rpms/policycoreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

*** empty log message ***

Browse Source
This commit is contained in:
Daniel J Walsh 2005-11-17 04:08:11 +00:00
parent 2e57c61e4f
commit c264106d43
2 changed files with 50 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.28/audit2allow/audit2allow diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.28/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2005-09-12 16:33:30.000000000 -0400 --- nsapolicycoreutils/audit2allow/audit2allow 2005-09-12 16:33:30.000000000 -0400
+++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-16 21:48:07.000000000 -0500 +++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-16 23:07:04.000000000 -0500
@@ -1,7 +1,12 @@ @@ -1,7 +1,12 @@
-#!/usr/bin/perl -#!/usr/bin/perl
- -
@ -17,7 +17,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as # modify it under the terms of the GNU General Public License as
@@ -17,148 +22,227 @@ @@ -17,148 +22,255 @@
# along with this program; if not, write to the Free Software # along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
# 02111-1307 USA # 02111-1307 USA
@ -125,6 +125,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ ret=ret+"NAME=%s " % x[2] + ret=ret+"NAME=%s " % x[2]
+ ret=ret + " : " + i + ret=ret + " : " + i
+ return ret + return ret
+
+ def gettarget(self): + def gettarget(self):
+ if self.source == self.target: + if self.source == self.target:
+ return "self" + return "self"
@ -166,12 +167,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ def __init__(self, input, last_reload=0, verbose=0): + def __init__(self, input, last_reload=0, verbose=0):
+ self.last_reload=last_reload + self.last_reload=last_reload
+ self.allowRules={} + self.allowRules={}
+ line = input.readline()
+ avc=[]
+ found=0
+ self.seclasses={} + self.seclasses={}
+ self.types=[] + self.types=[]
+ self.roles=[] + self.roles=[]
+ self.load(input)
+
+ def load(self, input):
+ avc=[]
+ found=0
+ line = input.readline()
+ while line: + while line:
+ rec=line.split() + rec=line.split()
+ for i in rec: + for i in rec:
@ -185,6 +189,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ avc=[] + avc=[]
+ line = input.readline() + line = input.readline()
+ +
+
+ def add(self,avc): + def add(self,avc):
+ scon="" + scon=""
+ tcon="" + tcon=""
@ -201,7 +206,16 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ self.allowRules={} + self.allowRules={}
+ return + return
+ for i in range (0, len(avc)): + for i in range (0, len(avc)):
+ if avc[i]=="{":
+ i=i+1
+ while i<len(avc) and avc[i] != "}":
+ access.append(avc[i])
+ i=i+1
+ continue
+
+ t=avc[i].split('=') + t=avc[i].split('=')
+ if len(t) < 2:
+ continue
+ if t[0]=="scontext": + if t[0]=="scontext":
+ context=t[1].split(":") + context=t[1].split(":")
+ scon=context[2] + scon=context[2]
@ -224,11 +238,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ if t[0]=="msg": + if t[0]=="msg":
+ msg=t[1] + msg=t[1]
+ continue + continue
+ if avc[i]=="{": +
+ i=i+1
+ while i<len(avc) and avc[i] != "}":
+ access.append(avc[i])
+ i=i+1
+ if scon=="" or tcon =="" or seclass=="": + if scon=="" or tcon =="" or seclass=="":
+ return + return
+ +
@ -332,7 +342,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
- -o append output to <outputfile>\n"; - -o append output to <outputfile>\n";
- exit; - exit;
-} -}
-
+ def out(self, module): + def out(self, module):
+ rec="" + rec=""
+ if module!="": + if module!="":
@ -342,14 +351,23 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ return rec + return rec
+ +
+def usage(): +def usage():
+ print 'audit2allow [-d] [-v] [-l] [-i <inputfile> ] [-o <outputfile>]\n\ + print 'audit2allow [-a] [-d] [-l] [-v] [-i <inputfile> ] [-m <modulename> ] [-o <outputfile>]\n\
+ -a read input from audit and message log\n\
+ -d read input from output of /bin/dmesg\n\ + -d read input from output of /bin/dmesg\n\
+ -v verbose output\n\ + -i read input from <inputfile> conflicts with -a\n\
+ -l read input only after last \"load_policy\"\n\ + -l read input only after last \"load_policy\"\n\
+ -i read input from <inputfile>\n\ + -m module output <modulename> \n\
+ -m module output <modulename>\n\ + -o append output to <outputfile>\n\
+ -o append output to <outputfile>\n' + -v verbose output\n\
+ '
+ sys.exit(1) + sys.exit(1)
+
+def errorExit(error):
+ sys.stderr.write("%s exiting for: " % sys.argv[0])
+ sys.stderr.write("%s\n" % error)
+ sys.stderr.flush()
+ sys.exit(1)
+# +#
+# This script will generate home dir file context +# This script will generate home dir file context
+# based off the homedir_template file, entries in the password file, and +# based off the homedir_template file, entries in the password file, and
@ -360,14 +378,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ output=sys.stdout + output=sys.stdout
+ module="" + module=""
+ verbose=0 + verbose=0
+ gopts, cmds = getopt.getopt(sys.argv[1:], 'vdo:hli:m:', ['help', + auditlogs=0
+ gopts, cmds = getopt.getopt(sys.argv[1:], 'avdo:hli:m:', ['help',
+ 'last_reload=']) + 'last_reload='])
+ for o,a in gopts: + for o,a in gopts:
+ if o == '--last_reload' or o == "-l": + if o == '--last_reload' or o == "-l":
+ last_reload=1 + last_reload=1
+ if o == "-v": + if o == "-v":
+ verbose=1 + verbose=1
+ if o == "-a":
+ input=open("/var/log/messages", "r")
+ auditlogs=1
+ if o == "-i": + if o == "-i":
+ if auditlogs:
+ usage()
+ input=open(a, "r") + input=open(a, "r")
+ if o == "-m": + if o == "-m":
+ module=a + module=a
@ -380,17 +404,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
+ if len(cmds) != 0: + if len(cmds) != 0:
+ usage() + usage()
+ out=allowRecords(input, last_reload, verbose) + out=allowRecords(input, last_reload, verbose)
+ if auditlogs:
+ input=open("/var/log/audit/audit.log", "r")
+ out.load(input)
+ output.write(out.out(module)) + output.write(out.out(module))
+ +
+except getopt.error, error: +except getopt.error, error:
+ errorExit(string.join("Options Error ", error)) + errorExit(string.join("Options Error ", error))
+except ValueError, error: +except ValueError, error:
+ errorExit(string.join("ValueError ", error)) + errorExit(string.join("ValueError ", error))
+except IndexError, error: +except KeyboardInterrupt, error:
+ errorExit("IndexError") + sys.exit(0)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.perl policycoreutils-1.27.28/audit2allow/audit2allow.perl diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.perl policycoreutils-1.27.28/audit2allow/audit2allow.perl
--- nsapolicycoreutils/audit2allow/audit2allow.perl 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/audit2allow/audit2allow.perl 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.27.28/audit2allow/audit2allow.perl 2005-11-16 21:45:38.000000000 -0500 +++ policycoreutils-1.27.28/audit2allow/audit2allow.perl 2005-11-16 22:33:25.000000000 -0500
@@ -0,0 +1,164 @@ @@ -0,0 +1,164 @@
+#!/usr/bin/perl +#!/usr/bin/perl
+ +
@ -558,7 +585,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.
+ +
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.28/scripts/genhomedircon diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.28/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2005-11-16 15:27:46.000000000 -0500 --- nsapolicycoreutils/scripts/genhomedircon 2005-11-16 15:27:46.000000000 -0500
+++ policycoreutils-1.27.28/scripts/genhomedircon 2005-11-16 21:45:38.000000000 -0500 +++ policycoreutils-1.27.28/scripts/genhomedircon 2005-11-16 22:33:25.000000000 -0500
@@ -29,7 +29,9 @@ @@ -29,7 +29,9 @@
import commands, sys, os, pwd, string, getopt, re import commands, sys, os, pwd, string, getopt, re
from semanage import *; from semanage import *;

4
policycoreutils.spec
View File

@ -3,7 +3,7 @@
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.27.28 Version: 1.27.28
Release: 1 Release: 2
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -89,7 +89,7 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog %changelog
* Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-1 * Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-2
- Update to match NSA - Update to match NSA
* Merged genhomedircon rewrite from Dan Walsh. * Merged genhomedircon rewrite from Dan Walsh.
- Rewrite audit2allow to python - Rewrite audit2allow to python