* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-1

- Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting
2005-01-28 16:21:25 +00:00 · 2005-01-28 16:21:25 +00:00 · f22a263f26
commit f22a263f26
parent f5df4d17e9
4 changed files with 101 additions and 12 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -10,3 +10,4 @@ policycoreutils-1.21.1.tgz
 policycoreutils-1.21.3.tgz
 policycoreutils-1.21.4.tgz
 policycoreutils-1.21.5.tgz
 policycoreutils-1.21.7.tgz
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,12 +1,94 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.21.5/scripts/genhomedircon
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.5/restorecon/restorecon.c
--- nsapolicycoreutils/scripts/genhomedircon	2005-01-25 10:32:01.000000000 -0500
+--- nsapolicycoreutils/restorecon/restorecon.c	2005-01-25 10:32:01.000000000 -0500
-+++ policycoreutils-1.21.5/scripts/genhomedircon	2005-01-27 10:05:51.000000000 -0500
+++ policycoreutils-1.21.5/restorecon/restorecon.c	2005-01-28 10:40:23.000000000 -0500
-@@ -96,7 +96,7 @@
+@@ -188,7 +188,7 @@
 	  fprintf(stderr,
 		  "%s:  error while labeling files under %s\n",
 		  progname, buf);
 -	  exit(1);
 +	  errors++;
 	}
       }
       else
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.5/scripts/fixfiles
 --- nsapolicycoreutils/scripts/fixfiles	2005-01-26 11:30:57.000000000 -0500
 +++ policycoreutils-1.21.5/scripts/fixfiles	2005-01-28 11:16:21.000000000 -0500
@@ -37,10 +37,12 @@
 SELINUXTYPE="targeted"
 if [ -e /etc/selinux/config ]; then
     . /etc/selinux/config
 +    FILE_CONTEXT=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts 
     FC=`mktemp /etc/selinux/${SELINUXTYPE}/contexts/files/file_context.XXXXXX`
 -    cat /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local > $FC 2> /dev/null
 +    cat ${FILE_CONTEXT} ${FILE_CONTEXT}.local > $FC 2> /dev/null
 else
 -    FC=/etc/security/selinux/file_contexts
 +    FILE_CONTEXT=/etc/security/selinux/file_contexts
 +    FC=${FILE_CONTEXT}
 fi
- 	rc=commands.getstatusoutput("grep -h '^UID_MIN' /etc/login.defs | sed -e 's/^UID_MIN[^0-9]*//'")
+ cleanup() {
- 	if rc[0] == 0:
+@@ -60,7 +62,24 @@
-		STARTING_UID=rc[1]
+     echo $1 >> $LOGFILE
-+		STARTING_UID=int(rc[1])
+ fi
- 	else:
+ }
- 		STARTING_UID=500
+-
 +#
 +# Compare PREVious File Context to currently installed File Context and 
 +# run restorecon on all files affected by the differences.
 +#
 +diff_filecontext() {
 +if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
 +	TEMPFILE=`mktemp /var/tmp/${SELINUXTYPE}.XXXXXXXXXX`
 +	test -z "$TEMPFILE" && exit
 +	/usr/bin/diff $PREFC $FILE_CONTEXT | egrep '^[<>]'|cut -c3-| grep ^/ | \
 +        sed -e 's,\\.*,*,g' -e 's,(.*,*,g' -e 's,\[.*,*,g' -e 's,\..*,*,g' \
 +            -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \
 +        while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};;  esac; fi; done | \
 +	while read pattern ; do find $pattern -print; done 2> /dev/null | \
 +	${RESTORECON} $2 -v -f - 
 +	rm -f ${TEMPFILE}
 +fi
 +}
 #
 # Log all Read Only file systems 
 #
@@ -80,6 +99,10 @@
 # if called with -n will only check file context
 #
 restore () {
 +if [ ! -z "$PREFC" ]; then
 +    diff_filecontext $1
 +    exit $?
 +fi
 if [ ! -z "$RPMFILES" ]; then
     for i in `echo $RPMFILES | sed 's/,/ /g'`; do
 	rpmlist $i | ${RESTORECON} ${OUTFILES} -R $1 -v -f - 2>&1 >> $LOGFILE
@@ -128,7 +151,7 @@
 usage() {
       	echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
 	echo or
 -      	echo $"Usage: $0 -R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] { check | restore }"
 +      	echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
 }
 if [ $# = 0 ]; then
@@ -137,7 +160,7 @@
 fi
 # See how we were called.
 -while getopts "Fo:R:l:" i; do
 +while getopts "C:Fo:R:l:" i; do
     case "$i" in
 	F)
 	fullFlag=1
@@ -151,6 +174,9 @@
         l)
 		LOGFILE=$OPTARG
 		;;
 +        C)
 +		PREFC=$OPTARG
 +		;;
 	*)
 	    usage
 	    exit 1
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -1,6 +1,6 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
-Version: 1.21.5
+Version: 1.21.7
 Release: 1
 License: GPL
 Group: System Environment/Base
@ -78,6 +78,12 @@ rm -rf ${RPM_BUILD_ROOT}
 %config(noreplace) %{_sysconfdir}/sestatus.conf
 %changelog
 * Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-1
 - Upgrade to latest from NSA
 	* Prevent overflow of spec array in setfiles.
 - Add diff comparason between file_contexts to fixfiles
 - Allow restorecon to give an warning on file not found instead of exiting
 * Thu Jan 27 2005 Dan Walsh <dwalsh@redhat.com> 1.21.5-1
 - Upgrade to latest from NSA
 	* Merged newrole -l support from Darrel Goeddel (TCS).
--- a/2
+++ b/2
@ -1 +1 @@
-b16922f69bf5c3709df31304f7ee610a  policycoreutils-1.21.5.tgz
+27fb533433c2f30be749b8b3d987e8e7  policycoreutils-1.21.7.tgz
`@ -1 +1 @@`
	`b16922f69bf5c3709df31304f7ee610a policycoreutils-1.21.5.tgz`	`27fb533433c2f30be749b8b3d987e8e7 policycoreutils-1.21.7.tgz`