rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity
deeee024b1
policycoreutils/policycoreutils-rhat.patch
Daniel J Walsh d0a35325c9 * Fri Oct 9 2006 Dan Walsh <dwalsh@redhat.com> 1.32-1 
- Add newrole audit patch from sgrubb
- Update to upstream
	* Merged audit2allow -l fix from Yuichi Nakamura.
	* Merged restorecon -i and -o - support from Karl MacMillan.
	* Merged semanage/seobject fix from Dan Walsh.
	* Merged fixfiles -R and verify changes from Dan Walsh.
2006-10-20 13:08:28 +00:00

73 lines
3.3 KiB
Diff
Raw Blame History

diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.32/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2006-09-29 11:50:09.000000000 -0400
+++ policycoreutils-1.32/newrole/newrole.c 2006-10-20 09:04:57.000000000 -0400
@@ -680,6 +680,7 @@
{
fprintf(stderr, _("newrole: incorrect password for %s\n"),
pw->pw_name);
+ send_audit_message(0, old_context, new_context, ttyn);
return (-1);
}
/* If we reach here, then we have authenticated the user. */
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-1.32/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2006-08-28 16:58:19.000000000 -0400
+++ policycoreutils-1.32/restorecond/Makefile 2006-10-17 12:59:55.000000000 -0400
@@ -5,8 +5,9 @@
INITDIR = $(DESTDIR)/etc/rc.d/init.d
SELINUXDIR = $(DESTDIR)/etc/selinux
-CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+LDFLAGS ?= -pie
+CFLAGS ?= -g -Werror -Wall -W
+override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64 -fPIE
LDLIBS += -lselinux -lsepol -L$(PREFIX)/lib
all: restorecond
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.32/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2006-09-14 08:07:24.000000000 -0400
+++ policycoreutils-1.32/semanage/semanage.8 2006-10-19 07:55:00.000000000 -0400
@@ -7,7 +7,7 @@
.br
.B semanage login \-{a|d|m} [\-sr] login_name
.br
-.B semanage user \-{a|d|m} [\-LrR] selinux_name
+.B semanage user \-{a|d|m} [\-LrRP] selinux_name
.br
.B semanage port \-{a|d|m} [\-tr] [\-p protocol] port | port_range
.br
@@ -71,6 +71,9 @@
.I \-R, \-\-role
SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify \-R multiple times.
.TP
+.I \-P, \-\-prefix
+SELinux Prefix. Prefix added to home_dir_t and home_t for labeling users home directories.
+.TP
.I \-s, \-\-seuser
SELinux user name
.TP
diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.32/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2006-10-17 12:04:55.000000000 -0400
+++ policycoreutils-1.32/semanage/seobject.py 2006-10-17 12:59:55.000000000 -0400
@@ -456,7 +456,8 @@
rc = semanage_user_set_mlslevel(self.sh, u, selevel)
if rc < 0:
raise ValueError(_("Could not set MLS level for %s") % name)
-
+ if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0:
+ raise ValueError(_("Invalid prefix %s") % prefix)
rc = semanage_user_set_prefix(self.sh, u, prefix)
if rc < 0:
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@@ -522,7 +523,9 @@
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
if prefix != "":
- semanage_user_set_prefix(self.sh, u, prefix)
+ if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
+ raise ValueError(_("Invalid prefix %s") % prefix)
+ semanage_user_set_prefix(self.sh, u, prefix)
if len(roles) != 0:
for r in roles:
Reference in New Issue View Git Blame Copy Permalink