rpms/policycoreutils/FC-5 .cvsignore, 1.104, 1.105 policycoreutils-rhat.patch, 1.170, 1.171 policycoreutils.spec, 1.243, 1.244 sources, 1.108, 1.109

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Apr 5 13:18:34 UTC 2006


Author: dwalsh

Update of /cvs/dist/rpms/policycoreutils/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv29373

Modified Files:
	.cvsignore policycoreutils-rhat.patch policycoreutils.spec 
	sources 
Log Message:
* Wed Apr 5 2006 Dan Walsh <dwalsh at redhat.com> 1.30.4-2.fc5
- Bump to build in FC5



Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/FC-5/.cvsignore,v
retrieving revision 1.104
retrieving revision 1.105
diff -u -r1.104 -r1.105
--- .cvsignore	22 Mar 2006 16:44:10 -0000	1.104
+++ .cvsignore	5 Apr 2006 13:18:30 -0000	1.105
@@ -93,3 +93,4 @@
 policycoreutils-1.29.23.tgz
 policycoreutils-1.29.26.tgz
 policycoreutils-1.30.1.tgz
+policycoreutils-1.30.4.tgz

policycoreutils-rhat.patch:
 audit2allow/audit2allow      |    2 +-
 audit2allow/audit2allow.1    |    5 +++++
 restorecond/restorecond.conf |    1 +
 semanage/semanage            |    2 ++
 4 files changed, 9 insertions(+), 1 deletion(-)

Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/FC-5/policycoreutils-rhat.patch,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- policycoreutils-rhat.patch	29 Mar 2006 20:40:59 -0000	1.170
+++ policycoreutils-rhat.patch	5 Apr 2006 13:18:30 -0000	1.171
@@ -1,1070 +1,47 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.1/audit2allow/audit2allow
---- nsapolicycoreutils/audit2allow/audit2allow	2006-03-10 09:48:04.000000000 -0500
-+++ policycoreutils-1.30.1/audit2allow/audit2allow	2006-03-29 10:08:58.000000000 -0500
-@@ -27,15 +27,14 @@
- import commands, sys, os, pwd, string, getopt, re, selinux
- 
- obj="(\{[^\}]*\}|[^ \t:]*)"
--allow_regexp="allow[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj)
--
-+allow_regexp="(allow|dontaudit)[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj)
- awk_script='/^[[:blank:]]*interface[[:blank:]]*\(/ {\n\
-         IFACEFILE=FILENAME\n\
- 	IFACENAME = gensub("^[[:blank:]]*interface[[:blank:]]*\\\\(\`?","","g",$0);\n\
- 	IFACENAME = gensub("\'?,.*$","","g",IFACENAME);\n\
- }\n\
- \n\
--/^[[:blank:]]*allow[[:blank:]]+.*;[[:blank:]]*$/ {\n\
-+/^[[:blank:]]*(allow|dontaudit)[[:blank:]]+.*;[[:blank:]]*$/ {\n\
- \n\
-   if ((length(IFACENAME) > 0) && (IFACEFILE == FILENAME)){\n\
- 		ALLOW = gensub("^[[:blank:]]*","","g",$0)\n\
-@@ -84,14 +83,13 @@
-                 m=re.match(regexp,r)
-                 if m==None:
-                     continue
--                else:
--                    val=m.groups()
-+                val=m.groups()
-                 file=os.path.basename(val[0]).split(".")[0]
-                 iface=val[1]
--                Scon=val[2].split()
--                Tcon=val[3].split()
--                Class=val[4].split()
--                Access=trans.get(val[5].split())
-+                Scon=val[3].split()
-+                Tcon=val[4].split()
-+                Class=val[5].split()
-+                Access=trans.get(val[6].split())
-                 for s in Scon:
-                     for t in Tcon:
-                         for c in Class:
-@@ -217,12 +215,15 @@
- class seruleRecords:
- 	def __init__(self, input, last_reload=0, verbose=0, te_ind=0):
- 		self.last_reload=last_reload
--		self.seRules={}
-+                self.initialize()
-+		self.load(input, te_ind)
-+		self.gen_ref_policy = False
-+
-+        def initialize(self):
-+       		self.seRules={}
- 		self.seclasses={}
- 		self.types=[]
- 		self.roles=[]
--		self.load(input, te_ind)
--		self.gen_ref_policy = False
- 
- 	def gen_reference_policy(self):
- 		self.gen_ref_policy = True
-@@ -330,7 +331,7 @@
- 			return
- 		
- 		if "load_policy" in avc and self.last_reload:
--			self.seRules={}
-+                        self.initialize()
- 
- 		if "granted" in avc:
- 			return
-@@ -395,6 +396,9 @@
- 				self.types.append(type)
- 
- 	def gen_module(self, module):
-+            if self.gen_ref_policy:
-+		return "policy_module(%s, 1.0);" % module
-+            else:
- 		return "module %s 1.0;" % module
- 
- 	def gen_requires(self):
-@@ -403,11 +407,11 @@
- 		keys=self.seclasses.keys()
- 		keys.sort()
- 		rec="\n\nrequire {\n"
--		if len(self.roles) > 0:
--			for i in self.roles:
--				rec += "\trole %s; \n" % i
--			rec += "\n" 
--
-+#		if len(self.roles) > 0:
-+#			for i in self.roles:
-+#				rec += "\trole %s; \n" % i
-+#			rec += "\n" 
-+#
- 		for i in keys:
- 			access=self.seclasses[i]
- 			if len(access) > 1:
-@@ -423,7 +427,7 @@
- 			
- 		for i in self.types:
- 			rec += "\ttype %s; \n" % i
--		rec += " };\n\n\n"
-+		rec += "};\n\n"
- 		return rec
- 	
- 	def out(self, require=0, module=""):
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.30.1/Makefile
---- nsapolicycoreutils/Makefile	2005-11-29 10:55:01.000000000 -0500
-+++ policycoreutils-1.30.1/Makefile	2006-03-28 23:03:06.000000000 -0500
-@@ -1,4 +1,4 @@
--SUBDIRS=setfiles semanage load_policy newrole run_init restorecon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand setsebool po
-+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand setsebool po
- 
- all install relabel clean: 
- 	@for subdir in $(SUBDIRS); do \
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-1.30.1/restorecond/Makefile
---- nsapolicycoreutils/restorecond/Makefile	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.30.1/restorecond/Makefile	2006-03-28 23:03:06.000000000 -0500
-@@ -0,0 +1,29 @@
-+# Installation directories.
-+PREFIX ?= ${DESTDIR}/usr
-+SBINDIR ?= $(PREFIX)/sbin
-+MANDIR = $(PREFIX)/share/man
-+INITDIR = $(DESTDIR)/etc/rc.d/init.d
-+SELINUXDIR = $(DESTDIR)/etc/selinux
-+
-+CFLAGS ?= -g -Werror -Wall -W
-+override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-+LDLIBS += -lselinux -L$(PREFIX)/lib
-+
-+all: restorecond
-+
-+restorecond:  restorecond.o utmpwatcher.o stringslist.o
-+	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
-+
-+install: all
-+	[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
-+	-mkdir -p $(SBINDIR)
-+	install -m 755 restorecond $(SBINDIR)
-+	install -m 644 restorecond.8 $(MANDIR)/man8
-+	-mkdir -p $(INITDIR)
-+	install -m 644 restorecond.init $(INITDIR)/restorecond
-+	-mkdir -p $(SELINUXDIR)
-+	install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf
-+
-+clean:
-+	-rm -f restorecond *.o *~
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-1.30.1/restorecond/restorecond.8
---- nsapolicycoreutils/restorecond/restorecond.8	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.30.1/restorecond/restorecond.8	2006-03-28 23:03:06.000000000 -0500
-@@ -0,0 +1,31 @@
-+.TH "restorecond" "8" "2002031409" "" ""
-+.SH "NAME"
-+restorecond \- daemon that watches for file creation and then corrects file context
-+
-+.SH "SYNOPSIS"
-+.B restorecond  [\-d]
-+.P
-+
-+.SH "DESCRIPTION"
-+This manual page describes the
-+.BR restorecond
-+program.
-+.P
-+This daemon uses inotify to watch files listed in the /etc/selinux/POLICYTYPE/restorconfiles.conf, when they are created, this daemon will make sure they have 
-+the correct file context associated with the policy.
-+
-+.SH "OPTIONS"
-+.TP 
-+.B \-d
-+Turns on debugging mode.   Application will stay in the foreground and lots of
-+debugs messages start printing.
-+
-+.SH "AUTHOR"
-+This man page was written by Dan Walsh <dwalsh at redhat.com>.
-+The program was written by Dan Walsh <dwalsh at redhat.com>.
-+
-+.SH "FILES"
-+/etc/selinux/POLICYTYPE/restorconfiles.conf
-+
-+.SH "SEE ALSO"
-+.BR restorecon (8),
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-1.30.1/restorecond/restorecond.c
---- nsapolicycoreutils/restorecond/restorecond.c	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.30.1/restorecond/restorecond.c	2006-03-28 23:03:06.000000000 -0500
-@@ -0,0 +1,451 @@
-+/*
-+ * restorecond
-+ *
-+ * Copyright (C) 2006 Red Hat 
-+ * see file 'COPYING' for use and warranty information
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public License as
-+ * published by the Free Software Foundation; either version 2 of
-+ * the License, or (at your option) any later version.
-+ * 
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ * GNU General Public License for more details.
-+.* 
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA     
-+ * 02111-1307  USA
-+ *
-+ * Authors:  
-+ *   Dan Walsh <dwalsh at redhat.com>
-+ *
-+*/
-+
-+/* 
-+ * PURPOSE:
-+ * This daemon program watches for the creation of files listed in a config file
-+ * and makes sure that there security context matches the systems defaults
-+ *
-+ * USAGE:
-+ * restorecond [-d]
-+ * 
-+ * -d   Run in debug mode
-+ *
-+ * EXAMPLE USAGE:
-+ * restorecond
-+ *
-+ */
-+
-+#define _GNU_SOURCE
-+#include <sys/inotify.h>
-+#include <errno.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <signal.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <ctype.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <syslog.h>
-+#include <limits.h>
-+#include <fcntl.h>
-+
-+#include "restorecond.h"
-+#include "stringslist.h"
-+#include "utmpwatcher.h"
-+
-+extern char *dirname(char *path);
-+static int master_fd=-1;
-+static int master_wd=-1;
-+static int terminate=0;
-+
-+#include <selinux/selinux.h>
-+#include <utmp.h>
-+
-+/* size of the event structure, not counting name */
-+#define EVENT_SIZE  (sizeof (struct inotify_event))
-+/* reasonable guess as to size of 1024 events */
-+#define BUF_LEN        (1024 * (EVENT_SIZE + 16))
-+
-+static int debug_mode=0;
-+
-+static void restore(const char *filename);
-+
-+struct watchList {
-+	struct watchList *next;
-+	int  wd;
-+	char *dir;
-+	struct stringsList *files;
-+};
-+struct watchList *firstDir=NULL;
-+
-+/* Compare two contexts to see if their differences are "significant",
-+ * or whether the only difference is in the user. */
-+static int only_changed_user(const char *a, const char *b)
-+{
-+	char *rest_a, *rest_b; /* Rest of the context after the user */
-+	if (!a || !b) return 0;
-+	rest_a = strchr(a, ':');
-+	rest_b = strchr(b, ':');
-+	if (!rest_a || !rest_b) return 0;
-+	return  (strcmp(rest_a, rest_b) == 0);
-+}
-+
-+/* 
-+   A file was in a direcroty has been created. This function checks to 
-+   see if it is one that we are watching.
-+*/
-+
-+static int watch_list_find(int wd, const char *file) {
-+	struct watchList *ptr=NULL;
-+	ptr=firstDir;
-+
-+	if (debug_mode)
-+		printf("%d: File=%s\n", wd,  file);
-+	while (ptr != NULL) {
-+		if (ptr->wd == wd) {
-+			if (strings_list_find(ptr->files, file) == 0) {
-+				char *path=NULL;
-+				if (asprintf(&path, "%s/%s",ptr->dir, file) < 0)
-+					exitApp("Error allocating memory.");
-+				restore (path);
-+				free(path);
-+				return 0;
-+			} 
-+			if (debug_mode) 
-+				strings_list_print(ptr->files);
-+
-+			/* Not found in this directory */
-+			return -1;
-+		}
-+		ptr=ptr->next;
-+	}
-+	/* Did not find a directory */
-+	return -1;
-+}
-+
-+static void watch_list_free(int fd) {
-+	struct watchList *ptr=NULL;
-+	struct watchList *prev=NULL;
-+	ptr=firstDir;
-+
-+	while (ptr!=NULL) {
-+		inotify_rm_watch(fd, ptr->wd);
-+		strings_list_free(ptr->files);
-+		free(ptr->dir);
-+		prev=ptr;
-+		ptr=ptr->next;
-+		free(prev);
-+	}
-+	firstDir=NULL;
-+}
-+
-+/* 
-+   Set the file context to the default file context for this system.
-+   Same as restorecon.
-+*/
-+static void restore(const char *filename) {
-+	int retcontext=0;
-+	security_context_t scontext=NULL;
-+	security_context_t prev_context=NULL;
-+	struct stat st;
-+	int fd=-1;
-+	if (debug_mode)
-+		printf("restore %s\n", filename);
-+
-+	fd = open(filename, O_NOFOLLOW | O_RDONLY );
-+	if ( fd < 0 ) {
-+		syslog(LOG_ERR,"Unable to open file (%s) %s\n", filename,strerror(errno));
-+		return;
-+	}
-+
-+
-+	if (fstat(fd, &st)!=0) {
-+		syslog(LOG_ERR,"Unable to stat file (%s) %s\n", filename,strerror(errno));
-+		close(fd);
-+		return;
-+	}
-+
-+	if (! (st.st_mode & S_IFDIR) && st.st_nlink > 1) {
-+		syslog(LOG_ERR,"Will not restore a file with more than one hard link (%s) %s\n", filename,strerror(errno));
-+		close(fd);
-+		return;
-+	}
-+
-+	if (matchpathcon(filename, st.st_mode, &scontext) < 0) {
-+		if (errno == ENOENT)
-+			return;
-+		syslog(LOG_ERR,"matchpathcon(%s) failed %s\n", filename,strerror(errno));
-+		return;
-+	} 
-+	retcontext=fgetfilecon(fd,&prev_context);
-+	
-+	if (retcontext >= 0 || errno == ENODATA) {
-+		if (retcontext < 0) prev_context=NULL;
-+		if (retcontext < 0 || 
-+		    (strcmp(prev_context,scontext) != 0)) {
-+
-+			if (only_changed_user(scontext, prev_context) != 0) {
-+				free(scontext);
-+				free(prev_context);
-+				close(fd);
-+				return;
-+			}
-+
-+			if (fsetfilecon(fd,scontext) < 0) {
-+				syslog(LOG_ERR,"set context %s->%s failed:'%s'\n",
-+					filename, scontext, strerror(errno));
-+				if (retcontext >= 0)
-+					free(prev_context);
-+				free(scontext);
-+				close(fd);
-+				return;
-+			}
-+			syslog(LOG_WARNING,"Reset file context %s: %s->%s\n", filename, prev_context, scontext);
-+		}
-+		if (retcontext >= 0)
-+			free(prev_context);
-+	} 
-+	else {
-+		syslog(LOG_ERR,"get context on %s failed: '%s'\n",
-+			filename, strerror(errno));
-+	}
-+	free(scontext);
-+	close(fd);
-+}
-+
-+static void process_config(int fd, FILE *cfg) {
-+	char *line_buf=NULL;
-+	unsigned int len=0;
-+
-+	while (getline(&line_buf, &len, cfg)>0) {
-+		char *buffer=line_buf;
-+		while(isspace(*buffer))
-+			buffer++;
-+		if(buffer[0] == '#') continue;
-+		int l=strlen(buffer)-1;
-+		if ( l <= 0 ) continue;
-+		buffer[l]=0;
-+		if(buffer[0] == '~') 
-+			utmpwatcher_add(fd, &buffer[1]);
-+		else {
-+			watch_list_add(fd, buffer);
-+		}
-+	}
-+	free(line_buf);
-+}
-+
-+/* 
-+   Read config file ignoring Comment lines 
-+   Files specified one per line.  Files with "~" will be expanded to the logged in users
-+   homedirs.
-+*/
-+
-+static void read_config(int fd) {
-+	char *watch_file_path="/etc/selinux/restorecond.conf";
-+
-+	FILE *cfg = NULL;
-+	if (debug_mode)
-+		printf("Read Config\n");
-+
-+	watch_list_free(fd);
-+
-+	cfg=fopen(watch_file_path, "r");
-+	if (!cfg) exitApp("Error reading config file.");
-+	process_config(fd, cfg);
-+	fclose(cfg);
-+
-+	inotify_rm_watch(fd, master_wd);
-+	master_wd=inotify_add_watch (fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
-+}
-+
-+/* 
-+   Inotify watch loop 
-+*/
-+static int watch(int fd) {
-+	char buf[BUF_LEN];
-+	int len, i = 0;
-+	len = read(fd, buf, BUF_LEN);
-+	if (len < 0) {  
-+		if (terminate == 0) {
-+			syslog(LOG_ERR, "Read error (%s)", strerror(errno));
-+			return 0; 
-+		}
-+		syslog(LOG_ERR, "terminated");
-+		return -1;
-+	} else if (!len)
-+		/* BUF_LEN too small? */
-+		return -1;
-+	while (i < len) {
-+		struct inotify_event *event;
-+		event = (struct inotify_event *) &buf[i];
-+		if (debug_mode) 
-+			printf ("wd=%d mask=%u cookie=%u len=%u\n",
-+				event->wd, event->mask,
-+				event->cookie, event->len);
-+		if (event->wd == master_wd) 
-+			read_config(fd);
-+		else {
-+			switch (utmpwatcher_handle(fd, event->wd)) {
-+			case -1: /* Message was not for utmpwatcher */
-+				if (event->len)
-+					watch_list_find (event->wd, event->name);
-+				break;
-+
-+			case 1: /* utmp has changed need to reload */
-+				read_config(fd);
-+				break;
-+
-+			default: /* No users logged in or out */
-+				break;
-+			}
-+		}
-+
-+
-+		i += EVENT_SIZE + event->len;
-+	}
-+	return 0;
-+}
-+
-+static const char *pidfile = "/var/run/restorecond.pid";
-+
-+static int write_pid_file(void)
-+{
-+	int pidfd, len;
-+	char val[16];
-+
-+	len = snprintf(val, sizeof(val), "%u\n", getpid());
-+	if (len < 0) {
-+		syslog(LOG_ERR, "Pid error (%s)", strerror(errno));
-+		pidfile = 0;
-+		return 1;
-+	}
-+	pidfd = open(pidfile, O_CREAT | O_TRUNC | O_NOFOLLOW | O_WRONLY, 0644);
-+	if (pidfd < 0) {
-+		syslog(LOG_ERR, "Unable to set pidfile (%s)",
-+			strerror(errno));
-+		pidfile = 0;
-+		return 1;
-+	}
-+	(void)write(pidfd, val, (unsigned int)len);
-+	close(pidfd);
-+	return 0;
-+}
-+
-+/*
-+ * SIGTERM handler
-+ */ 
-+static void term_handler()
-+{
-+	terminate=1;
-+	/* trigger a failure in the watch */
-+	close(master_fd);
-+}
-+
-+static void usage(char *program) {
-+	printf("%s [-d] \n", program);
-+	exit(0);
-+}
-+
-+void exitApp(const char *msg) {
-+	perror(msg);
-+	exit(-1);
-+}
-+
-+/* 
-+   Add a file to the watch list.  We are watching for file creation, so we actually
-+   put the watch on the directory and then examine all files created in that directory
-+   to see if it is one that we are watching.
-+*/
-+
-+void watch_list_add(int fd, const char *path) {
-+	struct watchList *ptr=NULL;
-+	struct watchList *prev=NULL;
-+	char *x=strdup(path);
-+	if (!x) exitApp("Out of Memory");
-+	char *dir=dirname(x);
-+	char *file=basename(path);
-+	ptr=firstDir;
-+
-+	restore(path);
-+
-+	while (ptr!=NULL) {
-+		if (strcmp(dir, ptr->dir) == 0) {
-+			strings_list_add(&ptr->files, file);
-+			free(x);
-+			return;
-+		}
-+		prev=ptr;
-+		ptr=ptr->next;
-+	}
-+	ptr=calloc(1, sizeof(struct watchList));
-+
-+	if (!ptr) exitApp("Out of Memory");
-+	ptr->wd=inotify_add_watch (fd, dir, IN_CREATE | IN_MOVED_TO );
-+
-+	ptr->dir=strdup(dir);
-+	if (!ptr->dir) exitApp("Out of Memory");
-+
-+	strings_list_add(&ptr->files, file);
-+	if (prev) 
-+		prev->next=ptr;
-+	else 
-+		firstDir=ptr;
-+
-+	if (debug_mode)
-+		printf("%d: Dir=%s, File=%s\n", ptr->wd,  ptr->dir, file);
-+
-+	free(x);
-+}
-+
-+int main(int argc, char **argv) {
-+	int opt;
-+	struct sigaction sa;
-+
-+#ifndef DEBUG
-+	/* Make sure we are root */
-+	if (getuid() != 0) {
-+		fprintf(stderr, "You must be root to run this program.\n");
-+		return 4;
-+	}
-+#endif
-+
-+	/* Register sighandlers */
-+	sa.sa_flags = 0 ;
-+	sa.sa_handler = term_handler;
-+	sigemptyset( &sa.sa_mask ) ;
-+	sigaction( SIGTERM, &sa, NULL );
-+
-+	master_fd = inotify_init ();
-+	if (master_fd < 0)
-+	        exitApp("inotify_init");
-+
-+	while ((opt = getopt(argc, argv, "d")) > 0) {
-+		switch (opt) {
-+		case 'd':
-+			debug_mode = 1;
-+			break;
-+		case '?':
-+			usage(argv[0]);
-+		}
-+	}
-+	read_config(master_fd);
-+
-+	write_pid_file();
-+
-+	if (! debug_mode)
-+		daemon(0, 0);
-+
-+	while (watch(master_fd) == 0 ) {};
-+
-+	watch_list_free(master_fd);
-+	close(master_fd);
-+	if (pidfile)
-+		unlink(pidfile);
-+
-+	return 0;
-+}
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.1/restorecond/restorecond.conf
---- nsapolicycoreutils/restorecond/restorecond.conf	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.30.1/restorecond/restorecond.conf	2006-03-28 23:03:06.000000000 -0500
-@@ -0,0 +1,4 @@
-+/etc/resolv.conf
-+/etc/mtab
-+/var/run/utmp
-+~/public_html
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-1.30.1/restorecond/restorecond.h
---- nsapolicycoreutils/restorecond/restorecond.h	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.30.1/restorecond/restorecond.h	2006-03-28 23:03:06.000000000 -0500
-@@ -0,0 +1,31 @@
-+/* restorecond.h -- 
-+ * Copyright 2006 Red Hat Inc., Durham, North Carolina.
-+ * All Rights Reserved.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-+ *
-+ * Authors:
-+ *   Dan Walsh <dwalsh at redhat.com>
-+ * 
-+ */
-+
-+#ifndef RESTORED_CONFIG_H
-+#define RESTORED_CONFIG_H
-+
-+void exitApp(const char *msg);
-+void watch_list_add(int inotify_fd, const char *path);
-+
-+#endif
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-1.30.1/restorecond/restorecond.init
---- nsapolicycoreutils/restorecond/restorecond.init	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.30.1/restorecond/restorecond.init	2006-03-28 23:03:06.000000000 -0500
-@@ -0,0 +1,61 @@
-+#!/bin/sh
-+#
-+# restorecond:		Daemo used to maintain path file context
-+#
-+# chkconfig:	2345 10 90
-+# description:	restorecond uses inotify to look for creation of new files listed in the 
-+#               /etc/selinux/POLICYTYPE/restorefiles.conf file, and sets the correct security 
-+#               context.
-+#
-+
-+# Source function library.
-+. /etc/rc.d/init.d/functions
-+
-+start() 
-+{
-+        echo -n $"Starting restorecond: "
-+        daemon /usr/sbin/restorecond 
-+
-+	touch /var/lock/subsys/restorecond
-+        echo
-+}
-+
-+stop() 
-+{
-+        echo -n $"Shutting down restorecond: "
-+	killproc restorecond
-+
-+	rm -f  /var/lock/subsys/restorecond
-+        echo
-+}
-+restart() 
-+{
-+    stop
-+    start
-+}
-+
-+[ -f /usr/sbin/restorecond ] || exit 0
-+
-+# See how we were called.
-+case "$1" in
-+  start)
-+	start
-+        ;;
-+  stop)
-+	stop
-+        ;;
-+  status)
-+	status restorecond
-+	;;
-+  restart|reload)
-+	restart
-+	;;
-+  condrestart)
-+	[ -e /var/lock/subsys/restorecond ] && restart || :
-+	;;
-+  *)
-+        echo $"Usage: $0 {start|stop|restart|reload|condrestart}"
-+        exit 1
-+esac
-+
-+exit 0
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/stringslist.c policycoreutils-1.30.1/restorecond/stringslist.c
---- nsapolicycoreutils/restorecond/stringslist.c	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.30.1/restorecond/stringslist.c	2006-03-28 23:03:06.000000000 -0500
-@@ -0,0 +1,118 @@
-+/*
-+ * Copyright (C) 2006 Red Hat 
-+ * see file 'COPYING' for use and warranty information
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public License as
-+ * published by the Free Software Foundation; either version 2 of
-+ * the License, or (at your option) any later version.
-+ * 
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ * GNU General Public License for more details.
-+.* 
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA     
-+ * 02111-1307  USA
-+ *
-+ * Authors:  
-+ *   Dan Walsh <dwalsh at redhat.com>
-+ *
-+*/
-+
-+#include <string.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include "stringslist.h"
-+#include "restorecond.h"
-+
-+/* Sorted lists */
-+void strings_list_add(struct stringsList **list, const char *string) {
-+	struct stringsList *ptr=*list;
-+	struct stringsList *prev=NULL;
-+	struct stringsList *newptr=NULL;
-+	while(ptr) {
-+		int cmp=strcmp(string, ptr->string);
-+		if (cmp < 0) break;  /* Not on list break out to add */
-+		if (cmp == 0) return; /* Already on list */
-+		prev=ptr;
-+		ptr=ptr->next;
-+	}
-+	newptr=calloc(1, sizeof(struct stringsList));
-+	if (!newptr) exitApp("Out of Memory");
-+	newptr->string=strdup(string);
-+	newptr->next = ptr;
-+	if (prev) 
-+		prev->next=newptr;
-+	else
-+		*list=newptr;
-+}
-+
-+int strings_list_find(struct stringsList *ptr, const char *string) {
-+	while (ptr) {
-+		int cmp=strcmp(string, ptr->string);
-+		if (cmp < 0) return -1;  /* Not on list break out to add */
-+		if (cmp == 0) return 0; /* Already on list */
-+		ptr=ptr->next;
-+	}
-+	return -1;
-+}
-+
-+void strings_list_free(struct stringsList *ptr) {
-+	struct stringsList *prev=NULL;
-+	while (ptr) {
-+		free(ptr->string);
-+		prev=ptr;
-+		ptr=ptr->next;
-+		free(prev);
-+	}
-+}
-+
-+int strings_list_diff(struct stringsList *from, struct stringsList *to) {
-+	while (from != NULL && to != NULL) {
-+		if (strcmp(from->string, to->string) != 0) return 1;
-+		from=from->next;
-+		to=to->next;
-+	}
-+	if (from != NULL || to != NULL) return 1;
-+	return 0;
-+}
-+
-+void strings_list_print(struct stringsList *ptr) {
-+	while (ptr) {
-+		printf("%s\n", ptr->string);
-+		ptr=ptr->next;
-+	}
-+}
-+
-+
-+#ifdef TEST
-+void exitApp(const char *msg) {
-+	perror(msg);
-+	exit(-1);
-+}
-+
-+int main(int argc, char **argv) {
-+	struct stringsList *list=NULL;
-+	struct stringsList *list1=NULL;
-+	strings_list_add(&list, "/etc/resolv.conf");
-+	strings_list_add(&list, "/etc/walsh");
-+	strings_list_add(&list, "/etc/mtab");
-+	strings_list_add(&list, "/etc/walsh");
-+	if (strings_list_diff(list, list) != 0) printf ("strings_list_diff test1 bug\n");
-+	strings_list_add(&list1, "/etc/walsh");
-+	if (strings_list_diff(list, list1) == 0) printf ("strings_list_diff test2 bug\n");
-+	strings_list_add(&list1, "/etc/walsh");
-+	strings_list_add(&list1, "/etc/resolv.conf");
-+	strings_list_add(&list1, "/etc/mtab1");
-+	if (strings_list_diff(list, list1) == 0) printf ("strings_list_diff test3 bug\n");
-+	printf ("strings list\n");
-+	strings_list_print(list);
-+	printf ("strings list1\n");
-+	strings_list_print(list1);
-+	strings_list_free(list);
-+	strings_list_free(list1);
-+}
-+#endif
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/stringslist.h policycoreutils-1.30.1/restorecond/stringslist.h
---- nsapolicycoreutils/restorecond/stringslist.h	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.30.1/restorecond/stringslist.h	2006-03-28 23:03:06.000000000 -0500
-@@ -0,0 +1,37 @@
-+/* stringslist.h -- 
-+ * Copyright 2006 Red Hat Inc., Durham, North Carolina.
-+ * All Rights Reserved.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-+ *
-+ * Authors:
-+ *   Dan Walsh <dwalsh at redhat.com>
-+ * 
-+ */
-+#ifndef STRINGSLIST_H
-+#define STRINGSLIST_H
-+
-+struct stringsList {
-+	struct stringsList *next;
-+	char *string;
-+};
-+
-+void strings_list_free(struct stringsList *list);
-+void strings_list_add(struct stringsList **list, const char *string);
-+void strings_list_print(struct stringsList *list);
-+int strings_list_find(struct stringsList *list, const char *string);
-+int strings_list_diff(struct stringsList *from, struct stringsList *to);
-+
-+#endif
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-1.30.1/restorecond/utmpwatcher.c
---- nsapolicycoreutils/restorecond/utmpwatcher.c	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.30.1/restorecond/utmpwatcher.c	2006-03-28 23:03:06.000000000 -0500
-@@ -0,0 +1,105 @@
-+/*
-+ * utmpwatcher.c
-+ *
-+ * Copyright (C) 2006 Red Hat 
-+ * see file 'COPYING' for use and warranty information
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public License as
-+ * published by the Free Software Foundation; either version 2 of
-+ * the License, or (at your option) any later version.
-+ * 
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ * GNU General Public License for more details.
-+.* 
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA     
-+ * 02111-1307  USA
-+ *
-+ * Authors:  
-+ *   Dan Walsh <dwalsh at redhat.com>
-+ *
-+ *
-+*/
-+
-+#define _GNU_SOURCE
-+#include <sys/inotify.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <syslog.h>
-+
-+#include <limits.h>
-+#include <utmp.h>
-+#include <sys/types.h>
-+#include <pwd.h>
-+#include "restorecond.h"
-+#include "utmpwatcher.h"
-+#include "stringslist.h"
-+
-+static struct stringsList *utmp_ptr=NULL;
-+static int utmp_wd=-1;
-+
-+unsigned int utmpwatcher_handle(int inotify_fd, int wd) {
-+	int changed=0;
-+	struct utmp u;
-+	char *utmp_path="/var/run/utmp";
-+	struct stringsList *prev_utmp_ptr=utmp_ptr;
-+	if (wd != utmp_wd) return -1;
-+
-+	utmp_ptr=NULL;
-+	FILE *cfg=fopen(utmp_path, "r");
-+	if (!cfg) exitApp("Error reading config file.");
-+
-+	while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
-+		if (u.ut_type == USER_PROCESS) 
-+			strings_list_add(&utmp_ptr, u.ut_user);
-+	}
-+	fclose(cfg);
-+	if (utmp_wd >= 0) 
-+		inotify_rm_watch(inotify_fd, utmp_wd);
-+
-+	utmp_wd=inotify_add_watch (inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
-+	if (prev_utmp_ptr) {
-+		changed=strings_list_diff(prev_utmp_ptr, utmp_ptr);
-+		strings_list_free(prev_utmp_ptr);
-+	}
-+	return changed;
-+}
-+
-+static void watch_file(int inotify_fd, const char *file) {
-+	struct stringsList *ptr=utmp_ptr;
-+	
-+	while(ptr) {
-+		struct passwd *pwd=getpwnam(ptr->string);
-+		if (pwd) {
-+			char *path=NULL;
-+			if (asprintf(&path, "%s%s",pwd->pw_dir, file) < 0)
-+				exitApp("Error allocating memory.");
-+			watch_list_add(inotify_fd, path);
-+			free(path);
-+		}
-+		ptr=ptr->next;
-+	}
-+}
-+
-+void utmpwatcher_add(int inotify_fd, const char *path) {
-+	if (utmp_ptr == NULL) {
-+		utmpwatcher_handle(inotify_fd, utmp_wd);
-+	}
-+	watch_file(inotify_fd, path);
-+}
-+
-+#ifdef TEST
-+int main(int argc, char **argv) {
-+	read_utmp();
-+	return 0;
-+}
-+#endif
-+
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.h policycoreutils-1.30.1/restorecond/utmpwatcher.h
---- nsapolicycoreutils/restorecond/utmpwatcher.h	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.30.1/restorecond/utmpwatcher.h	2006-03-28 23:03:06.000000000 -0500
-@@ -0,0 +1,29 @@
-+/* utmpwatcher.h -- 
-+ * Copyright 2006 Red Hat Inc., Durham, North Carolina.
-+ * All Rights Reserved.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-+ *
-+ * Authors:
-+ *   Dan Walsh <dwalsh at redhat.com>
-+ * 
-+ */
-+#ifndef UTMPWATCHER_H
-+#define UTMPWATCHER_H
-+
-+unsigned int utmpwatcher_handle(int inotify_fd, int wd);
-+void utmpwatcher_add(int inotify_fd, const char *path);
-+
-+#endif
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.30.1/scripts/fixfiles
---- nsapolicycoreutils/scripts/fixfiles	2006-01-04 13:07:46.000000000 -0500
-+++ policycoreutils-1.30.1/scripts/fixfiles	2006-03-28 23:03:06.000000000 -0500
-@@ -124,7 +124,15 @@
-     exit $?
- fi
- if [ ! -z "$DIRS" ]; then
--    ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $1 -v $DIRS 2>&1 >> $LOGFILE
-+    if [ -x /usr/bin/find ]; then
-+	for d in ${DIRS} ; do find $d \
-+	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune  -o -print | \
-+	    ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $1 -v -f - 2>&1 >> $LOGFILE
-+	done
-+    else
-+	${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $1 -v $DIRS 2>&1 >> $LOGFILE
-+    fi
-+
-     exit $?
- fi
- LogReadOnly
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.4/audit2allow/audit2allow
+--- nsapolicycoreutils/audit2allow/audit2allow	2006-03-29 15:35:22.000000000 -0500
++++ policycoreutils-1.30.4/audit2allow/audit2allow	2006-04-05 08:59:26.000000000 -0400
+@@ -577,7 +577,7 @@
+ 		if ref_ind:
+ 			out.gen_reference_policy()
+ 
+-		if auditlogs:
++		if auditlogs and os.path.exists("/var/log/audit/audit.log"):
+ 			input=os.popen("ausearch -m avc")
+ 			out.load(input)
+ 
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.30.4/audit2allow/audit2allow.1
+--- nsapolicycoreutils/audit2allow/audit2allow.1	2006-03-10 09:48:04.000000000 -0500
++++ policycoreutils-1.30.4/audit2allow/audit2allow.1	2006-04-05 09:09:05.000000000 -0400
+@@ -98,6 +98,11 @@
+ .PP
+ .SH EXAMPLE
+ .nf
++.B NOTE: These examples are for systems using the audit package.  If you do 
++.B not use the audit package,  the AVC messages will be in /var/log/messages.
++.B Please substiture /var/log/messages for /var/log/audit/audit.log in the 
++.B examples.
++.PP
+ .B Using audit2allow to generate monolithic (non-module) policy
+ $ cd /etc/selinux/$SELINUXTYPE/src/policy
+ $ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.30.4/restorecond/restorecond.conf
+--- nsapolicycoreutils/restorecond/restorecond.conf	2006-03-29 11:08:21.000000000 -0500
++++ policycoreutils-1.30.4/restorecond/restorecond.conf	2006-04-03 11:57:26.000000000 -0400
+@@ -2,3 +2,4 @@
+ /etc/mtab
+ /var/run/utmp
+ ~/public_html
++~/.mozilla/plugins/libflashplayer.so
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.4/semanage/semanage
+--- nsapolicycoreutils/semanage/semanage	2006-03-29 15:35:22.000000000 -0500
++++ policycoreutils-1.30.4/semanage/semanage	2006-04-01 04:54:36.000000000 -0500
+@@ -286,6 +286,8 @@
+ 		errorExit("Options Error " + error.msg)
+ 	except ValueError, error:
+ 		errorExit(error.args[0])
++	except KeyError, error:
++		errorExit("Invalid value %s" % error.args[0])
+ 	except IOError, error:
+ 		errorExit(error.args[1])
+ 	except KeyboardInterrupt, error:


Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/FC-5/policycoreutils.spec,v
retrieving revision 1.243
retrieving revision 1.244
diff -u -r1.243 -r1.244
--- policycoreutils.spec	29 Mar 2006 05:01:42 -0000	1.243
+++ policycoreutils.spec	5 Apr 2006 13:18:30 -0000	1.244
@@ -4,8 +4,8 @@
 %define libselinuxver 1.30-1
 Summary: SELinux policy core utilities.
 Name: policycoreutils
-Version: 1.30.1
-Release: 3.fc5
+Version: 1.30.4
+Release: 2.fc5
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -107,6 +107,28 @@
 service restorecond condrestart
 
 %changelog
+* Wed Apr 5 2006 Dan Walsh <dwalsh at redhat.com> 1.30.4-2.fc5
+- Bump to build in FC5
+
+* Wed Apr 5 2006 Dan Walsh <dwalsh at redhat.com> 1.30.4-2
+- Fix audit2allow to not require ausearch.
+- Fix man page
+- Add libflashplayer to restorecond.conf
+
+* Wed Mar 29 2006 Dan Walsh <dwalsh at redhat.com> 1.30.4-1
+- Update from upstream
+	* Merged audit2allow fixes for refpolicy from Dan Walsh.
+	* Merged fixfiles patch from Dan Walsh.
+	* Merged restorecond daemon from Dan Walsh.
+	* Merged semanage non-MLS fixes from Chris PeBenito.
+	* Merged semanage and semodule man page examples from Thomas Bleher.
+
+* Tue Mar 28 2006 Dan Walsh <dwalsh at redhat.com> 1.30.1-4
+- Clean up reference policy generation in audit2allow
+
+* Tue Mar 21 2006 Dan Walsh <dwalsh at redhat.com> 1.30.1-3
+- Add IN_MOVED_TO to catch renames
+
 * Tue Mar 21 2006 Dan Walsh <dwalsh at redhat.com> 1.30.1-3.fc5
 - Add IN_MOVED_TO to catch renames
 


Index: sources
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/FC-5/sources,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- sources	22 Mar 2006 16:44:10 -0000	1.108
+++ sources	5 Apr 2006 13:18:30 -0000	1.109
@@ -1 +1 @@
-a1f4732b7c4d047a437d489b620a2895  policycoreutils-1.30.1.tgz
+4af18b5ace84c5cb075f5160ab51f86b  policycoreutils-1.30.4.tgz




More information about the fedora-cvs-commits mailing list