From b467ef31d0ad8169dbfb6c4d2c24e14c6b76ce7c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 21 Jun 2010 14:11:31 +0000 Subject: [PATCH] * Tue Jun 15 2010 Dan Walsh 2.0.83-1 - Update to upstream * Add sandbox support from Dan Walsh with modifications from Steve Lawrence. --- policycoreutils-sepolgen.patch | 40 +++++++++++++++++----------------- sources | 2 +- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch index ba329e8..ad2ae56 100644 --- a/policycoreutils-sepolgen.patch +++ b/policycoreutils-sepolgen.patch @@ -1,6 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py +diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/access.py --- nsasepolgen/src/sepolgen/access.py 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py 2010-04-28 17:12:20.000000000 -0400 ++++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/access.py 2010-06-16 08:22:43.000000000 -0400 @@ -32,6 +32,7 @@ """ @@ -45,9 +45,9 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco access.perms.update(perms) if audit_msg: -diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py +diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/audit.py --- nsasepolgen/src/sepolgen/audit.py 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py 2010-04-28 17:12:20.000000000 -0400 ++++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/audit.py 2010-06-16 08:22:43.000000000 -0400 @@ -68,6 +68,17 @@ stdout=subprocess.PIPE).communicate()[0] return output @@ -131,9 +131,9 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor return av_set class AVCTypeFilter: -diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/defaults.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/defaults.py +diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/defaults.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/defaults.py --- nsasepolgen/src/sepolgen/defaults.py 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/defaults.py 2010-04-28 17:12:20.000000000 -0400 ++++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/defaults.py 2010-06-16 08:22:43.000000000 -0400 @@ -30,6 +30,9 @@ def interface_info(): return data_dir() + "/interface_info" @@ -144,9 +144,9 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/defaults.py policy def refpolicy_devel(): return "/usr/share/selinux/devel" -diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/interfaces.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/interfaces.py +diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/interfaces.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/interfaces.py --- nsasepolgen/src/sepolgen/interfaces.py 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/interfaces.py 2010-05-03 09:33:11.000000000 -0400 ++++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/interfaces.py 2010-06-16 08:22:43.000000000 -0400 @@ -29,6 +29,8 @@ from sepolgeni18n import _ @@ -262,9 +262,9 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/interfaces.py poli self.expand_ifcalls(headers) self.index() -diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/matching.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/matching.py +diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/matching.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/matching.py --- nsasepolgen/src/sepolgen/matching.py 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/matching.py 2010-04-28 17:12:20.000000000 -0400 ++++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/matching.py 2010-06-16 08:22:43.000000000 -0400 @@ -50,7 +50,7 @@ return 1 @@ -293,9 +293,9 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/matching.py policy def __iter__(self): return iter(self.children) -diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py +diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/policygen.py --- nsasepolgen/src/sepolgen/policygen.py 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py 2010-06-02 11:45:17.000000000 -0400 ++++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/policygen.py 2010-06-21 10:10:01.000000000 -0400 @@ -29,6 +29,8 @@ import access import interfaces @@ -347,18 +347,18 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py polic + for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})): + if i not in self.domains: + types.append(i) -+ if len(types) == 1: -+ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) -+ elif len(types) >= 1: -+ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) ++ if len(types) == 1: ++ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) ++ elif len(types) >= 1: ++ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) + except: + pass self.module.children.append(rule) -diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/refparser.py +diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/refparser.py --- nsasepolgen/src/sepolgen/refparser.py 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/refparser.py 2010-05-21 10:26:43.000000000 -0400 ++++ policycoreutils-2.0.83/sepolgen-1.0.23/src/sepolgen/refparser.py 2010-06-16 08:22:43.000000000 -0400 @@ -1044,7 +1044,7 @@ # of misc_macros. We are just going to pretend that this is an interface # to make the expansion work correctly. @@ -368,9 +368,9 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py polic "getattr","lock","execute","ioctl"]) can_exec.children.append(refpolicy.AVRule(av)) -diff --exclude-from=exclude -N -u -r nsasepolgen/src/share/perm_map policycoreutils-2.0.82/sepolgen-1.0.23/src/share/perm_map +diff --exclude-from=exclude -N -u -r nsasepolgen/src/share/perm_map policycoreutils-2.0.83/sepolgen-1.0.23/src/share/perm_map --- nsasepolgen/src/share/perm_map 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/share/perm_map 2010-04-28 17:12:20.000000000 -0400 ++++ policycoreutils-2.0.83/sepolgen-1.0.23/src/share/perm_map 2010-06-16 08:22:43.000000000 -0400 @@ -124,7 +124,7 @@ quotamod w 1 quotaget r 1 diff --git a/sources b/sources index dcca9d3..12cf12f 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -e4deacb4df1e2ec081a91fd59da1dcc5 policycoreutils-2.0.82.tgz 49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz +85a84b4521dfdde649d0143e15f724f9 policycoreutils-2.0.83.tgz 59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2