From ffb96ec3c81b22faf3df9788d663b362dbeb077d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 19 Nov 2007 18:18:08 +0000 Subject: [PATCH] * Mon Nov 19 2007 Dan Walsh 2.0.31-18 - Remove codec hacking, which seems to be fixed in python --- policycoreutils-gui.patch | 76 +++++++++++++++++++------------------- policycoreutils-rhat.patch | 42 ++++++++++++++++----- policycoreutils.spec | 9 ++++- 3 files changed, 79 insertions(+), 48 deletions(-) diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index cd3ec95..ea176ae 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -9756,7 +9756,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + app.stand_alone() diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.31/gui/templates/boolean.py --- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/boolean.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/boolean.py 2007-11-16 17:20:37.000000000 -0500 @@ -0,0 +1,40 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -9800,7 +9800,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.31/gui/templates/etc_rw.py --- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/etc_rw.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/etc_rw.py 2007-11-16 17:20:38.000000000 -0500 @@ -0,0 +1,129 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -9920,7 +9920,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py +""" + +if_admin_rules=""" -+ TEMPLATETYPE_manage_conf($2) ++ TEMPLATETYPE_manage_conf($1) +""" + +########################### File Context ################################## @@ -9933,7 +9933,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.31/gui/templates/executable.py --- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/executable.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/executable.py 2007-11-16 17:20:38.000000000 -0500 @@ -0,0 +1,331 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -10214,14 +10214,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +if_begin_admin=""" +######################################## +## -+## All of the rules required to administrate an TEMPLATETYPE environment ++## All of the rules required to administrate ++## an TEMPLATETYPE environment +## -+## -+## -+## Prefix of the domain. Example, user would be -+## the prefix for the uder_t domain. -+## -+## +## +## +## Domain allowed access. @@ -10229,7 +10224,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +## +## +## -+## The role to be allowed to manage the TEMPLATETYPE domain. ++## The role to be allowed to manage the syslog domain. ++## ++## ++## ++## ++## The type of the user terminal. +## +## +## @@ -10239,17 +10239,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + type TEMPLATETYPE_t; + ') + -+ allow $2 TEMPLATETYPE_t:process { ptrace signal_perms getattr }; -+ read_files_pattern($2, TEMPLATETYPE_t, TEMPLATETYPE_t) ++ allow $1 TEMPLATETYPE_t:process { ptrace signal_perms getattr }; ++ read_files_pattern($1, TEMPLATETYPE_t, TEMPLATETYPE_t) + +""" + +if_initscript_admin=""" + # Allow TEMPLATETYPE_t to restart the apache service -+ TEMPLATETYPE_script_domtrans($2) -+ domain_system_change_exemption($2) -+ role_transition $3 TEMPLATETYPE_script_exec_t system_r; -+ allow $3 system_r; ++ TEMPLATETYPE_script_domtrans($1) ++ domain_system_change_exemption($1) ++ role_transition $2 TEMPLATETYPE_script_exec_t system_r; ++ allow $2 system_r; +""" + +if_end_admin=""" @@ -10268,7 +10268,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.31/gui/templates/__init__.py --- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/__init__.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/__init__.py 2007-11-16 17:20:39.000000000 -0500 @@ -0,0 +1,18 @@ +# +# Copyright (C) 2007 Red Hat, Inc. @@ -10290,7 +10290,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.31/gui/templates/network.py --- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/network.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/network.py 2007-11-16 17:20:39.000000000 -0500 @@ -0,0 +1,80 @@ +te_port_types=""" +type TEMPLATETYPE_port_t; @@ -10374,7 +10374,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.31/gui/templates/rw.py --- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/rw.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/rw.py 2007-11-16 17:20:40.000000000 -0500 @@ -0,0 +1,128 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -10493,7 +10493,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli +""" + +if_admin_rules=""" -+ TEMPLATETYPE_manage_rw($2) ++ TEMPLATETYPE_manage_rw($1) +""" + +########################### File Context ################################## @@ -10506,7 +10506,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.31/gui/templates/script.py --- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/script.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/script.py 2007-11-16 17:20:40.000000000 -0500 @@ -0,0 +1,91 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -10601,7 +10601,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.31/gui/templates/semodule.py --- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/semodule.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/semodule.py 2007-11-16 17:20:41.000000000 -0500 @@ -0,0 +1,41 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -10646,7 +10646,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.31/gui/templates/tmp.py --- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/tmp.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/tmp.py 2007-11-16 17:20:41.000000000 -0500 @@ -0,0 +1,97 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -10742,12 +10742,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol +""" + +if_admin_rules=""" -+ TEMPLATETYPE_manage_tmp($2) ++ TEMPLATETYPE_manage_tmp($1) +""" + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.31/gui/templates/user.py --- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/user.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/user.py 2007-11-16 17:20:41.000000000 -0500 @@ -0,0 +1,137 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -10780,7 +10780,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +# Declarations +# + -+userdom_unpriv_login_user(TEMPLATETYPE) ++userdom_restricted_user_template(TEMPLATETYPE) +""" + +te_x_login_user_types="""\ @@ -10791,7 +10791,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +# Declarations +# + -+userdom_unpriv_xwindows_login_user(TEMPLATETYPE) ++userdom_restricted_xwindows_user_template(TEMPLATETYPE) +""" + +te_root_user_types="""\ @@ -10875,7 +10875,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po + +te_admin_domain_rules=""" +optional_policy(` -+ APPLICATION_admin(TEMPLATETYPE,TEMPLATETYPE_t,TEMPLATETYPE_r) ++ APPLICATION_admin(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t }) +') +""" + @@ -10888,7 +10888,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.31/gui/templates/var_lib.py --- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/var_lib.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/var_lib.py 2007-11-16 17:20:42.000000000 -0500 @@ -0,0 +1,162 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11037,7 +11037,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py +""" + +if_admin_rules=""" -+ TEMPLATETYPE_manage_var_lib($2) ++ TEMPLATETYPE_manage_var_lib($1) +""" + +########################### File Context ################################## @@ -11054,7 +11054,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.31/gui/templates/var_log.py --- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/var_log.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/var_log.py 2007-11-16 17:20:42.000000000 -0500 @@ -0,0 +1,110 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11155,7 +11155,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py +""" + +if_admin_rules=""" -+ TEMPLATETYPE_manage_log($2) ++ TEMPLATETYPE_manage_log($1) +""" + +########################### File Context ################################## @@ -11168,7 +11168,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.31/gui/templates/var_run.py --- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/var_run.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/var_run.py 2007-11-16 17:20:43.000000000 -0500 @@ -0,0 +1,119 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11274,7 +11274,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py +""" + +if_admin_rules=""" -+ TEMPLATETYPE_manage_var_run($2) ++ TEMPLATETYPE_manage_var_run($1) +""" + +fc_file="""\ @@ -11291,7 +11291,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.31/gui/templates/var_spool.py --- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.31/gui/templates/var_spool.py 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/gui/templates/var_spool.py 2007-11-16 17:20:43.000000000 -0500 @@ -0,0 +1,131 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11413,7 +11413,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. +""" + +if_admin_rules=""" -+ TEMPLATETYPE_manage_spool($2) ++ TEMPLATETYPE_manage_spool($1) +""" + +########################### File Context ################################## diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index d4a300f..12fb747 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -135,9 +135,23 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po } free(scontext); close(fd); +diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.31/scripts/chcat +--- nsapolicycoreutils/scripts/chcat 2007-08-23 16:52:26.000000000 -0400 ++++ policycoreutils-2.0.31/scripts/chcat 2007-11-19 13:11:19.000000000 -0500 +@@ -25,10 +25,6 @@ + import commands, sys, os, pwd, string, getopt, selinux + import seobject + import gettext +-import codecs +-import locale +-sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace') +-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace') + + try: + gettext.install('policycoreutils') diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.31/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2007-08-23 16:52:26.000000000 -0400 -+++ policycoreutils-2.0.31/scripts/fixfiles 2007-11-16 10:54:53.000000000 -0500 ++++ policycoreutils-2.0.31/scripts/fixfiles 2007-11-16 16:30:21.000000000 -0500 @@ -92,7 +92,7 @@ ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \ \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \ @@ -187,7 +201,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po if [ -z $command ]; then usage fi -@@ -223,17 +227,16 @@ +@@ -223,17 +227,15 @@ # check if they specified both DIRS and RPMFILES # @@ -195,7 +209,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po if [ ! -z "$RPMFILES" ]; then - if [ $OPTIND -le $# ]; then + if [ $# -gt 0 ]; then -+ echo broken usage fi else @@ -212,7 +225,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po # diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.31/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400 -+++ policycoreutils-2.0.31/semanage/semanage 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.31/semanage/semanage 2007-11-19 13:10:07.000000000 -0500 @@ -1,5 +1,5 @@ #! /usr/bin/python -E -# Copyright (C) 2005 Red Hat @@ -220,7 +233,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po # see file 'COPYING' for use and warranty information # # semanage is a tool for managing SELinux configuration files -@@ -115,7 +115,7 @@ +@@ -28,10 +28,6 @@ + import gettext + gettext.bindtextdomain(PROGNAME, "/usr/share/locale") + gettext.textdomain(PROGNAME) +-import codecs +-import locale +-sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace') +-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace') + + try: + gettext.install(PROGNAME, +@@ -115,7 +111,7 @@ valid_option["translation"] = [] valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] valid_option["boolean"] = [] @@ -229,7 +253,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po return valid_option # -@@ -135,7 +135,7 @@ +@@ -135,7 +131,7 @@ seuser = "" prefix = "" heading=1 @@ -238,7 +262,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po add = 0 modify = 0 delete = 0 -@@ -154,7 +154,7 @@ +@@ -154,7 +150,7 @@ args = sys.argv[2:] gopts, cmds = getopt.getopt(args, @@ -247,7 +271,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po ['add', 'delete', 'deleteall', -@@ -164,6 +164,8 @@ +@@ -164,6 +160,8 @@ 'modify', 'noheading', 'localist', @@ -256,7 +280,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po 'proto=', 'seuser=', 'store=', -@@ -242,6 +244,11 @@ +@@ -242,6 +240,11 @@ if o == "-T" or o == "--trans": setrans = a diff --git a/policycoreutils.spec b/policycoreutils.spec index e17f7c2..f1bbcfe 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.31 -Release: 16%{?dist} +Release: 18%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -207,6 +207,13 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Mon Nov 19 2007 Dan Walsh 2.0.31-18 +- Remove codec hacking, which seems to be fixed in python + +* Fri Nov 16 2007 Dan Walsh 2.0.31-17 +- Fix typo +- Change to upstream minimal privledge interfaces + * Fri Nov 16 2007 Dan Walsh 2.0.31-16 - Fix fixfiles argument parsing