444 lines
15 KiB
Diff
444 lines
15 KiB
Diff
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.28/audit2allow/audit2allow
|
|
--- nsapolicycoreutils/audit2allow/audit2allow 2006-08-28 16:58:19.000000000 -0400
|
|
+++ policycoreutils-1.30.28/audit2allow/audit2allow 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -1,4 +1,4 @@
|
|
-#! /usr/bin/env python
|
|
+#! /usr/bin/python -E
|
|
# Copyright (C) 2005 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.28/audit2allow/avc.py
|
|
--- nsapolicycoreutils/audit2allow/avc.py 2006-08-28 16:58:19.000000000 -0400
|
|
+++ policycoreutils-1.30.28/audit2allow/avc.py 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -1,4 +1,4 @@
|
|
-#! /usr/bin/env python
|
|
+#! /usr/bin/python -E
|
|
# Copyright (C) 2006 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.30.28/newrole/newrole.c
|
|
--- nsapolicycoreutils/newrole/newrole.c 2006-08-28 16:58:20.000000000 -0400
|
|
+++ policycoreutils-1.30.28/newrole/newrole.c 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -445,6 +445,7 @@
|
|
|
|
/* Terminate on SIGHUP. */
|
|
signal(SIGHUP, SIG_DFL);
|
|
+ signal(SIGPIPE, SIG_IGN);
|
|
|
|
#ifdef USE_NLS
|
|
setlocale(LC_ALL, "");
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.30.28/restorecon/restorecon.8
|
|
--- nsapolicycoreutils/restorecon/restorecon.8 2006-08-28 16:58:19.000000000 -0400
|
|
+++ policycoreutils-1.30.28/restorecon/restorecon.8 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -4,10 +4,10 @@
|
|
|
|
.SH "SYNOPSIS"
|
|
.B restorecon
|
|
-.I [\-o outfilename ] [\-R] [\-n] [\-v] [\-e directory ] pathname...
|
|
+.I [-i] [\-o] [\-R] [\-n] [\-v] [\-e directory ] pathname...
|
|
.P
|
|
.B restorecon
|
|
-.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-v] [\-F]
|
|
+.I [-i] \-f infilename [\-o] [\-e directory ] [\-R] [\-n] [\-v] [\-F]
|
|
|
|
.SH "DESCRIPTION"
|
|
This manual page describes the
|
|
@@ -23,6 +23,9 @@
|
|
|
|
.SH "OPTIONS"
|
|
.TP
|
|
+.B \-i
|
|
+ignore files that do not exist
|
|
+.TP
|
|
.B \-f infilename
|
|
infilename contains a list of files to be processed by application. Use \- for stdin.
|
|
.TP
|
|
@@ -35,8 +38,8 @@
|
|
.B \-n
|
|
don't change any file labels.
|
|
.TP
|
|
-.B \-o outfilename
|
|
-save list of files with incorrect context in outfilename.
|
|
+.B \-o
|
|
+print list of files with incorrect context.
|
|
.TP
|
|
.B \-v
|
|
show changes in file labels.
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.30.28/restorecon/restorecon.c
|
|
--- nsapolicycoreutils/restorecon/restorecon.c 2006-09-01 22:32:11.000000000 -0400
|
|
+++ policycoreutils-1.30.28/restorecon/restorecon.c 2006-09-11 09:53:08.000000000 -0400
|
|
@@ -11,9 +11,10 @@
|
|
* restorecon [-Rnv] pathname...
|
|
*
|
|
* -e Specify directory to exclude
|
|
+ * -i Ignore error if file does not exist
|
|
* -n Do not change any file labels.
|
|
* -v Show changes in file labels.
|
|
- * -o filename save list of files with incorrect context
|
|
+ * -o Print list of files with incorrect context
|
|
* -F Force reset of context to match file_context for customizable files
|
|
*
|
|
* pathname... The file(s) to label
|
|
@@ -41,12 +42,14 @@
|
|
#include <ftw.h>
|
|
|
|
static int change = 1;
|
|
+static int change_ctr = 0;
|
|
static int verbose = 0;
|
|
static int progress = 0;
|
|
-static FILE *outfile = NULL;
|
|
+static int outfile = 0;
|
|
static char *progname;
|
|
static int errors = 0;
|
|
static int recurse = 0;
|
|
+static int file_exist = 1;
|
|
static int force = 0;
|
|
#define STAT_BLOCK_SIZE 1
|
|
static int pipe_fds[2] = { -1, -1 };
|
|
@@ -129,7 +132,7 @@
|
|
void usage(const char *const name)
|
|
{
|
|
fprintf(stderr,
|
|
- "usage: %s [-FnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
|
|
+ "usage: %s [-iFonrRv] [-e excludedir ] [-f filename | pathname... ]\n",
|
|
name);
|
|
exit(1);
|
|
}
|
|
@@ -160,6 +163,8 @@
|
|
}
|
|
|
|
if (lstat(filename, &st) != 0) {
|
|
+ if (!file_exist && errno == ENOENT)
|
|
+ return 0;
|
|
fprintf(stderr, "lstat(%s) failed: %s\n", filename,
|
|
strerror(errno));
|
|
return 1;
|
|
@@ -197,11 +202,8 @@
|
|
return 1;
|
|
}
|
|
p += len;
|
|
- /* ensure trailing slash of directory name */
|
|
- if (len == 0 || *(p - 1) != '/') {
|
|
- *p = '/';
|
|
- p++;
|
|
- }
|
|
+ *p = '/';
|
|
+ p++;
|
|
strcpy(p, file_sep);
|
|
filename = path;
|
|
} else {
|
|
@@ -236,7 +238,7 @@
|
|
is_context_customizable(prev_context) > 0))) {
|
|
if (only_changed_user(scontext, prev_context) == 0) {
|
|
if (outfile)
|
|
- fprintf(outfile, "%s\n", filename);
|
|
+ fprintf(stdout, "%s\n", filename);
|
|
if (change) {
|
|
if (lsetfilecon(filename, scontext) < 0) {
|
|
fprintf(stderr,
|
|
@@ -249,9 +251,12 @@
|
|
freecon(scontext);
|
|
return 1;
|
|
}
|
|
- }
|
|
+ }
|
|
+ else
|
|
+ change_ctr++;
|
|
+
|
|
if (verbose)
|
|
- printf("%s reset %s context %s->%s\n",
|
|
+ fprintf(stderr, "%s reset %s context %s->%s\n",
|
|
progname, filename,
|
|
(retcontext >=
|
|
0 ? prev_context : ""),
|
|
@@ -259,7 +264,7 @@
|
|
}
|
|
}
|
|
if (verbose > 1 && !force && customizable > 0) {
|
|
- printf("%s: %s not reset customized by admin to %s\n",
|
|
+ fprintf(stderr, "%s: %s not reset customized by admin to %s\n",
|
|
progname, filename, prev_context);
|
|
}
|
|
|
|
@@ -322,6 +327,8 @@
|
|
close(pipe_fds[1]);
|
|
if (rc == -1 || rc > 0) {
|
|
if (nftw(buf, apply_spec, 1024, FTW_PHYS)) {
|
|
+ if (!file_exist && errno == ENOENT)
|
|
+ return;
|
|
fprintf(stderr,
|
|
"%s: error while labeling files under %s\n",
|
|
progname, buf);
|
|
@@ -353,11 +360,14 @@
|
|
exit(0);
|
|
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
|
|
|
|
- while ((opt = getopt(argc, argv, "pFrRnvf:o:e:")) > 0) {
|
|
+ while ((opt = getopt(argc, argv, "ipFrRnvf:oe:")) > 0) {
|
|
switch (opt) {
|
|
case 'n':
|
|
change = 0;
|
|
break;
|
|
+ case 'i':
|
|
+ file_exist = 0;
|
|
+ break;
|
|
case 'r':
|
|
case 'R':
|
|
recurse = 1;
|
|
@@ -370,13 +380,7 @@
|
|
exit(1);
|
|
break;
|
|
case 'o':
|
|
- outfile = fopen(optarg, "w");
|
|
- if (!outfile) {
|
|
- fprintf(stderr, "Error opening %s: %s\n",
|
|
- optarg, strerror(errno));
|
|
- usage(argv[0]);
|
|
- }
|
|
- __fsetlocking(outfile, FSETLOCKING_BYCALLER);
|
|
+ outfile = 1;
|
|
break;
|
|
case 'v':
|
|
if (progress) {
|
|
@@ -425,8 +429,8 @@
|
|
process(argv[i]);
|
|
}
|
|
}
|
|
- if (outfile)
|
|
- fclose(outfile);
|
|
+
|
|
+ if (change) return change_ctr;
|
|
|
|
return errors;
|
|
}
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-1.30.28/restorecond/restorecond.init
|
|
--- nsapolicycoreutils/restorecond/restorecond.init 2006-08-28 16:58:19.000000000 -0400
|
|
+++ policycoreutils-1.30.28/restorecond/restorecond.init 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -3,9 +3,9 @@
|
|
# restorecond: Daemo used to maintain path file context
|
|
#
|
|
# chkconfig: 2345 10 90
|
|
-# description: restorecond uses inotify to look for creation of new files listed in the
|
|
-# /etc/selinux/POLICYTYPE/restorefiles.conf file, and sets the correct security
|
|
-# context.
|
|
+# description: restorecond uses inotify to look for creation of new files \
|
|
+# listed in the /etc/selinux/restorecond.conf file, and restores the \
|
|
+# correct security context.
|
|
#
|
|
|
|
# Source function library.
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.30.28/scripts/chcat
|
|
--- nsapolicycoreutils/scripts/chcat 2006-08-28 16:58:19.000000000 -0400
|
|
+++ policycoreutils-1.30.28/scripts/chcat 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -1,4 +1,4 @@
|
|
-#! /usr/bin/env python
|
|
+#! /usr/bin/python -E
|
|
# Copyright (C) 2005 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.30.28/scripts/fixfiles
|
|
--- nsapolicycoreutils/scripts/fixfiles 2006-09-01 22:32:11.000000000 -0400
|
|
+++ policycoreutils-1.30.28/scripts/fixfiles 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -117,8 +117,8 @@
|
|
exit $?
|
|
fi
|
|
if [ ! -z "$RPMFILES" ]; then
|
|
- for i in `echo $RPMFILES | sed 's/,/ /g'`; do
|
|
- rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* -f - 2>&1 >> $LOGFILE
|
|
+ for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
|
+ rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -i $* -f - 2>> $LOGFILE
|
|
done
|
|
exit $?
|
|
fi
|
|
@@ -126,10 +126,10 @@
|
|
if [ -x /usr/bin/find ]; then
|
|
for d in ${DIRS} ; do find $d \
|
|
! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
|
|
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
|
|
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>> $LOGFILE
|
|
done
|
|
else
|
|
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>&1 >> $LOGFILE
|
|
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>> $LOGFILE
|
|
fi
|
|
|
|
exit $?
|
|
@@ -190,7 +190,7 @@
|
|
RPMFILES=$OPTARG
|
|
;;
|
|
o)
|
|
- OUTFILES=$OPTARG
|
|
+ OUTFILES="-o"
|
|
;;
|
|
l)
|
|
LOGFILE=$OPTARG
|
|
@@ -219,7 +219,7 @@
|
|
# check if they specified both DIRS and RPMFILES
|
|
#
|
|
|
|
-if [ ! -z $RPMFILES ]; then
|
|
+if [ ! -z "$RPMFILES" ]; then
|
|
if [ $OPTIND -le $# ]; then
|
|
usage
|
|
fi
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.30.28/scripts/genhomedircon
|
|
--- nsapolicycoreutils/scripts/genhomedircon 2006-08-28 16:58:19.000000000 -0400
|
|
+++ policycoreutils-1.30.28/scripts/genhomedircon 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -1,4 +1,4 @@
|
|
-#! /usr/bin/python
|
|
+#! /usr/bin/python -E
|
|
# Copyright (C) 2004 Tresys Technology, LLC
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/secon/Makefile policycoreutils-1.30.28/secon/Makefile
|
|
--- nsapolicycoreutils/secon/Makefile 2006-08-28 16:58:20.000000000 -0400
|
|
+++ policycoreutils-1.30.28/secon/Makefile 2006-09-08 09:16:28.000000000 -0400
|
|
@@ -20,8 +20,8 @@
|
|
install: all
|
|
install -m 755 secon $(BINDIR);
|
|
|
|
-# test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
|
|
-# install -m 644 ../man/secon.1 $(MANDIR)/man1
|
|
+ test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
|
|
+ install -m 644 secon.1 $(MANDIR)/man1
|
|
|
|
relabel:
|
|
/sbin/restorecon $(BINDIR)/secon
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.28/semanage/semanage
|
|
--- nsapolicycoreutils/semanage/semanage 2006-08-28 16:58:18.000000000 -0400
|
|
+++ policycoreutils-1.30.28/semanage/semanage 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -1,4 +1,4 @@
|
|
-#! /usr/bin/env python
|
|
+#! /usr/bin/python -E
|
|
# Copyright (C) 2005 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.28/semanage/seobject.py
|
|
--- nsapolicycoreutils/semanage/seobject.py 2006-08-28 16:58:18.000000000 -0400
|
|
+++ policycoreutils-1.30.28/semanage/seobject.py 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -1,4 +1,4 @@
|
|
-#! /usr/bin/env python
|
|
+#! /usr/bin/python -E
|
|
# Copyright (C) 2005 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-1.30.28/setfiles/setfiles.8
|
|
--- nsapolicycoreutils/setfiles/setfiles.8 2006-08-28 16:58:22.000000000 -0400
|
|
+++ policycoreutils-1.30.28/setfiles/setfiles.8 2006-09-08 09:12:12.000000000 -0400
|
|
@@ -4,7 +4,7 @@
|
|
|
|
.SH "SYNOPSIS"
|
|
.B setfiles
|
|
-.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
|
|
+.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
|
|
.SH "DESCRIPTION"
|
|
This manual page describes the
|
|
.BR setfiles
|
|
@@ -44,8 +44,8 @@
|
|
.B \-F
|
|
Force reset of context to match file_context for customizable files
|
|
.TP
|
|
-.B \-o filename
|
|
-save list of files with incorrect context in filename.
|
|
+.B \-o
|
|
+Print list of files with incorrect context.
|
|
.TP
|
|
.B \-s
|
|
take a list of files from standard input instead of using a pathname on the
|
|
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.30.28/setfiles/setfiles.c
|
|
--- nsapolicycoreutils/setfiles/setfiles.c 2006-08-28 16:58:22.000000000 -0400
|
|
+++ policycoreutils-1.30.28/setfiles/setfiles.c 2006-09-08 09:12:51.000000000 -0400
|
|
@@ -12,7 +12,7 @@
|
|
* the user. The program does not cross file system boundaries.
|
|
*
|
|
* USAGE:
|
|
- * setfiles [-dnpqsvW] [-e directory ] [-c policy] [-o filename ] spec_file pathname...
|
|
+ * setfiles [-odnpqsvW] [-e directory ] [-c policy] spec_file pathname...
|
|
*
|
|
* -e Specify directory to exclude
|
|
* -F Force reset of context to match file_context for customizable files
|
|
@@ -26,7 +26,7 @@
|
|
* -s Use stdin for a list of files instead of searching a partition.
|
|
* -v Show changes in file labels.
|
|
* -W Warn about entries that have no matching file.
|
|
- * -o filename write out file names with wrong context.
|
|
+ * -o print out file names with wrong context.
|
|
*
|
|
* spec_file The specification file.
|
|
* pathname... The file systems to label (omit if using -s).
|
|
@@ -85,7 +85,7 @@
|
|
#endif
|
|
|
|
static int add_assoc = 1;
|
|
-static FILE *outfile = NULL;
|
|
+static int outfile = 0;
|
|
static int force = 0;
|
|
#define STAT_BLOCK_SIZE 1
|
|
static int pipe_fds[2] = { -1, -1 };
|
|
@@ -321,7 +321,7 @@
|
|
}
|
|
|
|
if (debug) {
|
|
- printf("%s: %s matched by %s\n", progname, my_file, newcon);
|
|
+ fprintf(stderr, "%s: %s matched by %s\n", progname, my_file, newcon);
|
|
}
|
|
|
|
/* Get the current context of the file. */
|
|
@@ -366,10 +366,10 @@
|
|
* same. For "-vv", emit everything. */
|
|
if (verbose > 1 || !user_only_changed) {
|
|
if (context)
|
|
- printf("%s: relabeling %s from %s to %s\n",
|
|
+ fprintf(stderr,"%s: relabeling %s from %s to %s\n",
|
|
progname, my_file, context, newcon);
|
|
else
|
|
- printf("%s: labeling %s to %s\n", progname,
|
|
+ fprintf(stderr, "%s: labeling %s to %s\n", progname,
|
|
my_file, newcon);
|
|
}
|
|
}
|
|
@@ -384,7 +384,7 @@
|
|
}
|
|
|
|
if (outfile && !user_only_changed)
|
|
- fprintf(outfile, "%s\n", my_file);
|
|
+ fprintf(stdout, "%s\n", my_file);
|
|
|
|
if (context)
|
|
freecon(context);
|
|
@@ -516,7 +516,7 @@
|
|
set_matchpathcon_flags(MATCHPATHCON_VALIDATE | MATCHPATHCON_NOTRANS);
|
|
|
|
/* Process any options. */
|
|
- while ((opt = getopt(argc, argv, "Fc:dlnpqrsvWe:o:")) > 0) {
|
|
+ while ((opt = getopt(argc, argv, "Fc:dlnpqrsvWe:o")) > 0) {
|
|
switch (opt) {
|
|
case 'c':
|
|
{
|
|
@@ -570,14 +570,7 @@
|
|
change = 0;
|
|
break;
|
|
case 'o':
|
|
- outfile = fopen(optarg, "w");
|
|
- if (!outfile) {
|
|
- fprintf(stderr, "Error opening %s: %s\n",
|
|
- optarg, strerror(errno));
|
|
-
|
|
- usage(argv[0]);
|
|
- }
|
|
- __fsetlocking(outfile, FSETLOCKING_BYCALLER);
|
|
+ outfile = 1;
|
|
break;
|
|
case 'q':
|
|
quiet = 1;
|
|
@@ -750,9 +743,6 @@
|
|
if (warn_no_match)
|
|
matchpathcon_checkmatches(argv[0]);
|
|
|
|
- if (outfile)
|
|
- fclose(outfile);
|
|
-
|
|
for (i = 0; i < excludeCtr; i++) {
|
|
free(excludeArray[i].directory);
|
|
}
|