* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5
- Remove recursion from fixfiles -R calls - Fix semanage to verify prefix
This commit is contained in:
parent
e4d5ab9795
commit
b77559325d
@ -1,6 +1,6 @@
|
|||||||
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.29/audit2allow/avc.py
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.29/audit2allow/avc.py
|
||||||
--- nsapolicycoreutils/audit2allow/avc.py 2006-09-14 08:07:24.000000000 -0400
|
--- nsapolicycoreutils/audit2allow/avc.py 2006-09-14 08:07:24.000000000 -0400
|
||||||
+++ policycoreutils-1.30.29/audit2allow/avc.py 2006-09-21 17:14:25.000000000 -0400
|
+++ policycoreutils-1.30.29/audit2allow/avc.py 2006-09-21 17:16:48.000000000 -0400
|
||||||
@@ -357,6 +357,15 @@
|
@@ -357,6 +357,15 @@
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
@ -19,7 +19,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2a
|
|||||||
found = 0
|
found = 0
|
||||||
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.30.29/restorecon/restorecon.8
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.30.29/restorecon/restorecon.8
|
||||||
--- nsapolicycoreutils/restorecon/restorecon.8 2006-08-28 16:58:19.000000000 -0400
|
--- nsapolicycoreutils/restorecon/restorecon.8 2006-08-28 16:58:19.000000000 -0400
|
||||||
+++ policycoreutils-1.30.29/restorecon/restorecon.8 2006-09-21 17:14:25.000000000 -0400
|
+++ policycoreutils-1.30.29/restorecon/restorecon.8 2006-09-21 17:16:48.000000000 -0400
|
||||||
@@ -23,6 +23,9 @@
|
@@ -23,6 +23,9 @@
|
||||||
|
|
||||||
.SH "OPTIONS"
|
.SH "OPTIONS"
|
||||||
@ -32,7 +32,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restore
|
|||||||
.TP
|
.TP
|
||||||
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.30.29/restorecon/restorecon.c
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.30.29/restorecon/restorecon.c
|
||||||
--- nsapolicycoreutils/restorecon/restorecon.c 2006-09-01 22:32:11.000000000 -0400
|
--- nsapolicycoreutils/restorecon/restorecon.c 2006-09-01 22:32:11.000000000 -0400
|
||||||
+++ policycoreutils-1.30.29/restorecon/restorecon.c 2006-09-21 17:14:25.000000000 -0400
|
+++ policycoreutils-1.30.29/restorecon/restorecon.c 2006-09-21 17:16:49.000000000 -0400
|
||||||
@@ -11,9 +11,10 @@
|
@@ -11,9 +11,10 @@
|
||||||
* restorecon [-Rnv] pathname...
|
* restorecon [-Rnv] pathname...
|
||||||
*
|
*
|
||||||
@ -189,7 +189,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restore
|
|||||||
}
|
}
|
||||||
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-1.30.29/restorecond/Makefile
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-1.30.29/restorecond/Makefile
|
||||||
--- nsapolicycoreutils/restorecond/Makefile 2006-08-28 16:58:19.000000000 -0400
|
--- nsapolicycoreutils/restorecond/Makefile 2006-08-28 16:58:19.000000000 -0400
|
||||||
+++ policycoreutils-1.30.29/restorecond/Makefile 2006-09-21 17:16:12.000000000 -0400
|
+++ policycoreutils-1.30.29/restorecond/Makefile 2006-09-21 17:16:49.000000000 -0400
|
||||||
@@ -5,14 +5,14 @@
|
@@ -5,14 +5,14 @@
|
||||||
INITDIR = $(DESTDIR)/etc/rc.d/init.d
|
INITDIR = $(DESTDIR)/etc/rc.d/init.d
|
||||||
SELINUXDIR = $(DESTDIR)/etc/selinux
|
SELINUXDIR = $(DESTDIR)/etc/selinux
|
||||||
@ -210,16 +210,18 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restore
|
|||||||
[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
|
[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
|
||||||
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.30.29/scripts/fixfiles
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.30.29/scripts/fixfiles
|
||||||
--- nsapolicycoreutils/scripts/fixfiles 2006-09-01 22:32:11.000000000 -0400
|
--- nsapolicycoreutils/scripts/fixfiles 2006-09-01 22:32:11.000000000 -0400
|
||||||
+++ policycoreutils-1.30.29/scripts/fixfiles 2006-09-21 17:14:25.000000000 -0400
|
+++ policycoreutils-1.30.29/scripts/fixfiles 2006-09-23 19:31:23.000000000 -0400
|
||||||
@@ -117,7 +117,7 @@
|
@@ -117,8 +117,8 @@
|
||||||
exit $?
|
exit $?
|
||||||
fi
|
fi
|
||||||
if [ ! -z "$RPMFILES" ]; then
|
if [ ! -z "$RPMFILES" ]; then
|
||||||
- for i in `echo $RPMFILES | sed 's/,/ /g'`; do
|
- for i in `echo $RPMFILES | sed 's/,/ /g'`; do
|
||||||
|
- rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* -f - 2>&1 >> $LOGFILE
|
||||||
+ for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
+ for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
||||||
rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* -f - 2>&1 >> $LOGFILE
|
+ rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
|
||||||
done
|
done
|
||||||
exit $?
|
exit $?
|
||||||
|
fi
|
||||||
@@ -219,7 +219,7 @@
|
@@ -219,7 +219,7 @@
|
||||||
# check if they specified both DIRS and RPMFILES
|
# check if they specified both DIRS and RPMFILES
|
||||||
#
|
#
|
||||||
@ -239,7 +241,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts
|
|||||||
usage
|
usage
|
||||||
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-1.30.29/scripts/fixfiles.8
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-1.30.29/scripts/fixfiles.8
|
||||||
--- nsapolicycoreutils/scripts/fixfiles.8 2006-08-28 16:58:19.000000000 -0400
|
--- nsapolicycoreutils/scripts/fixfiles.8 2006-08-28 16:58:19.000000000 -0400
|
||||||
+++ policycoreutils-1.30.29/scripts/fixfiles.8 2006-09-21 17:14:25.000000000 -0400
|
+++ policycoreutils-1.30.29/scripts/fixfiles.8 2006-09-21 17:16:49.000000000 -0400
|
||||||
@@ -3,9 +3,9 @@
|
@@ -3,9 +3,9 @@
|
||||||
fixfiles \- fix file security contexts.
|
fixfiles \- fix file security contexts.
|
||||||
|
|
||||||
@ -271,3 +273,35 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts
|
|||||||
.B [[dir/file] ... ]
|
.B [[dir/file] ... ]
|
||||||
List of files or directories trees that you wish to check file context on.
|
List of files or directories trees that you wish to check file context on.
|
||||||
|
|
||||||
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.29/semanage/seobject.py
|
||||||
|
--- nsapolicycoreutils/semanage/seobject.py 2006-09-14 08:07:24.000000000 -0400
|
||||||
|
+++ policycoreutils-1.30.29/semanage/seobject.py 2006-09-22 11:24:59.000000000 -0400
|
||||||
|
@@ -456,7 +456,9 @@
|
||||||
|
rc = semanage_user_set_mlslevel(self.sh, u, selevel)
|
||||||
|
if rc < 0:
|
||||||
|
raise ValueError(_("Could not set MLS level for %s") % name)
|
||||||
|
-
|
||||||
|
+ if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
|
||||||
|
+ raise ValueError(_("Invalid prefix %s") % prefix)
|
||||||
|
rc = semanage_user_set_prefix(self.sh, u, prefix)
|
||||||
|
if rc < 0:
|
||||||
|
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
|
||||||
|
@@ -486,6 +488,7 @@
|
||||||
|
|
||||||
|
def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
|
||||||
|
oldroles = ""
|
||||||
|
+ oldserange = ""
|
||||||
|
newroles = string.join(roles, ' ');
|
||||||
|
try:
|
||||||
|
if prefix == "" and len(roles) == 0 and serange == "" and selevel == "":
|
||||||
|
@@ -521,7 +524,9 @@
|
||||||
|
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
|
||||||
|
|
||||||
|
if prefix != "":
|
||||||
|
- semanage_user_set_prefix(self.sh, u, prefix)
|
||||||
|
+ if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
|
||||||
|
+ raise ValueError(_("Invalid prefix %s") % prefix)
|
||||||
|
+ semanage_user_set_prefix(self.sh, u, prefix)
|
||||||
|
|
||||||
|
if len(roles) != 0:
|
||||||
|
for r in roles:
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
Summary: SELinux policy core utilities.
|
Summary: SELinux policy core utilities.
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 1.30.29
|
Version: 1.30.29
|
||||||
Release: 4
|
Release: 5
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -122,6 +122,10 @@ fi
|
|||||||
[ -x /sbin/service ] && /sbin/service restorecond condrestart
|
[ -x /sbin/service ] && /sbin/service restorecond condrestart
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5
|
||||||
|
- Remove recursion from fixfiles -R calls
|
||||||
|
- Fix semanage to verify prefix
|
||||||
|
|
||||||
* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-4
|
* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-4
|
||||||
- More translations
|
- More translations
|
||||||
- Compile with -pie
|
- Compile with -pie
|
||||||
|
Loading…
Reference in New Issue
Block a user