*** empty log message ***
This commit is contained in:
parent
df624fe500
commit
b36bfa063a
@ -69,3 +69,4 @@ policycoreutils-1.27.28.tgz
|
|||||||
policycoreutils-1.27.29.tgz
|
policycoreutils-1.27.29.tgz
|
||||||
policycoreutils-1.27.30.tgz
|
policycoreutils-1.27.30.tgz
|
||||||
policycoreutils-1.27.31.tgz
|
policycoreutils-1.27.31.tgz
|
||||||
|
policycoreutils-1.27.33.tgz
|
||||||
|
@ -1,670 +1,23 @@
|
|||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.31/audit2allow/audit2allow
|
|
||||||
--- nsapolicycoreutils/audit2allow/audit2allow 2005-11-29 13:43:42.000000000 -0500
|
|
||||||
+++ policycoreutils-1.27.31/audit2allow/audit2allow 2005-11-30 14:51:35.000000000 -0500
|
|
||||||
@@ -25,8 +25,9 @@
|
|
||||||
#
|
|
||||||
#
|
|
||||||
import commands, sys, os, pwd, string, getopt, re, selinux
|
|
||||||
-class allow:
|
|
||||||
- def __init__(self, source, target, seclass):
|
|
||||||
+class serule:
|
|
||||||
+ def __init__(self, type, source, target, seclass):
|
|
||||||
+ self.type=type
|
|
||||||
self.source=source
|
|
||||||
self.target=target
|
|
||||||
self.seclass=seclass
|
|
||||||
@@ -52,7 +53,7 @@
|
|
||||||
return ret
|
|
||||||
def out(self, verbose=0):
|
|
||||||
ret=""
|
|
||||||
- ret=ret+"allow %s %s:%s %s;" % (self.source, self.gettarget(), self.seclass, self.getAccess())
|
|
||||||
+ ret=ret+"%s %s %s:%s %s;" % (self.type, self.source, self.gettarget(), self.seclass, self.getAccess())
|
|
||||||
if verbose:
|
|
||||||
keys=self.avcinfo.keys()
|
|
||||||
keys.sort()
|
|
||||||
@@ -72,38 +73,104 @@
|
|
||||||
else:
|
|
||||||
return self.target
|
|
||||||
|
|
||||||
-class allowRecords:
|
|
||||||
- def __init__(self, input, last_reload=0, verbose=0):
|
|
||||||
+class seruleRecords:
|
|
||||||
+ def __init__(self, input, last_reload=0, verbose=0, te_ind=0):
|
|
||||||
self.last_reload=last_reload
|
|
||||||
- self.allowRules={}
|
|
||||||
+ self.seRules={}
|
|
||||||
self.seclasses={}
|
|
||||||
self.types=[]
|
|
||||||
self.roles=[]
|
|
||||||
- self.load(input)
|
|
||||||
+ self.load(input, te_ind)
|
|
||||||
|
|
||||||
def warning(self, error):
|
|
||||||
sys.stderr.write("%s: " % sys.argv[0])
|
|
||||||
sys.stderr.write("%s\n" % error)
|
|
||||||
sys.stderr.flush()
|
|
||||||
|
|
||||||
- def load(self, input):
|
|
||||||
+ def load(self, input, te_ind=0):
|
|
||||||
+ VALID_CMDS=("allow", "dontaudit", "auditallow", "role")
|
|
||||||
+
|
|
||||||
avc=[]
|
|
||||||
found=0
|
|
||||||
line = input.readline()
|
|
||||||
- while line:
|
|
||||||
- rec=line.split()
|
|
||||||
- for i in rec:
|
|
||||||
- if i=="avc:" or i=="message=avc:":
|
|
||||||
- found=1
|
|
||||||
- else:
|
|
||||||
- avc.append(i)
|
|
||||||
- if found:
|
|
||||||
- self.add(avc)
|
|
||||||
- found=0
|
|
||||||
- avc=[]
|
|
||||||
- line = input.readline()
|
|
||||||
+ if te_ind:
|
|
||||||
+ while line:
|
|
||||||
+ rec=line.split()
|
|
||||||
+ if len(rec) and rec[0] in VALID_CMDS:
|
|
||||||
+ self.add_terule(line)
|
|
||||||
+ line = input.readline()
|
|
||||||
+
|
|
||||||
+ else:
|
|
||||||
+ while line:
|
|
||||||
+ rec=line.split()
|
|
||||||
+ for i in rec:
|
|
||||||
+ if i=="avc:" or i=="message=avc:":
|
|
||||||
+ found=1
|
|
||||||
+ else:
|
|
||||||
+ avc.append(i)
|
|
||||||
+ if found:
|
|
||||||
+ self.add(avc)
|
|
||||||
+ found=0
|
|
||||||
+ avc=[]
|
|
||||||
+ line = input.readline()
|
|
||||||
|
|
||||||
|
|
||||||
+ def get_target(self, i, rule):
|
|
||||||
+ target=[]
|
|
||||||
+ if rule[i][0] == "{":
|
|
||||||
+ for t in rule[i].split("{"):
|
|
||||||
+ if len(t):
|
|
||||||
+ target.append(t)
|
|
||||||
+ i=i+1
|
|
||||||
+ for s in rule[i:]:
|
|
||||||
+ if s.find("}") >= 0:
|
|
||||||
+ for s1 in s.split("}"):
|
|
||||||
+ if len(s1):
|
|
||||||
+ target.append(s1)
|
|
||||||
+ i=i+1
|
|
||||||
+ return (i, target)
|
|
||||||
+
|
|
||||||
+ target.append(s)
|
|
||||||
+ i=i+1
|
|
||||||
+ else:
|
|
||||||
+ if rule[i].find(";") >= 0:
|
|
||||||
+ for s1 in rule[i].split(";"):
|
|
||||||
+ if len(s1):
|
|
||||||
+ target.append(s1)
|
|
||||||
+ else:
|
|
||||||
+ target.append(rule[i])
|
|
||||||
+
|
|
||||||
+ i=i+1
|
|
||||||
+ return (i, target)
|
|
||||||
+
|
|
||||||
+ def rules_split(self, rules):
|
|
||||||
+ (idx, target ) = self.get_target(0, rules)
|
|
||||||
+ (idx, subject) = self.get_target(idx, rules)
|
|
||||||
+ return (target, subject)
|
|
||||||
+
|
|
||||||
+ def add_terule(self, rule):
|
|
||||||
+ rc = rule.split(":")
|
|
||||||
+ rules=rc[0].split()
|
|
||||||
+ type=rules[0]
|
|
||||||
+ if type == "role":
|
|
||||||
+ print type
|
|
||||||
+ (sources, targets) = self.rules_split(rules[1:])
|
|
||||||
+ rules=rc[1].split()
|
|
||||||
+ (seclasses, access) = self.rules_split(rules)
|
|
||||||
+ for scon in sources:
|
|
||||||
+ for tcon in targets:
|
|
||||||
+ for seclass in seclasses:
|
|
||||||
+ self.add_rule(type, scon, tcon, seclass,access)
|
|
||||||
+
|
|
||||||
+ def add_rule(self, rule_type, scon, tcon, seclass, access, msg="", comm="", name=""):
|
|
||||||
+ self.add_seclass(seclass, access)
|
|
||||||
+ self.add_type(tcon)
|
|
||||||
+ self.add_type(scon)
|
|
||||||
+ if (type, scon, tcon, seclass) not in self.seRules.keys():
|
|
||||||
+ self.seRules[(rule_type, scon, tcon, seclass)]=serule(rule_type, scon, tcon, seclass)
|
|
||||||
+
|
|
||||||
+ self.seRules[(rule_type, scon, tcon, seclass)].add((access, msg, comm, name ))
|
|
||||||
+
|
|
||||||
def add(self,avc):
|
|
||||||
scon=""
|
|
||||||
tcon=""
|
|
||||||
@@ -117,7 +184,7 @@
|
|
||||||
|
|
||||||
if "granted" in avc:
|
|
||||||
if "load_policy" in avc and self.last_reload:
|
|
||||||
- self.allowRules={}
|
|
||||||
+ self.seRules={}
|
|
||||||
return
|
|
||||||
try:
|
|
||||||
for i in range (0, len(avc)):
|
|
||||||
@@ -160,16 +227,9 @@
|
|
||||||
self.warning("Bad AVC Line: %s" % avc)
|
|
||||||
return
|
|
||||||
|
|
||||||
- self.add_seclass(seclass, access)
|
|
||||||
- self.add_type(tcon)
|
|
||||||
- self.add_type(scon)
|
|
||||||
self.add_role(srole)
|
|
||||||
self.add_role(trole)
|
|
||||||
-
|
|
||||||
- if (scon, tcon, seclass) not in self.allowRules.keys():
|
|
||||||
- self.allowRules[(scon, tcon, seclass)]=allow(scon, tcon, seclass)
|
|
||||||
-
|
|
||||||
- self.allowRules[(scon, tcon, seclass)].add((access, msg, comm, name ))
|
|
||||||
+ self.add_rule("allow", scon, tcon, seclass, access, msg, comm, name)
|
|
||||||
|
|
||||||
def add_seclass(self,seclass, access):
|
|
||||||
if seclass not in self.seclasses.keys():
|
|
||||||
@@ -195,17 +255,23 @@
|
|
||||||
keys=self.seclasses.keys()
|
|
||||||
keys.sort()
|
|
||||||
rec="\n\nrequire {\n"
|
|
||||||
- for i in self.roles:
|
|
||||||
- rec += "\trole %s; \n" % i
|
|
||||||
- rec += "\n\n"
|
|
||||||
+ if len(self.roles) > 0:
|
|
||||||
+ for i in self.roles:
|
|
||||||
+ rec += "\trole %s; \n" % i
|
|
||||||
+ rec += "\n"
|
|
||||||
+
|
|
||||||
for i in keys:
|
|
||||||
access=self.seclasses[i]
|
|
||||||
- access.sort()
|
|
||||||
- rec += "\tclass %s { " % i
|
|
||||||
- for a in access:
|
|
||||||
- rec += " %s" % a
|
|
||||||
- rec += " }; \n"
|
|
||||||
- rec += "\n\n"
|
|
||||||
+ if len(access) > 1:
|
|
||||||
+ access.sort()
|
|
||||||
+ rec += "\tclass %s {" % i
|
|
||||||
+ for a in access:
|
|
||||||
+ rec += " %s" % a
|
|
||||||
+ rec += " }; \n"
|
|
||||||
+ else:
|
|
||||||
+ rec += "\tclass %s %s;\n" % (i, access[0])
|
|
||||||
+
|
|
||||||
+ rec += "\n"
|
|
||||||
|
|
||||||
for i in self.types:
|
|
||||||
rec += "\ttype %s; \n" % i
|
|
||||||
@@ -214,17 +280,19 @@
|
|
||||||
|
|
||||||
def out(self, require=0, module=""):
|
|
||||||
rec=""
|
|
||||||
- if len(self.allowRules.keys())==0:
|
|
||||||
+ if len(self.seRules.keys())==0:
|
|
||||||
raise(ValueError("No AVC messages found."))
|
|
||||||
- if module!="":
|
|
||||||
+ if module != "":
|
|
||||||
rec += self.gen_module(module)
|
|
||||||
rec += self.gen_requires()
|
|
||||||
else:
|
|
||||||
if requires:
|
|
||||||
rec+=self.gen_requires()
|
|
||||||
-
|
|
||||||
- for i in self.allowRules.keys():
|
|
||||||
- rec += self.allowRules[i].out(verbose)+"\n"
|
|
||||||
+
|
|
||||||
+ keys=self.seRules.keys()
|
|
||||||
+ keys.sort()
|
|
||||||
+ for i in keys:
|
|
||||||
+ rec += self.seRules[i].out(verbose)+"\n"
|
|
||||||
return rec
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
|
||||||
@@ -235,8 +303,8 @@
|
|
||||||
else:
|
|
||||||
return ""
|
|
||||||
|
|
||||||
- def usage():
|
|
||||||
- print 'audit2allow [-adhilrv] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
|
|
||||||
+ def usage(msg=""):
|
|
||||||
+ print 'audit2allow [-adhilrv] [-t file ] [ -f fcfile ] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
|
|
||||||
-a, --all read input from audit and message log, conflicts with -i\n\
|
|
||||||
-d, --dmesg read input from output of /bin/dmesg\n\
|
|
||||||
-h, --help display this message\n\
|
|
||||||
@@ -246,8 +314,12 @@
|
|
||||||
-M generate loadable module package, conflicts with -o\n\
|
|
||||||
-o, --output append output to <outputfile>, conflicts with -M\n\
|
|
||||||
-r, --requires generate require output \n\
|
|
||||||
+ -t, --tefile Indicates input is Existing Type Enforcement file\n\
|
|
||||||
+ -f, --fcfile Existing Type Enforcement file, requires -M\n\
|
|
||||||
-v, --verbose verbose output\n\
|
|
||||||
'
|
|
||||||
+ if msg != "":
|
|
||||||
+ print msg
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
def errorExit(error):
|
|
||||||
@@ -270,41 +342,50 @@
|
|
||||||
buildPP=0
|
|
||||||
input_ind=0
|
|
||||||
output_ind=0
|
|
||||||
+ te_ind=0
|
|
||||||
+
|
|
||||||
+ fc_file=""
|
|
||||||
gopts, cmds = getopt.getopt(sys.argv[1:],
|
|
||||||
- 'adhi:lm:M:o:rv',
|
|
||||||
+ 'adf:hi:lm:M:o:rtv',
|
|
||||||
['all',
|
|
||||||
'dmesg',
|
|
||||||
+ 'fcfile=',
|
|
||||||
'help',
|
|
||||||
'input=',
|
|
||||||
'lastreload',
|
|
||||||
'module=',
|
|
||||||
'output=',
|
|
||||||
'requires'
|
|
||||||
+ 'tefile',
|
|
||||||
'verbose'
|
|
||||||
])
|
|
||||||
for o,a in gopts:
|
|
||||||
if o == "-a" or o == "--all":
|
|
||||||
- if input_ind:
|
|
||||||
+ if input_ind or te_ind:
|
|
||||||
usage()
|
|
||||||
input=open("/var/log/messages", "r")
|
|
||||||
auditlogs=1
|
|
||||||
if o == "-d" or o == "--dmesg":
|
|
||||||
input=os.popen("/bin/dmesg", "r")
|
|
||||||
+ if o == "-f" or o == "--fcfile":
|
|
||||||
+ if a[0]=="-":
|
|
||||||
+ usage()
|
|
||||||
+ fc_file=a
|
|
||||||
if o == "-h" or o == "--help":
|
|
||||||
usage()
|
|
||||||
if o == "-i"or o == "--input":
|
|
||||||
- if auditlogs:
|
|
||||||
+ if auditlogs or a[0]=="-":
|
|
||||||
usage()
|
|
||||||
input_ind=1
|
|
||||||
input=open(a, "r")
|
|
||||||
if o == '--lastreload' or o == "-l":
|
|
||||||
last_reload=1
|
|
||||||
if o == "-m" or o == "--module":
|
|
||||||
- if module != "":
|
|
||||||
+ if module != "" or a[0]=="-":
|
|
||||||
usage()
|
|
||||||
module=a
|
|
||||||
if o == "-M":
|
|
||||||
- if module != "" or output_ind:
|
|
||||||
+ if module != "" or output_ind or a[0]=="-":
|
|
||||||
usage()
|
|
||||||
module=a
|
|
||||||
outfile=a+".te"
|
|
||||||
@@ -312,19 +393,30 @@
|
|
||||||
output=open(outfile, "w")
|
|
||||||
if o == "-r" or o == "--requires":
|
|
||||||
requires=1
|
|
||||||
+ if o == "-t" or o == "--tefile":
|
|
||||||
+ if auditlogs:
|
|
||||||
+ usage()
|
|
||||||
+ te_ind=1
|
|
||||||
if o == "-o" or o == "--output":
|
|
||||||
- if module != "":
|
|
||||||
+ if module != "" or a[0]=="-":
|
|
||||||
usage()
|
|
||||||
output=open(a, "a")
|
|
||||||
output_ind=1
|
|
||||||
if o == "-v" or o == "--verbose":
|
|
||||||
verbose=1
|
|
||||||
- if len(cmds) != 0:
|
|
||||||
- usage()
|
|
||||||
- out=allowRecords(input, last_reload, verbose)
|
|
||||||
+
|
|
||||||
+ if len(cmds) != 0:
|
|
||||||
+ usage()
|
|
||||||
+
|
|
||||||
+ if fc_file != "" and not buildPP:
|
|
||||||
+ usage("Error %s: Option -fc requires -M" % sys.argv[0])
|
|
||||||
+
|
|
||||||
+ out=seruleRecords(input, last_reload, verbose, te_ind)
|
|
||||||
+
|
|
||||||
if auditlogs:
|
|
||||||
- input=open("/var/log/audit/audit.log", "r")
|
|
||||||
- out.load(input)
|
|
||||||
+ input=os.popen("ausearch -m avc")
|
|
||||||
+ out.load(input)
|
|
||||||
+
|
|
||||||
if buildPP:
|
|
||||||
print ("Generating type enforcment file: %s.te" % module)
|
|
||||||
output.write(out.out(requires, module))
|
|
||||||
@@ -334,8 +426,13 @@
|
|
||||||
print "Compiling policy: %s" % cmd
|
|
||||||
rc=commands.getstatusoutput(cmd)
|
|
||||||
if rc[0]==0:
|
|
||||||
- print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module))
|
|
||||||
- rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module))
|
|
||||||
+ cmd="semodule_package -o %s.pp -m %s.mod" % (module, module)
|
|
||||||
+ print cmd
|
|
||||||
+ if fc_file != "":
|
|
||||||
+ cmd = "%s -f %s" % (cmd, fc_file)
|
|
||||||
+
|
|
||||||
+ print "Building package: %s" % cmd
|
|
||||||
+ rc=commands.getstatusoutput(cmd)
|
|
||||||
if rc[0]==0:
|
|
||||||
print ("\n******************** IMPORTANT ***********************\n")
|
|
||||||
print ("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n" % module)
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.27.31/audit2allow/audit2allow.1
|
|
||||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2005-11-29 13:43:42.000000000 -0500
|
|
||||||
+++ policycoreutils-1.27.31/audit2allow/audit2allow.1 2005-11-30 14:53:31.000000000 -0500
|
|
||||||
@@ -33,37 +33,44 @@
|
|
||||||
.B "\-a" | "\-\-all"
|
|
||||||
Read input from audit and message log, conflicts with -i
|
|
||||||
.TP
|
|
||||||
-.B "\-h" | "\-\-help"
|
|
||||||
-Print a short usage message
|
|
||||||
-.TP
|
|
||||||
.B "\-d" | "\-\-dmesg"
|
|
||||||
Read input from output of
|
|
||||||
.I /bin/dmesg.
|
|
||||||
-Note that audit messages are not available via dmesg when
|
|
||||||
-auditd is running; use -i /var/log/audit/audit.log instead.
|
|
||||||
+Note that all audit messages are not available via dmesg when
|
|
||||||
+auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
|
|
||||||
.TP
|
|
||||||
-.B "\-v" | "\-\-verbose"
|
|
||||||
-Turn on verbose output
|
|
||||||
+.B "\-f" | "\-\-fcfile" <File Context File>
|
|
||||||
+Add File Context File to generated Module Package. Requires -M option.
|
|
||||||
+.TP
|
|
||||||
+.B "\-h" | "\-\-help"
|
|
||||||
+Print a short usage message
|
|
||||||
+.TP
|
|
||||||
+.B "\-i <inputfile>" | "\-\-input <inputfile>"
|
|
||||||
+read input from
|
|
||||||
+.I <inputfile>
|
|
||||||
.TP
|
|
||||||
.B "\-l" | "\-\-lastreload"
|
|
||||||
read input only after last policy reload
|
|
||||||
.TP
|
|
||||||
-.B "\-r" | "\-\-requires"
|
|
||||||
-Generate require output syntax for loadable modules.
|
|
||||||
-.TP
|
|
||||||
.B "\-m <modulename>" | "\-\-module <modulename>"
|
|
||||||
Generate module/require output <modulename>
|
|
||||||
.TP
|
|
||||||
.B "\-M <modulename>"
|
|
||||||
Generate loadable module package, conflicts with -o
|
|
||||||
.TP
|
|
||||||
-.B "\-i <inputfile>" | "\-\-input <inputfile>"
|
|
||||||
-read input from
|
|
||||||
-.I <inputfile>
|
|
||||||
-.TP
|
|
||||||
.B "\-o <outputfile>" | "\-\-output <outputfile>"
|
|
||||||
append output to
|
|
||||||
.I <outputfile>
|
|
||||||
+.TP
|
|
||||||
+.B "\-r" | "\-\-requires"
|
|
||||||
+Generate require output syntax for loadable modules.
|
|
||||||
+.TP
|
|
||||||
+.B "\-t " | "\-\-tefile"
|
|
||||||
+Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
|
||||||
+.TP
|
|
||||||
+.B "\-v" | "\-\-verbose"
|
|
||||||
+Turn on verbose output
|
|
||||||
+
|
|
||||||
.SH DESCRIPTION
|
|
||||||
.PP
|
|
||||||
This utility scans the logs for messages logged when the system denied
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.31/scripts/genhomedircon
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.31/scripts/genhomedircon
|
||||||
--- nsapolicycoreutils/scripts/genhomedircon 2005-11-30 13:59:30.000000000 -0500
|
--- nsapolicycoreutils/scripts/genhomedircon 2005-12-01 14:18:40.000000000 -0500
|
||||||
+++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 14:31:26.000000000 -0500
|
+++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 20:19:55.000000000 -0500
|
||||||
@@ -32,6 +32,8 @@
|
@@ -133,7 +133,7 @@
|
||||||
fd=open("/etc/shells", 'r')
|
if rc[0] == 0:
|
||||||
VALID_SHELLS=fd.read().split('\n')
|
return rc[1]+"\n"
|
||||||
fd.close()
|
else:
|
||||||
+if "/sbin/nologin" in VALID_SHELLS:
|
- errorExit(string.join("sed error ", rc[1]))
|
||||||
+ VALID_SHELLS.remove("/sbin/nologin")
|
+ errorExit("sed error %s" % rc[1])
|
||||||
|
|
||||||
def getStartingUID():
|
def heading(self):
|
||||||
starting_uid = sys.maxint
|
ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
|
||||||
@@ -266,7 +268,7 @@
|
@@ -329,8 +329,8 @@
|
||||||
homedir = u[5][:string.rfind(u[5], "/")]
|
selconf.write()
|
||||||
if not homedir in homedirs:
|
|
||||||
if self.checkExists(homedir)==0:
|
|
||||||
- warning("%s is already defined in %s,\n%s will not create a new context." % (homedir, self.getFileContextFile(), sys.argv[0]))
|
|
||||||
+ warning("%s homedir %s or its parent directoy conflicts with a\ndefined context in %s,\n%s will not create a new context." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))
|
|
||||||
else:
|
|
||||||
homedirs.append(homedir)
|
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule/Makefile policycoreutils-1.27.31/semodule/Makefile
|
except getopt.error, error:
|
||||||
--- nsapolicycoreutils/semodule/Makefile 2005-10-10 09:02:48.000000000 -0400
|
- errorExit(string.join("Options Error ", error))
|
||||||
+++ policycoreutils-1.27.31/semodule/Makefile 2005-11-30 14:31:26.000000000 -0500
|
+ errorExit("Options Error %s " % error)
|
||||||
@@ -17,6 +17,8 @@
|
except ValueError, error:
|
||||||
install: all
|
- errorExit(string.join("ValueError ", error))
|
||||||
-mkdir -p $(SBINDIR)
|
+ errorExit("ValueError %s" % error)
|
||||||
install -m 755 semodule $(SBINDIR)
|
except IndexError, error:
|
||||||
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
|
errorExit("IndexError")
|
||||||
+ install -m 644 semodule.8 $(MANDIR)/man8/
|
|
||||||
|
|
||||||
relabel:
|
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-1.27.31/semodule/semodule.8
|
|
||||||
--- nsapolicycoreutils/semodule/semodule.8 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ policycoreutils-1.27.31/semodule/semodule.8 2005-11-30 14:31:26.000000000 -0500
|
|
||||||
@@ -0,0 +1,53 @@
|
|
||||||
+.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
|
|
||||||
+.SH NAME
|
|
||||||
+semodule \- Manage SELinux policy modules.
|
|
||||||
+
|
|
||||||
+.SH SYNOPSIS
|
|
||||||
+.B semodule
|
|
||||||
+.br
|
|
||||||
+.SH DESCRIPTION
|
|
||||||
+.PP
|
|
||||||
+semodule is the tool used to manage policy, it can call functions to load/replace the policy in the kernel, as well as setup load_able modules.
|
|
||||||
+
|
|
||||||
+.SH "OPTIONS"
|
|
||||||
+.TP
|
|
||||||
+.B \-R, \-\-reload
|
|
||||||
+reload policy
|
|
||||||
+.TP
|
|
||||||
+.B \-B, \-\-build
|
|
||||||
+build and reload policy
|
|
||||||
+.TP
|
|
||||||
+.B \-i,\-\-install=MODULE_PKG
|
|
||||||
+install a new module
|
|
||||||
+.TP
|
|
||||||
+.B \-u,\-\-upgrade=MODULE_PKG
|
|
||||||
+upgrade existing module
|
|
||||||
+.TP
|
|
||||||
+.B \-b,\-\-base=MODULE_PKG
|
|
||||||
+install new base module
|
|
||||||
+.TP
|
|
||||||
+.B \-r,\-\-remove=MODULE_NAME
|
|
||||||
+remove existing module
|
|
||||||
+.TP
|
|
||||||
+.B \-l,\-\-list-modules
|
|
||||||
+display list of installed modules
|
|
||||||
+.TP
|
|
||||||
+.B \-s,\-\-store
|
|
||||||
+name of the store to operate on
|
|
||||||
+.TP
|
|
||||||
+.B \-n,\-\-noreload
|
|
||||||
+do not reload policy after commit
|
|
||||||
+.TP
|
|
||||||
+.B \-h,\-\-help
|
|
||||||
+prints help message and quit
|
|
||||||
+.TP
|
|
||||||
+.B \-v,\-\-verbose
|
|
||||||
+be verbose reset the policy boolean values to the saved policy settings.
|
|
||||||
+
|
|
||||||
+.SH SEE ALSO
|
|
||||||
+.B load_policy(8), semodule_package(8), semodule_expand(8), semodule_link(8)
|
|
||||||
+(8),
|
|
||||||
+.SH AUTHORS
|
|
||||||
+.nf
|
|
||||||
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
||||||
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_expand/Makefile policycoreutils-1.27.31/semodule_expand/Makefile
|
|
||||||
--- nsapolicycoreutils/semodule_expand/Makefile 2005-10-12 15:25:33.000000000 -0400
|
|
||||||
+++ policycoreutils-1.27.31/semodule_expand/Makefile 2005-11-30 14:31:26.000000000 -0500
|
|
||||||
@@ -3,6 +3,7 @@
|
|
||||||
INCLUDEDIR ?= $(PREFIX)/include
|
|
||||||
BINDIR ?= $(PREFIX)/bin
|
|
||||||
LIBDIR ?= ${PREFIX}/lib
|
|
||||||
+MANDIR ?= $(PREFIX)/share/man
|
|
||||||
|
|
||||||
CFLAGS ?= -Werror -Wall -W
|
|
||||||
override CFLAGS += -I$(INCLUDEDIR)
|
|
||||||
@@ -15,6 +16,8 @@
|
|
||||||
install: all
|
|
||||||
-mkdir -p $(BINDIR)
|
|
||||||
install -m 755 semodule_expand $(BINDIR)
|
|
||||||
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
|
|
||||||
+ install -m 644 semodule_expand.8 $(MANDIR)/man8/
|
|
||||||
|
|
||||||
relabel:
|
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_expand/semodule_expand.8 policycoreutils-1.27.31/semodule_expand/semodule_expand.8
|
|
||||||
--- nsapolicycoreutils/semodule_expand/semodule_expand.8 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ policycoreutils-1.27.31/semodule_expand/semodule_expand.8 2005-11-30 14:31:26.000000000 -0500
|
|
||||||
@@ -0,0 +1,26 @@
|
|
||||||
+.TH SEMODULE_EXPAND "8" "Nov 2005" "Security Enhanced Linux" NSA
|
|
||||||
+.SH NAME
|
|
||||||
+semodule_expand \- Manage SELinux policy modules.
|
|
||||||
+
|
|
||||||
+.SH SYNOPSIS
|
|
||||||
+.B semodule_expand [-V -c [version]] basemodpkg outputfile
|
|
||||||
+.br
|
|
||||||
+.SH DESCRIPTION
|
|
||||||
+.PP
|
|
||||||
+semodule_expand is the tool used to create a policy file from a base policy module. Tool takes to arguments: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
|
|
||||||
+
|
|
||||||
+.SH "OPTIONS"
|
|
||||||
+.TP
|
|
||||||
+.B \-V
|
|
||||||
+verbose mode
|
|
||||||
+.TP
|
|
||||||
+.B \-c [version]
|
|
||||||
+policy version to create
|
|
||||||
+
|
|
||||||
+.SH SEE ALSO
|
|
||||||
+.B load_policy(8), semodule_package(8), semodule(8), semodule_link(8)
|
|
||||||
+(8),
|
|
||||||
+.SH AUTHORS
|
|
||||||
+.nf
|
|
||||||
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
||||||
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_link/Makefile policycoreutils-1.27.31/semodule_link/Makefile
|
|
||||||
--- nsapolicycoreutils/semodule_link/Makefile 2005-10-12 15:25:33.000000000 -0400
|
|
||||||
+++ policycoreutils-1.27.31/semodule_link/Makefile 2005-11-30 14:31:26.000000000 -0500
|
|
||||||
@@ -2,6 +2,7 @@
|
|
||||||
PREFIX ?= ${DESTDIR}/usr
|
|
||||||
INCLUDEDIR ?= $(PREFIX)/include
|
|
||||||
BINDIR ?= $(PREFIX)/bin
|
|
||||||
+MANDIR ?= $(PREFIX)/share/man
|
|
||||||
LIBDIR ?= ${PREFIX}/lib
|
|
||||||
|
|
||||||
CFLAGS ?= -Werror -Wall -W
|
|
||||||
@@ -15,6 +16,8 @@
|
|
||||||
install: all
|
|
||||||
-mkdir -p $(BINDIR)
|
|
||||||
install -m 755 semodule_link $(BINDIR)
|
|
||||||
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
|
|
||||||
+ install -m 644 semodule_link.8 $(MANDIR)/man8/
|
|
||||||
|
|
||||||
relabel:
|
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_link/semodule_link.8 policycoreutils-1.27.31/semodule_link/semodule_link.8
|
|
||||||
--- nsapolicycoreutils/semodule_link/semodule_link.8 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ policycoreutils-1.27.31/semodule_link/semodule_link.8 2005-11-30 14:31:26.000000000 -0500
|
|
||||||
@@ -0,0 +1,27 @@
|
|
||||||
+.TH SEMODULE_LINK "8" "Nov 2005" "Security Enhanced Linux" NSA
|
|
||||||
+.SH NAME
|
|
||||||
+semodule_link \- Link a group of modules together with a base module
|
|
||||||
+
|
|
||||||
+.SH SYNOPSIS
|
|
||||||
+.B semodule_link [-V] [-o outfile] basemodpkg modpkg1 [modpkg2]...
|
|
||||||
+.br
|
|
||||||
+.SH DESCRIPTION
|
|
||||||
+.PP
|
|
||||||
+semodule_link is the tool used to create a policy file from a base policy module. and one of more loadable policy modules: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
|
|
||||||
+
|
|
||||||
+.SH "OPTIONS"
|
|
||||||
+.TP
|
|
||||||
+.B \-V
|
|
||||||
+verbose mode
|
|
||||||
+.TP
|
|
||||||
+.B \-o \-\-outfile <output file>
|
|
||||||
+Loadable package Output file
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+.SH SEE ALSO
|
|
||||||
+.B load_policy(8), semodule_package(8), semodule(8), semodule_expand(8)
|
|
||||||
+(8),
|
|
||||||
+.SH AUTHORS
|
|
||||||
+.nf
|
|
||||||
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
||||||
+The program was written by Karl MacMillan <kmacmillan@tresys.com>
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_package/Makefile policycoreutils-1.27.31/semodule_package/Makefile
|
|
||||||
--- nsapolicycoreutils/semodule_package/Makefile 2005-10-12 15:25:33.000000000 -0400
|
|
||||||
+++ policycoreutils-1.27.31/semodule_package/Makefile 2005-11-30 14:31:26.000000000 -0500
|
|
||||||
@@ -3,6 +3,7 @@
|
|
||||||
INCLUDEDIR ?= $(PREFIX)/include
|
|
||||||
BINDIR ?= $(PREFIX)/bin
|
|
||||||
LIBDIR ?= ${PREFIX}/lib
|
|
||||||
+MANDIR ?= $(PREFIX)/share/man
|
|
||||||
|
|
||||||
CFLAGS ?= -Werror -Wall -W
|
|
||||||
override CFLAGS += -I$(INCLUDEDIR)
|
|
||||||
@@ -15,6 +16,8 @@
|
|
||||||
install: all
|
|
||||||
-mkdir -p $(BINDIR)
|
|
||||||
install -m 755 semodule_package $(BINDIR)
|
|
||||||
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
|
|
||||||
+ install -m 644 semodule_package.8 $(MANDIR)/man8/
|
|
||||||
|
|
||||||
relabel:
|
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_package/semodule_package.8 policycoreutils-1.27.31/semodule_package/semodule_package.8
|
|
||||||
--- nsapolicycoreutils/semodule_package/semodule_package.8 1969-12-31 19:00:00.000000000 -0500
|
|
||||||
+++ policycoreutils-1.27.31/semodule_package/semodule_package.8 2005-11-30 14:31:26.000000000 -0500
|
|
||||||
@@ -0,0 +1,29 @@
|
|
||||||
+.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
|
|
||||||
+.SH NAME
|
|
||||||
+semodule_package \- Create loadable policy modules.
|
|
||||||
+
|
|
||||||
+.SH SYNOPSIS
|
|
||||||
+.B semodule_package -o <output file> -m <module> [-f <file contexts>]
|
|
||||||
+.br
|
|
||||||
+.SH DESCRIPTION
|
|
||||||
+.PP
|
|
||||||
+semodule_package is the tool used to create a policy file from a base policy module. Tool takes to arguments: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
|
|
||||||
+
|
|
||||||
+.SH "OPTIONS"
|
|
||||||
+.TP
|
|
||||||
+.B \-o \-\-outfile <output file>
|
|
||||||
+Loadable package Output file
|
|
||||||
+.TP
|
|
||||||
+.B \-m \-\-module <Module file>
|
|
||||||
+Module file (te file)
|
|
||||||
+.TP
|
|
||||||
+.B \-f \-\-fc <File context file>
|
|
||||||
+Policy File contexts file
|
|
||||||
+
|
|
||||||
+.SH SEE ALSO
|
|
||||||
+.B load_policy(8), semodule(8), semodule_expand(8), semodule_link(8)
|
|
||||||
+(8),
|
|
||||||
+.SH AUTHORS
|
|
||||||
+.nf
|
|
||||||
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
||||||
+The program was written by Karl MacMillan <kmacmillan@tresys.com>
|
|
||||||
|
@ -1,16 +1,16 @@
|
|||||||
%define libsepolver 1.9.41-1
|
%define libsepolver 1.9.41-1
|
||||||
%define libsemanagever 1.3.61-1
|
%define libsemanagever 1.3.61-1
|
||||||
|
%define libselinuxver 1.27.28-1
|
||||||
Summary: SELinux policy core utilities.
|
Summary: SELinux policy core utilities.
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 1.27.31
|
Version: 1.27.33
|
||||||
Release: 1
|
Release: 1
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
Patch: policycoreutils-rhat.patch
|
Patch: policycoreutils-rhat.patch
|
||||||
|
|
||||||
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever}
|
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}
|
||||||
|
|
||||||
PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff
|
PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff
|
||||||
Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python
|
Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python
|
||||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||||
@ -95,6 +95,14 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
|
||||||
|
* Thu Dec 1 2005 Dan Walsh <dwalsh@redhat.com> 1.27.31-1
|
||||||
|
- Update to match NSA
|
||||||
|
* Merged audit2allow --tefile and --fcfile support from Dan Walsh.
|
||||||
|
* Merged genhomedircon fix from Dan Walsh.
|
||||||
|
* Merged semodule* man pages from Dan Walsh, and edited them.
|
||||||
|
* Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
|
||||||
|
retain validation/canonicalization of contexts during init.
|
||||||
|
|
||||||
* Wed Nov 30 2005 Dan Walsh <dwalsh@redhat.com> 1.27.31-1
|
* Wed Nov 30 2005 Dan Walsh <dwalsh@redhat.com> 1.27.31-1
|
||||||
- Update to match NSA
|
- Update to match NSA
|
||||||
* Changed genhomedircon to always use user_r for the role in the
|
* Changed genhomedircon to always use user_r for the role in the
|
||||||
|
Loading…
Reference in New Issue
Block a user