* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4

- Add --boot flag to audit2allow to get all AVC messages since last boot
2009-08-18 19:25:04 +00:00 · 2009-08-18 19:25:04 +00:00 · e96c403a63
commit e96c403a63
parent 2b1f1bd524
5 changed files with 81 additions and 21 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -205,3 +205,4 @@ policycoreutils-2.0.68.tgz
 policycoreutils-2.0.70.tgz
 policycoreutils_man_ru2.tar.bz2
 policycoreutils-2.0.71.tgz
+sepolgen-1.0.17.tgz
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,3 +1,43 @@
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
+--- nsapolicycoreutils/audit2allow/audit2allow	2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.71/audit2allow/audit2allow	2009-08-18 15:19:58.000000000 -0400
+@@ -42,6 +42,8 @@
+         from optparse import OptionParser
+ 
+         parser = OptionParser(version=self.VERSION)
+        parser.add_option("-b", "--boot", action="store_true", dest="boot", default=False,
+                          help="audit messages since last boot conflicts with -i")
+         parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
+                           help="read input from audit log - conflicts with -i")
+         parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
+@@ -80,11 +82,11 @@
+         options, args = parser.parse_args()
+ 
+         # Make -d, -a, and -i conflict
+-        if options.audit is True:
+        if options.audit is True or options.boot:
+             if options.input is not None:
+-                sys.stderr.write("error: --all conflicts with --input\n")
+                sys.stderr.write("error: --all/--boot conflicts with --input\n")
+             if options.dmesg is True:
+-                sys.stderr.write("error: --all conflicts with --dmesg\n")
+                sys.stderr.write("error: --all/--boot conflicts with --dmesg\n")
+         if options.input is not None and options.dmesg is True:
+             sys.stderr.write("error: --input conflicts with --dmesg\n")
+ 
+@@ -129,6 +131,12 @@
+             except OSError, e:
+                 sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
+                 sys.exit(1)
+        elif self.__options.boot:
+            try:
+                messages = audit.get_audit_boot_msgs()
+            except OSError, e:
+                sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
+                sys.exit(1)
+         else:
+             # This is the default if no input is specified
+             f = sys.stdin
 diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
 --- nsapolicycoreutils/Makefile	2008-08-28 09:34:24.000000000 -0400
 +++ policycoreutils-2.0.71/Makefile	2009-08-13 17:57:54.000000000 -0400
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@ -1,19 +1,35 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py
--- nsasepolgen/src/sepolgen/access.py	2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py	2009-04-21 14:54:12.000000000 -0400
-@@ -313,7 +313,7 @@
- 
-     def __len__(self):
-         """Return the unique number of role allow statements."""
-        return len(self.role_type.keys())
-+        return len(self.role_types.keys())
- 
-     def add(self, role, type):
-         if self.role_types.has_key(role):
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.71/sepolgen-1.0.16/src/sepolgen/audit.py
 --- nsasepolgen/src/sepolgen/audit.py	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py	2009-04-24 13:19:39.000000000 -0400
-@@ -47,6 +47,17 @@
+++ policycoreutils-2.0.71/sepolgen-1.0.16/src/sepolgen/audit.py	2009-08-18 15:21:13.000000000 -0400
+@@ -23,6 +23,27 @@
+ 
+ # Convenience functions
+ 
+def get_audit_boot_msgs():
+    """Obtain all of the avc and policy load messages from the audit
+    log. This function uses ausearch and requires that the current
+    process have sufficient rights to run ausearch.
+
+    Returns:
+       string contain all of the audit messages returned by ausearch.
+    """
+    import subprocess
+    import time
+    fd=open("/proc/uptime", "r")
+    off=float(fd.read().split()[0])
+    fd.close
+    s = time.localtime(time.time() - off)
+    date = time.strftime("%D/%Y", s).split("/")
+    bootdate="%s/%s/%s" % (date[0], date[1], date[3])
+    boottime = time.strftime("%X", s)
+    output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
+                              stdout=subprocess.PIPE).communicate()[0]
+    return output
+
+ def get_audit_msgs():
+     """Obtain all of the avc and policy load messages from the audit
+     log. This function uses ausearch and requires that the current
+@@ -47,6 +68,17 @@
                               stdout=subprocess.PIPE).communicate()[0]
     return output
 
@ -31,15 +47,15 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
 # Classes representing audit messages
 
 class AuditMessage:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.71/sepolgen-1.0.16/src/sepolgen/refparser.py
 --- nsasepolgen/src/sepolgen/refparser.py	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py	2009-04-21 14:54:12.000000000 -0400
+++ policycoreutils-2.0.71/sepolgen-1.0.16/src/sepolgen/refparser.py	2009-08-13 17:57:55.000000000 -0400
@@ -919,7 +919,7 @@
 def list_headers(root):
     modules = []
     support_macros = None
 -    blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]
-+    blacklist = ["uml.if", "thunderbird.if", "unconfined.if"]
+    blacklist = ["uml.if", "thunderbird.if, unconfined.if"]
 
     for dirpath, dirnames, filenames in os.walk(root):
         for name in filenames:
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -2,11 +2,11 @@
 %define	libsepolver	2.0.19-1
 %define	libsemanagever	2.0.28-2
 %define	libselinuxver	2.0.46-5
-%define	sepolgenver	1.0.16
+%define	sepolgenver	1.0.17
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.71
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -265,6 +265,9 @@ else
 fi

 %changelog
+* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4
+- Add --boot flag to audit2allow to get all AVC messages since last boot
+
 * Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-3
 - Fix semanage command

--- a/2
+++ b/2
@ -1,3 +1,3 @@
-e1b5416c3e0d76e5d702b3f54f4def45  sepolgen-1.0.16.tgz
 00fd9d86bd6a8066da710d6fda910b01  policycoreutils-2.0.71.tgz
 59d33101d57378ce69889cc078addf90  policycoreutils_man_ru2.tar.bz2
+480cc64a050735fa1163a87dc89c4f49  sepolgen-1.0.17.tgz