rpms/policycoreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

update to match NSA

Browse Source
This commit is contained in:
Daniel J Walsh 2004-10-06 13:53:23 +00:00
parent 9246f4b79e
commit c259edf0b3
4 changed files with 50 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -1 +1,2 @@
policycoreutils-1.17.5.tgz policycoreutils-1.17.5.tgz
policycoreutils-1.17.6.tgz

113
policycoreutils-rhat.patch
View File

@ -1,4 +1,31 @@
--- policycoreutils-1.17.5/restorecon/restorecon.c.rhat 2004-08-30 11:46:46.000000000 -0400 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.17.5/restorecon/restorecon.8
--- nsapolicycoreutils/restorecon/restorecon.8 2004-09-10 11:25:57.000000000 -0400
+++ policycoreutils-1.17.5/restorecon/restorecon.8 2004-10-01 16:46:18.000000000 -0400
@@ -4,10 +4,10 @@
.SH "SYNOPSIS"
.B restorecon
-.I [\-o outfilename ] [\-n] [\-v] pathname...
+.I [\-o outfilename ] [\-R] [\-n] [\-v] pathname...
.P
.B restorecon
-.I \-f infilename [\-o outfilename ] [\-n] [\-v]
+.I \-f infilename [\-o outfilename ] [\-R] [\-n] [\-v]
.SH "DESCRIPTION"
This manual page describes the
@@ -26,6 +26,9 @@
.B \-f infilename
infilename contains a list of files to be processed by application. Use \- for stdin.
.TP
+.B \-R
+change files and directories file labels recursively
+.TP
.B \-n
don't change any file labels.
.TP
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.17.5/restorecon/restorecon.c
--- nsapolicycoreutils/restorecon/restorecon.c 2004-09-10 11:25:57.000000000 -0400
+++ policycoreutils-1.17.5/restorecon/restorecon.c 2004-10-01 16:46:18.000000000 -0400 +++ policycoreutils-1.17.5/restorecon/restorecon.c 2004-10-01 16:46:18.000000000 -0400
@@ -8,7 +8,7 @@ @@ -8,7 +8,7 @@
* to match the specification returned by matchpathcon. * to match the specification returned by matchpathcon.
@ -112,43 +139,10 @@
} }
} }
if (outfile) if (outfile)
--- policycoreutils-1.17.5/restorecon/restorecon.8.rhat 2004-08-30 11:46:46.000000000 -0400 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.17.5/scripts/fixfiles
+++ policycoreutils-1.17.5/restorecon/restorecon.8 2004-10-01 16:46:18.000000000 -0400 --- nsapolicycoreutils/scripts/fixfiles 2004-09-10 11:25:57.000000000 -0400
@@ -4,10 +4,10 @@ +++ policycoreutils-1.17.5/scripts/fixfiles 2004-10-05 14:20:00.351192190 -0400
@@ -48,14 +48,14 @@
.SH "SYNOPSIS"
.B restorecon
-.I [\-o outfilename ] [\-n] [\-v] pathname...
+.I [\-o outfilename ] [\-R] [\-n] [\-v] pathname...
.P
.B restorecon
-.I \-f infilename [\-o outfilename ] [\-n] [\-v]
+.I \-f infilename [\-o outfilename ] [\-R] [\-n] [\-v]
.SH "DESCRIPTION"
This manual page describes the
@@ -26,6 +26,9 @@
.B \-f infilename
infilename contains a list of files to be processed by application. Use \- for stdin.
.TP
+.B \-R
+change files and directories file labels recursively
+.TP
.B \-n
don't change any file labels.
.TP
--- policycoreutils-1.17.5/scripts/fixfiles.rhat 2004-08-30 11:46:47.000000000 -0400
+++ policycoreutils-1.17.5/scripts/fixfiles 2004-10-01 16:46:18.000000000 -0400
@@ -36,6 +36,8 @@
FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*\(ro/{print $3}';`
FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
SELINUXTYPE="targeted"
+FCFILE=`mktemp /var/tmp/file_contexts.XXXXXXXXXX`
+trap "rm -f $FCFILE; exit 2" 1 2 3 5 15
if [ -e /etc/selinux/config ]; then
. /etc/selinux/config
@@ -48,14 +50,14 @@
echo "logging to $LOGFILE" echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do for i in `echo $1 | sed 's/,/ /g'`; do
@ -161,11 +155,11 @@
echo "$FILESYSTEMSRO" echo "$FILESYSTEMSRO"
fi fi
- ${SETFILES} ${OUTFILES} -n -v ${FC} ${FILESYSTEMSRW} 2>&1 | tee $LOGFILE - ${SETFILES} ${OUTFILES} -n -v ${FC} ${FILESYSTEMSRW} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -n -v ${FCFILE} ${FILESYSTEMSRW} 2>&1 > $LOGFILE + ${SETFILES} ${OUTFILES} -n -v ${FC} ${FILESYSTEMSRW} 2>&1 > $LOGFILE
fi fi
} }
@@ -63,14 +65,14 @@ @@ -63,14 +63,14 @@
echo "logging to $LOGFILE" echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do for i in `echo $1 | sed 's/,/ /g'`; do
@ -178,11 +172,11 @@
echo "$FILESYSTEMSRO" echo "$FILESYSTEMSRO"
fi fi
- ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE - ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -v ${FCFILE} ${FILESYSTEMS} 2>&1 > $LOGFILE + ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 > $LOGFILE
fi fi
} }
@@ -80,29 +82,29 @@ @@ -80,29 +80,29 @@
rm -rf /tmp/.??* /tmp/* rm -rf /tmp/.??* /tmp/*
if [ ! -z "$1" ]; then if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do for i in `echo $1 | sed 's/,/ /g'`; do
@ -195,7 +189,7 @@
echo "$FILESYSTEMSRO" echo "$FILESYSTEMSRO"
fi fi
- ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE - ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -v ${FCFILE} ${FILESYSTEMS} 2>&1 > $LOGFILE + ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 > $LOGFILE
fi fi
} }
relabelCheck() { relabelCheck() {
@ -226,20 +220,19 @@
} }
@@ -110,6 +112,12 @@ @@ -110,6 +110,11 @@
echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] |check|restore|[-F] relabel}" echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] |check|restore|[-F] relabel}"
} }
+if [ $# = 0 ]; then +if [ $# = 0 ]; then
+ usage + usage
+ rm -f $FCFILE
+ exit 1 + exit 1
+fi +fi
+ +
# See how we were called. # See how we were called.
for i in $@; do for i in $@; do
if [ $rpmFlag = 2 ]; then if [ $rpmFlag = 2 ]; then
@@ -127,6 +135,7 @@ @@ -127,6 +132,7 @@
logfileFlag=1 logfileFlag=1
continue continue
fi fi
@ -247,32 +240,17 @@
case "$i" in case "$i" in
check) check)
checkFlag=1 checkFlag=1
@@ -151,22 +160,38 @@ @@ -158,15 +164,23 @@
;;
*)
usage usage
+ rm -f $FCFILE
exit 1
esac
done
if [ `expr $checkFlag + $restoreFlag + $relabelFlag` -gt 1 ]; then
usage
+ rm -f $FCFILE
exit 1 exit 1
fi fi
+ +
+cp $FC $FCFILE
+# +#
+# Check for removable devices +# Check for removable devices
+# +#
+for i in /proc/ide/hd*/media; do
+ grep -q cdrom $i && echo $i | awk -F / '{ print "/dev/"$4"\t-b\tsystem_u:object_r:removable_device_t"}' >> $FCFILE || true
+done
+
+if [ $logfileFlag = 0 ]; then +if [ $logfileFlag = 0 ]; then
+ LOGFILE=`mktemp /var/tmp/fixfiles.log.XXXXXXXXXX` + LOGFILE=`mktemp /var/tmp/fixfiles.log.XXXXXXXXXX`
+ if [ ! -w $LOGFILE ] ; then + if [ ! -w $LOGFILE ] ; then
+ rm -f $FCFILE
+ exit 1 + exit 1
+ fi + fi
+fi +fi
@ -289,17 +267,17 @@
if [ $relabelFlag = 1 ]; then if [ $relabelFlag = 1 ]; then
if [ $fullFlag = 1 ]; then if [ $fullFlag = 1 ]; then
relabel $rpmFiles relabel $rpmFiles
@@ -174,6 +199,6 @@ @@ -174,6 +188,5 @@
relabelCheck $rpmFiles relabelCheck $rpmFiles
fi fi
fi fi
-exit $? -exit $?
- -
+rm $FCFILE
+exit $? +exit $?
--- policycoreutils-1.17.5/setfiles/setfiles.8.rhat 2004-10-01 18:37:41.776923384 -0400 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-1.17.5/setfiles/setfiles.8
+++ policycoreutils-1.17.5/setfiles/setfiles.8 2004-10-01 18:38:38.072735318 -0400 --- nsapolicycoreutils/setfiles/setfiles.8 2004-09-10 11:25:57.000000000 -0400
+++ policycoreutils-1.17.5/setfiles/setfiles.8 2004-10-01 18:38:38.000000000 -0400
@@ -4,7 +4,7 @@ @@ -4,7 +4,7 @@
.SH "SYNOPSIS" .SH "SYNOPSIS"
@ -319,7 +297,8 @@
.B \-o filename .B \-o filename
save list of files with incorrect context in filename. save list of files with incorrect context in filename.
.TP .TP
--- policycoreutils-1.17.5/setfiles/setfiles.c.rhat 2004-08-30 11:46:46.000000000 -0400 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.17.5/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2004-09-10 11:25:57.000000000 -0400
+++ policycoreutils-1.17.5/setfiles/setfiles.c 2004-10-01 18:35:17.000000000 -0400 +++ policycoreutils-1.17.5/setfiles/setfiles.c 2004-10-01 18:35:17.000000000 -0400
@@ -12,8 +12,9 @@ @@ -12,8 +12,9 @@
* the user. The program does not cross file system boundaries. * the user. The program does not cross file system boundaries.

4
policycoreutils.spec
View File

@ -1,7 +1,7 @@
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.17.5 Version: 1.17.6
Release: 6 Release: 1
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz

2
sources
View File

@ -1 +1 @@
a53c1c20cb22e30beb106dcc1f286eab policycoreutils-1.17.5.tgz 362ef76f7faaf84dd9f199df2ffaad85 policycoreutils-1.17.6.tgz