From f22a263f26cd0d29cadbe6ff392b37b5dd7ce460 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 28 Jan 2005 16:21:25 +0000 Subject: [PATCH] * Fri Jan 28 2005 Dan Walsh 1.21.7-1 - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting --- .cvsignore | 1 + policycoreutils-rhat.patch | 102 +++++++++++++++++++++++++++++++++---- policycoreutils.spec | 8 ++- sources | 2 +- 4 files changed, 101 insertions(+), 12 deletions(-) diff --git a/.cvsignore b/.cvsignore index fd2ef09..5c7db9b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -10,3 +10,4 @@ policycoreutils-1.21.1.tgz policycoreutils-1.21.3.tgz policycoreutils-1.21.4.tgz policycoreutils-1.21.5.tgz +policycoreutils-1.21.7.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 94c9275..a06935f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,12 +1,94 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.21.5/scripts/genhomedircon ---- nsapolicycoreutils/scripts/genhomedircon 2005-01-25 10:32:01.000000000 -0500 -+++ policycoreutils-1.21.5/scripts/genhomedircon 2005-01-27 10:05:51.000000000 -0500 -@@ -96,7 +96,7 @@ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.5/restorecon/restorecon.c +--- nsapolicycoreutils/restorecon/restorecon.c 2005-01-25 10:32:01.000000000 -0500 ++++ policycoreutils-1.21.5/restorecon/restorecon.c 2005-01-28 10:40:23.000000000 -0500 +@@ -188,7 +188,7 @@ + fprintf(stderr, + "%s: error while labeling files under %s\n", + progname, buf); +- exit(1); ++ errors++; + } + } + else +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.5/scripts/fixfiles +--- nsapolicycoreutils/scripts/fixfiles 2005-01-26 11:30:57.000000000 -0500 ++++ policycoreutils-1.21.5/scripts/fixfiles 2005-01-28 11:16:21.000000000 -0500 +@@ -37,10 +37,12 @@ + SELINUXTYPE="targeted" + if [ -e /etc/selinux/config ]; then + . /etc/selinux/config ++ FILE_CONTEXT=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts + FC=`mktemp /etc/selinux/${SELINUXTYPE}/contexts/files/file_context.XXXXXX` +- cat /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local > $FC 2> /dev/null ++ cat ${FILE_CONTEXT} ${FILE_CONTEXT}.local > $FC 2> /dev/null + else +- FC=/etc/security/selinux/file_contexts ++ FILE_CONTEXT=/etc/security/selinux/file_contexts ++ FC=${FILE_CONTEXT} + fi - rc=commands.getstatusoutput("grep -h '^UID_MIN' /etc/login.defs | sed -e 's/^UID_MIN[^0-9]*//'") - if rc[0] == 0: -- STARTING_UID=rc[1] -+ STARTING_UID=int(rc[1]) - else: - STARTING_UID=500 + cleanup() { +@@ -60,7 +62,24 @@ + echo $1 >> $LOGFILE + fi + } +- ++# ++# Compare PREVious File Context to currently installed File Context and ++# run restorecon on all files affected by the differences. ++# ++diff_filecontext() { ++if [ -f ${PREFC} -a -x /usr/bin/diff ]; then ++ TEMPFILE=`mktemp /var/tmp/${SELINUXTYPE}.XXXXXXXXXX` ++ test -z "$TEMPFILE" && exit ++ /usr/bin/diff $PREFC $FILE_CONTEXT | egrep '^[<>]'|cut -c3-| grep ^/ | \ ++ sed -e 's,\\.*,*,g' -e 's,(.*,*,g' -e 's,\[.*,*,g' -e 's,\..*,*,g' \ ++ -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \ ++ while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done | \ ++ while read pattern ; do find $pattern -print; done 2> /dev/null | \ ++ ${RESTORECON} $2 -v -f - ++ rm -f ${TEMPFILE} ++fi ++} + # + # Log all Read Only file systems + # +@@ -80,6 +99,10 @@ + # if called with -n will only check file context + # + restore () { ++if [ ! -z "$PREFC" ]; then ++ diff_filecontext $1 ++ exit $? ++fi + if [ ! -z "$RPMFILES" ]; then + for i in `echo $RPMFILES | sed 's/,/ /g'`; do + rpmlist $i | ${RESTORECON} ${OUTFILES} -R $1 -v -f - 2>&1 >> $LOGFILE +@@ -128,7 +151,7 @@ + usage() { + echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] " + echo or +- echo $"Usage: $0 -R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] { check | restore }" ++ echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }" + } + if [ $# = 0 ]; then +@@ -137,7 +160,7 @@ + fi + + # See how we were called. +-while getopts "Fo:R:l:" i; do ++while getopts "C:Fo:R:l:" i; do + case "$i" in + F) + fullFlag=1 +@@ -151,6 +174,9 @@ + l) + LOGFILE=$OPTARG + ;; ++ C) ++ PREFC=$OPTARG ++ ;; + *) + usage + exit 1 diff --git a/policycoreutils.spec b/policycoreutils.spec index 33d5de7..f3d2d57 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,6 +1,6 @@ Summary: SELinux policy core utilities. Name: policycoreutils -Version: 1.21.5 +Version: 1.21.7 Release: 1 License: GPL Group: System Environment/Base @@ -78,6 +78,12 @@ rm -rf ${RPM_BUILD_ROOT} %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog +* Fri Jan 28 2005 Dan Walsh 1.21.7-1 +- Upgrade to latest from NSA + * Prevent overflow of spec array in setfiles. +- Add diff comparason between file_contexts to fixfiles +- Allow restorecon to give an warning on file not found instead of exiting + * Thu Jan 27 2005 Dan Walsh 1.21.5-1 - Upgrade to latest from NSA * Merged newrole -l support from Darrel Goeddel (TCS). diff --git a/sources b/sources index 59b881a..6c92979 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b16922f69bf5c3709df31304f7ee610a policycoreutils-1.21.5.tgz +27fb533433c2f30be749b8b3d987e8e7 policycoreutils-1.21.7.tgz