if buildPP: - print ("Generating type enforcment file: %s.te" % module) - output.write(out.out(requires, module)) -@@ -334,8 +426,13 @@ - print "Compiling policy: %s" % cmd - rc=commands.getstatusoutput(cmd) - if rc[0]==0: -- print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module)) -- rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module)) -+ cmd="semodule_package -o %s.pp -m %s.mod" % (module, module) -+ print cmd -+ if fc_file != "": -+ cmd = "%s -f %s" % (cmd, fc_file) -+ -+ print "Building package: %s" % cmd -+ rc=commands.getstatusoutput(cmd) - if rc[0]==0: - print ("\n******************** IMPORTANT ***********************\n") - print ("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n" % module) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.27.31/audit2allow/audit2allow.1 ---- nsapolicycoreutils/audit2allow/audit2allow.1 2005-11-29 13:43:42.000000000 -0500 -+++ policycoreutils-1.27.31/audit2allow/audit2allow.1 2005-11-30 14:53:31.000000000 -0500 -@@ -33,37 +33,44 @@ - .B "\-a" | "\-\-all" - Read input from audit and message log, conflicts with -i - .TP --.B "\-h" | "\-\-help" --Print a short usage message --.TP - .B "\-d" | "\-\-dmesg" - Read input from output of - .I /bin/dmesg. --Note that audit messages are not available via dmesg when --auditd is running; use -i /var/log/audit/audit.log instead. -+Note that all audit messages are not available via dmesg when -+auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead. - .TP --.B "\-v" | "\-\-verbose" --Turn on verbose output -+.B "\-f" | "\-\-fcfile" -+Add File Context File to generated Module Package. Requires -M option. -+.TP -+.B "\-h" | "\-\-help" -+Print a short usage message -+.TP -+.B "\-i " | "\-\-input " -+read input from -+.I - .TP - .B "\-l" | "\-\-lastreload" - read input only after last policy reload - .TP --.B "\-r" | "\-\-requires" --Generate require output syntax for loadable modules. --.TP - .B "\-m " | "\-\-module " - Generate module/require output - .TP - .B "\-M " - Generate loadable module package, conflicts with -o - .TP --.B "\-i " | "\-\-input " --read input from --.I --.TP - .B "\-o " | "\-\-output " - append output to - .I -+.TP -+.B "\-r" | "\-\-requires" -+Generate require output syntax for loadable modules. -+.TP -+.B "\-t " | "\-\-tefile" -+Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format. -+.TP -+.B "\-v" | "\-\-verbose" -+Turn on verbose output -+ - .SH DESCRIPTION - .PP - This utility scans the logs for messages logged when the system denied diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.31/scripts/genhomedircon ---- nsapolicycoreutils/scripts/genhomedircon 2005-11-30 13:59:30.000000000 -0500 -+++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 14:31:26.000000000 -0500 -@@ -32,6 +32,8 @@ - fd=open("/etc/shells", 'r') - VALID_SHELLS=fd.read().split('\n') - fd.close() -+if "/sbin/nologin" in VALID_SHELLS: -+ VALID_SHELLS.remove("/sbin/nologin") +--- nsapolicycoreutils/scripts/genhomedircon 2005-12-01 14:18:40.000000000 -0500 ++++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 20:19:55.000000000 -0500 +@@ -133,7 +133,7 @@ + if rc[0] == 0: + return rc[1]+"\n" + else: +- errorExit(string.join("sed error ", rc[1])) ++ errorExit("sed error %s" % rc[1]) - def getStartingUID(): - starting_uid = sys.maxint -@@ -266,7 +268,7 @@ - homedir = u[5][:string.rfind(u[5], "/")] - if not homedir in homedirs: - if self.checkExists(homedir)==0: -- warning("%s is already defined in %s,\n%s will not create a new context." % (homedir, self.getFileContextFile(), sys.argv[0])) -+ warning("%s homedir %s or its parent directoy conflicts with a\ndefined context in %s,\n%s will not create a new context." % (u[0], u[5], self.getFileContextFile(), sys.argv[0])) - else: - homedirs.append(homedir) + def heading(self): + ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0] +@@ -329,8 +329,8 @@ + selconf.write() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule/Makefile policycoreutils-1.27.31/semodule/Makefile ---- nsapolicycoreutils/semodule/Makefile 2005-10-10 09:02:48.000000000 -0400 -+++ policycoreutils-1.27.31/semodule/Makefile 2005-11-30 14:31:26.000000000 -0500 -@@ -17,6 +17,8 @@ - install: all - -mkdir -p $(SBINDIR) - install -m 755 semodule $(SBINDIR) -+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 -+ install -m 644 semodule.8 $(MANDIR)/man8/ - - relabel: - -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-1.27.31/semodule/semodule.8 ---- nsapolicycoreutils/semodule/semodule.8 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.27.31/semodule/semodule.8 2005-11-30 14:31:26.000000000 -0500 -@@ -0,0 +1,53 @@ -+.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA -+.SH NAME -+semodule \- Manage SELinux policy modules. -+ -+.SH SYNOPSIS -+.B semodule -+.br -+.SH DESCRIPTION -+.PP -+semodule is the tool used to manage policy, it can call functions to load/replace the policy in the kernel, as well as setup load_able modules. -+ -+.SH "OPTIONS" -+.TP -+.B \-R, \-\-reload -+reload policy -+.TP -+.B \-B, \-\-build -+build and reload policy -+.TP -+.B \-i,\-\-install=MODULE_PKG -+install a new module -+.TP -+.B \-u,\-\-upgrade=MODULE_PKG -+upgrade existing module -+.TP -+.B \-b,\-\-base=MODULE_PKG -+install new base module -+.TP -+.B \-r,\-\-remove=MODULE_NAME -+remove existing module -+.TP -+.B \-l,\-\-list-modules -+display list of installed modules -+.TP -+.B \-s,\-\-store -+name of the store to operate on -+.TP -+.B \-n,\-\-noreload -+do not reload policy after commit -+.TP -+.B \-h,\-\-help -+prints help message and quit -+.TP -+.B \-v,\-\-verbose -+be verbose reset the policy boolean values to the saved policy settings. -+ -+.SH SEE ALSO -+.B load_policy(8), semodule_package(8), semodule_expand(8), semodule_link(8) -+(8), -+.SH AUTHORS -+.nf -+This manual page was written by Dan Walsh . -+The program was written by Karl MacMillan , Joshua Brindle , Jason Tang -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_expand/Makefile policycoreutils-1.27.31/semodule_expand/Makefile ---- nsapolicycoreutils/semodule_expand/Makefile 2005-10-12 15:25:33.000000000 -0400 -+++ policycoreutils-1.27.31/semodule_expand/Makefile 2005-11-30 14:31:26.000000000 -0500 -@@ -3,6 +3,7 @@ - INCLUDEDIR ?= $(PREFIX)/include - BINDIR ?= $(PREFIX)/bin - LIBDIR ?= ${PREFIX}/lib -+MANDIR ?= $(PREFIX)/share/man - - CFLAGS ?= -Werror -Wall -W - override CFLAGS += -I$(INCLUDEDIR) -@@ -15,6 +16,8 @@ - install: all - -mkdir -p $(BINDIR) - install -m 755 semodule_expand $(BINDIR) -+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 -+ install -m 644 semodule_expand.8 $(MANDIR)/man8/ - - relabel: - -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_expand/semodule_expand.8 policycoreutils-1.27.31/semodule_expand/semodule_expand.8 ---- nsapolicycoreutils/semodule_expand/semodule_expand.8 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.27.31/semodule_expand/semodule_expand.8 2005-11-30 14:31:26.000000000 -0500 -@@ -0,0 +1,26 @@ -+.TH SEMODULE_EXPAND "8" "Nov 2005" "Security Enhanced Linux" NSA -+.SH NAME -+semodule_expand \- Manage SELinux policy modules. -+ -+.SH SYNOPSIS -+.B semodule_expand [-V -c [version]] basemodpkg outputfile -+.br -+.SH DESCRIPTION -+.PP -+semodule_expand is the tool used to create a policy file from a base policy module. Tool takes to arguments: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20). -+ -+.SH "OPTIONS" -+.TP -+.B \-V -+verbose mode -+.TP -+.B \-c [version] -+policy version to create -+ -+.SH SEE ALSO -+.B load_policy(8), semodule_package(8), semodule(8), semodule_link(8) -+(8), -+.SH AUTHORS -+.nf -+This manual page was written by Dan Walsh . -+The program was written by Karl MacMillan , Joshua Brindle -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_link/Makefile policycoreutils-1.27.31/semodule_link/Makefile ---- nsapolicycoreutils/semodule_link/Makefile 2005-10-12 15:25:33.000000000 -0400 -+++ policycoreutils-1.27.31/semodule_link/Makefile 2005-11-30 14:31:26.000000000 -0500 -@@ -2,6 +2,7 @@ - PREFIX ?= ${DESTDIR}/usr - INCLUDEDIR ?= $(PREFIX)/include - BINDIR ?= $(PREFIX)/bin -+MANDIR ?= $(PREFIX)/share/man - LIBDIR ?= ${PREFIX}/lib - - CFLAGS ?= -Werror -Wall -W -@@ -15,6 +16,8 @@ - install: all - -mkdir -p $(BINDIR) - install -m 755 semodule_link $(BINDIR) -+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 -+ install -m 644 semodule_link.8 $(MANDIR)/man8/ - - relabel: - -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_link/semodule_link.8 policycoreutils-1.27.31/semodule_link/semodule_link.8 ---- nsapolicycoreutils/semodule_link/semodule_link.8 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.27.31/semodule_link/semodule_link.8 2005-11-30 14:31:26.000000000 -0500 -@@ -0,0 +1,27 @@ -+.TH SEMODULE_LINK "8" "Nov 2005" "Security Enhanced Linux" NSA -+.SH NAME -+semodule_link \- Link a group of modules together with a base module -+ -+.SH SYNOPSIS -+.B semodule_link [-V] [-o outfile] basemodpkg modpkg1 [modpkg2]... -+.br -+.SH DESCRIPTION -+.PP -+semodule_link is the tool used to create a policy file from a base policy module. and one of more loadable policy modules: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20). -+ -+.SH "OPTIONS" -+.TP -+.B \-V -+verbose mode -+.TP -+.B \-o \-\-outfile -+Loadable package Output file -+ -+ -+.SH SEE ALSO -+.B load_policy(8), semodule_package(8), semodule(8), semodule_expand(8) -+(8), -+.SH AUTHORS -+.nf -+This manual page was written by Dan Walsh . -+The program was written by Karl MacMillan -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_package/Makefile policycoreutils-1.27.31/semodule_package/Makefile ---- nsapolicycoreutils/semodule_package/Makefile 2005-10-12 15:25:33.000000000 -0400 -+++ policycoreutils-1.27.31/semodule_package/Makefile 2005-11-30 14:31:26.000000000 -0500 -@@ -3,6 +3,7 @@ - INCLUDEDIR ?= $(PREFIX)/include - BINDIR ?= $(PREFIX)/bin - LIBDIR ?= ${PREFIX}/lib -+MANDIR ?= $(PREFIX)/share/man - - CFLAGS ?= -Werror -Wall -W - override CFLAGS += -I$(INCLUDEDIR) -@@ -15,6 +16,8 @@ - install: all - -mkdir -p $(BINDIR) - install -m 755 semodule_package $(BINDIR) -+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 -+ install -m 644 semodule_package.8 $(MANDIR)/man8/ - - relabel: - -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_package/semodule_package.8 policycoreutils-1.27.31/semodule_package/semodule_package.8 ---- nsapolicycoreutils/semodule_package/semodule_package.8 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.27.31/semodule_package/semodule_package.8 2005-11-30 14:31:26.000000000 -0500 -@@ -0,0 +1,29 @@ -+.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA -+.SH NAME -+semodule_package \- Create loadable policy modules. -+ -+.SH SYNOPSIS -+.B semodule_package -o -m [-f ] -+.br -+.SH DESCRIPTION -+.PP -+semodule_package is the tool used to create a policy file from a base policy module. Tool takes to arguments: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20). -+ -+.SH "OPTIONS" -+.TP -+.B \-o \-\-outfile -+Loadable package Output file -+.TP -+.B \-m \-\-module -+Module file (te file) -+.TP -+.B \-f \-\-fc -+Policy File contexts file -+ -+.SH SEE ALSO -+.B load_policy(8), semodule(8), semodule_expand(8), semodule_link(8) -+(8), -+.SH AUTHORS -+.nf -+This manual page was written by Dan Walsh . -+The program was written by Karl MacMillan + except getopt.error, error: +- errorExit(string.join("Options Error ", error)) ++ errorExit("Options Error %s " % error) + except ValueError, error: +- errorExit(string.join("ValueError ", error)) ++ errorExit("ValueError %s" % error) + except IndexError, error: + errorExit("IndexError") diff --git a/policycoreutils.spec b/policycoreutils.spec index 2e4a2ef..3a7a749 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,16 +1,16 @@ %define libsepolver 1.9.41-1 %define libsemanagever 1.3.61-1 +%define libselinuxver 1.27.28-1 Summary: SELinux policy core utilities. Name: policycoreutils -Version: 1.27.31 +Version: 1.27.33 Release: 1 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Patch: policycoreutils-rhat.patch -BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} - +BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python BuildRoot: %{_tmppath}/%{name}-buildroot @@ -95,6 +95,14 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Thu Dec 1 2005 Dan Walsh 1.27.31-1 +- Update to match NSA + * Merged audit2allow --tefile and --fcfile support from Dan Walsh. + * Merged genhomedircon fix from Dan Walsh. + * Merged semodule* man pages from Dan Walsh, and edited them. + * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to + retain validation/canonicalization of contexts during init. + * Wed Nov 30 2005 Dan Walsh 1.27.31-1 - Update to match NSA * Changed genhomedircon to always use user_r for the role in the diff --git a/sources b/sources index 7b4ee92..72782fc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -baf3d49d7f7b8805aa8bb7b465f54f76 policycoreutils-1.27.31.tgz +d302f9dbd0c9555cdfbfa7629c4c28a9 policycoreutils-1.27.33.tgz