diff --git a/setools-cmdline.patch b/setools-cmdline.patch new file mode 100644 index 0000000..a55e214 --- /dev/null +++ b/setools-cmdline.patch @@ -0,0 +1,59 @@ +diff -up setools-3.3.7/man/replcon.1.cmdline setools-3.3.7/man/replcon.1 +--- setools-3.3.7/man/replcon.1.cmdline 2007-08-02 17:16:33.000000000 -0400 ++++ setools-3.3.7/man/replcon.1 2010-11-17 16:31:01.000000000 -0500 +@@ -44,6 +44,8 @@ Search for files which include PATH. + .IP "-c CLASS, --class=CLASS" + Search only files of object class CLASS. + .SH OPTIONS ++.IP "-R, --regex" ++Enable regular expressions + .IP "-v, --verbose" + Display context info during replacement. + .IP "-h, --help" +diff -up setools-3.3.7/man/seinfo.1.cmdline setools-3.3.7/man/seinfo.1 +--- setools-3.3.7/man/seinfo.1.cmdline 2010-05-03 12:39:02.000000000 -0400 ++++ setools-3.3.7/man/seinfo.1 2010-11-17 16:23:36.000000000 -0500 +@@ -76,6 +76,10 @@ There is no expanded information for thi + .IP "--nodecon[=ADDR]" + Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR. + There is no expanded information for this component. ++.IP "--polcap" ++Print policy capabilities. ++.IP "--permissive" ++Print permissive types. + .IP "--portcon[=PORT]" + Print a list of port contexts or, if PORT is provided, print the statement for port PORT. + There is no expanded information for this component. +@@ -93,7 +97,7 @@ These details include the types assigned + This option is not available for all component types; see the description of each component for the details this option will provide. + .IP "--stats" + Print policy statistics including policy type and version information and counts of all components and rules. +-.IP "-l" ++.IP "-l, --line-breaks" + Print line breaks when displaying constraint statements. + .IP "-h, --help" + Print help information and exit. +diff -up setools-3.3.7/seaudit/seaudit-report.c.cmdline setools-3.3.7/seaudit/seaudit-report.c +--- setools-3.3.7/seaudit/seaudit-report.c.cmdline 2010-11-17 16:09:48.000000000 -0500 ++++ setools-3.3.7/seaudit/seaudit-report.c 2010-11-17 16:11:06.000000000 -0500 +@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(co + printf(" -s, --stdin read log data from standard input\n"); + printf(" -m, --malformed include malformed log messages\n"); + printf(" -o FILE, --output=FILE output to FILE\n"); +- printf(" --config=FILE read configuration from FILE\n"); ++ printf(" -c FILE, --config=FILE read configuration from FILE\n"); + printf(" --html set output format to HTML\n"); + printf(" --stylesheet=FILE HTML style sheet for formatting HTML report\n"); + printf(" (ignored if --html is not given)\n"); +diff -up setools-3.3.7/sediff/sediff.c.cmdline setools-3.3.7/sediff/sediff.c +--- setools-3.3.7/sediff/sediff.c.cmdline 2007-08-02 17:16:33.000000000 -0400 ++++ setools-3.3.7/sediff/sediff.c 2010-11-17 16:20:01.000000000 -0500 +@@ -420,7 +420,7 @@ int main(int argc, char **argv) + poldiff_t *diff = NULL; + size_t total = 0; + +- while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) { ++ while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) { + switch (optc) { + case 0: + break; diff --git a/setools-exitstatus.patch b/setools-exitstatus.patch new file mode 100644 index 0000000..3500aca --- /dev/null +++ b/setools-exitstatus.patch @@ -0,0 +1,119 @@ +diff -up setools-3.3.7/secmds/seinfo.c.exitstatus setools-3.3.7/secmds/seinfo.c +--- setools-3.3.7/secmds/seinfo.c.exitstatus 2010-05-03 12:39:02.000000000 -0400 ++++ setools-3.3.7/secmds/seinfo.c 2010-11-05 09:54:39.000000000 -0400 +@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const c + */ + static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb) + { +- int retval = 0; ++ int retval = -1; + apol_cat_query_t *query = NULL; + apol_vector_t *v = NULL; + const qpol_cat_t *cat_datum = NULL; +@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const + fprintf(fp, " %s\n", tmp); + free(tmp); + } +- if (type && !apol_vector_get_size(v)) ++ if (type && !apol_vector_get_size(v)) { + ERR(policydb, "No fs_use statement for filesystem of type %s.", type); +- ++ goto cleanup; ++ } + retval = 0; + cleanup: + apol_fs_use_query_destroy(&query); +@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, con + ERR(policydb, "%s", strerror(ENOMEM)); + goto cleanup; + } +- + if (apol_genfscon_query_set_filesystem(policydb, query, type)) + goto cleanup; + if (apol_genfscon_get_by_query(policydb, query, &v)) +@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, con + free(tmp); + } + +- if (type && !apol_vector_get_size(v)) ++ if (type && !apol_vector_get_size(v)) { + ERR(policydb, "No genfscon statement for filesystem of type %s.", type); ++ goto cleanup; ++ } + + retval = 0; + cleanup: +@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators + + int main(int argc, char **argv) + { ++ int rc = 0; + int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif, + node, port, permissives, polcaps, constrain, linebreaks; + apol_policy_t *policydb = NULL; +@@ -1851,46 +1854,46 @@ int main(int argc, char **argv) + + /* display requested info */ + if (stats || all) +- print_stats(stdout, policydb); ++ rc = print_stats(stdout, policydb); + if (classes || all) +- print_classes(stdout, class_name, expand, policydb); ++ rc = print_classes(stdout, class_name, expand, policydb); + if (types || all) +- print_types(stdout, type_name, expand, policydb); ++ rc = print_types(stdout, type_name, expand, policydb); + if (attribs || all) +- print_attribs(stdout, attrib_name, expand, policydb); ++ rc = print_attribs(stdout, attrib_name, expand, policydb); + if (roles || all) +- print_roles(stdout, role_name, expand, policydb); ++ rc = print_roles(stdout, role_name, expand, policydb); + if (users || all) +- print_users(stdout, user_name, expand, policydb); ++ rc = print_users(stdout, user_name, expand, policydb); + if (bools || all) +- print_booleans(stdout, bool_name, expand, policydb); ++ rc = print_booleans(stdout, bool_name, expand, policydb); + if (sens || all) +- print_sens(stdout, sens_name, expand, policydb); ++ rc = print_sens(stdout, sens_name, expand, policydb); + if (cats || all) +- print_cats(stdout, cat_name, expand, policydb); ++ rc = print_cats(stdout, cat_name, expand, policydb); + if (fsuse || all) +- print_fsuse(stdout, fsuse_type, policydb); ++ rc = print_fsuse(stdout, fsuse_type, policydb); + if (genfs || all) +- print_genfscon(stdout, genfs_type, policydb); ++ rc = print_genfscon(stdout, genfs_type, policydb); + if (netif || all) +- print_netifcon(stdout, netif_name, policydb); ++ rc = print_netifcon(stdout, netif_name, policydb); + if (node || all) +- print_nodecon(stdout, node_addr, policydb); ++ rc = print_nodecon(stdout, node_addr, policydb); + if (port || all) +- print_portcon(stdout, port_num, protocol, policydb); ++ rc = print_portcon(stdout, port_num, protocol, policydb); + if (isids || all) +- print_isids(stdout, isid_name, expand, policydb); ++ rc = print_isids(stdout, isid_name, expand, policydb); + if (permissives || all) +- print_permissives(stdout, permissive_name, expand, policydb); ++ rc = print_permissives(stdout, permissive_name, expand, policydb); + if (polcaps || all) +- print_polcaps(stdout, polcap_name, expand, policydb); ++ rc = print_polcaps(stdout, polcap_name, expand, policydb); + if (constrain || all) +- print_constraints(stdout, expand, policydb, linebreaks); ++ rc = print_constraints(stdout, expand, policydb, linebreaks); + + apol_policy_destroy(&policydb); + apol_policy_path_destroy(&pol_path); + free(policy_file); +- exit(0); ++ exit(rc); + } + + /** diff --git a/setools.spec b/setools.spec index 7a74be8..b216df7 100644 --- a/setools.spec +++ b/setools.spec @@ -17,6 +17,7 @@ Source4: sediffx.desktop Patch1: setools-python.patch Patch2: setools-exitstatus.patch Patch3: setools-neverallow.patch +Patch4: setools-cmdline.patch Summary: Policy analysis tools for SELinux Group: System Environment/Base Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release} setools-gui = %{version}-%{release} setools-console = %{version}-%{release} @@ -191,6 +192,7 @@ This package includes the following graphical tools: %patch1 -p 1 -b .python %patch2 -p 1 -b .exitstatus %patch3 -p 1 -b .neverallow +%patch4 -p 1 -b .cmdline # Fixup expected version of SWIG: sed -i -e "s|AC_PROG_SWIG(1.3.28)|AC_PROG_SWIG(2.0.0)|g" configure.ac