From ebdc59a2ed94cc611ffb4967ef0bdd4144ab90d8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 20 Nov 2006 21:40:19 +0000 Subject: [PATCH] * Mon Nov 20 2006 Dan Walsh 1.33.2-1 - Upstream accepted my patches --- .cvsignore | 1 + policycoreutils-rhat.patch | 128 ++----------------------------------- policycoreutils.spec | 9 ++- sources | 2 +- 4 files changed, 12 insertions(+), 128 deletions(-) diff --git a/.cvsignore b/.cvsignore index 57b583b..4406fd2 100644 --- a/.cvsignore +++ b/.cvsignore @@ -116,3 +116,4 @@ policycoreutils-1.30.29.tgz policycoreutils-1.30.30.tgz policycoreutils-1.32.tgz policycoreutils-1.33.1.tgz +policycoreutils-1.33.2.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index ae7ba64..723e42b 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -4603,17 +4603,9 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic all install relabel clean indent: @for subdir in $(SUBDIRS); do \ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.33.1/newrole/newrole.c ---- nsapolicycoreutils/newrole/newrole.c 2006-11-16 17:14:32.000000000 -0500 +--- nsapolicycoreutils/newrole/newrole.c 2006-11-20 12:19:55.000000000 -0500 +++ policycoreutils-1.33.1/newrole/newrole.c 2006-11-17 11:55:39.000000000 -0500 -@@ -1028,6 +1028,7 @@ - { - fprintf(stderr, _("newrole: incorrect password for %s\n"), - pw.pw_name); -+ send_audit_message(0, old_context, new_context, ttyn); - goto err_close_pam; - } - -@@ -1067,11 +1068,16 @@ +@@ -1068,11 +1068,16 @@ */ int rc; int exit_code = 0; @@ -4631,31 +4623,6 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic if (restore_tty_label(fd, ttyn, tty_context, new_tty_context)) { fprintf(stderr, _("Unable to restore tty label...\n")); exit_code = -1; -diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-1.33.1/restorecond/Makefile ---- nsapolicycoreutils/restorecond/Makefile 2006-11-16 17:14:28.000000000 -0500 -+++ policycoreutils-1.33.1/restorecond/Makefile 2006-11-14 09:54:05.000000000 -0500 -@@ -5,8 +5,9 @@ - INITDIR = $(DESTDIR)/etc/rc.d/init.d - SELINUXDIR = $(DESTDIR)/etc/selinux - --CFLAGS ?= -g -Werror -Wall -W --override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64 -+LDFLAGS ?= -pie -+CFLAGS ?= -g -Werror -Wall -W -+override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64 -fPIE - LDLIBS += -lselinux -lsepol -L$(PREFIX)/lib - - all: restorecond -diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.33.1/restorecond/restorecond.conf ---- nsapolicycoreutils/restorecond/restorecond.conf 2006-11-16 17:14:28.000000000 -0500 -+++ policycoreutils-1.33.1/restorecond/restorecond.conf 2006-11-14 09:54:05.000000000 -0500 -@@ -2,5 +2,6 @@ - /etc/samba/secrets.tdb - /etc/mtab - /var/run/utmp -+/var/log/wtmp - ~/public_html - ~/.mozilla/plugins/libflashplayer.so diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/run_init/run_init.c policycoreutils-1.33.1/run_init/run_init.c --- nsapolicycoreutils/run_init/run_init.c 2006-11-16 17:14:27.000000000 -0500 +++ policycoreutils-1.33.1/run_init/run_init.c 2006-11-16 09:37:03.000000000 -0500 @@ -4674,85 +4641,10 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic /* We're done with PAM. Free `pam_handle'. */ pam_end(pam_handle, PAM_SUCCESS); -diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-1.33.1/scripts/genhomedircon.8 ---- nsapolicycoreutils/scripts/genhomedircon.8 2006-11-16 17:14:27.000000000 -0500 -+++ policycoreutils-1.33.1/scripts/genhomedircon.8 2006-11-14 09:54:05.000000000 -0500 -@@ -45,35 +45,30 @@ - .SH DESCRIPTION - .PP - This utility is used to generate file context configuration entries for --user home directories based on their default roles and is run when building --the policy. It can also be run when ever the --.I /etc/selinux/<>/users/local.users --file is changed -+user home directories based on their -+.B prefix -+entry in the the -+.B semanage user record. -+genhomedircon is run when building -+the policy. It is also run automaticaly when ever the -+.B semanage -+utility modifies -+.B user -+or -+.B login -+records. - Specifically, we replace HOME_ROOT, HOME_DIR, and ROLE macros in the - .I /etc/selinux/<>/contexts/files/homedir_template --file with generic and user-specific values. --.I local.users --file. If a user has more than one role in --.I local.users, --.B genhomedircon --uses the first role in the list. -+file with generic and user-specific values. HOME_ROOT and HOME_DIR is replaced with each distinct location where login users homedirectories are located. Defaults to /home. ROLE is replaced based on the prefix entry in the -+.B user -+record. - .PP --If a user is not listed in --.I local.users, --.B genhomedircon --assumes that the user's home dir will be found in one of the --HOME_ROOTs. --When looking for these users, --.B genhomedircon --only considers real users. "Real" users (as opposed --to system users) are those whose UID is greater than or equal -+genhomedircon searches through all password entires for all "login" user home directories, (as opposed -+to system users). Login users are those whose UID is greater than or equal - .I STARTING_UID - (default 500) and whose login shell is not "/sbin/nologin", or - "/bin/false". - .PP --Users who are explicitly defined in --.I local.users, --are always "real" (including root, in the default configuration). - .SH AUTHOR - This manual page was originally written by - .I Manoj Srivastava , diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.33.1/semanage/semanage.8 ---- nsapolicycoreutils/semanage/semanage.8 2006-11-16 17:14:26.000000000 -0500 +--- nsapolicycoreutils/semanage/semanage.8 2006-11-20 12:19:55.000000000 -0500 +++ policycoreutils-1.33.1/semanage/semanage.8 2006-11-17 09:57:31.000000000 -0500 -@@ -7,7 +7,7 @@ - .br - .B semanage login \-{a|d|m} [\-sr] login_name - .br --.B semanage user \-{a|d|m} [\-LrR] selinux_name -+.B semanage user \-{a|d|m} [\-LrRP] selinux_name - .br - .B semanage port \-{a|d|m} [\-tr] [\-p protocol] port | port_range - .br -@@ -71,6 +71,9 @@ - .I \-R, \-\-role - SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify \-R multiple times. - .TP -+.I \-P, \-\-prefix -+SELinux Prefix. Prefix added to home_dir_t and home_t for labeling users home directories. -+.TP - .I \-s, \-\-seuser - SELinux user name - .TP -@@ -79,9 +82,6 @@ +@@ -82,9 +82,6 @@ .TP .I \-T, \-\-trans SELinux Translation @@ -4845,15 +4737,3 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic if len(roles) != 0: for r in roles: -diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semodule_expand/semodule_expand.8 policycoreutils-1.33.1/semodule_expand/semodule_expand.8 ---- nsapolicycoreutils/semodule_expand/semodule_expand.8 2006-11-16 17:14:34.000000000 -0500 -+++ policycoreutils-1.33.1/semodule_expand/semodule_expand.8 2006-11-14 09:54:05.000000000 -0500 -@@ -18,7 +18,7 @@ - .SH "OPTIONS" - .TP - .B \-V --verbose mode -+show version - .TP - .B \-c [version] - policy version to create diff --git a/policycoreutils.spec b/policycoreutils.spec index 48b291f..944f433 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -4,8 +4,8 @@ %define libselinuxver 1.30.29-2 Summary: SELinux policy core utilities. Name: policycoreutils -Version: 1.33.1 -Release: 9%{?dist} +Version: 1.33.2 +Release: 1%{?dist} License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -45,7 +45,7 @@ context. %patch1 -p1 -b .rhatpo %build -make LOG_AUDIT_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all +make LOG_AUDIT_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie" all %install rm -rf %{buildroot} @@ -168,6 +168,9 @@ fi [ -x /sbin/service ] && /sbin/service restorecond condrestart %changelog +* Mon Nov 20 2006 Dan Walsh 1.33.2-1 +- Upstream accepted my patches + * Fri Nov 17 2006 Dan Walsh 1.33.1-9 - Add Amy Grifis Patch to preserve newrole exit status diff --git a/sources b/sources index 113ab7a..a0b7664 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f1f63d519c9d1c80999790999a997020 policycoreutils-1.33.1.tgz +201ff1387a4130b60bd64f4cdf11e660 policycoreutils-1.33.2.tgz