diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.1/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2006-03-10 09:48:04.000000000 -0500 +++ policycoreutils-1.30.1/audit2allow/audit2allow 2006-03-29 10:08:58.000000000 -0500 @@ -27,15 +27,14 @@ import commands, sys, os, pwd, string, getopt, re, selinux obj="(\{[^\}]*\}|[^ \t:]*)" -allow_regexp="allow[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj) - +allow_regexp="(allow|dontaudit)[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj) awk_script='/^[[:blank:]]*interface[[:blank:]]*\(/ {\n\ IFACEFILE=FILENAME\n\ IFACENAME = gensub("^[[:blank:]]*interface[[:blank:]]*\\\\(\`?","","g",$0);\n\ IFACENAME = gensub("\'?,.*$","","g",IFACENAME);\n\ }\n\ \n\ -/^[[:blank:]]*allow[[:blank:]]+.*;[[:blank:]]*$/ {\n\ +/^[[:blank:]]*(allow|dontaudit)[[:blank:]]+.*;[[:blank:]]*$/ {\n\ \n\ if ((length(IFACENAME) > 0) && (IFACEFILE == FILENAME)){\n\ ALLOW = gensub("^[[:blank:]]*","","g",$0)\n\ @@ -84,14 +83,13 @@ m=re.match(regexp,r) if m==None: continue - else: - val=m.groups() + val=m.groups() file=os.path.basename(val[0]).split(".")[0] iface=val[1] - Scon=val[2].split() - Tcon=val[3].split() - Class=val[4].split() - Access=trans.get(val[5].split()) + Scon=val[3].split() + Tcon=val[4].split() + Class=val[5].split() + Access=trans.get(val[6].split()) for s in Scon: for t in Tcon: for c in Class: @@ -217,12 +215,15 @@ class seruleRecords: def __init__(self, input, last_reload=0, verbose=0, te_ind=0): self.last_reload=last_reload - self.seRules={} + self.initialize() + self.load(input, te_ind) + self.gen_ref_policy = False + + def initialize(self): + self.seRules={} self.seclasses={} self.types=[] self.roles=[] - self.load(input, te_ind) - self.gen_ref_policy = False def gen_reference_policy(self): self.gen_ref_policy = True @@ -330,7 +331,7 @@ return if "load_policy" in avc and self.last_reload: - self.seRules={} + self.initialize() if "granted" in avc: return @@ -395,6 +396,9 @@ self.types.append(type) def gen_module(self, module): + if self.gen_ref_policy: + return "policy_module(%s, 1.0);" % module + else: return "module %s 1.0;" % module def gen_requires(self): @@ -403,11 +407,11 @@ keys=self.seclasses.keys() keys.sort() rec="\n\nrequire {\n" - if len(self.roles) > 0: - for i in self.roles: - rec += "\trole %s; \n" % i - rec += "\n" - +# if len(self.roles) > 0: +# for i in self.roles: +# rec += "\trole %s; \n" % i +# rec += "\n" +# for i in keys: access=self.seclasses[i] if len(access) > 1: @@ -423,7 +427,7 @@ for i in self.types: rec += "\ttype %s; \n" % i - rec += " };\n\n\n" + rec += "};\n\n" return rec def out(self, require=0, module=""): diff --exclude-from=exclude -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.30.1/Makefile --- nsapolicycoreutils/Makefile 2005-11-29 10:55:01.000000000 -0500 +++ policycoreutils-1.30.1/Makefile 2006-03-28 23:03:06.000000000 -0500 @@ -1,4 +1,4 @@ -SUBDIRS=setfiles semanage load_policy newrole run_init restorecon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand setsebool po +SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand setsebool po all install relabel clean: @for subdir in $(SUBDIRS); do \ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-1.30.1/restorecond/Makefile --- nsapolicycoreutils/restorecond/Makefile 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.30.1/restorecond/Makefile 2006-03-28 23:03:06.000000000 -0500 @@ -0,0 +1,29 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr +SBINDIR ?= $(PREFIX)/sbin +MANDIR = $(PREFIX)/share/man +INITDIR = $(DESTDIR)/etc/rc.d/init.d +SELINUXDIR = $(DESTDIR)/etc/selinux + +CFLAGS ?= -g -Werror -Wall -W +override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64 +LDLIBS += -lselinux -L$(PREFIX)/lib + +all: restorecond + +restorecond: restorecond.o utmpwatcher.o stringslist.o + $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) + +install: all + [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 + -mkdir -p $(SBINDIR) + install -m 755 restorecond $(SBINDIR) + install -m 644 restorecond.8 $(MANDIR)/man8 + -mkdir -p $(INITDIR) + install -m 644 restorecond.init $(INITDIR)/restorecond + -mkdir -p $(SELINUXDIR) + install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf + +clean: + -rm -f restorecond *.o *~ + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-1.30.1/restorecond/restorecond.8 --- nsapolicycoreutils/restorecond/restorecond.8 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.30.1/restorecond/restorecond.8 2006-03-28 23:03:06.000000000 -0500 @@ -0,0 +1,31 @@ +.TH "restorecond" "8" "2002031409" "" "" +.SH "NAME" +restorecond \- daemon that watches for file creation and then corrects file context + +.SH "SYNOPSIS" +.B restorecond [\-d] +.P + +.SH "DESCRIPTION" +This manual page describes the +.BR restorecond +program. +.P +This daemon uses inotify to watch files listed in the /etc/selinux/POLICYTYPE/restorconfiles.conf, when they are created, this daemon will make sure they have +the correct file context associated with the policy. + +.SH "OPTIONS" +.TP +.B \-d +Turns on debugging mode. Application will stay in the foreground and lots of +debugs messages start printing. + +.SH "AUTHOR" +This man page was written by Dan Walsh . +The program was written by Dan Walsh . + +.SH "FILES" +/etc/selinux/POLICYTYPE/restorconfiles.conf + +.SH "SEE ALSO" +.BR restorecon (8), diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-1.30.1/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.30.1/restorecond/restorecond.c 2006-03-28 23:03:06.000000000 -0500 @@ -0,0 +1,451 @@ +/* + * restorecond + * + * Copyright (C) 2006 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. +.* + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + * 02111-1307 USA + * + * Authors: + * Dan Walsh + * +*/ + +/* + * PURPOSE: + * This daemon program watches for the creation of files listed in a config file + * and makes sure that there security context matches the systems defaults + * + * USAGE: + * restorecond [-d] + * + * -d Run in debug mode + * + * EXAMPLE USAGE: + * restorecond + * + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "restorecond.h" +#include "stringslist.h" +#include "utmpwatcher.h" + +extern char *dirname(char *path); +static int master_fd=-1; +static int master_wd=-1; +static int terminate=0; + +#include +#include + +/* size of the event structure, not counting name */ +#define EVENT_SIZE (sizeof (struct inotify_event)) +/* reasonable guess as to size of 1024 events */ +#define BUF_LEN (1024 * (EVENT_SIZE + 16)) + +static int debug_mode=0; + +static void restore(const char *filename); + +struct watchList { + struct watchList *next; + int wd; + char *dir; + struct stringsList *files; +}; +struct watchList *firstDir=NULL; + +/* Compare two contexts to see if their differences are "significant", + * or whether the only difference is in the user. */ +static int only_changed_user(const char *a, const char *b) +{ + char *rest_a, *rest_b; /* Rest of the context after the user */ + if (!a || !b) return 0; + rest_a = strchr(a, ':'); + rest_b = strchr(b, ':'); + if (!rest_a || !rest_b) return 0; + return (strcmp(rest_a, rest_b) == 0); +} + +/* + A file was in a direcroty has been created. This function checks to + see if it is one that we are watching. +*/ + +static int watch_list_find(int wd, const char *file) { + struct watchList *ptr=NULL; + ptr=firstDir; + + if (debug_mode) + printf("%d: File=%s\n", wd, file); + while (ptr != NULL) { + if (ptr->wd == wd) { + if (strings_list_find(ptr->files, file) == 0) { + char *path=NULL; + if (asprintf(&path, "%s/%s",ptr->dir, file) < 0) + exitApp("Error allocating memory."); + restore (path); + free(path); + return 0; + } + if (debug_mode) + strings_list_print(ptr->files); + + /* Not found in this directory */ + return -1; + } + ptr=ptr->next; + } + /* Did not find a directory */ + return -1; +} + +static void watch_list_free(int fd) { + struct watchList *ptr=NULL; + struct watchList *prev=NULL; + ptr=firstDir; + + while (ptr!=NULL) { + inotify_rm_watch(fd, ptr->wd); + strings_list_free(ptr->files); + free(ptr->dir); + prev=ptr; + ptr=ptr->next; + free(prev); + } + firstDir=NULL; +} + +/* + Set the file context to the default file context for this system. + Same as restorecon. +*/ +static void restore(const char *filename) { + int retcontext=0; + security_context_t scontext=NULL; + security_context_t prev_context=NULL; + struct stat st; + int fd=-1; + if (debug_mode) + printf("restore %s\n", filename); + + fd = open(filename, O_NOFOLLOW | O_RDONLY ); + if ( fd < 0 ) { + syslog(LOG_ERR,"Unable to open file (%s) %s\n", filename,strerror(errno)); + return; + } + + + if (fstat(fd, &st)!=0) { + syslog(LOG_ERR,"Unable to stat file (%s) %s\n", filename,strerror(errno)); + close(fd); + return; + } + + if (! (st.st_mode & S_IFDIR) && st.st_nlink > 1) { + syslog(LOG_ERR,"Will not restore a file with more than one hard link (%s) %s\n", filename,strerror(errno)); + close(fd); + return; + } + + if (matchpathcon(filename, st.st_mode, &scontext) < 0) { + if (errno == ENOENT) + return; + syslog(LOG_ERR,"matchpathcon(%s) failed %s\n", filename,strerror(errno)); + return; + } + retcontext=fgetfilecon(fd,&prev_context); + + if (retcontext >= 0 || errno == ENODATA) { + if (retcontext < 0) prev_context=NULL; + if (retcontext < 0 || + (strcmp(prev_context,scontext) != 0)) { + + if (only_changed_user(scontext, prev_context) != 0) { + free(scontext); + free(prev_context); + close(fd); + return; + } + + if (fsetfilecon(fd,scontext) < 0) { + syslog(LOG_ERR,"set context %s->%s failed:'%s'\n", + filename, scontext, strerror(errno)); + if (retcontext >= 0) + free(prev_context); + free(scontext); + close(fd); + return; + } + syslog(LOG_WARNING,"Reset file context %s: %s->%s\n", filename, prev_context, scontext); + } + if (retcontext >= 0) + free(prev_context); + } + else { + syslog(LOG_ERR,"get context on %s failed: '%s'\n", + filename, strerror(errno)); + } + free(scontext); + close(fd); +} + +static void process_config(int fd, FILE *cfg) { + char *line_buf=NULL; + unsigned int len=0; + + while (getline(&line_buf, &len, cfg)>0) { + char *buffer=line_buf; + while(isspace(*buffer)) + buffer++; + if(buffer[0] == '#') continue; + int l=strlen(buffer)-1; + if ( l <= 0 ) continue; + buffer[l]=0; + if(buffer[0] == '~') + utmpwatcher_add(fd, &buffer[1]); + else { + watch_list_add(fd, buffer); + } + } + free(line_buf); +} + +/* + Read config file ignoring Comment lines + Files specified one per line. Files with "~" will be expanded to the logged in users + homedirs. +*/ + +static void read_config(int fd) { + char *watch_file_path="/etc/selinux/restorecond.conf"; + + FILE *cfg = NULL; + if (debug_mode) + printf("Read Config\n"); + + watch_list_free(fd); + + cfg=fopen(watch_file_path, "r"); + if (!cfg) exitApp("Error reading config file."); + process_config(fd, cfg); + fclose(cfg); + + inotify_rm_watch(fd, master_wd); + master_wd=inotify_add_watch (fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY); +} + +/* + Inotify watch loop +*/ +static int watch(int fd) { + char buf[BUF_LEN]; + int len, i = 0; + len = read(fd, buf, BUF_LEN); + if (len < 0) { + if (terminate == 0) { + syslog(LOG_ERR, "Read error (%s)", strerror(errno)); + return 0; + } + syslog(LOG_ERR, "terminated"); + return -1; + } else if (!len) + /* BUF_LEN too small? */ + return -1; + while (i < len) { + struct inotify_event *event; + event = (struct inotify_event *) &buf[i]; + if (debug_mode) + printf ("wd=%d mask=%u cookie=%u len=%u\n", + event->wd, event->mask, + event->cookie, event->len); + if (event->wd == master_wd) + read_config(fd); + else { + switch (utmpwatcher_handle(fd, event->wd)) { + case -1: /* Message was not for utmpwatcher */ + if (event->len) + watch_list_find (event->wd, event->name); + break; + + case 1: /* utmp has changed need to reload */ + read_config(fd); + break; + + default: /* No users logged in or out */ + break; + } + } + + + i += EVENT_SIZE + event->len; + } + return 0; +} + +static const char *pidfile = "/var/run/restorecond.pid"; + +static int write_pid_file(void) +{ + int pidfd, len; + char val[16]; + + len = snprintf(val, sizeof(val), "%u\n", getpid()); + if (len < 0) { + syslog(LOG_ERR, "Pid error (%s)", strerror(errno)); + pidfile = 0; + return 1; + } + pidfd = open(pidfile, O_CREAT | O_TRUNC | O_NOFOLLOW | O_WRONLY, 0644); + if (pidfd < 0) { + syslog(LOG_ERR, "Unable to set pidfile (%s)", + strerror(errno)); + pidfile = 0; + return 1; + } + (void)write(pidfd, val, (unsigned int)len); + close(pidfd); + return 0; +} + +/* + * SIGTERM handler + */ +static void term_handler() +{ + terminate=1; + /* trigger a failure in the watch */ + close(master_fd); +} + +static void usage(char *program) { + printf("%s [-d] \n", program); + exit(0); +} + +void exitApp(const char *msg) { + perror(msg); + exit(-1); +} + +/* + Add a file to the watch list. We are watching for file creation, so we actually + put the watch on the directory and then examine all files created in that directory + to see if it is one that we are watching. +*/ + +void watch_list_add(int fd, const char *path) { + struct watchList *ptr=NULL; + struct watchList *prev=NULL; + char *x=strdup(path); + if (!x) exitApp("Out of Memory"); + char *dir=dirname(x); + char *file=basename(path); + ptr=firstDir; + + restore(path); + + while (ptr!=NULL) { + if (strcmp(dir, ptr->dir) == 0) { + strings_list_add(&ptr->files, file); + free(x); + return; + } + prev=ptr; + ptr=ptr->next; + } + ptr=calloc(1, sizeof(struct watchList)); + + if (!ptr) exitApp("Out of Memory"); + ptr->wd=inotify_add_watch (fd, dir, IN_CREATE | IN_MOVED_TO ); + + ptr->dir=strdup(dir); + if (!ptr->dir) exitApp("Out of Memory"); + + strings_list_add(&ptr->files, file); + if (prev) + prev->next=ptr; + else + firstDir=ptr; + + if (debug_mode) + printf("%d: Dir=%s, File=%s\n", ptr->wd, ptr->dir, file); + + free(x); +} + +int main(int argc, char **argv) { + int opt; + struct sigaction sa; + +#ifndef DEBUG + /* Make sure we are root */ + if (getuid() != 0) { + fprintf(stderr, "You must be root to run this program.\n"); + return 4; + } +#endif + + /* Register sighandlers */ + sa.sa_flags = 0 ; + sa.sa_handler = term_handler; + sigemptyset( &sa.sa_mask ) ; + sigaction( SIGTERM, &sa, NULL ); + + master_fd = inotify_init (); + if (master_fd < 0) + exitApp("inotify_init"); + + while ((opt = getopt(argc, argv, "d")) > 0) { + switch (opt) { + case 'd': + debug_mode = 1; + break; + case '?': + usage(argv[0]); + } + } + read_config(master_fd); + + write_pid_file(); + + if (! debug_mode) + daemon(0, 0); + + while (watch(master_fd) == 0 ) {}; + + watch_list_free(master_fd); + close(master_fd); + if (pidfile) + unlink(pidfile); + + return 0; +} diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.1/restorecond/restorecond.conf --- nsapolicycoreutils/restorecond/restorecond.conf 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.30.1/restorecond/restorecond.conf 2006-03-28 23:03:06.000000000 -0500 @@ -0,0 +1,4 @@ +/etc/resolv.conf +/etc/mtab +/var/run/utmp +~/public_html diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-1.30.1/restorecond/restorecond.h --- nsapolicycoreutils/restorecond/restorecond.h 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.30.1/restorecond/restorecond.h 2006-03-28 23:03:06.000000000 -0500 @@ -0,0 +1,31 @@ +/* restorecond.h -- + * Copyright 2006 Red Hat Inc., Durham, North Carolina. + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Authors: + * Dan Walsh + * + */ + +#ifndef RESTORED_CONFIG_H +#define RESTORED_CONFIG_H + +void exitApp(const char *msg); +void watch_list_add(int inotify_fd, const char *path); + +#endif + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-1.30.1/restorecond/restorecond.init --- nsapolicycoreutils/restorecond/restorecond.init 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.30.1/restorecond/restorecond.init 2006-03-28 23:03:06.000000000 -0500 @@ -0,0 +1,61 @@ +#!/bin/sh +# +# restorecond: Daemo used to maintain path file context +# +# chkconfig: 2345 10 90 +# description: restorecond uses inotify to look for creation of new files listed in the +# /etc/selinux/POLICYTYPE/restorefiles.conf file, and sets the correct security +# context. +# + +# Source function library. +. /etc/rc.d/init.d/functions + +start() +{ + echo -n $"Starting restorecond: " + daemon /usr/sbin/restorecond + + touch /var/lock/subsys/restorecond + echo +} + +stop() +{ + echo -n $"Shutting down restorecond: " + killproc restorecond + + rm -f /var/lock/subsys/restorecond + echo +} +restart() +{ + stop + start +} + +[ -f /usr/sbin/restorecond ] || exit 0 + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status restorecond + ;; + restart|reload) + restart + ;; + condrestart) + [ -e /var/lock/subsys/restorecond ] && restart || : + ;; + *) + echo $"Usage: $0 {start|stop|restart|reload|condrestart}" + exit 1 +esac + +exit 0 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/stringslist.c policycoreutils-1.30.1/restorecond/stringslist.c --- nsapolicycoreutils/restorecond/stringslist.c 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.30.1/restorecond/stringslist.c 2006-03-28 23:03:06.000000000 -0500 @@ -0,0 +1,118 @@ +/* + * Copyright (C) 2006 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. +.* + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + * 02111-1307 USA + * + * Authors: + * Dan Walsh + * +*/ + +#include +#include +#include +#include "stringslist.h" +#include "restorecond.h" + +/* Sorted lists */ +void strings_list_add(struct stringsList **list, const char *string) { + struct stringsList *ptr=*list; + struct stringsList *prev=NULL; + struct stringsList *newptr=NULL; + while(ptr) { + int cmp=strcmp(string, ptr->string); + if (cmp < 0) break; /* Not on list break out to add */ + if (cmp == 0) return; /* Already on list */ + prev=ptr; + ptr=ptr->next; + } + newptr=calloc(1, sizeof(struct stringsList)); + if (!newptr) exitApp("Out of Memory"); + newptr->string=strdup(string); + newptr->next = ptr; + if (prev) + prev->next=newptr; + else + *list=newptr; +} + +int strings_list_find(struct stringsList *ptr, const char *string) { + while (ptr) { + int cmp=strcmp(string, ptr->string); + if (cmp < 0) return -1; /* Not on list break out to add */ + if (cmp == 0) return 0; /* Already on list */ + ptr=ptr->next; + } + return -1; +} + +void strings_list_free(struct stringsList *ptr) { + struct stringsList *prev=NULL; + while (ptr) { + free(ptr->string); + prev=ptr; + ptr=ptr->next; + free(prev); + } +} + +int strings_list_diff(struct stringsList *from, struct stringsList *to) { + while (from != NULL && to != NULL) { + if (strcmp(from->string, to->string) != 0) return 1; + from=from->next; + to=to->next; + } + if (from != NULL || to != NULL) return 1; + return 0; +} + +void strings_list_print(struct stringsList *ptr) { + while (ptr) { + printf("%s\n", ptr->string); + ptr=ptr->next; + } +} + + +#ifdef TEST +void exitApp(const char *msg) { + perror(msg); + exit(-1); +} + +int main(int argc, char **argv) { + struct stringsList *list=NULL; + struct stringsList *list1=NULL; + strings_list_add(&list, "/etc/resolv.conf"); + strings_list_add(&list, "/etc/walsh"); + strings_list_add(&list, "/etc/mtab"); + strings_list_add(&list, "/etc/walsh"); + if (strings_list_diff(list, list) != 0) printf ("strings_list_diff test1 bug\n"); + strings_list_add(&list1, "/etc/walsh"); + if (strings_list_diff(list, list1) == 0) printf ("strings_list_diff test2 bug\n"); + strings_list_add(&list1, "/etc/walsh"); + strings_list_add(&list1, "/etc/resolv.conf"); + strings_list_add(&list1, "/etc/mtab1"); + if (strings_list_diff(list, list1) == 0) printf ("strings_list_diff test3 bug\n"); + printf ("strings list\n"); + strings_list_print(list); + printf ("strings list1\n"); + strings_list_print(list1); + strings_list_free(list); + strings_list_free(list1); +} +#endif diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/stringslist.h policycoreutils-1.30.1/restorecond/stringslist.h --- nsapolicycoreutils/restorecond/stringslist.h 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.30.1/restorecond/stringslist.h 2006-03-28 23:03:06.000000000 -0500 @@ -0,0 +1,37 @@ +/* stringslist.h -- + * Copyright 2006 Red Hat Inc., Durham, North Carolina. + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Authors: + * Dan Walsh + * + */ +#ifndef STRINGSLIST_H +#define STRINGSLIST_H + +struct stringsList { + struct stringsList *next; + char *string; +}; + +void strings_list_free(struct stringsList *list); +void strings_list_add(struct stringsList **list, const char *string); +void strings_list_print(struct stringsList *list); +int strings_list_find(struct stringsList *list, const char *string); +int strings_list_diff(struct stringsList *from, struct stringsList *to); + +#endif diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-1.30.1/restorecond/utmpwatcher.c --- nsapolicycoreutils/restorecond/utmpwatcher.c 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.30.1/restorecond/utmpwatcher.c 2006-03-28 23:03:06.000000000 -0500 @@ -0,0 +1,105 @@ +/* + * utmpwatcher.c + * + * Copyright (C) 2006 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. +.* + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + * 02111-1307 USA + * + * Authors: + * Dan Walsh + * + * +*/ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include "restorecond.h" +#include "utmpwatcher.h" +#include "stringslist.h" + +static struct stringsList *utmp_ptr=NULL; +static int utmp_wd=-1; + +unsigned int utmpwatcher_handle(int inotify_fd, int wd) { + int changed=0; + struct utmp u; + char *utmp_path="/var/run/utmp"; + struct stringsList *prev_utmp_ptr=utmp_ptr; + if (wd != utmp_wd) return -1; + + utmp_ptr=NULL; + FILE *cfg=fopen(utmp_path, "r"); + if (!cfg) exitApp("Error reading config file."); + + while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) { + if (u.ut_type == USER_PROCESS) + strings_list_add(&utmp_ptr, u.ut_user); + } + fclose(cfg); + if (utmp_wd >= 0) + inotify_rm_watch(inotify_fd, utmp_wd); + + utmp_wd=inotify_add_watch (inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY); + if (prev_utmp_ptr) { + changed=strings_list_diff(prev_utmp_ptr, utmp_ptr); + strings_list_free(prev_utmp_ptr); + } + return changed; +} + +static void watch_file(int inotify_fd, const char *file) { + struct stringsList *ptr=utmp_ptr; + + while(ptr) { + struct passwd *pwd=getpwnam(ptr->string); + if (pwd) { + char *path=NULL; + if (asprintf(&path, "%s%s",pwd->pw_dir, file) < 0) + exitApp("Error allocating memory."); + watch_list_add(inotify_fd, path); + free(path); + } + ptr=ptr->next; + } +} + +void utmpwatcher_add(int inotify_fd, const char *path) { + if (utmp_ptr == NULL) { + utmpwatcher_handle(inotify_fd, utmp_wd); + } + watch_file(inotify_fd, path); +} + +#ifdef TEST +int main(int argc, char **argv) { + read_utmp(); + return 0; +} +#endif + + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.h policycoreutils-1.30.1/restorecond/utmpwatcher.h --- nsapolicycoreutils/restorecond/utmpwatcher.h 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.30.1/restorecond/utmpwatcher.h 2006-03-28 23:03:06.000000000 -0500 @@ -0,0 +1,29 @@ +/* utmpwatcher.h -- + * Copyright 2006 Red Hat Inc., Durham, North Carolina. + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Authors: + * Dan Walsh + * + */ +#ifndef UTMPWATCHER_H +#define UTMPWATCHER_H + +unsigned int utmpwatcher_handle(int inotify_fd, int wd); +void utmpwatcher_add(int inotify_fd, const char *path); + +#endif diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.30.1/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2006-01-04 13:07:46.000000000 -0500 +++ policycoreutils-1.30.1/scripts/fixfiles 2006-03-28 23:03:06.000000000 -0500 @@ -124,7 +124,15 @@ exit $? fi if [ ! -z "$DIRS" ]; then - ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $1 -v $DIRS 2>&1 >> $LOGFILE + if [ -x /usr/bin/find ]; then + for d in ${DIRS} ; do find $d \ + ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \ + ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $1 -v -f - 2>&1 >> $LOGFILE + done + else + ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $1 -v $DIRS 2>&1 >> $LOGFILE + fi + exit $? fi LogReadOnly