From b4996441796f69cc7cfa5e5d2c8d3c07fe2ddee8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 28 Jan 2006 02:47:35 +0000 Subject: [PATCH] * Fri Jan 27 2006 Dan Walsh 1.29.15-1 - Update from upstream * Merged newrole audit patch from Steve Grubb. * Merged seuser -> seuser local rename patch from Ivan Gyurdiev. * Merged semanage and semodule access check patches from Joshua Brindle. * Wed Jan 25 2006 Dan Walsh 1.29.12-1 - Add a default of /export/home --- .cvsignore | 2 + policycoreutils-rhat.patch | 376 ++----------------------------------- policycoreutils.spec | 14 +- sources | 2 +- 4 files changed, 27 insertions(+), 367 deletions(-) diff --git a/.cvsignore b/.cvsignore index 51821f2..43aa5fb 100644 --- a/.cvsignore +++ b/.cvsignore @@ -84,3 +84,5 @@ policycoreutils-1.29.8.tgz policycoreutils-1.29.9.tgz policycoreutils-1.29.10.tgz policycoreutils-1.29.11.tgz +policycoreutils-1.29.12.tgz +policycoreutils-1.29.15.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index b87d225..f46bc3f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,366 +1,16 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.29.11/restorecon/restorecon.c ---- nsapolicycoreutils/restorecon/restorecon.c 2006-01-13 09:47:40.000000000 -0500 -+++ policycoreutils-1.29.11/restorecon/restorecon.c 2006-01-25 14:03:12.000000000 -0500 -@@ -140,6 +140,7 @@ - fprintf(stderr,"Warning! %s refers to a symbolic link, not following last component.\n", filename); - char *p = NULL, *file_sep; - char *tmp_path = strdupa(filename); -+ size_t len=0; - if (!tmp_path) { - fprintf(stderr,"strdupa on %s failed: %s\n", filename,strerror(errno)); - return 1; -@@ -150,8 +151,11 @@ - *file_sep = 0; - file_sep++; - p = realpath(tmp_path, path); -+ } -+ else { -+ file_sep = tmp_path; -+ p = realpath("./", path); - } -- size_t len; - if(p) - len = strlen(p); - if (!p || len + strlen(file_sep) + 2 > PATH_MAX) { -@@ -162,7 +166,7 @@ - *p = '/'; - p++; - strcpy(p, file_sep); -- filename = p; -+ filename = path; - } else { - char *p; - p = realpath(filename, path); -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.11/scripts/chcat ---- nsapolicycoreutils/scripts/chcat 2006-01-19 16:00:44.000000000 -0500 -+++ policycoreutils-1.29.11/scripts/chcat 2006-01-25 11:13:33.000000000 -0500 -@@ -356,7 +356,7 @@ - - if list_ind==0 and len(cmds) < 1: - usage() -- except: -+ except ValueError, e: - usage() - - if delete_ind: -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.11/semanage/semanage ---- nsapolicycoreutils/semanage/semanage 2006-01-20 10:37:37.000000000 -0500 -+++ policycoreutils-1.29.11/semanage/semanage 2006-01-26 12:17:30.000000000 -0500 -@@ -30,28 +30,27 @@ - - def usage(message = ""): - print '\ --semanage {login|user|port|interface|fcontext} -l\n\ -+semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\ - semanage login -{a|d|m} [-sr] login_name\n\ - semanage user -{a|d|m} [-LrR] selinux_name\n\ --semanage port -{a|d|m} -p protocol [-t] port_number\n\ -+semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\ - semanage interface -{a|d|m} [-tr] interface_spec\n\ --semanage translation -{a|d|m} [-T] level\n\ - semanage fcontext -{a|d|m} [-frst] file_spec\n\ -+semanage translation -{a|d|m} [-T] level\n\ - -a, --add Add a OBJECT record NAME\n\ - -d, --delete Delete a OBJECT record NAME\n\ - -f, --ftype File Type of OBJECT \n\ - -h, --help display this message\n\ - -l, --list List the OBJECTS\n\ - -L, --level Default SELinux Level\n\ -- -n, --noheading Do not print heading when listing OBJECTS\n\ - -m, --modify Modify a OBJECT record NAME\n\ -- -P, --proto Port protocol\n\ -+ -n, --noheading Do not print heading when listing OBJECTS\n\ -+ -p, --proto Port protocol\n\ - -r, --range MLS/MCS Security Range\n\ - -R, --roles SELinux Roles (Separate by spaces)\n\ - -s, --seuser SELinux user name\n\ - -t, --type SELinux Type for the object\n\ - -T, --trans SELinux Level Translation\n\ -- -v, --verbose verbose output\n\ - ' - print message - sys.exit(1) -@@ -62,35 +61,27 @@ - sys.stderr.flush() - sys.exit(1) - -- def unwanted_ftype(): -- if ftype != "": -- sys.stderr.write("ftype not used\n"); -- def unwanted_selevel(): -- if selevel != "": -- sys.stderr.write("level not used\n"); -- def unwanted_proto(): -- if proto != "": -- sys.stderr.write("proto not used\n"); -- def unwanted_roles(): -- if roles != "": -- sys.stderr.write("role not used\n"); -- def unwanted_serange(): -- if serange != "": -- sys.stderr.write("range not used\n"); -- def unwanted_seuser(): -- if seuser != "": -- sys.stderr.write("seuser not used\n"); -- def unwanted_setype(): -- if setype != "": -- sys.stderr.write("type not used\n"); -- def unwanted_setrans(): -- if setrans != "": -- sys.stderr.write("trans not used\n"); -+ def get_options(): -+ valid_option={} -+ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ] -+ valid_option["login"] = [] -+ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range'] -+ valid_option["user"] = [] -+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles' ] -+ valid_option["port"] = [] -+ valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--protocol' ] -+ valid_option["interface"] = [] -+ valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range'] -+ valid_option["fcontext"] = [] -+ valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] -+ valid_option["translation"] = [] -+ valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] -+ return valid_option +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.11/scripts/genhomedircon +--- nsapolicycoreutils/scripts/genhomedircon 2006-01-20 10:37:37.000000000 -0500 ++++ policycoreutils-1.29.11/scripts/genhomedircon 2006-01-27 01:22:00.000000000 -0500 +@@ -87,6 +87,12 @@ + + if ret == []: + ret.append("/home") + - # - # - # - try: -- objectlist = ("login", "user", "port", "interface", "fcontext", "translation") - input = sys.stdin - output = sys.stdout - serange = "" -@@ -112,12 +103,14 @@ - usage("Requires 2 or more arguments") - - object = sys.argv[1] -- if object not in objectlist: -+ option_dict=get_options() -+ if object not in option_dict.keys(): - usage("%s not defined" % object) - - args = sys.argv[2:] ++ # Add /export/home if it exists ++ # Some customers use this for automounted homedirs ++ if os.path.exists("/export/home"): ++ ret.append("/export/home") + - gopts, cmds = getopt.getopt(args, -- 'adf:lhmnp:P:s:R:L:r:t:vT:', -+ 'adf:lhmnp:s:R:L:r:t:T:', - ['add', - 'delete', - 'ftype=', -@@ -125,16 +118,18 @@ - 'list', - 'modify', - 'noheading', -- 'port=', - 'proto=', - 'seuser=', - 'range=', - 'level=', - 'roles=', - 'type=', -- 'trans=', -- 'verbose' -+ 'trans=' - ]) -+ for o, a in gopts: -+ if o not in option_dict[object]: -+ sys.stderr.write("%s not valid for %s objects\n" % ( o, object) ); -+ - for o,a in gopts: - if o == "-a" or o == "--add": - if modify or delete: -@@ -167,7 +162,7 @@ - if o == "-L" or o == '--level': - selevel = a + return ret -- if o == "-P" or o == '--proto': -+ if o == "-p" or o == '--proto': - proto = a - - if o == "-R" or o == '--roles': -@@ -182,94 +177,25 @@ - if o == "-T" or o == "--trans": - setrans = a - -- if o == "-v" or o == "--verbose": -- verbose = 1 -- --# Note in this section I intentionally leave the unwanted_*() functions for --# variabled which are wanted commented out and don't delete those lines. This --# will make it easier to modify the code when the list of wanted variables --# changes. - if object == "login": -- if not delete: -- unwanted_ftype() -- unwanted_selevel() -- unwanted_proto() -- unwanted_roles() --# unwanted_serange() --# unwanted_seuser() -- unwanted_setype() -- unwanted_setrans() - OBJECT = seobject.loginRecords() - - if object == "user": -- if not delete: -- unwanted_ftype() --# unwanted_selevel() -- unwanted_proto() --# unwanted_roles() --# unwanted_serange() -- unwanted_seuser() -- unwanted_setype() -- unwanted_setrans() - OBJECT = seobject.seluserRecords() - - if object == "port": -- if not delete: -- unwanted_ftype() -- unwanted_selevel() --# unwanted_proto() -- unwanted_roles() -- unwanted_serange() -- unwanted_seuser() --# unwanted_setype() -- unwanted_setrans() - OBJECT = seobject.portRecords() - - if object == "interface": -- if not delete: -- unwanted_ftype() -- unwanted_selevel() -- unwanted_proto() -- unwanted_roles() --# unwanted_serange() -- unwanted_seuser() --# unwanted_setype() -- unwanted_setrans() - OBJECT = seobject.interfaceRecords() - - if object == "fcontext": -- if not delete: --# unwanted_ftype() -- unwanted_selevel() -- unwanted_proto() -- unwanted_roles() --# unwanted_serange() --# unwanted_seuser() --# unwanted_setype() -- unwanted_setrans() - OBJECT = seobject.fcontextRecords() - - if object == "translation": -- if not delete: -- unwanted_ftype() -- unwanted_selevel() -- unwanted_proto() -- unwanted_roles() -- unwanted_serange() -- unwanted_seuser() -- unwanted_setype() --# unwanted_setrans() - OBJECT = seobject.setransRecords() - - if list: -- unwanted_ftype() -- unwanted_selevel() -- unwanted_proto() -- unwanted_roles() -- unwanted_serange() -- unwanted_seuser() -- unwanted_setype() -- unwanted_setrans() - OBJECT.list(heading) - sys.exit(0); - -@@ -324,16 +250,6 @@ - sys.exit(0); - - if delete: -- if object != "fcontext": -- unwanted_ftype() -- unwanted_selevel() -- if object == "port": -- unwanted_proto() -- unwanted_roles() -- unwanted_serange() -- unwanted_seuser() -- unwanted_setype() -- unwanted_setrans() - if object == "port": - OBJECT.delete(target, proto) - -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.11/semanage/semanage.8 ---- nsapolicycoreutils/semanage/semanage.8 2006-01-20 10:37:37.000000000 -0500 -+++ policycoreutils-1.29.11/semanage/semanage.8 2006-01-26 12:13:43.000000000 -0500 -@@ -3,19 +3,19 @@ - semanage \- SELinux Policy Management tool - - .SH "SYNOPSIS" --.B semanage {login|user|port|interface|fcontext} \-l [\-n] -+.B semanage {login|user|port|interface|fcontext|translation} \-l [\-n] - .br - .B semanage login \-{a|d|m} [\-sr] login_name - .br - .B semanage user \-{a|d|m} [\-LrR] selinux_name - .br --.B semanage port \-{a|d|m} \-p protocol [\-t] port_number -+.B semanage port \-{a|d|m} [\-tr] [\-p protocol] port | port_range - .br - .B semanage interface \-{a|d|m} [\-tr] interface_spec - .br --.B semanage translation \-{a|d|m} [\-T] level --.br - .B semanage fcontext \-{a|d|m} [\-frst] file_spec -+.br -+.B semanage translation \-{a|d|m} [\-T] level - .P - - This tool is used to configure SELinux policy -@@ -35,34 +35,34 @@ - .I \-d, \-\-delete - Delete a OBJECT record NAME - .TP --.I \-h, \-\-help --display this message --.TP - .I \-f, \-\-ftype - File Type. This is used with fcontext. - Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files. - .TP -+.I \-h, \-\-help -+display this message -+.TP - .I \-l, \-\-list - List the OBJECTS - .TP --.I \-n, \-\-noheading --Do not print heading when listing OBJECTS --.TP - .I \-L, \-\-level - Default SELinux Level for SELinux use. (s0) - .TP - .I \-m, \-\-modify - Modify a OBJECT record NAME - .TP -+.I \-n, \-\-noheading -+Do not print heading when listing OBJECTS. -+.TP - .I \-p, \-\-proto - Protocol for the specified port (tcp|udp). - .TP --.I \-R, \-\-role --SELinux Roles (Separate by spaces) --.TP - .I \-r, \-\-range - MLS/MCS Security Range - .TP -+.I \-R, \-\-role -+SELinux Roles. You must inclose multiple roles within quotes, separate by spaces. Or specify \-R multiple times. -+.TP - .I \-s, \-\-seuser - SELinux user name - .TP + def getSELinuxType(directory): diff --git a/policycoreutils.spec b/policycoreutils.spec index e697dbb..9b1903f 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,10 +1,10 @@ %define libsepolver 1.11.9-1 -%define libsemanagever 1.5.15-1 +%define libsemanagever 1.5.18-1 %define libselinuxver 1.29.6-1 Summary: SELinux policy core utilities. Name: policycoreutils -Version: 1.29.11 -Release: 3 +Version: 1.29.15 +Release: 1 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -97,6 +97,14 @@ rm -rf ${RPM_BUILD_ROOT} %{_libdir}/python2.4/site-packages/seobject.py* %changelog +* Fri Jan 27 2006 Dan Walsh 1.29.15-1 +- Update from upstream + * Merged newrole audit patch from Steve Grubb. + * Merged seuser -> seuser local rename patch from Ivan Gyurdiev. + * Merged semanage and semodule access check patches from Joshua Brindle. +* Wed Jan 25 2006 Dan Walsh 1.29.12-1 +- Add a default of /export/home + * Wed Jan 25 2006 Dan Walsh 1.29.11-3 - Cleanup of the patch diff --git a/sources b/sources index 7e694f0..4e4041a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -51372837f3abaffa294b289c3acc89c4 policycoreutils-1.29.11.tgz +4630f6f9b6ce13585a58e6d1dc10fff7 policycoreutils-1.29.15.tgz