Remove run_init, no longer needed with systemd.
- Fix sepolicy generate to not include subdirs in generated fcontext file. (mgrepl patch)
This commit is contained in:
Dan Walsh
parent
cc08d7735b
commit
ddeee18742
@ -342434,7 +342434,7 @@ index 0000000..a179d95
|
||||
+
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
|
||||
new file mode 100644
|
||||
index 0000000..93b0762
|
||||
index 0000000..de040af
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/generate.py
|
||||
@@ -0,0 +1,1284 @@
|
||||
@ -343632,7 +343632,7 @@ index 0000000..93b0762
|
||||
+
|
||||
+ for pkg in yb.rpmdb.searchProvides(self.program):
|
||||
+ self.rpms.append(pkg.name)
|
||||
+ for fname in pkg.filelist + pkg.ghostlist + pkg.dirlist:
|
||||
+ for fname in pkg.dirlist + pkg.filelist + pkg.ghostlist:
|
||||
+ for b in self.DEFAULT_DIRS:
|
||||
+ if b == "/etc":
|
||||
+ continue
|
||||
@ -343643,7 +343643,7 @@ index 0000000..93b0762
|
||||
+ self.add_dir(fname)
|
||||
+
|
||||
+ for bpkg in yb.rpmdb.searchNames([pkg.base_package_name]):
|
||||
+ for fname in bpkg.filelist + bpkg.ghostlist + bpkg.dirlist:
|
||||
+ for fname in bpkg.dirlist + bpkg.filelist + bpkg.ghostlist:
|
||||
+ for b in self.DEFAULT_DIRS:
|
||||
+ if b == "/etc":
|
||||
+ continue
|
||||
@ -347623,18 +347623,23 @@ index 0000000..ec9c071
|
||||
+
|
||||
+setup(name = "sepolicy", version="1.1", description="Python SELinux Policy Analysys bindings", author="Daniel Walsh", author_email="dwalsh@redhat.com", ext_modules=[policy], packages=["sepolicy", "sepolicy.templates"])
|
||||
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
||||
index 4c62b41..01fc818 100644
|
||||
index 4c62b41..bb42221 100644
|
||||
--- a/policycoreutils/setfiles/restore.c
|
||||
+++ b/policycoreutils/setfiles/restore.c
|
||||
@@ -105,6 +105,7 @@ static int restore(FTSENT *ftsent)
|
||||
@@ -105,15 +105,26 @@ static int restore(FTSENT *ftsent)
|
||||
char *my_file = strdupa(ftsent->fts_path);
|
||||
int ret = -1;
|
||||
security_context_t curcon = NULL, newcon = NULL;
|
||||
+ float progress;
|
||||
+ if (match(my_file, ftsent->fts_statp, &newcon) < 0) {
|
||||
+ if (errno == ENOENT)
|
||||
+ fprintf(stdout, "%s: No default label for %s\n", r_opts->progname, my_file);
|
||||
|
||||
if (match(my_file, ftsent->fts_statp, &newcon) < 0)
|
||||
- if (match(my_file, ftsent->fts_statp, &newcon) < 0)
|
||||
/* Check for no matching specification. */
|
||||
@@ -113,7 +114,14 @@ static int restore(FTSENT *ftsent)
|
||||
return (errno == ENOENT) ? 0 : -1;
|
||||
+ }
|
||||
|
||||
if (r_opts->progress) {
|
||||
r_opts->count++;
|
||||
if (r_opts->count % STAR_COUNT == 0) {
|
||||
@ -347650,7 +347655,7 @@ index 4c62b41..01fc818 100644
|
||||
fflush(stdout);
|
||||
}
|
||||
}
|
||||
@@ -283,6 +291,8 @@ static int apply_spec(FTSENT *ftsent)
|
||||
@@ -283,6 +294,8 @@ static int apply_spec(FTSENT *ftsent)
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -347659,7 +347664,7 @@ index 4c62b41..01fc818 100644
|
||||
static int process_one(char *name, int recurse_this_path)
|
||||
{
|
||||
int rc = 0;
|
||||
@@ -332,6 +342,7 @@ static int process_one(char *name, int recurse_this_path)
|
||||
@@ -332,6 +345,7 @@ static int process_one(char *name, int recurse_this_path)
|
||||
continue;
|
||||
}
|
||||
}
|
||||
@ -347667,7 +347672,7 @@ index 4c62b41..01fc818 100644
|
||||
rc = apply_spec(ftsent);
|
||||
if (rc == SKIP)
|
||||
fts_set(fts_handle, ftsent, FTS_SKIP);
|
||||
@@ -611,12 +622,22 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
@@ -611,12 +625,22 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
}
|
||||
|
||||
#include <sys/utsname.h>
|
||||
@ -347692,7 +347697,7 @@ index 4c62b41..01fc818 100644
|
||||
{
|
||||
struct utsname uts;
|
||||
FILE *fp;
|
||||
@@ -625,16 +646,16 @@ void exclude_non_seclabel_mounts()
|
||||
@@ -625,16 +649,16 @@ void exclude_non_seclabel_mounts()
|
||||
int index = 0, found = 0;
|
||||
char *mount_info[4];
|
||||
char *buf = NULL, *item;
|
||||
@ -347713,7 +347718,7 @@ index 4c62b41..01fc818 100644
|
||||
|
||||
while ((num = getline(&buf, &len, fp)) != -1) {
|
||||
found = 0;
|
||||
@@ -661,6 +682,7 @@ void exclude_non_seclabel_mounts()
|
||||
@@ -661,6 +685,7 @@ void exclude_non_seclabel_mounts()
|
||||
while (item != NULL) {
|
||||
if (strcmp(item, "seclabel") == 0) {
|
||||
found = 1;
|
||||
@ -347721,7 +347726,7 @@ index 4c62b41..01fc818 100644
|
||||
break;
|
||||
}
|
||||
item = strtok(NULL, ",");
|
||||
@@ -673,5 +695,7 @@ void exclude_non_seclabel_mounts()
|
||||
@@ -673,5 +698,7 @@ void exclude_non_seclabel_mounts()
|
||||
|
||||
free(buf);
|
||||
fclose(fp);
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.13
|
||||
Release: 24%{?dist}
|
||||
Release: 25%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -57,8 +57,7 @@ Control, and Multi-level Security.
|
||||
policycoreutils contains the policy core utilities that are required
|
||||
for basic operation of a SELinux system. These utilities include
|
||||
load_policy to load policies, setfiles to label filesystems, newrole
|
||||
to switch roles, and run_init to run /etc/init.d scripts in the proper
|
||||
context.
|
||||
to switch roles.
|
||||
|
||||
%prep
|
||||
%setup -q -a 1
|
||||
@ -103,6 +102,10 @@ rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
|
||||
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
|
||||
rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
|
||||
rm -f %{buildroot}/usr/sbin/open_init_pty
|
||||
rm -f %{buildroot}/usr/sbin/run_init
|
||||
rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
|
||||
rm -f %{buildroot}/usr/share/man/man8/run_init.8*
|
||||
rm -f %{buildroot}/etc/pam.d/run_init*
|
||||
|
||||
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
|
||||
ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
|
||||
@ -253,14 +256,12 @@ rm -rf %{buildroot}
|
||||
%{_sbindir}/setsebool
|
||||
%{_sbindir}/semodule
|
||||
%{_sbindir}/sestatus
|
||||
%{_sbindir}/run_init
|
||||
%{_bindir}/secon
|
||||
%{_bindir}/semodule_deps
|
||||
%{_bindir}/semodule_expand
|
||||
%{_bindir}/semodule_link
|
||||
%{_bindir}/semodule_package
|
||||
%{_bindir}/semodule_unpackage
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/run_init
|
||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
|
||||
%{_mandir}/man5/selinux_config.5.gz
|
||||
@ -271,8 +272,6 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/ru/man8/load_policy.8*
|
||||
%{_mandir}/man8/restorecon.8*
|
||||
%{_mandir}/ru/man8/restorecon.8*
|
||||
%{_mandir}/man8/run_init.8*
|
||||
%{_mandir}/ru/man8/run_init.8*
|
||||
%{_mandir}/man8/semodule.8*
|
||||
%{_mandir}/ru/man8/semodule.8*
|
||||
%{_mandir}/man8/semodule_deps.8*
|
||||
@ -329,6 +328,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Mon Nov 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-25
|
||||
- Remove run_init, no longer needed with systemd.
|
||||
- Fix sepolicy generate to not include subdirs in generated fcontext file. (mgrepl patch)
|
||||
|
||||
* Sat Nov 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-24
|
||||
- Fix manpage to generate proper man pages for alternate policy,
|
||||
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
|
||||
|
||||
Loading…
Reference in New Issue
Block a user