rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Mon Nov 20 2006 Dan Walsh <dwalsh@redhat.com> 1.33.2-1

Browse Source 
- Upstream accepted my patches
This commit is contained in:
Daniel J Walsh 2006-11-20 21:40:19 +00:00
parent 4c1cdee89a
commit ebdc59a2ed
4 changed files with 12 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -116,3 +116,4 @@ policycoreutils-1.30.29.tgz
policycoreutils-1.30.30.tgz policycoreutils-1.30.30.tgz
policycoreutils-1.32.tgz policycoreutils-1.32.tgz
policycoreutils-1.33.1.tgz policycoreutils-1.33.1.tgz
policycoreutils-1.33.2.tgz

128
policycoreutils-rhat.patch
View File

@ -4603,17 +4603,9 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
all install relabel clean indent: all install relabel clean indent:
@for subdir in $(SUBDIRS); do \ @for subdir in $(SUBDIRS); do \
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.33.1/newrole/newrole.c diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.33.1/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2006-11-16 17:14:32.000000000 -0500 --- nsapolicycoreutils/newrole/newrole.c 2006-11-20 12:19:55.000000000 -0500
+++ policycoreutils-1.33.1/newrole/newrole.c 2006-11-17 11:55:39.000000000 -0500 +++ policycoreutils-1.33.1/newrole/newrole.c 2006-11-17 11:55:39.000000000 -0500
@@ -1028,6 +1028,7 @@ @@ -1068,11 +1068,16 @@
{
fprintf(stderr, _("newrole: incorrect password for %s\n"),
pw.pw_name);
+ send_audit_message(0, old_context, new_context, ttyn);
goto err_close_pam;
}
@@ -1067,11 +1068,16 @@
*/ */
int rc; int rc;
int exit_code = 0; int exit_code = 0;
@ -4631,31 +4623,6 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
if (restore_tty_label(fd, ttyn, tty_context, new_tty_context)) { if (restore_tty_label(fd, ttyn, tty_context, new_tty_context)) {
fprintf(stderr, _("Unable to restore tty label...\n")); fprintf(stderr, _("Unable to restore tty label...\n"));
exit_code = -1; exit_code = -1;
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-1.33.1/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2006-11-16 17:14:28.000000000 -0500
+++ policycoreutils-1.33.1/restorecond/Makefile 2006-11-14 09:54:05.000000000 -0500
@@ -5,8 +5,9 @@
INITDIR = $(DESTDIR)/etc/rc.d/init.d
SELINUXDIR = $(DESTDIR)/etc/selinux
-CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+LDFLAGS ?= -pie
+CFLAGS ?= -g -Werror -Wall -W
+override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64 -fPIE
LDLIBS += -lselinux -lsepol -L$(PREFIX)/lib
all: restorecond
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.33.1/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2006-11-16 17:14:28.000000000 -0500
+++ policycoreutils-1.33.1/restorecond/restorecond.conf 2006-11-14 09:54:05.000000000 -0500
@@ -2,5 +2,6 @@
/etc/samba/secrets.tdb
/etc/mtab
/var/run/utmp
+/var/log/wtmp
~/public_html
~/.mozilla/plugins/libflashplayer.so
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/run_init/run_init.c policycoreutils-1.33.1/run_init/run_init.c diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/run_init/run_init.c policycoreutils-1.33.1/run_init/run_init.c
--- nsapolicycoreutils/run_init/run_init.c 2006-11-16 17:14:27.000000000 -0500 --- nsapolicycoreutils/run_init/run_init.c 2006-11-16 17:14:27.000000000 -0500
+++ policycoreutils-1.33.1/run_init/run_init.c 2006-11-16 09:37:03.000000000 -0500 +++ policycoreutils-1.33.1/run_init/run_init.c 2006-11-16 09:37:03.000000000 -0500
@ -4674,85 +4641,10 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
/* We're done with PAM. Free `pam_handle'. */ /* We're done with PAM. Free `pam_handle'. */
pam_end(pam_handle, PAM_SUCCESS); pam_end(pam_handle, PAM_SUCCESS);
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-1.33.1/scripts/genhomedircon.8
--- nsapolicycoreutils/scripts/genhomedircon.8 2006-11-16 17:14:27.000000000 -0500
+++ policycoreutils-1.33.1/scripts/genhomedircon.8 2006-11-14 09:54:05.000000000 -0500
@@ -45,35 +45,30 @@
.SH DESCRIPTION
.PP
This utility is used to generate file context configuration entries for
-user home directories based on their default roles and is run when building
-the policy. It can also be run when ever the
-.I /etc/selinux/<<SELINUXTYPE>>/users/local.users
-file is changed
+user home directories based on their
+.B prefix
+entry in the the
+.B semanage user record.
+genhomedircon is run when building
+the policy. It is also run automaticaly when ever the
+.B semanage
+utility modifies
+.B user
+or
+.B login
+records.
Specifically, we replace HOME_ROOT, HOME_DIR, and ROLE macros in the
.I /etc/selinux/<<SELINUXTYPE>>/contexts/files/homedir_template
-file with generic and user-specific values.
-.I local.users
-file. If a user has more than one role in
-.I local.users,
-.B genhomedircon
-uses the first role in the list.
+file with generic and user-specific values. HOME_ROOT and HOME_DIR is replaced with each distinct location where login users homedirectories are located. Defaults to /home. ROLE is replaced based on the prefix entry in the
+.B user
+record.
.PP
-If a user is not listed in
-.I local.users,
-.B genhomedircon
-assumes that the user's home dir will be found in one of the
-HOME_ROOTs.
-When looking for these users,
-.B genhomedircon
-only considers real users. "Real" users (as opposed
-to system users) are those whose UID is greater than or equal
+genhomedircon searches through all password entires for all "login" user home directories, (as opposed
+to system users). Login users are those whose UID is greater than or equal
.I STARTING_UID
(default 500) and whose login shell is not "/sbin/nologin", or
"/bin/false".
.PP
-Users who are explicitly defined in
-.I local.users,
-are always "real" (including root, in the default configuration).
.SH AUTHOR
This manual page was originally written by
.I Manoj Srivastava <srivasta@debian.org>,
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.33.1/semanage/semanage.8 diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.33.1/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2006-11-16 17:14:26.000000000 -0500 --- nsapolicycoreutils/semanage/semanage.8 2006-11-20 12:19:55.000000000 -0500
+++ policycoreutils-1.33.1/semanage/semanage.8 2006-11-17 09:57:31.000000000 -0500 +++ policycoreutils-1.33.1/semanage/semanage.8 2006-11-17 09:57:31.000000000 -0500
@@ -7,7 +7,7 @@ @@ -82,9 +82,6 @@
.br
.B semanage login \-{a|d|m} [\-sr] login_name
.br
-.B semanage user \-{a|d|m} [\-LrR] selinux_name
+.B semanage user \-{a|d|m} [\-LrRP] selinux_name
.br
.B semanage port \-{a|d|m} [\-tr] [\-p protocol] port | port_range
.br
@@ -71,6 +71,9 @@
.I \-R, \-\-role
SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify \-R multiple times.
.TP
+.I \-P, \-\-prefix
+SELinux Prefix. Prefix added to home_dir_t and home_t for labeling users home directories.
+.TP
.I \-s, \-\-seuser
SELinux user name
.TP
@@ -79,9 +82,6 @@
.TP .TP
.I \-T, \-\-trans .I \-T, \-\-trans
SELinux Translation SELinux Translation
@ -4845,15 +4737,3 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
if len(roles) != 0: if len(roles) != 0:
for r in roles: for r in roles:
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semodule_expand/semodule_expand.8 policycoreutils-1.33.1/semodule_expand/semodule_expand.8
--- nsapolicycoreutils/semodule_expand/semodule_expand.8 2006-11-16 17:14:34.000000000 -0500
+++ policycoreutils-1.33.1/semodule_expand/semodule_expand.8 2006-11-14 09:54:05.000000000 -0500
@@ -18,7 +18,7 @@
.SH "OPTIONS"
.TP
.B \-V
-verbose mode
+show version
.TP
.B \-c [version]
policy version to create

9
policycoreutils.spec
View File

@ -4,8 +4,8 @@
%define libselinuxver 1.30.29-2 %define libselinuxver 1.30.29-2
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.33.1 Version: 1.33.2
Release: 9%{?dist} Release: 1%{?dist}
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -45,7 +45,7 @@ context.
%patch1 -p1 -b .rhatpo %patch1 -p1 -b .rhatpo
%build %build
make LOG_AUDIT_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all make LOG_AUDIT_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie" all
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
@ -168,6 +168,9 @@ fi
[ -x /sbin/service ] && /sbin/service restorecond condrestart [ -x /sbin/service ] && /sbin/service restorecond condrestart
%changelog %changelog
* Mon Nov 20 2006 Dan Walsh <dwalsh@redhat.com> 1.33.2-1
- Upstream accepted my patches
* Fri Nov 17 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-9 * Fri Nov 17 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-9
- Add Amy Grifis Patch to preserve newrole exit status - Add Amy Grifis Patch to preserve newrole exit status

2
sources
View File

@ -1 +1 @@
f1f63d519c9d1c80999790999a997020 policycoreutils-1.33.1.tgz 201ff1387a4130b60bd64f4cdf11e660 policycoreutils-1.33.2.tgz