rpms/policycoreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-2

Browse Source 
- Security fixes for seunshare
This commit is contained in:
Daniel J Walsh 2009-09-17 19:19:53 +00:00
parent 26d020dedb
commit b98d816316
2 changed files with 166 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

243
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.73/audit2allow/audit2allow diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.74/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500 --- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.73/audit2allow/audit2allow 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/audit2allow/audit2allow 2009-09-17 15:05:17.000000000 -0400
@@ -42,6 +42,8 @@ @@ -42,6 +42,8 @@
from optparse import OptionParser from optparse import OptionParser
@ -38,9 +38,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
else: else:
# This is the default if no input is specified # This is the default if no input is specified
f = sys.stdin f = sys.stdin
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/Makefile policycoreutils-2.0.73/load_policy/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/Makefile policycoreutils-2.0.74/load_policy/Makefile
--- nsapolicycoreutils/load_policy/Makefile 2008-08-28 09:34:24.000000000 -0400 --- nsapolicycoreutils/load_policy/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.73/load_policy/Makefile 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/load_policy/Makefile 2009-09-17 15:05:17.000000000 -0400
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
# Installation directories. # Installation directories.
PREFIX ?= ${DESTDIR}/usr PREFIX ?= ${DESTDIR}/usr
@ -49,18 +49,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
MANDIR ?= $(PREFIX)/share/man MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale LOCALEDIR ?= /usr/share/locale
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.73/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.74/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 --- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.73/Makefile 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/Makefile 2009-09-17 15:05:17.000000000 -0400
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui +SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.73/restorecond/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.74/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400 --- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.73/restorecond/Makefile 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/restorecond/Makefile 2009-09-17 15:05:17.000000000 -0400
@@ -1,17 +1,28 @@ @@ -1,17 +1,28 @@
# Installation directories. # Installation directories.
PREFIX ?= ${DESTDIR}/usr PREFIX ?= ${DESTDIR}/usr
@ -107,16 +107,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
relabel: install relabel: install
/sbin/restorecon $(SBINDIR)/restorecond /sbin/restorecon $(SBINDIR)/restorecond
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.73/restorecond/org.selinux.Restorecond.service diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.74/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/restorecond/org.selinux.Restorecond.service 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/restorecond/org.selinux.Restorecond.service 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
+[D-BUS Service] +[D-BUS Service]
+Name=org.selinux.Restorecond +Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u +Exec=/usr/sbin/restorecond -u
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.73/restorecond/restorecond.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.74/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400 --- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.73/restorecond/restorecond.c 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/restorecond/restorecond.c 2009-09-17 15:05:17.000000000 -0400
@@ -48,294 +48,38 @@ @@ -48,294 +48,38 @@
#include <signal.h> #include <signal.h>
#include <string.h> #include <string.h>
@ -607,9 +607,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
} }
+ +
+ +
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.73/restorecond/restorecond.conf diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.74/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400 --- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.73/restorecond/restorecond.conf 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/restorecond/restorecond.conf 2009-09-17 15:05:17.000000000 -0400
@@ -4,8 +4,5 @@ @@ -4,8 +4,5 @@
/etc/mtab /etc/mtab
/var/run/utmp /var/run/utmp
@ -620,9 +620,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
/root/.ssh/* /root/.ssh/*
- -
- -
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.73/restorecond/restorecond.desktop diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.74/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/restorecond/restorecond.desktop 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/restorecond/restorecond.desktop 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,7 @@ @@ -0,0 +1,7 @@
+[Desktop Entry] +[Desktop Entry]
+Name=File Context maintainer +Name=File Context maintainer
@ -631,9 +631,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+Encoding=UTF-8 +Encoding=UTF-8
+Type=Application +Type=Application
+StartupNotify=false +StartupNotify=false
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.73/restorecond/restorecond.h diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.74/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400 --- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.73/restorecond/restorecond.h 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/restorecond/restorecond.h 2009-09-17 15:05:17.000000000 -0400
@@ -24,7 +24,21 @@ @@ -24,7 +24,21 @@
#ifndef RESTORED_CONFIG_H #ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H #define RESTORED_CONFIG_H
@ -658,9 +658,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+extern void watch_list_free(int fd); +extern void watch_list_free(int fd);
#endif #endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.73/restorecond/restorecond.init diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.74/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init 2009-08-20 15:49:21.000000000 -0400 --- nsapolicycoreutils/restorecond/restorecond.init 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.73/restorecond/restorecond.init 2009-09-14 15:32:27.000000000 -0400 +++ policycoreutils-2.0.74/restorecond/restorecond.init 2009-09-17 15:05:17.000000000 -0400
@@ -75,16 +75,15 @@ @@ -75,16 +75,15 @@
status restorecond status restorecond
RETVAL=$? RETVAL=$?
@ -680,15 +680,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
exit $RETVAL exit $RETVAL
- -
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.73/restorecond/restorecond_user.conf diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.74/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/restorecond/restorecond_user.conf 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/restorecond/restorecond_user.conf 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,2 @@ @@ -0,0 +1,2 @@
+~/* +~/*
+~/public_html/* +~/public_html/*
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.73/restorecond/user.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.74/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/restorecond/user.c 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/restorecond/user.c 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,237 @@ @@ -0,0 +1,237 @@
+/* +/*
+ * restorecond + * restorecond
@ -927,9 +927,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ return 0; + return 0;
+} +}
+ +
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.73/restorecond/watch.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.74/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/restorecond/watch.c 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/restorecond/watch.c 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,254 @@ @@ -0,0 +1,254 @@
+#define _GNU_SOURCE +#define _GNU_SOURCE
+#include <sys/inotify.h> +#include <sys/inotify.h>
@ -1185,9 +1185,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ exitApp("Error watching config file."); + exitApp("Error watching config file.");
+} +}
+ +
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.73/sandbox/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.74/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/sandbox/Makefile 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/sandbox/Makefile 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,31 @@ @@ -0,0 +1,31 @@
+# Installation directories. +# Installation directories.
+PREFIX ?= ${DESTDIR}/usr +PREFIX ?= ${DESTDIR}/usr
@ -1220,9 +1220,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ ../../scripts/Lindent $(wildcard *.[ch]) + ../../scripts/Lindent $(wildcard *.[ch])
+ +
+relabel: +relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.73/sandbox/sandbox diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.74/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/sandbox/sandbox 2009-09-16 15:46:50.000000000 -0400 +++ policycoreutils-2.0.74/sandbox/sandbox 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,202 @@ @@ -0,0 +1,202 @@
+#!/usr/bin/python -E +#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil +import os, sys, getopt, socket, random, fcntl, shutil
@ -1426,9 +1426,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ +
+ sys.exit(rc) + sys.exit(rc)
+ +
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.73/sandbox/sandbox.8 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.74/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/sandbox/sandbox.8 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/sandbox/sandbox.8 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,26 @@ @@ -0,0 +1,26 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands" +.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME +.SH NAME
@ -1456,9 +1456,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+.TP +.TP
+runcon(1) +runcon(1)
+.PP +.PP
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.73/sandbox/sandboxX.sh diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.74/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/sandbox/sandboxX.sh 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/sandbox/sandboxX.sh 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,16 @@ @@ -0,0 +1,16 @@
+#!/bin/bash +#!/bin/bash
+export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`" +export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`"
@ -1476,13 +1476,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+exit $EXITCODE +exit $EXITCODE
+break +break
+done +done
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.73/sandbox/seunshare.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.74/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/sandbox/seunshare.c 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/sandbox/seunshare.c 2009-09-17 15:05:44.000000000 -0400
@@ -0,0 +1,203 @@ @@ -0,0 +1,284 @@
+#include <signal.h> +#include <signal.h>
+#include <sys/types.h> +#include <sys/types.h>
+#include <sys/wait.h> +#include <sys/wait.h>
+#include <syslog.h>
+#include <sys/mount.h> +#include <sys/mount.h>
+#include <pwd.h> +#include <pwd.h>
+#define _GNU_SOURCE +#define _GNU_SOURCE
@ -1493,10 +1494,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+#include <stdlib.h> +#include <stdlib.h>
+#include <cap-ng.h> +#include <cap-ng.h>
+#include <getopt.h> /* for getopt_long() form of getopt() */ +#include <getopt.h> /* for getopt_long() form of getopt() */
+#include <limits.h>
+#include <stdlib.h>
+#include <errno.h>
+ +
+#include <selinux/selinux.h> +#include <selinux/selinux.h>
+#include <selinux/context.h> /* for context-mangling functions */ +#include <selinux/context.h> /* for context-mangling functions */
+ +
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+/** +/**
+ * This function will drop the capabilities so that we are left + * This function will drop the capabilities so that we are left
+ * only with access to the audit system and the ability to raise + * only with access to the audit system and the ability to raise
@ -1507,15 +1515,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ * + *
+ * Returns zero on success, non-zero otherwise + * Returns zero on success, non-zero otherwise
+ */ + */
+static int drop_capabilities(int all) +static int drop_capabilities(int all, uid_t uid)
+{ +{
+ capng_clear(CAPNG_SELECT_BOTH); + capng_clear(CAPNG_SELECT_BOTH);
+ +
+ if (all) { + if (all) {
+ if (capng_lock() < 0) + if (capng_lock() < 0)
+ return -1; + return -1;
+ /* Change uid */
+ if (setresuid(uid, uid, uid)) {
+ fprintf(stderr, "Error changing uid, aborting.\n");
+ return -1;
+ }
+ } else { + } else {
+ if (capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SETPCAP, -1) < 0) { + if (capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SETPCAP, CAP_SETUID, -1) < 0) {
+ fprintf(stderr, "Error running capng_updatev\n");
+ return -1; + return -1;
+ } + }
+ } + }
@ -1552,6 +1566,50 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+} +}
+#define USAGE_STRING "USAGE: seunshare [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] " +#define USAGE_STRING "USAGE: seunshare [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] "
+ +
+
+
+static int verify_mount(const char *mntdir, struct passwd *pwd) {
+ struct stat sb;
+ if (stat(mntdir, &sb) == -1) {
+ perror("Invalid mount point");
+ return -1;
+ }
+ if (sb.st_uid != pwd->pw_uid) {
+ errno = EPERM;
+ syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
+ perror("Invalid mount point, reporting to administrator");
+ return -1;
+ }
+ return 0;
+}
+
+/**
+ * This function checks to see if the shell is known in /etc/shells.
+ * If so, it returns 1. On error or illegal shell, it returns 0.
+ */
+static int verify_shell(const char *shell_name)
+{
+ int found = 0;
+ const char *buf;
+
+ if (!(shell_name && shell_name[0]))
+ return found;
+
+ while ((buf = getusershell()) != NULL) {
+ /* ignore comments */
+ if (*buf == '#')
+ continue;
+
+ /* check the shell skipping newline char */
+ if (!strcmp(shell_name, buf)) {
+ found = 1;
+ break;
+ }
+ }
+ endusershell();
+ return found;
+}
+
+int main(int argc, char **argv) { +int main(int argc, char **argv) {
+ int rc; + int rc;
+ int status = -1; + int status = -1;
@ -1570,13 +1628,24 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ }; + };
+ capng_print_caps_text(CAPNG_PRINT_STDOUT, CAPNG_EFFECTIVE); + capng_print_caps_text(CAPNG_PRINT_STDOUT, CAPNG_EFFECTIVE);
+ +
+ struct passwd *pwd=getpwuid(getuid()); + uid_t uid = getuid();
+
+ if (!uid) {
+ fprintf(stderr, "Must not be root");
+ return -1;
+ }
+
+ struct passwd *pwd=getpwuid(uid);
+ if (!pwd) { + if (!pwd) {
+ perror("getpwduid failed"); + perror("getpwduid failed");
+ return -1; + return -1;
+ } + }
+ +
+ if (drop_capabilities(FALSE)) { + if (verify_shell(pwd->pw_shell) == 0) {
+ fprintf(stderr, "Error! Shell is not valid.\n");
+ }
+
+ if (drop_capabilities(FALSE, uid)) {
+ perror("Failed to drop capabilities"); + perror("Failed to drop capabilities");
+ return -1; + return -1;
+ } + }
@ -1590,9 +1659,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ switch (clflag) { + switch (clflag) {
+ case 't': + case 't':
+ tmpdir_s = optarg; + tmpdir_s = optarg;
+ if (verify_mount(tmpdir_s, pwd) < 0) return -1;
+ break; + break;
+ case 'h': + case 'h':
+ homedir_s = optarg; + homedir_s = optarg;
+ if (verify_mount(homedir_s, pwd) < 0) return -1;
+ if (verify_mount(pwd->pw_dir, pwd) < 0) return -1;
+ break; + break;
+ default: + default:
+ fprintf(stderr, "%s\n", USAGE_STRING); + fprintf(stderr, "%s\n", USAGE_STRING);
@ -1627,42 +1699,50 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ return -1; + return -1;
+ } + }
+ +
+ if (homedir_s && verify_mount(pwd->pw_dir, pwd) < 0)
+ return -1;
+
+ if (tmpdir_s && mount(tmpdir_s, "/tmp", NULL, MS_BIND, NULL) < 0) { + if (tmpdir_s && mount(tmpdir_s, "/tmp", NULL, MS_BIND, NULL) < 0) {
+ perror("Failed to mount /tmp"); + perror("Failed to mount /tmp");
+ return -1; + return -1;
+ } + }
+ +
+ if (drop_capabilities(TRUE)) { + if (tmpdir_s && verify_mount("/tmp", pwd) < 0)
+ return -1;
+
+ if (drop_capabilities(TRUE, uid)) {
+ perror("Failed to drop all capabilities"); + perror("Failed to drop all capabilities");
+ return -1; + return -1;
+ } + }
+ +
+ int child = fork(); + int child = fork();
+ if (!child) { + if (!child) {
+ char *display=NULL;
+ /* Construct a new environment */ + /* Construct a new environment */
+ char *d = getenv("DISPLAY"); + char *d = getenv("DISPLAY");
+ if (!d) { + if (d) {
+ perror("DISPLAY Not set"); + display = strdup(d);
+ exit(-1); + if (!display) {
+ perror("Out of memory");
+ exit(-1);
+ }
+ } + }
+ +
+ char *display = strdup(d);
+ if (!display) {
+ perror("Out of memory");
+ exit(-1);
+ }
+ if ((rc = clearenv())) { + if ((rc = clearenv())) {
+ perror("Unable to clear environment"); + perror("Unable to clear environment");
+ free(display);
+ exit(-1); + exit(-1);
+ } + }
+ +
+ if (setexeccon(scontext)) { + if (setexeccon(scontext)) {
+ fprintf(stderr, "Could not set exec context to %s.\n", + fprintf(stderr, "Could not set exec context to %s.\n",
+ scontext); + scontext);
+ free(display);
+ exit(-1); + exit(-1);
+ } + }
+ +
+ rc |= setenv("DISPLAY", display, 1); + if (display)
+ rc |= setenv("DISPLAY", display, 1);
+ rc |= setenv("HOME", pwd->pw_dir, 1); + rc |= setenv("HOME", pwd->pw_dir, 1);
+ rc |= setenv("SHELL", pwd->pw_shell, 1); + rc |= setenv("SHELL", pwd->pw_shell, 1);
+ rc |= setenv("USER", pwd->pw_name, 1); + rc |= setenv("USER", pwd->pw_name, 1);
@ -1675,6 +1755,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ } + }
+ +
+ execv(argv[optind], argv + optind); + execv(argv[optind], argv + optind);
+ free(display);
+ perror("execv"); + perror("execv");
+ exit(-1); + exit(-1);
+ } else { + } else {
@ -1683,9 +1764,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ +
+ return status; + return status;
+} +}
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.73/scripts/chcat diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.74/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400 --- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
+++ policycoreutils-2.0.73/scripts/chcat 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/scripts/chcat 2009-09-17 15:05:17.000000000 -0400
@@ -435,6 +435,8 @@ @@ -435,6 +435,8 @@
continue continue
except ValueError, e: except ValueError, e:
@ -1695,9 +1776,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
sys.exit(errors) sys.exit(errors)
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.73/scripts/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.74/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400 --- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.73/scripts/Makefile 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/scripts/Makefile 2009-09-17 15:05:17.000000000 -0400
@@ -5,7 +5,7 @@ @@ -5,7 +5,7 @@
MANDIR ?= $(PREFIX)/share/man MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale LOCALEDIR ?= /usr/share/locale
@ -1707,9 +1788,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
install: all install: all
-mkdir -p $(BINDIR) -mkdir -p $(BINDIR)
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.73/semanage/semanage diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.74/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-09-08 09:03:10.000000000 -0400 --- nsapolicycoreutils/semanage/semanage 2009-09-08 09:03:10.000000000 -0400
+++ policycoreutils-2.0.73/semanage/semanage 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/semanage/semanage 2009-09-17 15:05:17.000000000 -0400
@@ -85,6 +85,7 @@ @@ -85,6 +85,7 @@
-F, --file Treat target as an input file for command, change multiple settings -F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6) -p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
@ -1800,9 +1881,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
return return
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.73/semanage/seobject.py diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.74/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-09-08 09:03:10.000000000 -0400 --- nsapolicycoreutils/semanage/seobject.py 2009-09-08 09:03:10.000000000 -0400
+++ policycoreutils-2.0.73/semanage/seobject.py 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/semanage/seobject.py 2009-09-17 15:05:17.000000000 -0400
@@ -1586,9 +1586,16 @@ @@ -1586,9 +1586,16 @@
raise ValueError(_("Could not delete the file context %s") % target) raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k) semanage_fcontext_key_free(k)
@ -1834,9 +1915,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
for k in keys: for k in keys:
if fcon_dict[k]: if fcon_dict[k]:
if is_mls_enabled: if is_mls_enabled:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.73/semodule/semodule.8 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.74/semodule/semodule.8
--- nsapolicycoreutils/semodule/semodule.8 2009-09-17 08:59:43.000000000 -0400 --- nsapolicycoreutils/semodule/semodule.8 2009-09-17 08:59:43.000000000 -0400
+++ policycoreutils-2.0.73/semodule/semodule.8 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/semodule/semodule.8 2009-09-17 15:05:17.000000000 -0400
@@ -30,11 +30,17 @@ @@ -30,11 +30,17 @@
install/replace a module package install/replace a module package
.TP .TP
@ -1856,9 +1937,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
.B \-r,\-\-remove=MODULE_NAME .B \-r,\-\-remove=MODULE_NAME
remove existing module remove existing module
.TP .TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.73/semodule/semodule.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.74/semodule/semodule.c
--- nsapolicycoreutils/semodule/semodule.c 2009-09-17 08:59:43.000000000 -0400 --- nsapolicycoreutils/semodule/semodule.c 2009-09-17 08:59:43.000000000 -0400
+++ policycoreutils-2.0.73/semodule/semodule.c 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/semodule/semodule.c 2009-09-17 15:05:17.000000000 -0400
@@ -22,12 +22,12 @@ @@ -22,12 +22,12 @@
#include <semanage/modules.h> #include <semanage/modules.h>
@ -1976,9 +2057,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
semanage_module_info_datum_destroy semanage_module_info_datum_destroy
(m); (m);
} }
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.73/setfiles/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.74/setfiles/Makefile
--- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400 --- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400
+++ policycoreutils-2.0.73/setfiles/Makefile 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/setfiles/Makefile 2009-09-17 15:05:17.000000000 -0400
@@ -5,7 +5,7 @@ @@ -5,7 +5,7 @@
LIBDIR ?= $(PREFIX)/lib LIBDIR ?= $(PREFIX)/lib
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
@ -1997,9 +2078,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
restorecon: setfiles restorecon: setfiles
ln -sf setfiles restorecon ln -sf setfiles restorecon
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.73/setfiles/restore.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.74/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/setfiles/restore.c 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/setfiles/restore.c 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,519 @@ @@ -0,0 +1,519 @@
+#include "restore.h" +#include "restore.h"
+ +
@ -2520,9 +2601,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ +
+ +
+ +
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.73/setfiles/restore.h diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.74/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.73/setfiles/restore.h 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/setfiles/restore.h 2009-09-17 15:05:17.000000000 -0400
@@ -0,0 +1,49 @@ @@ -0,0 +1,49 @@
+#ifndef RESTORE_H +#ifndef RESTORE_H
+#define RESTORE_H +#define RESTORE_H
@ -2573,9 +2654,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+int process_one(char *name, int recurse); +int process_one(char *name, int recurse);
+ +
+#endif +#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.73/setfiles/setfiles.c diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.74/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-09-17 08:59:43.000000000 -0400 --- nsapolicycoreutils/setfiles/setfiles.c 2009-09-17 08:59:43.000000000 -0400
+++ policycoreutils-2.0.73/setfiles/setfiles.c 2009-09-09 17:05:42.000000000 -0400 +++ policycoreutils-2.0.74/setfiles/setfiles.c 2009-09-17 15:05:17.000000000 -0400
@@ -1,26 +1,12 @@ @@ -1,26 +1,12 @@
-#ifndef _GNU_SOURCE -#ifndef _GNU_SOURCE
-#define _GNU_SOURCE -#define _GNU_SOURCE
@ -3027,7 +3108,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
- -
- if (context) - if (context)
- freecon(context); - freecon(context);
-
- /* - /*
- * Do not relabel the file if -n was used. - * Do not relabel the file if -n was used.
- */ - */
@ -3066,7 +3147,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
- progname, ftsent->fts_path); - progname, ftsent->fts_path);
- return SKIP; - return SKIP;
- } - }
-
- int rc = restore(ftsent); - int rc = restore(ftsent);
- if (rc == ERR) { - if (rc == ERR) {
- if (!abort_on_error) - if (!abort_on_error)
@ -3189,7 +3270,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
return -1; return -1;
} }
@@ -804,20 +298,30 @@ @@ -804,20 +300,30 @@
char *buf = NULL; char *buf = NULL;
size_t buf_len; size_t buf_len;
char *base; char *base;
@ -3228,7 +3309,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if (!strcmp(base, SETFILES)) { if (!strcmp(base, SETFILES)) {
/* /*
@@ -832,28 +336,28 @@ @@ -832,28 +338,28 @@
iamrestorecon = 0; iamrestorecon = 0;
recurse = 1; recurse = 1;
expand_realpath = 0; expand_realpath = 0;
@ -3265,7 +3346,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
ctx_validate = 0; ctx_validate = 0;
/* restorecon only: silent exit if no SELinux. /* restorecon only: silent exit if no SELinux.
@@ -915,37 +419,37 @@ @@ -915,37 +421,37 @@
input_filename = optarg; input_filename = optarg;
break; break;
case 'd': case 'd':
@ -3312,7 +3393,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
break; break;
case 'R': case 'R':
case 'r': case 'r':
@@ -958,7 +462,7 @@ @@ -958,7 +464,7 @@
argv[0]); argv[0]);
exit(1); exit(1);
} }
@ -3321,7 +3402,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
fprintf(stderr, fprintf(stderr,
"%s: only one -r can be specified\n", "%s: only one -r can be specified\n",
argv[0]); argv[0]);
@@ -969,23 +473,23 @@ @@ -969,23 +475,23 @@
case 's': case 's':
use_input_file = 1; use_input_file = 1;
input_filename = "-"; input_filename = "-";
@ -3350,7 +3431,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
break; break;
case 'W': case 'W':
warn_no_match = 1; warn_no_match = 1;
@@ -1033,18 +537,13 @@ @@ -1033,18 +539,13 @@
} }
/* Load the file contexts configuration and check it. */ /* Load the file contexts configuration and check it. */
@ -3372,7 +3453,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if (use_input_file) { if (use_input_file) {
FILE *f = stdin; FILE *f = stdin;
ssize_t len; ssize_t len;
@@ -1061,6 +560,9 @@ @@ -1061,6 +562,9 @@
delim = (null_terminated != 0) ? '\0' : '\n'; delim = (null_terminated != 0) ? '\0' : '\n';
while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) { while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
buf[len - 1] = 0; buf[len - 1] = 0;
@ -3382,7 +3463,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
errors |= process_one_realpath(buf); errors |= process_one_realpath(buf);
} }
if (strcmp(input_filename, "-") != 0) if (strcmp(input_filename, "-") != 0)
@@ -1070,22 +572,21 @@ @@ -1070,22 +574,21 @@
errors |= process_one_realpath(argv[i]); errors |= process_one_realpath(argv[i]);
} }
} }

5
policycoreutils.spec
View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.0.74 Version: 2.0.74
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -297,6 +297,9 @@ fi
exit 0 exit 0
%changelog %changelog
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-2
- Security fixes for seunshare
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-1 * Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-1
- Update to upstream - Update to upstream
* Change semodule upgrade behavior to install even if the module * Change semodule upgrade behavior to install even if the module