From b61040e0cd57f5779f44c290cc9befddeae5dc30 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 5 May 2009 18:51:52 +0000 Subject: [PATCH] * Wed Apr 22 2009 Dan Walsh 2.0.62-14 - Fix audit2allow -a to retun /var/log/messages --- policycoreutils-rhat.patch | 733 +++++++++++++++++++++++++++------ policycoreutils-sepolgen.patch | 25 +- policycoreutils.spec | 13 +- 3 files changed, 636 insertions(+), 135 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 4e93d28..1bd03c5 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,128 +1,575 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debugfiles.list policycoreutils-2.0.62/debugfiles.list ---- nsapolicycoreutils/debugfiles.list 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.62/debugfiles.list 2009-04-03 14:13:23.000000000 -0400 -@@ -0,0 +1,64 @@ -+%dir /usr/lib/debug -+%dir /usr/lib/debug/sbin -+%dir /usr/lib/debug/.build-id -+%dir /usr/lib/debug/.build-id/3d -+%dir /usr/lib/debug/.build-id/ec -+%dir /usr/lib/debug/.build-id/9d -+%dir /usr/lib/debug/.build-id/cb -+%dir /usr/lib/debug/.build-id/bc -+%dir /usr/lib/debug/.build-id/0a -+%dir /usr/lib/debug/.build-id/81 -+%dir /usr/lib/debug/.build-id/ad -+%dir /usr/lib/debug/.build-id/7f -+%dir /usr/lib/debug/.build-id/f4 -+%dir /usr/lib/debug/.build-id/15 -+%dir /usr/lib/debug/.build-id/1d -+%dir /usr/lib/debug/.build-id/a8 -+%dir /usr/lib/debug/.build-id/d3 -+%dir /usr/lib/debug/usr -+%dir /usr/lib/debug/usr/sbin -+%dir /usr/lib/debug/usr/bin -+/usr/lib/debug/sbin/setfiles.debug -+/usr/lib/debug/sbin/restorecon.debug -+/usr/lib/debug/.build-id/3d/c26411dac65290297678f68c7d65c43039df70.debug -+/usr/lib/debug/.build-id/3d/c26411dac65290297678f68c7d65c43039df70 -+/usr/lib/debug/.build-id/ec/2012afb3f104620e1d260c932419e6391474ab -+/usr/lib/debug/.build-id/ec/2012afb3f104620e1d260c932419e6391474ab.debug -+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665.debug -+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665 -+/usr/lib/debug/.build-id/cb/29543b91147fcf47889d52fa8375c3a388dcce -+/usr/lib/debug/.build-id/cb/29543b91147fcf47889d52fa8375c3a388dcce.debug -+/usr/lib/debug/.build-id/bc/36b9f43fecf5bdb7cbc3780aea1de9a7192865 -+/usr/lib/debug/.build-id/bc/36b9f43fecf5bdb7cbc3780aea1de9a7192865.debug -+/usr/lib/debug/.build-id/0a/2965fb8a1c2359677db2cd583f4caa9b79e082.debug -+/usr/lib/debug/.build-id/0a/2965fb8a1c2359677db2cd583f4caa9b79e082 -+/usr/lib/debug/.build-id/81/4a2dc779e8dc03a30550b17393f4bf38cc3401.debug -+/usr/lib/debug/.build-id/81/4a2dc779e8dc03a30550b17393f4bf38cc3401 -+/usr/lib/debug/.build-id/ad/d96fe93d52caa86fd8119e3a250b3ff1afc8be.debug -+/usr/lib/debug/.build-id/ad/d96fe93d52caa86fd8119e3a250b3ff1afc8be -+/usr/lib/debug/.build-id/7f/d8c1148b921ee7ce357dcc4827a35074d8744a.debug -+/usr/lib/debug/.build-id/7f/d8c1148b921ee7ce357dcc4827a35074d8744a -+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7.debug -+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7 -+/usr/lib/debug/.build-id/15/cbead7609477306808e0d90860e7e0d69ccac8.debug -+/usr/lib/debug/.build-id/15/cbead7609477306808e0d90860e7e0d69ccac8 -+/usr/lib/debug/.build-id/1d/b4d0c26d77215c7e45aa7da8d6622ec413951f.debug -+/usr/lib/debug/.build-id/1d/b4d0c26d77215c7e45aa7da8d6622ec413951f -+/usr/lib/debug/.build-id/a8/4bb87bec28cd2e948c72529f4640d56178107b -+/usr/lib/debug/.build-id/a8/4bb87bec28cd2e948c72529f4640d56178107b.debug -+/usr/lib/debug/.build-id/d3/a79f853588fb732304975cb781fe37f686e5b9 -+/usr/lib/debug/.build-id/d3/a79f853588fb732304975cb781fe37f686e5b9.debug -+/usr/lib/debug/usr/sbin/load_policy.debug -+/usr/lib/debug/usr/sbin/restorecond.debug -+/usr/lib/debug/usr/sbin/semodule.debug -+/usr/lib/debug/usr/sbin/sestatus.debug -+/usr/lib/debug/usr/sbin/setsebool.debug -+/usr/lib/debug/usr/sbin/open_init_pty.debug -+/usr/lib/debug/usr/sbin/run_init.debug -+/usr/lib/debug/usr/bin/semodule_package.debug -+/usr/lib/debug/usr/bin/newrole.debug -+/usr/lib/debug/usr/bin/semodule_link.debug -+/usr/lib/debug/usr/bin/semodule_deps.debug -+/usr/lib/debug/usr/bin/semodule_expand.debug -+/usr/lib/debug/usr/bin/secon.debug -+/usr/src/debug/policycoreutils-2.0.62 -diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debuglinks.list policycoreutils-2.0.62/debuglinks.list ---- nsapolicycoreutils/debuglinks.list 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.62/debuglinks.list 2009-04-03 14:13:23.000000000 -0400 -@@ -0,0 +1,29 @@ -+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7 /sbin/setfiles -+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7.debug /usr/lib/debug/sbin/setfiles.debug -+/usr/lib/debug/.build-id/3d/c26411dac65290297678f68c7d65c43039df70 /usr/sbin/open_init_pty -+/usr/lib/debug/.build-id/3d/c26411dac65290297678f68c7d65c43039df70.debug /usr/lib/debug/usr/sbin/open_init_pty.debug -+/usr/lib/debug/.build-id/15/cbead7609477306808e0d90860e7e0d69ccac8 /usr/sbin/sestatus -+/usr/lib/debug/.build-id/15/cbead7609477306808e0d90860e7e0d69ccac8.debug /usr/lib/debug/usr/sbin/sestatus.debug -+/usr/lib/debug/.build-id/81/4a2dc779e8dc03a30550b17393f4bf38cc3401 /usr/sbin/semodule -+/usr/lib/debug/.build-id/81/4a2dc779e8dc03a30550b17393f4bf38cc3401.debug /usr/lib/debug/usr/sbin/semodule.debug -+/usr/lib/debug/.build-id/d3/a79f853588fb732304975cb781fe37f686e5b9 /usr/sbin/load_policy -+/usr/lib/debug/.build-id/d3/a79f853588fb732304975cb781fe37f686e5b9.debug /usr/lib/debug/usr/sbin/load_policy.debug -+/usr/lib/debug/.build-id/a8/4bb87bec28cd2e948c72529f4640d56178107b /usr/sbin/run_init -+/usr/lib/debug/.build-id/a8/4bb87bec28cd2e948c72529f4640d56178107b.debug /usr/lib/debug/usr/sbin/run_init.debug -+/usr/lib/debug/.build-id/7f/d8c1148b921ee7ce357dcc4827a35074d8744a /usr/sbin/restorecond -+/usr/lib/debug/.build-id/7f/d8c1148b921ee7ce357dcc4827a35074d8744a.debug /usr/lib/debug/usr/sbin/restorecond.debug -+/usr/lib/debug/.build-id/ec/2012afb3f104620e1d260c932419e6391474ab /usr/sbin/setsebool -+/usr/lib/debug/.build-id/ec/2012afb3f104620e1d260c932419e6391474ab.debug /usr/lib/debug/usr/sbin/setsebool.debug -+/usr/lib/debug/.build-id/bc/36b9f43fecf5bdb7cbc3780aea1de9a7192865 /usr/bin/secon -+/usr/lib/debug/.build-id/bc/36b9f43fecf5bdb7cbc3780aea1de9a7192865.debug /usr/lib/debug/usr/bin/secon.debug -+/usr/lib/debug/.build-id/1d/b4d0c26d77215c7e45aa7da8d6622ec413951f /usr/bin/newrole -+/usr/lib/debug/.build-id/1d/b4d0c26d77215c7e45aa7da8d6622ec413951f.debug /usr/lib/debug/usr/bin/newrole.debug -+/usr/lib/debug/.build-id/0a/2965fb8a1c2359677db2cd583f4caa9b79e082 /usr/bin/semodule_link -+/usr/lib/debug/.build-id/0a/2965fb8a1c2359677db2cd583f4caa9b79e082.debug /usr/lib/debug/usr/bin/semodule_link.debug -+/usr/lib/debug/.build-id/ad/d96fe93d52caa86fd8119e3a250b3ff1afc8be /usr/bin/semodule_expand -+/usr/lib/debug/.build-id/ad/d96fe93d52caa86fd8119e3a250b3ff1afc8be.debug /usr/lib/debug/usr/bin/semodule_expand.debug -+/usr/lib/debug/.build-id/cb/29543b91147fcf47889d52fa8375c3a388dcce /usr/bin/semodule_package -+/usr/lib/debug/.build-id/cb/29543b91147fcf47889d52fa8375c3a388dcce.debug /usr/lib/debug/usr/bin/semodule_package.debug -+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665 /usr/bin/semodule_deps -+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665.debug /usr/lib/debug/usr/bin/semodule_deps.debug -+/usr/lib/debug/sbin/restorecon.debug /usr/lib/debug/sbin/setfiles.debug -Binary files nsapolicycoreutils/debugsources.list and policycoreutils-2.0.62/debugsources.list differ +diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.62/audit2allow/audit2allow +--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500 ++++ policycoreutils-2.0.62/audit2allow/audit2allow 2009-05-04 13:40:26.000000000 -0400 +@@ -126,6 +126,7 @@ + elif self.__options.audit: + try: + messages = audit.get_audit_msgs() ++ messages += audit.get_log_msgs() + except OSError, e: + sys.stderr.write('could not run ausearch - "%s"\n' % str(e)) + sys.exit(1) diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.62/Makefile --- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.62/Makefile 2009-04-03 14:12:56.000000000 -0400 ++++ policycoreutils-2.0.62/Makefile 2009-05-04 13:40:26.000000000 -0400 @@ -1,4 +1,4 @@ -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) +diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.62/restorecond/Makefile +--- nsapolicycoreutils/restorecond/Makefile 2009-02-18 16:44:47.000000000 -0500 ++++ policycoreutils-2.0.62/restorecond/Makefile 2009-05-04 13:40:26.000000000 -0400 +@@ -2,16 +2,21 @@ + PREFIX ?= ${DESTDIR}/usr + SBINDIR ?= $(PREFIX)/sbin + MANDIR = $(PREFIX)/share/man ++AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart ++DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services ++ ++autostart_DATA = sealertauto.desktop + INITDIR = $(DESTDIR)/etc/rc.d/init.d + SELINUXDIR = $(DESTDIR)/etc/selinux + + CFLAGS ?= -g -Werror -Wall -W +-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64 +-LDLIBS += -lselinux -L$(PREFIX)/lib ++override CFLAGS += -I$(PREFIX)/include -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -D_FILE_OFFSET_BITS=64 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include ++ ++LDLIBS += -lselinux -ldbus-glib-1 -lglib-2.0 -L$(PREFIX)/lib + + all: restorecond + +-restorecond: restorecond.o utmpwatcher.o stringslist.o ++restorecond: restorecond.o stringslist.o user.o + $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) + + install: all +@@ -22,7 +27,12 @@ + -mkdir -p $(INITDIR) + install -m 755 restorecond.init $(INITDIR)/restorecond + -mkdir -p $(SELINUXDIR) +- install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf ++ install -m 644 restorecond.conf $(SELINUXDIR)/restorecond.conf ++ install -m 644 restorecond_user.conf $(SELINUXDIR)/restorecond_user.conf ++ -mkdir -p $(AUTOSTARTDIR) ++ install -m 600 restorecond.desktop $(AUTOSTARTDIR)/restorecond.desktop ++ -mkdir -p $(DBUSSERVICEDIR) ++ install -m 600 org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restorecond.service + + relabel: install + /sbin/restorecon $(SBINDIR)/restorecond +diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.62/restorecond/org.selinux.Restorecond.service +--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.62/restorecond/org.selinux.Restorecond.service 2009-05-04 13:40:26.000000000 -0400 +@@ -0,0 +1,3 @@ ++[D-BUS Service] ++Name=org.selinux.Restorecond ++Exec=/usr/sbin/restorecond -u +diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.62/restorecond/restorecond.c +--- nsapolicycoreutils/restorecond/restorecond.c 2009-02-18 16:44:47.000000000 -0500 ++++ policycoreutils-2.0.62/restorecond/restorecond.c 2009-05-04 13:40:26.000000000 -0400 +@@ -54,25 +54,31 @@ + #include + #include + #include ++#include ++#include + + #include "restorecond.h" + #include "stringslist.h" +-#include "utmpwatcher.h" + ++extern int start(void); ++extern int server(int); + extern char *dirname(char *path); + static int master_fd = -1; + static int master_wd = -1; + static int terminate = 0; + ++static char *server_watch_file = "/etc/selinux/restorecond.conf"; ++static char *user_watch_file = "/etc/selinux/restorecond_user.conf"; ++static char *watch_file; ++ + #include +-#include + + /* size of the event structure, not counting name */ + #define EVENT_SIZE (sizeof (struct inotify_event)) + /* reasonable guess as to size of 1024 events */ + #define BUF_LEN (1024 * (EVENT_SIZE + 16)) + +-static int debug_mode = 0; ++int debug_mode = 0; + static int verbose_mode = 0; + + static void restore(const char *filename, int exact); +@@ -104,7 +110,7 @@ + see if it is one that we are watching. + */ + +-static int watch_list_find(int wd, const char *file) ++int watch_list_find(int wd, const char *file) + { + struct watchList *ptr = NULL; + ptr = firstDir; +@@ -135,7 +141,7 @@ + return -1; + } + +-static void watch_list_free(int fd) ++void watch_list_free(int fd) + { + struct watchList *ptr = NULL; + struct watchList *prev = NULL; +@@ -152,6 +158,12 @@ + firstDir = NULL; + } + ++static void done(void) { ++ watch_list_free(master_fd); ++ close(master_fd); ++ matchpathcon_fini(); ++} ++ + /* + Set the file context to the default file context for this system. + Same as restorecon. +@@ -241,6 +253,8 @@ + { + char *line_buf = NULL; + size_t len = 0; ++ uid_t uid = getuid(); ++ struct passwd *pwd = getpwuid(uid); + + while (getline(&line_buf, &len, cfg) > 0) { + char *buffer = line_buf; +@@ -252,8 +266,12 @@ + if (l <= 0) + continue; + buffer[l] = 0; +- if (buffer[0] == '~') +- utmpwatcher_add(fd, &buffer[1]); ++ if (buffer[0] == '~') { ++ char *ptr=NULL; ++ asprintf(&ptr, "%s%s", pwd->pw_dir, &buffer[1]); ++ watch_list_add(fd, ptr); ++ free(ptr); ++ } + else { + watch_list_add(fd, buffer); + } +@@ -267,9 +285,8 @@ + homedirs. + */ + +-static void read_config(int fd) ++static void read_config(int fd, const char *watch_file_path) + { +- char *watch_file_path = "/etc/selinux/restorecond.conf"; + + FILE *cfg = NULL; + if (debug_mode) +@@ -278,8 +295,10 @@ + watch_list_free(fd); + + cfg = fopen(watch_file_path, "r"); +- if (!cfg) +- exitApp("Error reading config file."); ++ if (!cfg){ ++ perror(watch_file_path); ++ exitApp("Error reading config file"); ++ } + process_config(fd, cfg); + fclose(cfg); + +@@ -316,21 +335,10 @@ + event->wd, event->mask, + event->cookie, event->len); + if (event->wd == master_wd) +- read_config(fd); ++ read_config(fd, watch_file); + else { +- switch (utmpwatcher_handle(fd, event->wd)) { +- case -1: /* Message was not for utmpwatcher */ +- if (event->len) +- watch_list_find(event->wd, event->name); +- break; +- +- case 1: /* utmp has changed need to reload */ +- read_config(fd); +- break; +- +- default: /* No users logged in or out */ +- break; +- } ++ if (event->len) ++ watch_list_find(event->wd, event->name); + } + + i += EVENT_SIZE + event->len; +@@ -374,7 +382,7 @@ + + static void usage(char *program) + { +- printf("%s [-d] [-v] \n", program); ++ printf("%s [-d] [-s] [-f restorecond_file ] [-v] \n", program); + exit(0); + } + +@@ -393,7 +401,9 @@ + void watch_list_add(int fd, const char *path) + { + struct watchList *ptr = NULL; ++ size_t i = 0; + struct watchList *prev = NULL; ++ glob_t globbuf; + char *x = strdup(path); + if (!x) + exitApp("Out of Memory"); +@@ -401,7 +411,15 @@ + char *file = basename(path); + ptr = firstDir; + +- restore(path, 1); ++ globbuf.gl_offs = 1; ++ if (glob(path, ++ GLOB_TILDE, ++ NULL, ++ &globbuf) >= 0) { ++ for (i=0; i < globbuf.gl_pathc; i++) ++ restore(globbuf.gl_pathv[i], 1); ++ globfree(&globbuf); ++ } + + while (ptr != NULL) { + if (strcmp(dir, ptr->dir) == 0) { +@@ -445,14 +463,8 @@ + { + int opt; + struct sigaction sa; ++ int run_as_user = 0; + +-#ifndef DEBUG +- /* Make sure we are root */ +- if (getuid() != 0) { +- fprintf(stderr, "You must be root to run this program.\n"); +- return 1; +- } +-#endif + /* Make sure we are root */ + if (is_selinux_enabled() != 1) { + fprintf(stderr, "Daemon requires SELinux be enabled to run.\n"); +@@ -471,11 +483,18 @@ + if (master_fd < 0) + exitApp("inotify_init"); + +- while ((opt = getopt(argc, argv, "dv")) > 0) { ++ atexit( done ); ++ while ((opt = getopt(argc, argv, "uf:dv")) > 0) { + switch (opt) { + case 'd': + debug_mode = 1; + break; ++ case 'f': ++ watch_file = optarg; ++ break; ++ case 'u': ++ run_as_user = 1; ++ break; + case 'v': + verbose_mode = 1; + break; +@@ -483,7 +502,18 @@ + usage(argv[0]); + } + } +- read_config(master_fd); ++ ++ if (getuid() != 0) { ++ watch_file = user_watch_file; ++ read_config(master_fd, watch_file); ++ if (run_as_user) ++ return server(master_fd); ++ else ++ return start(); ++ } ++ ++ watch_file = server_watch_file; ++ read_config(master_fd, watch_file); + + if (!debug_mode) + daemon(0, 0); +@@ -496,9 +526,10 @@ + watch_list_free(master_fd); + close(master_fd); + matchpathcon_fini(); +- utmpwatcher_free(); + if (pidfile) + unlink(pidfile); + + return 0; + } ++ ++ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.62/restorecond/restorecond.conf --- nsapolicycoreutils/restorecond/restorecond.conf 2009-02-18 16:44:47.000000000 -0500 -+++ policycoreutils-2.0.62/restorecond/restorecond.conf 2009-04-03 14:12:56.000000000 -0400 -@@ -5,3 +5,7 @@ ++++ policycoreutils-2.0.62/restorecond/restorecond.conf 2009-05-04 13:40:26.000000000 -0400 +@@ -4,4 +4,5 @@ + /etc/mtab /var/run/utmp /var/log/wtmp - ~/* -+/root/.ssh +-~/* ++/root/* +/root/.ssh/* +diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.62/restorecond/restorecond.desktop +--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.62/restorecond/restorecond.desktop 2009-05-04 13:40:26.000000000 -0400 +@@ -0,0 +1,7 @@ ++[Desktop Entry] ++Name=File Context maintainer ++Exec=/usr/sbin/restorecond ++Comment=Fix file context in owned by the user ++Encoding=UTF-8 ++Type=Application ++StartupNotify=false +diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.62/restorecond/restorecond_user.conf +--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.62/restorecond/restorecond_user.conf 2009-05-04 13:40:26.000000000 -0400 +@@ -0,0 +1,2 @@ ++~/* ++~/public_html/* +diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.62/restorecond/user.c +--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.62/restorecond/user.c 2009-05-04 13:40:26.000000000 -0400 +@@ -0,0 +1,223 @@ ++/* ++ * restorecond ++ * ++ * Copyright (C) 2006-2009 Red Hat ++ * see file 'COPYING' for use and warranty information ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of ++ * the License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++.* ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ * 02111-1307 USA ++ * ++ * Authors: ++ * Dan Walsh ++ * ++*/ ++ ++/* ++ * PURPOSE: ++ * This daemon program watches for the creation of files listed in a config file ++ * and makes sure that there security context matches the systems defaults ++ * ++ * USAGE: ++ * restorecond [-d] [-v] ++ * ++ * -d Run in debug mode ++ * -v Run in verbose mode (Report missing files) ++ * ++ * EXAMPLE USAGE: ++ * restorecond ++ * ++ */ ++ ++#define _GNU_SOURCE ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "restorecond.h" ++#include "stringslist.h" ++#include ++#include ++#include ++#include ++ ++extern int watch_list_find(int wd, const char *file); ++extern void watch_list_free(int fd); ++extern int debug_mode; ++ ++static DBusHandlerResult signal_filter (DBusConnection *connection, DBusMessage *message, void *user_data); ++ ++static const char *PATH="/org/selinux/Restorecond"; ++//static const char *BUSNAME="org.selinux.Restorecond"; ++static const char *INTERFACE="org.selinux.RestorecondIface"; ++static const char *RULE="type='signal',interface='org.selinux.RestorecondIface'"; ++ ++#include ++ ++/* size of the event structure, not counting name */ ++#define EVENT_SIZE (sizeof (struct inotify_event)) ++/* reasonable guess as to size of 1024 events */ ++#define BUF_LEN (1024 * (EVENT_SIZE + 16)) ++ ++static gboolean ++io_channel_callback ++ (GIOChannel *source, ++ GIOCondition condition, ++ gpointer data __attribute__((__unused__))) ++{ ++ ++ char buffer[BUF_LEN+1]; ++ gsize bytes_read; ++ unsigned int i = 0; ++ ++ if (condition & G_IO_IN) { ++ /* Data is available. */ ++ g_io_channel_read ++ (source, buffer, ++ sizeof (buffer), ++ &bytes_read); ++ ++ while (i < bytes_read) { ++ struct inotify_event *event; ++ event = (struct inotify_event *)&buffer[i]; ++ if (debug_mode) ++ printf("wd=%d mask=%u cookie=%u len=%u\n", ++ event->wd, event->mask, ++ event->cookie, event->len); ++ if (event->len) ++ watch_list_find(event->wd, event->name); ++ ++ i += EVENT_SIZE + event->len; ++ } ++ } ++ ++ /* An error happened while reading ++ the file. */ ++ ++ if (condition & G_IO_NVAL) ++ return FALSE; ++ ++ /* We have reached the end of the ++ file. */ ++ ++ if (condition & G_IO_HUP) { ++ g_io_channel_close (source); ++ return FALSE; ++ } ++ ++ /* Returning TRUE will make sure ++ the callback remains associated ++ to the channel. */ ++ ++ return TRUE; ++} ++ ++static DBusHandlerResult ++signal_filter (DBusConnection *connection __attribute__ ((__unused__)), DBusMessage *message, void *user_data) ++{ ++ /* User data is the event loop we are running in */ ++ GMainLoop *loop = user_data; ++ ++ /* A signal from the bus saying we are about to be disconnected */ ++ if (dbus_message_is_signal ++ (message, INTERFACE, "Stop")) { ++ ++ /* Tell the main loop to quit */ ++ g_main_loop_quit (loop); ++ /* We have handled this message, don't pass it on */ ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } ++ /* A Ping signal on the com.burtonini.dbus.Signal interface */ ++ else if (dbus_message_is_signal (message, INTERFACE, "Start")) { ++ DBusError error; ++ dbus_error_init (&error); ++ g_print("Start received\n"); ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } ++ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; ++} + + ++int start() { ++ DBusConnection *bus; ++ DBusError error; ++ DBusMessage *message; ++ ++ /* Get a connection to the session bus */ ++ dbus_error_init (&error); ++ bus = dbus_bus_get (DBUS_BUS_SESSION, &error); ++ if (!bus) { ++ g_warning ("Failed to connect to the D-BUS daemon: %s", error.message); ++ dbus_error_free (&error); ++ return 1; ++ } ++ ++ ++ /* Create a new signal "Start" on the interface, ++ * from the object */ ++ message = dbus_message_new_signal (PATH, ++ INTERFACE, "Start"); ++ /* Send the signal */ ++ dbus_connection_send (bus, message, NULL); ++ /* Free the signal now we have finished with it */ ++ dbus_message_unref (message); ++ return 0; ++} ++ ++int server(int master_fd) { ++ GMainLoop *loop; ++ DBusConnection *bus; ++ DBusError error; ++ ++ loop = g_main_loop_new (NULL, FALSE); ++ ++ dbus_error_init (&error); ++ if(getuid() == 0) { ++ bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error); ++ } else { ++ bus = dbus_bus_get (DBUS_BUS_SESSION, &error); ++ } ++ if (!bus) { ++ g_warning ("Failed to connect to the D-BUS daemon: %s", error.message); ++ dbus_error_free (&error); ++ return 1; ++ } ++ dbus_connection_setup_with_g_main (bus, NULL); ++ ++ /* listening to messages from all objects as no path is specified */ ++ dbus_bus_add_match (bus, RULE, &error); // see signals from the given interfacey ++ dbus_connection_add_filter (bus, signal_filter, loop, NULL); ++ ++ set_matchpathcon_flags(MATCHPATHCON_NOTRANS); ++ ++ GIOChannel *c = g_io_channel_unix_new(master_fd); ++ ++ g_io_add_watch_full( c, ++ G_PRIORITY_HIGH, ++ G_IO_IN|G_IO_ERR|G_IO_HUP, ++ io_channel_callback, NULL, NULL); ++ ++ g_main_loop_run (loop); ++ return 0; ++} diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.62/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2009-01-13 08:45:35.000000000 -0500 -+++ policycoreutils-2.0.62/scripts/chcat 2009-04-09 12:28:34.000000000 -0400 ++++ policycoreutils-2.0.62/scripts/chcat 2009-05-04 13:40:26.000000000 -0400 @@ -281,14 +281,14 @@ def expandCats(cats): newcats = [] @@ -148,8 +595,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if len(newcats) > 25: diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2009-02-18 16:44:47.000000000 -0500 -+++ policycoreutils-2.0.62/scripts/fixfiles 2009-04-03 14:12:56.000000000 -0400 -@@ -122,7 +122,7 @@ ++++ policycoreutils-2.0.62/scripts/fixfiles 2009-05-05 10:47:08.000000000 -0400 +@@ -89,7 +89,7 @@ + fi; \ + done | \ + while read pattern ; do sh -c "find $pattern \ +- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \ ++ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o \ + \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \ + done 2> /dev/null | \ + ${RESTORECON} $* -0 -f - +@@ -122,14 +122,14 @@ fi if [ ! -z "$RPMFILES" ]; then for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do @@ -158,9 +614,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po done exit $? fi + if [ ! -z "$FILEPATH" ]; then + if [ -x /usr/bin/find ]; then + /usr/bin/find "$FILEPATH" \ +- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o -print0 | \ ++ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o fstype btrfs \) -prune -o -print0 | \ + ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE + else + ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.62/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2009-02-18 16:44:47.000000000 -0500 -+++ policycoreutils-2.0.62/semanage/semanage 2009-04-16 14:46:41.000000000 -0400 ++++ policycoreutils-2.0.62/semanage/semanage 2009-05-04 13:40:26.000000000 -0400 @@ -44,16 +44,17 @@ text = _(""" semanage [ -S store ] -i [ input_file | - ] @@ -260,7 +724,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po use_file = True + if o == "--dontaudit": -+ dontaudit = a ++ dontaudit = not int(a) + if o == "-h" or o == "--help": raise ValueError(_("%s bad option") % o) @@ -354,7 +818,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.62/semanage/semanage.8 --- nsapolicycoreutils/semanage/semanage.8 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.62/semanage/semanage.8 2009-04-16 13:51:38.000000000 -0400 ++++ policycoreutils-2.0.62/semanage/semanage.8 2009-05-04 13:40:26.000000000 -0400 @@ -21,6 +21,8 @@ .br .B semanage permissive \-{a|d} type @@ -366,7 +830,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.62/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2008-11-14 17:10:15.000000000 -0500 -+++ policycoreutils-2.0.62/semanage/seobject.py 2009-04-16 14:46:58.000000000 -0400 ++++ policycoreutils-2.0.62/semanage/seobject.py 2009-05-05 14:45:58.000000000 -0400 +@@ -1,5 +1,5 @@ + #! /usr/bin/python -E +-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat ++# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat + # see file 'COPYING' for use and warranty information + # + # semanage is a tool for managing SELinux configuration files @@ -21,16 +21,16 @@ # # @@ -514,7 +985,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + + def dontaudit(self, dontaudit = 0): + self.begin() -+ rc = semanage_set_disable_dontaudit(self.sh, int(dontaudit)) ++ rc = semanage_set_disable_dontaudit(self.sh, dontaudit) + self.commit() + rc = semanage_reload_policy(self.sh) + @@ -940,7 +1411,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if interface %s is defined") % interface) if not exists: -@@ -1393,6 +1452,45 @@ +@@ -1393,6 +1452,48 @@ class fcontextRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self, store) @@ -963,7 +1434,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po + for src in self.equiv.keys(): + fd.write("%s %s\n" % (src, self.equiv[src])) + fd.close() -+ os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE]) ++ try: ++ os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE]) ++ except: ++ pass + os.rename(tmpfile,subs_file) + self.equil_ind = False + semanageRecords.commit(self) @@ -986,7 +1460,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po def createcon(self, target, seuser = "system_u"): (rc, con) = semanage_context_create(self.sh) -@@ -1429,23 +1527,23 @@ +@@ -1429,23 +1530,23 @@ if type == "": raise ValueError(_("SELinux Type is required")) @@ -1014,7 +1488,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not create file context for %s") % target) -@@ -1486,21 +1584,21 @@ +@@ -1486,21 +1587,21 @@ raise ValueError(_("Requires setype, serange or seuser")) self.validate(target) @@ -1041,7 +1515,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not query file context for %s") % target) -@@ -1550,7 +1648,7 @@ +@@ -1550,7 +1651,7 @@ target = semanage_fcontext_get_expr(fcontext) ftype = semanage_fcontext_get_type(fcontext) ftype_str = semanage_fcontext_get_type_str(ftype) @@ -1050,7 +1524,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not create a key for %s") % target) -@@ -1558,19 +1656,26 @@ +@@ -1558,19 +1659,26 @@ if rc < 0: raise ValueError(_("Could not delete the file context %s") % target) semanage_fcontext_key_free(k) @@ -1081,7 +1555,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if file context for %s is defined") % target) if exists: -@@ -1617,11 +1722,11 @@ +@@ -1617,11 +1725,11 @@ return ddict def list(self, heading = 1, locallist = 0 ): @@ -1095,7 +1569,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po for k in keys: if fcon_dict[k]: if is_mls_enabled: -@@ -1630,11 +1735,17 @@ +@@ -1630,11 +1738,17 @@ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2]) else: print "%-50s %-18s <>" % (k[0], k[1]) @@ -1114,7 +1588,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po self.dict["TRUE"] = 1 self.dict["FALSE"] = 0 self.dict["ON"] = 1 -@@ -1643,16 +1754,16 @@ +@@ -1643,16 +1757,16 @@ self.dict["0"] = 0 def __mod(self, name, value): @@ -1134,7 +1608,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not query file context %s") % name) -@@ -1670,7 +1781,7 @@ +@@ -1670,7 +1784,7 @@ semanage_bool_key_free(k) semanage_bool_free(b) @@ -1143,7 +1617,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po self.begin() -@@ -1694,16 +1805,16 @@ +@@ -1694,16 +1808,16 @@ def __delete(self, name): @@ -1163,7 +1637,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if boolean %s is defined") % name) if not exists: -@@ -1762,7 +1873,7 @@ +@@ -1762,7 +1876,7 @@ return _("unknown") def list(self, heading = True, locallist = False, use_file = False): @@ -1172,11 +1646,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if use_file: ddict = self.get_all(locallist) keys = ddict.keys() -Binary files nsapolicycoreutils/setfiles/restorecon and policycoreutils-2.0.62/setfiles/restorecon differ -Binary files nsapolicycoreutils/setfiles/setfiles and policycoreutils-2.0.62/setfiles/setfiles differ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.62/setfiles/setfiles.c --- nsapolicycoreutils/setfiles/setfiles.c 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.62/setfiles/setfiles.c 2009-04-14 09:38:55.000000000 -0400 ++++ policycoreutils-2.0.62/setfiles/setfiles.c 2009-05-04 13:40:26.000000000 -0400 @@ -29,6 +29,8 @@ static int mass_relabel; static int mass_relabel_errs; @@ -1209,4 +1681,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po printf("\n"); exit(errors); } -Binary files nsapolicycoreutils/setfiles/setfiles.o and policycoreutils-2.0.62/setfiles/setfiles.o differ diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch index e3e7d2d..5c22113 100644 --- a/policycoreutils-sepolgen.patch +++ b/policycoreutils-sepolgen.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py --- nsasepolgen/src/sepolgen/access.py 2009-01-13 08:45:35.000000000 -0500 -+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py 2009-04-01 10:03:43.000000000 -0400 ++++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py 2009-04-21 14:54:12.000000000 -0400 @@ -313,7 +313,7 @@ def __len__(self): @@ -10,9 +10,30 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco def add(self, role, type): if self.role_types.has_key(role): +diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py +--- nsasepolgen/src/sepolgen/audit.py 2008-08-28 09:34:24.000000000 -0400 ++++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py 2009-04-24 13:19:39.000000000 -0400 +@@ -47,6 +47,17 @@ + stdout=subprocess.PIPE).communicate()[0] + return output + ++def get_log_msgs(): ++ """Obtain all of the avc and policy load messages from /var/log/messages. ++ ++ Returns: ++ string contain all of the audit messages returned by /var/log/messages. ++ """ ++ import subprocess ++ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"], ++ stdout=subprocess.PIPE).communicate()[0] ++ return output ++ + # Classes representing audit messages + + class AuditMessage: diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py --- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py 2009-02-18 16:52:27.000000000 -0500 ++++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py 2009-04-21 14:54:12.000000000 -0400 @@ -919,7 +919,7 @@ def list_headers(root): modules = [] diff --git a/policycoreutils.spec b/policycoreutils.spec index e863dfa..22bcbe7 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.62 -Release: 11%{?dist} +Release: 14%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -201,6 +201,9 @@ rm -rf %{buildroot} %config(noreplace) %{_sysconfdir}/sestatus.conf %attr(755,root,root) /etc/rc.d/init.d/restorecond %config(noreplace) /etc/selinux/restorecond.conf +%config(noreplace) /etc/selinux/restorecond_user.conf +%{_sysconfdir}/xdg/autostart/restorecond.desktop +%{_datadir}/dbus-1/services/org.selinux.Restorecond.service %preun if [ $1 -eq 0 ]; then @@ -221,7 +224,13 @@ else fi %changelog -* Thu Apr 16 2009 Dan Walsh 2.0.62-11 +* Wed Apr 22 2009 Dan Walsh 2.0.62-14 +- Fix audit2allow -a to retun /var/log/messages + +* Wed Apr 22 2009 Dan Walsh 2.0.62-13 +- Run restorecond as a user service + +* Thu Apr 16 2009 Dan Walsh 2.0.62-12 - Add semanage module support * Tue Apr 14 2009 Dan Walsh 2.0.62-10