rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-7

Browse Source 
- Dont report errors on glob match and multiple links
This commit is contained in:
Daniel J Walsh 2009-01-30 16:35:12 +00:00
parent 7d8dcb3134
commit fdaed91e49
2 changed files with 133 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.60/audit2allow/audit2allow.1 diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.61/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-01-13 08:45:35.000000000 -0500 --- nsapolicycoreutils/audit2allow/audit2allow.1 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.60/audit2allow/audit2allow.1 2008-12-15 15:35:46.000000000 -0500 +++ policycoreutils-2.0.61/audit2allow/audit2allow.1 2009-01-20 09:49:03.000000000 -0500
@@ -75,9 +75,6 @@ @@ -75,9 +75,6 @@
Generate reference policy using installed macros. Generate reference policy using installed macros.
This attempts to match denials against interfaces and may be inaccurate. This attempts to match denials against interfaces and may be inaccurate.
@ -11,19 +11,89 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
.B "\-w" | "\-\-why" .B "\-w" | "\-\-why"
Translates SELinux audit messages into a description of why the access was denied Translates SELinux audit messages into a description of why the access was denied
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.60/Makefile diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.61/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 --- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/Makefile 2008-12-15 15:34:54.000000000 -0500 +++ policycoreutils-2.0.61/Makefile 2009-01-20 09:49:03.000000000 -0500
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.60/restorecond/restorecond.c diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.61/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/Makefile 2009-01-30 11:22:46.000000000 -0500
@@ -20,7 +20,7 @@
install -m 755 restorecond $(SBINDIR)
install -m 644 restorecond.8 $(MANDIR)/man8
-mkdir -p $(INITDIR)
- install -m 644 restorecond.init $(INITDIR)/restorecond
+ install -m 755 restorecond.init $(INITDIR)/restorecond
-mkdir -p $(SELINUXDIR)
install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.61/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2008-08-28 09:34:24.000000000 -0400 --- nsapolicycoreutils/restorecond/restorecond.c 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/restorecond/restorecond.c 2008-12-15 15:34:54.000000000 -0500 +++ policycoreutils-2.0.61/restorecond/restorecond.c 2009-01-30 11:21:09.000000000 -0500
@@ -283,6 +283,8 @@ @@ -1,7 +1,7 @@
/*
* restorecond
*
- * Copyright (C) 2006 Red Hat
+ * Copyright (C) 2006-2009 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software; you can redistribute it and/or
@@ -75,7 +75,7 @@
static int debug_mode = 0;
static int verbose_mode = 0;
-static void restore(const char *filename);
+static void restore(const char *filename, int exact);
struct watchList {
struct watchList *next;
@@ -113,12 +113,13 @@
printf("%d: File=%s\n", wd, file);
while (ptr != NULL) {
if (ptr->wd == wd) {
- if (strings_list_find(ptr->files, file) == 0) {
+ int exact=0;
+ if (strings_list_find(ptr->files, file, &exact) == 0) {
char *path = NULL;
if (asprintf(&path, "%s/%s", ptr->dir, file) <
0)
exitApp("Error allocating memory.");
- restore(path);
+ restore(path, exact);
free(path);
return 0;
}
@@ -155,7 +156,7 @@
Set the file context to the default file context for this system.
Same as restorecon.
*/
-static void restore(const char *filename)
+static void restore(const char *filename, int exact)
{
int retcontext = 0;
security_context_t scontext = NULL;
@@ -181,9 +182,11 @@
}
if (!(st.st_mode & S_IFDIR) && st.st_nlink > 1) {
- syslog(LOG_ERR,
- "Will not restore a file with more than one hard link (%s) %s\n",
- filename, strerror(errno));
+ if (exact) {
+ syslog(LOG_ERR,
+ "Will not restore a file with more than one hard link (%s) %s\n",
+ filename, strerror(errno));
+ }
close(fd);
return;
}
@@ -283,6 +286,8 @@
inotify_rm_watch(fd, master_wd); inotify_rm_watch(fd, master_wd);
master_wd = master_wd =
inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY); inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
@ -32,7 +102,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
} }
/* /*
@@ -411,7 +413,14 @@ @@ -396,7 +401,7 @@
char *file = basename(path);
ptr = firstDir;
- restore(path);
+ restore(path, 1);
while (ptr != NULL) {
if (strcmp(dir, ptr->dir) == 0) {
@@ -411,7 +416,14 @@
if (!ptr) if (!ptr)
exitApp("Out of Memory"); exitApp("Out of Memory");
@ -47,9 +126,44 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
ptr->dir = strdup(dir); ptr->dir = strdup(dir);
if (!ptr->dir) if (!ptr->dir)
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.60/restorecond/utmpwatcher.c diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.61/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2008-09-12 11:48:15.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/restorecond.conf 2009-01-30 11:10:14.000000000 -0500
@@ -5,4 +5,3 @@
/var/run/utmp
/var/log/wtmp
~/*
-~/.mozilla/plugins/libflashplayer.so
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/stringslist.c policycoreutils-2.0.61/restorecond/stringslist.c
--- nsapolicycoreutils/restorecond/stringslist.c 2008-09-12 11:48:15.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/stringslist.c 2009-01-30 11:20:48.000000000 -0500
@@ -55,9 +55,10 @@
*list = newptr;
}
-int strings_list_find(struct stringsList *ptr, const char *string)
+int strings_list_find(struct stringsList *ptr, const char *string, int *exact)
{
while (ptr) {
+ *exact = strcmp(ptr->string, string) == 0;
int cmp = fnmatch(ptr->string, string, 0);
if (cmp == 0)
return 0; /* Match found */
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/stringslist.h policycoreutils-2.0.61/restorecond/stringslist.h
--- nsapolicycoreutils/restorecond/stringslist.h 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/stringslist.h 2009-01-30 11:27:00.000000000 -0500
@@ -31,7 +31,7 @@
void strings_list_free(struct stringsList *list);
void strings_list_add(struct stringsList **list, const char *string);
void strings_list_print(struct stringsList *list);
-int strings_list_find(struct stringsList *list, const char *string);
+int strings_list_find(struct stringsList *list, const char *string, int *exact);
int strings_list_diff(struct stringsList *from, struct stringsList *to);
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.61/restorecond/utmpwatcher.c
--- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-08-28 09:34:24.000000000 -0400 --- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/restorecond/utmpwatcher.c 2008-12-15 15:34:54.000000000 -0500 +++ policycoreutils-2.0.61/restorecond/utmpwatcher.c 2009-01-20 09:49:03.000000000 -0500
@@ -57,7 +57,7 @@ @@ -57,7 +57,7 @@
utmp_ptr = NULL; utmp_ptr = NULL;
FILE *cfg = fopen(utmp_path, "r"); FILE *cfg = fopen(utmp_path, "r");
@ -69,9 +183,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
if (prev_utmp_ptr) { if (prev_utmp_ptr) {
changed = strings_list_diff(prev_utmp_ptr, utmp_ptr); changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
strings_list_free(prev_utmp_ptr); strings_list_free(prev_utmp_ptr);
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.60/semanage/semanage diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.61/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-11-14 17:10:15.000000000 -0500 --- nsapolicycoreutils/semanage/semanage 2008-11-14 17:10:15.000000000 -0500
+++ policycoreutils-2.0.60/semanage/semanage 2009-01-13 08:55:07.000000000 -0500 +++ policycoreutils-2.0.61/semanage/semanage 2009-01-20 09:49:03.000000000 -0500
@@ -219,6 +219,7 @@ @@ -219,6 +219,7 @@
'seuser=', 'seuser=',
'store=', 'store=',
@ -80,10 +194,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
'level=', 'level=',
'roles=', 'roles=',
'type=', 'type=',
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.60/semodule/semodule.c diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.61/semodule/semodule.c
--- nsapolicycoreutils/semodule/semodule.c 2009-01-13 08:45:35.000000000 -0500 --- nsapolicycoreutils/semodule/semodule.c 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.60/semodule/semodule.c 2009-01-06 08:56:37.000000000 -0500 +++ policycoreutils-2.0.61/semodule/semodule.c 2009-01-28 16:52:58.000000000 -0500
@@ -359,6 +359,9 @@ @@ -359,6 +363,9 @@
mode_arg); mode_arg);
} }
result = semanage_module_remove(sh, mode_arg); result = semanage_module_remove(sh, mode_arg);

5
policycoreutils.spec
View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.0.61 Version: 2.0.61
Release: 6%{?dist} Release: 7%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -219,6 +219,9 @@ else
fi fi
%changelog %changelog
* Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-7
- Dont report errors on glob match and multiple links
* Thu Jan 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-6 * Thu Jan 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-6
- Move sepolgen-ifgen to post python - Move sepolgen-ifgen to post python