diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 6d5d1b6..283d77f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.28/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2005-09-12 16:33:30.000000000 -0400 -+++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-16 21:48:07.000000000 -0500 ++++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-16 23:07:04.000000000 -0500 @@ -1,7 +1,12 @@ -#!/usr/bin/perl - @@ -17,7 +17,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as -@@ -17,148 +22,227 @@ +@@ -17,148 +22,255 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA # 02111-1307 USA @@ -125,6 +125,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow + ret=ret+"NAME=%s " % x[2] + ret=ret + " : " + i + return ret ++ + def gettarget(self): + if self.source == self.target: + return "self" @@ -166,12 +167,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow + def __init__(self, input, last_reload=0, verbose=0): + self.last_reload=last_reload + self.allowRules={} -+ line = input.readline() -+ avc=[] -+ found=0 + self.seclasses={} + self.types=[] + self.roles=[] ++ self.load(input) ++ ++ def load(self, input): ++ avc=[] ++ found=0 ++ line = input.readline() + while line: + rec=line.split() + for i in rec: @@ -185,6 +189,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow + avc=[] + line = input.readline() + ++ + def add(self,avc): + scon="" + tcon="" @@ -201,7 +206,16 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow + self.allowRules={} + return + for i in range (0, len(avc)): ++ if avc[i]=="{": ++ i=i+1 ++ while i\n"; - exit; -} -- + def out(self, module): + rec="" + if module!="": @@ -342,14 +351,23 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow + return rec + +def usage(): -+ print 'audit2allow [-d] [-v] [-l] [-i ] [-o ]\n\ ++ print 'audit2allow [-a] [-d] [-l] [-v] [-i ] [-m ] [-o ]\n\ ++ -a read input from audit and message log\n\ + -d read input from output of /bin/dmesg\n\ -+ -v verbose output\n\ ++ -i read input from conflicts with -a\n\ + -l read input only after last \"load_policy\"\n\ -+ -i read input from \n\ -+ -m module output \n\ -+ -o append output to \n' ++ -m module output \n\ ++ -o append output to \n\ ++ -v verbose output\n\ ++ ' + sys.exit(1) ++ ++def errorExit(error): ++ sys.stderr.write("%s exiting for: " % sys.argv[0]) ++ sys.stderr.write("%s\n" % error) ++ sys.stderr.flush() ++ sys.exit(1) + +# +# This script will generate home dir file context +# based off the homedir_template file, entries in the password file, and @@ -360,14 +378,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow + output=sys.stdout + module="" + verbose=0 -+ gopts, cmds = getopt.getopt(sys.argv[1:], 'vdo:hli:m:', ['help', ++ auditlogs=0 ++ gopts, cmds = getopt.getopt(sys.argv[1:], 'avdo:hli:m:', ['help', + 'last_reload=']) + for o,a in gopts: + if o == '--last_reload' or o == "-l": + last_reload=1 + if o == "-v": + verbose=1 ++ if o == "-a": ++ input=open("/var/log/messages", "r") ++ auditlogs=1 + if o == "-i": ++ if auditlogs: ++ usage() + input=open(a, "r") + if o == "-m": + module=a @@ -380,17 +404,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow + if len(cmds) != 0: + usage() + out=allowRecords(input, last_reload, verbose) ++ if auditlogs: ++ input=open("/var/log/audit/audit.log", "r") ++ out.load(input) + output.write(out.out(module)) + +except getopt.error, error: + errorExit(string.join("Options Error ", error)) +except ValueError, error: + errorExit(string.join("ValueError ", error)) -+except IndexError, error: -+ errorExit("IndexError") ++except KeyboardInterrupt, error: ++ sys.exit(0) diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.perl policycoreutils-1.27.28/audit2allow/audit2allow.perl --- nsapolicycoreutils/audit2allow/audit2allow.perl 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.27.28/audit2allow/audit2allow.perl 2005-11-16 21:45:38.000000000 -0500 ++++ policycoreutils-1.27.28/audit2allow/audit2allow.perl 2005-11-16 22:33:25.000000000 -0500 @@ -0,0 +1,164 @@ +#!/usr/bin/perl + @@ -558,7 +585,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow. + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.28/scripts/genhomedircon --- nsapolicycoreutils/scripts/genhomedircon 2005-11-16 15:27:46.000000000 -0500 -+++ policycoreutils-1.27.28/scripts/genhomedircon 2005-11-16 21:45:38.000000000 -0500 ++++ policycoreutils-1.27.28/scripts/genhomedircon 2005-11-16 22:33:25.000000000 -0500 @@ -29,7 +29,9 @@ import commands, sys, os, pwd, string, getopt, re from semanage import *; diff --git a/policycoreutils.spec b/policycoreutils.spec index 5c191e0..2a854a2 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -3,7 +3,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.27.28 -Release: 1 +Release: 2 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -89,7 +89,7 @@ rm -rf ${RPM_BUILD_ROOT} %changelog -* Wed Nov 16 2005 Dan Walsh 1.27.28-1 +* Wed Nov 16 2005 Dan Walsh 1.27.28-2 - Update to match NSA * Merged genhomedircon rewrite from Dan Walsh. - Rewrite audit2allow to python