Update Miroslav Grepl Patches
* If there is no executable we don't want to print a part of STANDARD FILE CON * Add-manpages-for-typealiased-types * Make fixfiles_exclude_dirs working if there is a substituion for the given d
This commit is contained in:
parent
f8435958ae
commit
cbb4c3ee48
@ -695701,7 +695701,7 @@ index 97f3920..c92e394 100644
|
||||
}
|
||||
|
||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||
index 5c29eb9..75d3c8d 100755
|
||||
index 5c29eb9..097152f 100755
|
||||
--- a/policycoreutils/scripts/fixfiles
|
||||
+++ b/policycoreutils/scripts/fixfiles
|
||||
@@ -116,6 +116,7 @@ exclude_dirs() {
|
||||
@ -695712,6 +695712,36 @@ index 5c29eb9..75d3c8d 100755
|
||||
FORCEFLAG=""
|
||||
DIRS=""
|
||||
RPMILES=""
|
||||
@@ -137,6 +138,9 @@ else
|
||||
FC=/etc/security/selinux/file_contexts
|
||||
fi
|
||||
|
||||
+FC_SUB_DIST=${FC}.subs_dist
|
||||
+FC_SUB=${FC}.subs
|
||||
+
|
||||
#
|
||||
# Log to either syslog or a LOGFILE
|
||||
#
|
||||
@@ -243,6 +247,10 @@ then
|
||||
logit "skipping the directory ${p}"
|
||||
done
|
||||
FC=$TEMPFCFILE
|
||||
+/bin/cp -p ${TEMPFCFILE} ${TEMPFCFILE}.subs_dist &>/dev/null || exit
|
||||
+/bin/cp -p ${FC_SUB_DIST} ${TEMPFCFILE}.subs_dist &>/dev/null || exit
|
||||
+/bin/cp -p ${TEMPFCFILE} ${TEMPFCFILE}.subs &>/dev/null || exit
|
||||
+/bin/cp -p ${FC_SUB} ${TEMPFCFILE}.subs &>/dev/null || exit
|
||||
fi
|
||||
if [ ! -z "$RPMFILES" ]; then
|
||||
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
||||
@@ -264,7 +272,7 @@ if [ ${OPTION} != "Relabel" ]; then
|
||||
return
|
||||
fi
|
||||
echo "Cleaning up labels on /tmp"
|
||||
-rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE
|
||||
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE ${TEMPFCFILE}.subs_dist ${TEMPFCFILE}.subs
|
||||
|
||||
UNDEFINED=`get_undefined_type` || exit $?
|
||||
UNLABELED=`get_unlabeled_type` || exit $?
|
||||
diff --git a/policycoreutils/semanage/Makefile b/policycoreutils/semanage/Makefile
|
||||
index 8fc8e0b..9bb4f24 100644
|
||||
--- a/policycoreutils/semanage/Makefile
|
||||
@ -696174,7 +696204,7 @@ index 36b41cd..209c308 100644
|
||||
sys.exit(1)
|
||||
|
||||
diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8
|
||||
index 0fad36c..ac39862 100644
|
||||
index 0fad36c..75b782f 100644
|
||||
--- a/policycoreutils/semanage/semanage.8
|
||||
+++ b/policycoreutils/semanage/semanage.8
|
||||
@@ -8,7 +8,7 @@ semanage \- SELinux Policy Management tool
|
||||
@ -696186,6 +696216,16 @@ index 0fad36c..ac39862 100644
|
||||
|
||||
.B export
|
||||
Output local customizations
|
||||
@@ -51,8 +51,7 @@ to SELinux user identities (which controls the initial security context
|
||||
assigned to Linux users when they login and bounds their authorized role set)
|
||||
as well as security context mappings for various kinds of objects, such
|
||||
as network ports, interfaces, and nodes (hosts) as well as the file
|
||||
-context mapping. See the EXAMPLES section below for some examples
|
||||
-of common usage. Note that the semanage login command deals with the
|
||||
+context mapping. Note that the semanage login command deals with the
|
||||
mapping from Linux usernames (logins) to SELinux user identities,
|
||||
while the semanage user command deals with the mapping from SELinux
|
||||
user identities to authorized role sets. In most cases, only the
|
||||
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
||||
deleted file mode 100644
|
||||
index f8d2243..0000000
|
||||
@ -704127,10 +704167,10 @@ index bbabb3b..b17f6af 100644
|
||||
os.remove(v)
|
||||
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
index ba15b2c..835dc43 100755
|
||||
index ba15b2c..d5f0f66 100755
|
||||
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
@@ -30,7 +30,7 @@ import selinux
|
||||
@@ -30,103 +30,111 @@ import selinux
|
||||
import sepolicy
|
||||
from sepolicy import *
|
||||
|
||||
@ -704138,8 +704178,16 @@ index ba15b2c..835dc43 100755
|
||||
+import subprocess
|
||||
import sys, os, re, time
|
||||
|
||||
+
|
||||
+typealias_types = {
|
||||
+"antivirus_t":("amavis_t", "clamd_t", "clamscan_t", "freshclam_t"),
|
||||
+"cluster_t":("rgmanager_t", "corosync_t", "aisexec_t", "pacemaker_t"),
|
||||
+"svirt_t":("qemu_t"),
|
||||
+"httpd_t":("phpfpm_t"),
|
||||
+}
|
||||
+
|
||||
equiv_dict={ "smbd" : [ "samba" ], "httpd" : [ "apache" ], "virtd" : [ "virt", "libvirt", "svirt", "svirt_tcg", "svirt_lxc_t", "svirt_lxc_net_t" ], "named" : [ "bind" ], "fsdaemon" : [ "smartmon" ], "mdadm" : [ "raid" ] }
|
||||
@@ -38,95 +38,95 @@ equiv_dict={ "smbd" : [ "samba" ], "httpd" : [ "apache" ], "virtd" : [ "virt", "
|
||||
|
||||
equiv_dirs=[ "/var" ]
|
||||
modules_dict = None
|
||||
def gen_modules_dict(path = "/usr/share/selinux/devel/policy.xml"):
|
||||
@ -704311,7 +704359,7 @@ index ba15b2c..835dc43 100755
|
||||
|
||||
def prettyprint(f,trim):
|
||||
return " ".join(f[:-len(trim)].split("_"))
|
||||
@@ -135,72 +135,78 @@ def prettyprint(f,trim):
|
||||
@@ -135,72 +143,78 @@ def prettyprint(f,trim):
|
||||
manpage_domains = []
|
||||
manpage_roles = []
|
||||
|
||||
@ -704447,7 +704495,7 @@ index ba15b2c..835dc43 100755
|
||||
<html>
|
||||
<head>
|
||||
<link rel=stylesheet type="text/css" href="style.css" title="style">
|
||||
@@ -219,11 +225,11 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
@@ -219,11 +233,11 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
</tr></table>
|
||||
<pre>
|
||||
""")
|
||||
@ -704462,7 +704510,7 @@ index ba15b2c..835dc43 100755
|
||||
</pre>
|
||||
<hr>
|
||||
<h3>RHEL</h3>
|
||||
@@ -233,24 +239,24 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
@@ -233,24 +247,24 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
</tr></table>
|
||||
<pre>
|
||||
""")
|
||||
@ -704500,7 +704548,7 @@ index ba15b2c..835dc43 100755
|
||||
</head>
|
||||
<body>
|
||||
<h1>SELinux man pages for Fedora18</h1>
|
||||
@@ -259,26 +265,26 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
@@ -259,26 +273,26 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
<td valign="middle">
|
||||
<h3>SELinux roles</h3>
|
||||
""")
|
||||
@ -704541,7 +704589,7 @@ index ba15b2c..835dc43 100755
|
||||
</pre>
|
||||
<hr>
|
||||
<table><tr>
|
||||
@@ -286,38 +292,38 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
@@ -286,38 +300,38 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
<h3>SELinux domains</h3>"""
|
||||
% rolename_body)
|
||||
|
||||
@ -704600,7 +704648,7 @@ index ba15b2c..835dc43 100755
|
||||
html, body {
|
||||
background-color: #fcfcfc;
|
||||
font-family: arial, sans-serif;
|
||||
@@ -326,9 +332,9 @@ html, body {
|
||||
@@ -326,9 +340,9 @@ html, body {
|
||||
}
|
||||
|
||||
h1, h2, h3, h4, h5, h5 {
|
||||
@ -704613,7 +704661,7 @@ index ba15b2c..835dc43 100755
|
||||
}
|
||||
|
||||
a {
|
||||
@@ -374,159 +380,159 @@ pre.code {
|
||||
@@ -374,159 +388,198 @@ pre.code {
|
||||
}
|
||||
""")
|
||||
|
||||
@ -704859,6 +704907,7 @@ index ba15b2c..835dc43 100755
|
||||
- self._file_context()
|
||||
- self._public_content()
|
||||
- self._footer()
|
||||
+
|
||||
+ self.anon_list = []
|
||||
+
|
||||
+ self.attributes = {}
|
||||
@ -704866,6 +704915,16 @@ index ba15b2c..835dc43 100755
|
||||
+ self._get_ptypes()
|
||||
+
|
||||
+ for domain_type in self.ptypes:
|
||||
+ try:
|
||||
+ if typealias_types[domain_type]:
|
||||
+ fd = self.fd
|
||||
+ man_page_path = self.man_page_path
|
||||
+ for t in typealias_types[domain_type]:
|
||||
+ self._typealias_gen_man(t)
|
||||
+ self.fd = fd
|
||||
+ self.man_page_path = man_page_path
|
||||
+ except KeyError:
|
||||
+ continue;
|
||||
+ self.attributes[domain_type] = sepolicy.info(sepolicy.TYPE,("%s") % domain_type)[0]["attributes"]
|
||||
+
|
||||
+ self._header()
|
||||
@ -704886,6 +704945,34 @@ index ba15b2c..835dc43 100755
|
||||
+ for f in self.all_domains:
|
||||
+ if f.startswith(self.short_name) or f.startswith(self.domainname):
|
||||
+ self.ptypes.append(f)
|
||||
+
|
||||
+ def _typealias_gen_man(self, t):
|
||||
+ self.man_page_path = "%s/%s_selinux.8" % (self.path, t[:-2])
|
||||
+ self.ports = []
|
||||
+ self.booltext = ""
|
||||
+ self.fd = open(self.man_page_path, 'w')
|
||||
+ self._typealias(t[:-2])
|
||||
+ self._footer()
|
||||
+ self.fd.close()
|
||||
+
|
||||
+ def _typealias(self,typealias):
|
||||
+ self.fd.write('.TH "%(typealias)s_selinux" "8" "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
|
||||
+ % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
|
||||
+ self.fd.write(r"""
|
||||
+.SH "NAME"
|
||||
+%(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
|
||||
+.SH "DESCRIPTION"
|
||||
+
|
||||
+%(typealias)s_t SELinux domain type is now associated with %(domainname)s domain type (%(domainname)s_t).
|
||||
+""" % {'typealias':typealias, 'domainname':self.domainname})
|
||||
+
|
||||
+ self.fd.write(r"""
|
||||
+Please see
|
||||
+
|
||||
+.B %(domainname)s_selinux
|
||||
+
|
||||
+man page for more details.
|
||||
+""" % {'domainname':self.domainname})
|
||||
|
||||
def _header(self):
|
||||
- self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
|
||||
@ -704897,7 +704984,7 @@ index ba15b2c..835dc43 100755
|
||||
.SH "NAME"
|
||||
%(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
|
||||
.SH "DESCRIPTION"
|
||||
@@ -543,20 +549,20 @@ For example:
|
||||
@@ -543,20 +596,20 @@ For example:
|
||||
|
||||
|
||||
def _format_boolean_desc(self, b):
|
||||
@ -704930,7 +705017,7 @@ index ba15b2c..835dc43 100755
|
||||
.PP
|
||||
If you want to %s, you must turn on the %s boolean. %s by default.
|
||||
|
||||
@@ -565,34 +571,34 @@ If you want to %s, you must turn on the %s boolean. %s by default.
|
||||
@@ -565,34 +618,34 @@ If you want to %s, you must turn on the %s boolean. %s by default.
|
||||
|
||||
.EE
|
||||
""" % (self._format_boolean_desc(b), b, self.enabled_str[enabled], b)
|
||||
@ -704981,7 +705068,7 @@ index ba15b2c..835dc43 100755
|
||||
.PP
|
||||
If you want to %s for the %s, you must turn on the %s boolean.
|
||||
|
||||
@@ -601,12 +607,12 @@ If you want to %s for the %s, you must turn on the %s boolean.
|
||||
@@ -601,12 +654,12 @@ If you want to %s for the %s, you must turn on the %s boolean.
|
||||
.EE
|
||||
""" % (self._format_boolean_desc(b),(", ".join(nsswitch_types)), b, b)
|
||||
|
||||
@ -704998,7 +705085,7 @@ index ba15b2c..835dc43 100755
|
||||
.SH PROCESS TYPES
|
||||
SELinux defines process types (domains) for each process running on the system
|
||||
.PP
|
||||
@@ -617,11 +623,11 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
@@ -617,11 +670,11 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
.PP
|
||||
The following process types are defined for %(domainname)s:
|
||||
""" % {'domainname':self.domainname})
|
||||
@ -705012,7 +705099,7 @@ index ba15b2c..835dc43 100755
|
||||
.PP
|
||||
Note:
|
||||
.B semanage permissive -a %(domainname)s_t
|
||||
@@ -629,14 +635,14 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
|
||||
@@ -629,14 +682,14 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
|
||||
""" % {'domainname':self.domainname})
|
||||
|
||||
def _port_types(self):
|
||||
@ -705033,7 +705120,7 @@ index ba15b2c..835dc43 100755
|
||||
.SH PORT TYPES
|
||||
SELinux defines port types to represent TCP and UDP ports.
|
||||
.PP
|
||||
@@ -650,8 +656,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
@@ -650,8 +703,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
.PP
|
||||
The following port types are defined for %(domainname)s:""" % {'domainname':self.domainname})
|
||||
|
||||
@ -705044,7 +705131,7 @@ index ba15b2c..835dc43 100755
|
||||
|
||||
.EX
|
||||
.TP 5
|
||||
@@ -659,49 +665,52 @@ The following port types are defined for %(domainname)s:""" % {'domainname':self
|
||||
@@ -659,49 +712,52 @@ The following port types are defined for %(domainname)s:""" % {'domainname':self
|
||||
.TP 10
|
||||
.EE
|
||||
""" % p)
|
||||
@ -705134,7 +705221,7 @@ index ba15b2c..835dc43 100755
|
||||
.SH FILE CONTEXTS
|
||||
SELinux requires files to have an extended attribute to define the file type.
|
||||
.PP
|
||||
@@ -712,13 +721,13 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
@@ -712,13 +768,13 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
.PP
|
||||
""" % {'domainname':self.domainname})
|
||||
|
||||
@ -705152,12 +705239,13 @@ index ba15b2c..835dc43 100755
|
||||
.PP
|
||||
%(domainname)s policy stores data with multiple different file context types under the %(equiv)s directory. If you would like to store the data in a different directory you can use the semanage command to create an equivalence mapping. If you wanted to store this data under the /srv dirctory you would execute the following command:
|
||||
.PP
|
||||
@@ -728,25 +737,25 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
@@ -728,25 +784,26 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
.PP
|
||||
""" % {'domainname':self.domainname, 'equiv': e, 'alt': e.split('/')[-1] })
|
||||
|
||||
- self.fd.write(r"""
|
||||
+ self.fd.write(r"""
|
||||
+ if flist_non_exec:
|
||||
+ self.fd.write(r"""
|
||||
.PP
|
||||
.B STANDARD FILE CONTEXT
|
||||
|
||||
@ -705184,7 +705272,7 @@ index ba15b2c..835dc43 100755
|
||||
|
||||
.EX
|
||||
.PP
|
||||
@@ -756,19 +765,19 @@ Note: SELinux often uses regular expressions to specify labels that match multip
|
||||
@@ -756,19 +813,19 @@ Note: SELinux often uses regular expressions to specify labels that match multip
|
||||
- %s
|
||||
""" % ( f, sepolicy.get_description(f)))
|
||||
|
||||
@ -705212,7 +705300,7 @@ index ba15b2c..835dc43 100755
|
||||
|
||||
.PP
|
||||
Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
|
||||
@@ -779,19 +788,19 @@ to apply the labels.
|
||||
@@ -779,19 +836,19 @@ to apply the labels.
|
||||
""")
|
||||
|
||||
def _see_also(self):
|
||||
@ -705243,7 +705331,7 @@ index ba15b2c..835dc43 100755
|
||||
.SH SHARING FILES
|
||||
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
|
||||
.TP
|
||||
@@ -812,9 +821,9 @@ semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
|
||||
@@ -812,9 +869,9 @@ semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
|
||||
.br
|
||||
.B setsebool -P %(domainname)s_anon_write 1
|
||||
""" % {'domainname':self.domainname})
|
||||
@ -705256,7 +705344,7 @@ index ba15b2c..835dc43 100755
|
||||
.PP
|
||||
If you want to %s, you must turn on the %s boolean.
|
||||
|
||||
@@ -824,7 +833,7 @@ If you want to %s, you must turn on the %s boolean.
|
||||
@@ -824,7 +881,7 @@ If you want to %s, you must turn on the %s boolean.
|
||||
""" % (desc, b, b))
|
||||
|
||||
def _footer(self):
|
||||
@ -705265,7 +705353,7 @@ index ba15b2c..835dc43 100755
|
||||
.SH "COMMANDS"
|
||||
.B semanage fcontext
|
||||
can also be used to manipulate default file context mappings.
|
||||
@@ -836,19 +845,19 @@ can also be used to manipulate whether or not a process type is permissive.
|
||||
@@ -836,19 +893,19 @@ can also be used to manipulate whether or not a process type is permissive.
|
||||
can also be used to enable/disable/install/remove policy modules.
|
||||
""")
|
||||
|
||||
@ -705290,7 +705378,7 @@ index ba15b2c..835dc43 100755
|
||||
.PP
|
||||
.B system-config-selinux
|
||||
is a GUI tool available to customize SELinux policy settings.
|
||||
@@ -861,102 +870,102 @@ This manual page was auto-generated using
|
||||
@@ -861,102 +918,102 @@ This manual page was auto-generated using
|
||||
selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
|
||||
""" % (self.domainname))
|
||||
|
||||
@ -705456,7 +705544,7 @@ index ba15b2c..835dc43 100755
|
||||
.SH "NAME"
|
||||
%(user)s_u \- \fB%(desc)s\fP - Security Enhanced Linux Policy
|
||||
|
||||
@@ -989,22 +998,22 @@ If you wanted to change the default user mapping to use the %(user)s_u user, you
|
||||
@@ -989,22 +1046,22 @@ If you wanted to change the default user mapping to use the %(user)s_u user, you
|
||||
|
||||
""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname,'range':self._get_users_range()})
|
||||
|
||||
@ -705487,7 +705575,7 @@ index ba15b2c..835dc43 100755
|
||||
The SELinux user %(user)s can execute sudo.
|
||||
|
||||
You can set up sudo to allow %(user)s to transition to an administrative domain:
|
||||
@@ -1012,14 +1021,14 @@ You can set up sudo to allow %(user)s to transition to an administrative domain:
|
||||
@@ -1012,14 +1069,14 @@ You can set up sudo to allow %(user)s to transition to an administrative domain:
|
||||
Add one or more of the following record to sudoers using visudo.
|
||||
|
||||
""" % { 'user':self.domainname } )
|
||||
@ -705505,7 +705593,7 @@ index ba15b2c..835dc43 100755
|
||||
You might also need to add one or more of these new roles to your SELinux user record.
|
||||
|
||||
List the SELinux roles your SELinux user can reach by executing:
|
||||
@@ -1033,104 +1042,104 @@ Modify the roles list and add %(user)s_r to this list.
|
||||
@@ -1033,104 +1090,104 @@ Modify the roles list and add %(user)s_r to this list.
|
||||
For more details you can see semanage man page.
|
||||
|
||||
""" % {'user':self.domainname, "roles": " ".join([role] + self.role_allows[role]) } )
|
||||
@ -705652,7 +705740,7 @@ index ba15b2c..835dc43 100755
|
||||
.SH TRANSITIONS
|
||||
|
||||
Three things can happen when %(type)s attempts to execute a program.
|
||||
@@ -1143,7 +1152,7 @@ Three things can happen when %(type)s attempts to execute a program.
|
||||
@@ -1143,7 +1200,7 @@ Three things can happen when %(type)s attempts to execute a program.
|
||||
|
||||
Execute the following to see the types that the SELinux user %(type)s can execute without transitioning:
|
||||
|
||||
@ -705661,7 +705749,7 @@ index ba15b2c..835dc43 100755
|
||||
|
||||
.TP
|
||||
|
||||
@@ -1151,15 +1160,15 @@ Execute the following to see the types that the SELinux user %(type)s can execut
|
||||
@@ -1151,15 +1208,15 @@ Execute the following to see the types that the SELinux user %(type)s can execut
|
||||
|
||||
Execute the following to see the types that the SELinux user %(type)s can execute and transition:
|
||||
|
||||
@ -705682,7 +705770,7 @@ index ba15b2c..835dc43 100755
|
||||
.SH "NAME"
|
||||
%(user)s_r \- \fB%(desc)s\fP - Security Enhanced Linux Policy
|
||||
|
||||
@@ -1201,21 +1210,21 @@ You need to add %(user)s_r to the staff_u user. You could setup the staff_u use
|
||||
@@ -1201,21 +1258,21 @@ You need to add %(user)s_r to the staff_u user. You could setup the staff_u use
|
||||
.B $ semanage user -m -R 'staff_r system_r %(user)s_r' staff_u
|
||||
|
||||
""" % {'desc': self.desc, 'user':self.domainname})
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -378,6 +378,12 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Fri May 16 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-2
|
||||
- Update Miroslav Grepl Patches
|
||||
* If there is no executable we don't want to print a part of STANDARD FILE CON
|
||||
* Add-manpages-for-typealiased-types
|
||||
* Make fixfiles_exclude_dirs working if there is a substituion for the given d
|
||||
|
||||
* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1
|
||||
- Update to upstream
|
||||
* Add -P semodule option to man page from Dan Walsh.
|
||||
|
Loading…
Reference in New Issue
Block a user