rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

change fixcron to weekly

Browse Source
This commit is contained in:
Daniel J Walsh 2004-10-06 13:58:09 +00:00
parent c259edf0b3
commit edf3ef09e6
2 changed files with 13 additions and 432 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

441
policycoreutils-rhat.patch
View File

@ -1,431 +1,12 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.17.5/restorecon/restorecon.8
--- nsapolicycoreutils/restorecon/restorecon.8 2004-09-10 11:25:57.000000000 -0400
+++ policycoreutils-1.17.5/restorecon/restorecon.8 2004-10-01 16:46:18.000000000 -0400
@@ -4,10 +4,10 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-1.17.6/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2004-09-10 11:25:57.000000000 -0400
+++ policycoreutils-1.17.6/scripts/Makefile 2004-10-06 09:56:23.630849143 -0400
@@ -12,7 +12,7 @@
-mkdir -p $(BINDIR)
install -m 755 $(TARGETS) $(BINDIR)
install -m 755 fixfiles $(DESTDIR)/sbin
- install -D -m 755 fixfiles.cron $(DESTDIR)/etc/cron.daily/fixfiles.cron
+ install -D -m 755 fixfiles.cron $(DESTDIR)/etc/cron.weekly/fixfiles.cron
-mkdir -p $(MANDIR)/man8
install -m 644 fixfiles.8.gz $(MANDIR)/man8/
.SH "SYNOPSIS"
.B restorecon
-.I [\-o outfilename ] [\-n] [\-v] pathname...
+.I [\-o outfilename ] [\-R] [\-n] [\-v] pathname...
.P
.B restorecon
-.I \-f infilename [\-o outfilename ] [\-n] [\-v]
+.I \-f infilename [\-o outfilename ] [\-R] [\-n] [\-v]
.SH "DESCRIPTION"
This manual page describes the
@@ -26,6 +26,9 @@
.B \-f infilename
infilename contains a list of files to be processed by application. Use \- for stdin.
.TP
+.B \-R
+change files and directories file labels recursively
+.TP
.B \-n
don't change any file labels.
.TP
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.17.5/restorecon/restorecon.c
--- nsapolicycoreutils/restorecon/restorecon.c 2004-09-10 11:25:57.000000000 -0400
+++ policycoreutils-1.17.5/restorecon/restorecon.c 2004-10-01 16:46:18.000000000 -0400
@@ -8,7 +8,7 @@
* to match the specification returned by matchpathcon.
*
* USAGE:
- * restorecon [-nv] pathname...
+ * restorecon [-Rnv] pathname...
*
* -n Do not change any file labels.
* -v Show changes in file labels.
@@ -33,19 +33,25 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
+#define __USE_XOPEN_EXTENDED 1 /* nftw */
+#include <ftw.h>
-char *progname;
+static int change=1;
+static int verbose=0;
+static FILE *outfile=NULL;
+static char *progname;
+static int errors=0;
+static int recurse;
void usage(const char * const name)
{
fprintf(stderr,
- "usage: %s [-nv] [-f filename | pathname... ]\n", name);
+ "usage: %s [-Rnv] [-f filename | pathname... ]\n", name);
exit(1);
}
-int restore(char *filename, int change, int verbose, FILE *outfile) {
+int restore(char *filename) {
int retcontext=0;
int retval=0;
- int errors=0;
security_context_t scontext;
security_context_t prev_context;
int len=strlen(filename);
@@ -135,15 +141,36 @@
freecon(scontext);
return errors;
}
+static int apply_spec(const char *file,
+ const struct stat *sb_unused, int flag, struct FTW *s_unused)
+{
+ if (flag == FTW_DNR) {
+ fprintf(stderr, "%s: unable to read directory %s\n",
+ progname, file);
+ return 0;
+ }
+ errors=errors+restore((char *)file);
+ return 0;
+}
+void process(char *buf) {
+ if (recurse) {
+ if (nftw
+ (buf, apply_spec, 1024, FTW_PHYS | FTW_MOUNT)) {
+ fprintf(stderr,
+ "%s: error while labeling files under %s\n",
+ progname, buf);
+ exit(1);
+ }
+ }
+ else
+ errors=errors+restore(buf);
+}
int main(int argc, char **argv) {
int i=0;
char *file_name=NULL;
int errors=0;
- int change=1;
- int verbose=0;
int file=0;
int opt;
- FILE *outfile=NULL;
char buf[PATH_MAX];
progname=argv[0];
@@ -152,11 +179,14 @@
memset(buf,0, sizeof(buf));
- while ((opt = getopt(argc, argv, "nvf:o:")) > 0) {
+ while ((opt = getopt(argc, argv, "Rnvf:o:")) > 0) {
switch (opt) {
case 'n':
change = 0;
break;
+ case 'R':
+ recurse = 1;
+ break;
case 'o':
outfile = fopen(optarg,"w");
if (!outfile) {
@@ -187,14 +217,14 @@
}
while(fgets(buf,PATH_MAX,f)) {
buf[strlen(buf)-1]=0;
- errors=errors+restore(buf, change, verbose, outfile);
+ process(buf);
}
if (strcmp(file_name,"-")!=0)
fclose(f);
}
else {
for (i=optind; i< argc; i++) {
- errors=errors+restore(argv[i], change, verbose, outfile);
+ process(argv[i]);
}
}
if (outfile)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.17.5/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2004-09-10 11:25:57.000000000 -0400
+++ policycoreutils-1.17.5/scripts/fixfiles 2004-10-05 14:20:00.351192190 -0400
@@ -48,14 +48,14 @@
echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
- rpm -q -l $i | restorecon ${OUTFILES} -n -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -n -v -f - 2>&1 > $LOGFILE
done
else
if [ ! -z "$FILESYSTEMSRO" ]; then
echo "Warning: Skipping the following R/O filesystems:"
echo "$FILESYSTEMSRO"
fi
- ${SETFILES} ${OUTFILES} -n -v ${FC} ${FILESYSTEMSRW} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -n -v ${FC} ${FILESYSTEMSRW} 2>&1 > $LOGFILE
fi
}
@@ -63,14 +63,14 @@
echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
- rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 > $LOGFILE
done
else
if [ ! -z "$FILESYSTEMSRO" ]; then
echo "Warning: Skipping the following R/O filesystems:"
echo "$FILESYSTEMSRO"
fi
- ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 > $LOGFILE
fi
}
@@ -80,29 +80,29 @@
rm -rf /tmp/.??* /tmp/*
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
- rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 > $LOGFILE
done
else
if [ ! -z "$FILESYSTEMSRO" ]; then
echo "Warning: Skipping the following R/O filesystems:"
echo "$FILESYSTEMSRO"
fi
- ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 > $LOGFILE
fi
}
relabelCheck() {
-echo -n "
-Files in the /tmp directory may be labeled incorrectly, this command
-can remove all files in /tmp. If you choose to remove files from /tmp,
-a reboot will be required after completion.
-
-Do you wish to clean out the /tmp directory [N]? "
-read answer
-if [ "$answer" = y -o "$answer" = Y ]; then
- relabel $1
-else
- restoreLabels $1
-fi
+ echo -n "
+ Files in the /tmp directory may be labeled incorrectly, this command
+ can remove all files in /tmp. If you choose to remove files from /tmp,
+ a reboot will be required after completion.
+
+ Do you wish to clean out the /tmp directory [N]? "
+ read answer
+ if [ "$answer" = y -o "$answer" = Y ]; then
+ relabel $1
+ else
+ restoreLabels $1
+ fi
}
@@ -110,6 +110,11 @@
echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] |check|restore|[-F] relabel}"
}
+if [ $# = 0 ]; then
+ usage
+ exit 1
+fi
+
# See how we were called.
for i in $@; do
if [ $rpmFlag = 2 ]; then
@@ -127,6 +132,7 @@
logfileFlag=1
continue
fi
+
case "$i" in
check)
checkFlag=1
@@ -158,15 +164,23 @@
usage
exit 1
fi
+
+#
+# Check for removable devices
+#
+if [ $logfileFlag = 0 ]; then
+ LOGFILE=`mktemp /var/tmp/fixfiles.log.XXXXXXXXXX`
+ if [ ! -w $LOGFILE ] ; then
+ exit 1
+ fi
+fi
+
if [ $checkFlag = 1 ]; then
checkLabels $rpmFiles
fi
if [ $restoreFlag = 1 ]; then
restoreLabels $rpmFiles
fi
-if [ $logfileFlag = 0 ]; then
- LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1
-fi
if [ $relabelFlag = 1 ]; then
if [ $fullFlag = 1 ]; then
relabel $rpmFiles
@@ -174,6 +188,5 @@
relabelCheck $rpmFiles
fi
fi
-exit $?
-
+exit $?
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-1.17.5/setfiles/setfiles.8
--- nsapolicycoreutils/setfiles/setfiles.8 2004-09-10 11:25:57.000000000 -0400
+++ policycoreutils-1.17.5/setfiles/setfiles.8 2004-10-01 18:38:38.000000000 -0400
@@ -4,7 +4,7 @@
.SH "SYNOPSIS"
.B setfiles
-.I [\-d] [\-n] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname...
+.I [\-d] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname...
.SH "DESCRIPTION"
This manual page describes the
.BR setfiles
@@ -29,6 +29,9 @@
.B \-q
suppress non-error output.
.TP
+.B \-e directory
+directory to exclude (repeat option for more than one directory.)
+.TP
.B \-o filename
save list of files with incorrect context in filename.
.TP
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.17.5/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2004-09-10 11:25:57.000000000 -0400
+++ policycoreutils-1.17.5/setfiles/setfiles.c 2004-10-01 18:35:17.000000000 -0400
@@ -12,8 +12,9 @@
* the user. The program does not cross file system boundaries.
*
* USAGE:
- * setfiles [-dnpqsvW] [-c policy] [-o filename ] spec_file pathname...
+ * setfiles [-dnpqsvW] [-e directory ] [-c policy] [-o filename ] spec_file pathname...
*
+ * -e Specify directory to exclude
* -c Verify the specification file using a binary policy
* -d Show what specification matched each file.
* -n Do not change any file labels.
@@ -69,10 +70,20 @@
#include <limits.h>
#include <sepol/sepol.h>
#include <selinux/selinux.h>
+#include <syslog.h>
+#include <libgen.h>
static int add_assoc = 1;
static FILE *outfile=NULL;
+#define MAX_EXCLUDES 100
+static int excludeCtr=0;
+struct edir {
+ char *directory;
+ int size;
+};
+static struct edir excludeArray[MAX_EXCLUDES];
+
/*
* Command-line options.
*/
@@ -140,6 +151,18 @@
return tmp - buf;
}
+static int exclude(const char *file) {
+ int i=0;
+ for(i=0; i < excludeCtr; i++) {
+ if (strncmp(file,excludeArray[i].directory,excludeArray[i].size)==0) {
+ if (file[excludeArray[i].size]==0 ||
+ file[excludeArray[i].size]=='/') {
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
/* return the length of the text that is the stem of a file name */
int get_stem_from_file_name(const char * const buf)
{
@@ -393,6 +416,11 @@
buf += rootpathlen;
}
+ if (excludeCtr > 0) {
+ if (exclude(fullname)) {
+ return -1;
+ }
+ }
ret = lstat(fullname, sb);
if (ret) {
fprintf(stderr, "%s: unable to stat file %s\n", progname,
@@ -655,6 +683,8 @@
my_file, context, spec_arr[i].context);
}
}
+ syslog(LOG_INFO, "%s: relabeling %s from %s to %s\n", progname,
+ my_file, context, spec_arr[i].context);
freecon(context);
@@ -736,8 +766,10 @@
int opt, items, len, lineno, pass, regerr, i, j;
spec_t *spec_copy;
+ memset(excludeArray,0, sizeof(excludeArray));
+
/* Process any options. */
- while ((opt = getopt(argc, argv, "c:dnqrsvWo:")) > 0) {
+ while ((opt = getopt(argc, argv, "c:dnqrsvWe:o:")) > 0) {
switch (opt) {
case 'c':
{
@@ -761,6 +793,33 @@
break;
}
+ case 'e':
+ {
+ int len;
+ struct stat sb;
+ if(optarg[0] != '/') {
+ fprintf(stderr, "Full patch required for exclude: %s.\n",
+ optarg);
+ exit(1);
+ }
+ if(lstat(optarg, &sb)) {
+ fprintf(stderr, "Directory \"%s\" not found.\n", optarg);
+ exit(1);
+ }
+ if ((sb.st_mode & S_IFDIR) == 0 ) {
+ fprintf(stderr, "\"%s\" is not a Directory.%d\n", optarg,sb.st_mode);
+ exit(1);
+ }
+ len=strlen(optarg);
+ excludeArray[excludeCtr].directory = strdup(optarg);
+ excludeArray[excludeCtr++].size = len;
+ if (excludeCtr > MAX_EXCLUDES) {
+ fprintf(stderr, "Maximum excludes %d exceeded.\n",
+ MAX_EXCLUDES);
+ }
+ break;
+ }
+
case 'd':
debug = 1;
break;
@@ -1102,6 +1161,10 @@
if (outfile)
fclose(outfile);
+ for(i=0; i < excludeCtr; i++) {
+ free(excludeArray[i].directory);
+ }
+
QPRINTF("%s: Done.\n", argv[0]);
exit(0);

4
policycoreutils.spec
View File

@ -5,7 +5,7 @@ Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
#Patch: policycoreutils-rhat.patch
Patch: policycoreutils-rhat.patch
Prefix: %{_prefix}
BuildRequires: libselinux-devel >= 1.15.3 pam-devel libsepol-devel >= 1.1.1
@ -32,7 +32,7 @@ context.
%prep
%setup -q
#%patch -p1 -b .rhat
%patch -p1 -b .rhat
%build
make CFLAGS="%{optflags}" all