policycoreutils/policycoreutils-rhat.patch
Daniel J Walsh 323af3f0d5 * Tue May 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.15-1
- Updated version of policycoreutils
	* Merged po file updates from Dan Walsh.
- Fix semanage to be able to modify prefix in user record
2007-05-01 13:44:29 +00:00

156 lines
6.2 KiB
Diff

diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-2.0.14/audit2allow/Makefile
--- nsapolicycoreutils/audit2allow/Makefile 2007-02-07 12:11:49.000000000 -0500
+++ policycoreutils-2.0.14/audit2allow/Makefile 2007-04-30 08:57:42.000000000 -0400
@@ -1,6 +1,7 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
BINDIR ?= $(PREFIX)/bin
+SBINDIR ?= $(PREFIX)/sbin
LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@@ -10,7 +11,7 @@
install: all
-mkdir -p $(BINDIR)
install -m 755 audit2allow $(BINDIR)
- install -m 755 sepolgen-ifgen $(BINDIR)
+ install -m 755 sepolgen-ifgen $(SBINDIR)
-mkdir -p $(MANDIR)/man1
install -m 644 audit2allow.1 $(MANDIR)/man1/
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.14/Makefile
--- nsapolicycoreutils/Makefile 2006-11-16 17:15:00.000000000 -0500
+++ policycoreutils-2.0.14/Makefile 2007-04-30 08:57:42.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
all install relabel clean indent:
@for subdir in $(SUBDIRS); do \
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-2.0.14/restorecon/restorecon.c
--- nsapolicycoreutils/restorecon/restorecon.c 2007-04-24 10:36:17.000000000 -0400
+++ policycoreutils-2.0.14/restorecon/restorecon.c 2007-04-30 08:57:42.000000000 -0400
@@ -16,6 +16,7 @@
* -v Show changes in file labels.
* -o filename save list of files with incorrect context
* -F Force reset of context to match file_context for customizable files
+ * -l Limit directory tree walk to a single filesystem
*
* pathname... The file(s) to label
*
@@ -50,6 +51,7 @@
static int recurse = 0;
static int file_exist = 1;
static int force = 0;
+static int onefs = 0;
#define STAT_BLOCK_SIZE 1
static int pipe_fds[2] = { -1, -1 };
static unsigned long long count = 0;
@@ -326,17 +328,19 @@
rc = fork();
if (rc == 0) {
close(pipe_fds[0]);
- nftw(buf, pre_stat, 1024, FTW_PHYS);
+ nftw(buf, pre_stat, 1024,
+ FTW_PHYS | (onefs ? FTW_MOUNT : 0));
exit(1);
}
if (rc > 0)
close(pipe_fds[1]);
if (rc == -1 || rc > 0) {
- if (nftw(buf, apply_spec, 1024, FTW_PHYS)) {
+ if (nftw(buf, apply_spec, 1024,
+ FTW_PHYS | (onefs ? FTW_MOUNT : 0))) {
if (!file_exist && errno == ENOENT)
return;
fprintf(stderr,
- "%s: error while traversing %s: %s\n",
+ "%s: %s: %s\n",
progname, buf, strerror(errno));
errors++;
}
@@ -367,11 +371,14 @@
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
- while ((opt = getopt(argc, argv, "ipFrRnvf:o:e:")) > 0) {
+ while ((opt = getopt(argc, argv, "ipFrRnvf:lo:e:")) > 0) {
switch (opt) {
case 'n':
change = 0;
break;
+ case 'l':
+ onefs = 1;
+ break;
case 'i':
file_exist = 0;
break;
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.14/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2007-02-22 08:53:22.000000000 -0500
+++ policycoreutils-2.0.14/restorecond/restorecond.c 2007-04-30 08:57:42.000000000 -0400
@@ -210,9 +210,10 @@
}
if (fsetfilecon(fd, scontext) < 0) {
- syslog(LOG_ERR,
- "set context %s->%s failed:'%s'\n",
- filename, scontext, strerror(errno));
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR,
+ "set context %s->%s failed:'%s'\n",
+ filename, scontext, strerror(errno));
if (retcontext >= 0)
free(prev_context);
free(scontext);
@@ -225,8 +226,9 @@
if (retcontext >= 0)
free(prev_context);
} else {
- syslog(LOG_ERR, "get context on %s failed: '%s'\n",
- filename, strerror(errno));
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR, "get context on %s failed: '%s'\n",
+ filename, strerror(errno));
}
free(scontext);
close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.14/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2007-01-16 15:08:21.000000000 -0500
+++ policycoreutils-2.0.14/semanage/semanage 2007-05-01 09:31:57.000000000 -0400
@@ -279,7 +279,7 @@
if object == "user":
rlist = roles.split()
- OBJECT.modify(target, rlist, selevel, serange)
+ OBJECT.modify(target, rlist, selevel, serange, prefix)
if object == "port":
OBJECT.modify(target, proto, serange, setype)
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.14/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2007-04-12 12:43:06.000000000 -0400
+++ policycoreutils-2.0.14/semanage/seobject.py 2007-04-30 08:57:42.000000000 -0400
@@ -210,6 +210,7 @@
os.write(fd, self.out())
os.close(fd)
os.rename(newfilename, self.filename)
+ os.system("/sbin/service mcstrans reload > /dev/null")
class semanageRecords:
def __init__(self):
@@ -1283,9 +1284,12 @@
raise ValueError(_("Could not list booleans"))
for boolean in self.blist:
- name = semanage_bool_get_name(boolean)
- value = semanage_bool_get_value(boolean)
- ddict[name] = value
+ value = []
+ name = semanage_bool_get_name(boolean)
+ value[0] = semanage_bool_get_value(boolean)
+ value[1] = selinux.security_get_boolean_pending(boolean)
+ value[2] = selinux.security_get_boolean_active(boolean)
+ ddict[name] = value
return ddict