policycoreutils/policycoreutils-rhat.patch
cvsdist 984cf332e1 auto-import changelog data from policycoreutils-1.15.1-1.src.rpm
* Thu Jul 08 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
- Latest from NSA
- Fix fixfiles.cron to delete outfile
2004-09-09 10:35:54 +00:00

177 lines
4.7 KiB
Diff

--- policycoreutils-1.15.1/setfiles/setfiles.c.rhat 2004-07-08 09:27:46.000000000 -0400
+++ policycoreutils-1.15.1/setfiles/setfiles.c 2004-07-08 09:29:31.946970574 -0400
@@ -654,7 +654,8 @@
freecon(context);
- if (outfile)
+ if (outfile &&
+ !only_changed_user(context, spec_arr[i].context))
fprintf(outfile, "%s\n", my_file);
/*
--- policycoreutils-1.15.1/scripts/Makefile.rhat 2004-07-08 09:27:46.000000000 -0400
+++ policycoreutils-1.15.1/scripts/Makefile 2004-07-08 09:29:31.947970458 -0400
@@ -12,6 +12,7 @@
-mkdir -p $(BINDIR)
install -m 755 $(TARGETS) $(BINDIR)
install -m 755 fixfiles $(DESTDIR)/sbin
+ install -D -m 755 fixfiles.cron $(DESTDIR)/etc/cron.daily/fixfiles.cron
-mkdir -p $(MANDIR)/man8
install -m 644 fixfiles.8.gz $(MANDIR)/man8/
--- /dev/null 2004-06-21 15:29:38.000000000 -0400
+++ policycoreutils-1.15.1/scripts/fixfiles.cron 2004-07-08 09:30:32.796920099 -0400
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+CRONTYPE="check"
+INVALIDFILE=/var/tmp/badcontext
+CRONMAILTO="root"
+
+if [ ! -e /etc/selinux/config ]; then
+ exit 1
+fi
+
+. /etc/selinux/config
+
+/usr/bin/selinuxenabled
+if [ $? -eq 0 ]; then
+ renice +19 -p $$ >/dev/null 2>&1
+ OUTFILE=`mktemp ${INVALIDFILE}.XXXXXXXXXX` || exit 1
+ /sbin/fixfiles -l /dev/null -o $OUTFILE $CRONTYPE
+ if [ -s $OUTFILE ]; then
+ mail ${MAILTO} -s "Invalid File Contexts" < $OUTFILE
+ fi
+ rm -f $OUTFILE
+fi
--- policycoreutils-1.15.1/scripts/fixfiles.rhat 2004-07-08 09:27:46.000000000 -0400
+++ policycoreutils-1.15.1/scripts/fixfiles 2004-07-08 09:29:31.949970225 -0400
@@ -19,25 +19,37 @@
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Set global Variables
+#
+checkFlag=0
+restoreFlag=0
+relabelFlag=0
+fullFlag=0
+rpmFlag=0
+rpmFiles=""
+outfileFlag=0
+OUTFILES=""
+logfileFlag=0
+SETFILES=/usr/sbin/setfiles
+FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`
SELINUXTYPE="targeted"
+
if [ -e /etc/selinux/config ]; then
. /etc/selinux/config
FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
else
FC=/etc/security/selinux/file_contexts
fi
-LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1
-SETFILES=/usr/sbin/setfiles
-FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`
checkLabels () {
echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
- rpm -q -l $i | restorecon -n -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -n -v -f - 2>&1 | tee $LOGFILE
done
else
- ${SETFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi
}
@@ -45,10 +57,10 @@
echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
- rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
done
else
- ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi
}
@@ -58,10 +70,10 @@
rm -rf /tmp/.??* /tmp/*
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
- rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
done
else
- ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi
}
relabelCheck() {
@@ -81,16 +93,9 @@
}
usage() {
- echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] |check|restore|[-F] relabel}"
+ echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] |check|restore|[-F] relabel}"
}
-checkFlag=0
-restoreFlag=0
-relabelFlag=0
-fullFlag=0
-rpmFlag=0
-rpmFiles=""
-
# See how we were called.
for i in $@; do
if [ $rpmFlag = 2 ]; then
@@ -98,6 +103,16 @@
rpmFlag=1
continue
fi
+if [ $outfileFlag = 2 ]; then
+ OUTFILES="-o $i"
+ outfileFlag=1
+ continue
+fi
+if [ $logfileFlag = 2 ]; then
+ LOGFILE="$i"
+ logfileFlag=1
+ continue
+fi
case "$i" in
check)
checkFlag=1
@@ -114,6 +129,12 @@
-R)
rpmFlag=2
;;
+ -o)
+ outfileFlag=2
+ ;;
+ -l)
+ logfileFlag=2
+ ;;
*)
usage
exit 1
@@ -129,6 +150,9 @@
if [ $restoreFlag = 1 ]; then
restoreLabels $rpmFiles
fi
+if [ $logfileFlag = 0 ]; then
+ LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1
+fi
if [ $relabelFlag = 1 ]; then
if [ $fullFlag = 1 ]; then
relabelLabels $rpmFiles