rpms/policycoreutils/devel .cvsignore, 1.84, 1.85 policycoreutils-rhat.patch, 1.124, 1.125 policycoreutils.spec, 1.182, 1.183 sources, 1.87, 1.88
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Dec 2 12:25:34 UTC 2005
- Previous message (by thread): rpms/squid/devel squid-2.5.STABLE12-fd-config.patch, NONE, 1.1 squid.spec, 1.48, 1.49
- Next message (by thread): rpms/diffstat/devel .cvsignore, 1.5, 1.6 diffstat.spec, 1.13, 1.14 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv16374
Modified Files:
.cvsignore policycoreutils-rhat.patch policycoreutils.spec
sources
Log Message:
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- .cvsignore 30 Nov 2005 19:32:20 -0000 1.84
+++ .cvsignore 2 Dec 2005 12:25:31 -0000 1.85
@@ -69,3 +69,4 @@
policycoreutils-1.27.29.tgz
policycoreutils-1.27.30.tgz
policycoreutils-1.27.31.tgz
+policycoreutils-1.27.33.tgz
policycoreutils-rhat.patch:
genhomedircon | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.124
retrieving revision 1.125
diff -u -r1.124 -r1.125
--- policycoreutils-rhat.patch 30 Nov 2005 20:07:41 -0000 1.124
+++ policycoreutils-rhat.patch 2 Dec 2005 12:25:31 -0000 1.125
@@ -1,670 +1,23 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.31/audit2allow/audit2allow
---- nsapolicycoreutils/audit2allow/audit2allow 2005-11-29 13:43:42.000000000 -0500
-+++ policycoreutils-1.27.31/audit2allow/audit2allow 2005-11-30 14:51:35.000000000 -0500
-@@ -25,8 +25,9 @@
- #
- #
- import commands, sys, os, pwd, string, getopt, re, selinux
--class allow:
-- def __init__(self, source, target, seclass):
-+class serule:
-+ def __init__(self, type, source, target, seclass):
-+ self.type=type
- self.source=source
- self.target=target
- self.seclass=seclass
-@@ -52,7 +53,7 @@
- return ret
- def out(self, verbose=0):
- ret=""
-- ret=ret+"allow %s %s:%s %s;" % (self.source, self.gettarget(), self.seclass, self.getAccess())
-+ ret=ret+"%s %s %s:%s %s;" % (self.type, self.source, self.gettarget(), self.seclass, self.getAccess())
- if verbose:
- keys=self.avcinfo.keys()
- keys.sort()
-@@ -72,38 +73,104 @@
- else:
- return self.target
-
--class allowRecords:
-- def __init__(self, input, last_reload=0, verbose=0):
-+class seruleRecords:
-+ def __init__(self, input, last_reload=0, verbose=0, te_ind=0):
- self.last_reload=last_reload
-- self.allowRules={}
-+ self.seRules={}
- self.seclasses={}
- self.types=[]
- self.roles=[]
-- self.load(input)
-+ self.load(input, te_ind)
-
- def warning(self, error):
- sys.stderr.write("%s: " % sys.argv[0])
- sys.stderr.write("%s\n" % error)
- sys.stderr.flush()
-
-- def load(self, input):
-+ def load(self, input, te_ind=0):
-+ VALID_CMDS=("allow", "dontaudit", "auditallow", "role")
-+
- avc=[]
- found=0
- line = input.readline()
-- while line:
-- rec=line.split()
-- for i in rec:
-- if i=="avc:" or i=="message=avc:":
-- found=1
-- else:
-- avc.append(i)
-- if found:
-- self.add(avc)
-- found=0
-- avc=[]
-- line = input.readline()
-+ if te_ind:
-+ while line:
-+ rec=line.split()
-+ if len(rec) and rec[0] in VALID_CMDS:
-+ self.add_terule(line)
-+ line = input.readline()
-+
-+ else:
-+ while line:
-+ rec=line.split()
-+ for i in rec:
-+ if i=="avc:" or i=="message=avc:":
-+ found=1
-+ else:
-+ avc.append(i)
-+ if found:
-+ self.add(avc)
-+ found=0
-+ avc=[]
-+ line = input.readline()
-
-
-+ def get_target(self, i, rule):
-+ target=[]
-+ if rule[i][0] == "{":
-+ for t in rule[i].split("{"):
-+ if len(t):
-+ target.append(t)
-+ i=i+1
-+ for s in rule[i:]:
-+ if s.find("}") >= 0:
-+ for s1 in s.split("}"):
-+ if len(s1):
-+ target.append(s1)
-+ i=i+1
-+ return (i, target)
-+
-+ target.append(s)
-+ i=i+1
-+ else:
-+ if rule[i].find(";") >= 0:
-+ for s1 in rule[i].split(";"):
-+ if len(s1):
-+ target.append(s1)
-+ else:
-+ target.append(rule[i])
-+
-+ i=i+1
-+ return (i, target)
-+
-+ def rules_split(self, rules):
-+ (idx, target ) = self.get_target(0, rules)
-+ (idx, subject) = self.get_target(idx, rules)
-+ return (target, subject)
-+
-+ def add_terule(self, rule):
-+ rc = rule.split(":")
-+ rules=rc[0].split()
-+ type=rules[0]
-+ if type == "role":
-+ print type
-+ (sources, targets) = self.rules_split(rules[1:])
-+ rules=rc[1].split()
-+ (seclasses, access) = self.rules_split(rules)
-+ for scon in sources:
-+ for tcon in targets:
-+ for seclass in seclasses:
-+ self.add_rule(type, scon, tcon, seclass,access)
-+
-+ def add_rule(self, rule_type, scon, tcon, seclass, access, msg="", comm="", name=""):
-+ self.add_seclass(seclass, access)
-+ self.add_type(tcon)
-+ self.add_type(scon)
-+ if (type, scon, tcon, seclass) not in self.seRules.keys():
-+ self.seRules[(rule_type, scon, tcon, seclass)]=serule(rule_type, scon, tcon, seclass)
-+
-+ self.seRules[(rule_type, scon, tcon, seclass)].add((access, msg, comm, name ))
-+
- def add(self,avc):
- scon=""
- tcon=""
-@@ -117,7 +184,7 @@
-
- if "granted" in avc:
- if "load_policy" in avc and self.last_reload:
-- self.allowRules={}
-+ self.seRules={}
- return
- try:
- for i in range (0, len(avc)):
-@@ -160,16 +227,9 @@
- self.warning("Bad AVC Line: %s" % avc)
- return
-
-- self.add_seclass(seclass, access)
-- self.add_type(tcon)
-- self.add_type(scon)
- self.add_role(srole)
- self.add_role(trole)
--
-- if (scon, tcon, seclass) not in self.allowRules.keys():
-- self.allowRules[(scon, tcon, seclass)]=allow(scon, tcon, seclass)
--
-- self.allowRules[(scon, tcon, seclass)].add((access, msg, comm, name ))
-+ self.add_rule("allow", scon, tcon, seclass, access, msg, comm, name)
-
- def add_seclass(self,seclass, access):
- if seclass not in self.seclasses.keys():
-@@ -195,17 +255,23 @@
- keys=self.seclasses.keys()
- keys.sort()
- rec="\n\nrequire {\n"
-- for i in self.roles:
-- rec += "\trole %s; \n" % i
-- rec += "\n\n"
-+ if len(self.roles) > 0:
-+ for i in self.roles:
-+ rec += "\trole %s; \n" % i
-+ rec += "\n"
-+
- for i in keys:
- access=self.seclasses[i]
-- access.sort()
-- rec += "\tclass %s { " % i
-- for a in access:
-- rec += " %s" % a
-- rec += " }; \n"
-- rec += "\n\n"
-+ if len(access) > 1:
-+ access.sort()
-+ rec += "\tclass %s {" % i
-+ for a in access:
-+ rec += " %s" % a
-+ rec += " }; \n"
-+ else:
-+ rec += "\tclass %s %s;\n" % (i, access[0])
-+
-+ rec += "\n"
-
- for i in self.types:
- rec += "\ttype %s; \n" % i
-@@ -214,17 +280,19 @@
-
- def out(self, require=0, module=""):
- rec=""
-- if len(self.allowRules.keys())==0:
-+ if len(self.seRules.keys())==0:
- raise(ValueError("No AVC messages found."))
-- if module!="":
-+ if module != "":
- rec += self.gen_module(module)
- rec += self.gen_requires()
- else:
- if requires:
- rec+=self.gen_requires()
--
-- for i in self.allowRules.keys():
-- rec += self.allowRules[i].out(verbose)+"\n"
-+
-+ keys=self.seRules.keys()
-+ keys.sort()
-+ for i in keys:
-+ rec += self.seRules[i].out(verbose)+"\n"
- return rec
-
- if __name__ == '__main__':
-@@ -235,8 +303,8 @@
- else:
- return ""
-
-- def usage():
-- print 'audit2allow [-adhilrv] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
-+ def usage(msg=""):
-+ print 'audit2allow [-adhilrv] [-t file ] [ -f fcfile ] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
- -a, --all read input from audit and message log, conflicts with -i\n\
- -d, --dmesg read input from output of /bin/dmesg\n\
- -h, --help display this message\n\
-@@ -246,8 +314,12 @@
- -M generate loadable module package, conflicts with -o\n\
- -o, --output append output to <outputfile>, conflicts with -M\n\
- -r, --requires generate require output \n\
-+ -t, --tefile Indicates input is Existing Type Enforcement file\n\
-+ -f, --fcfile Existing Type Enforcement file, requires -M\n\
- -v, --verbose verbose output\n\
- '
-+ if msg != "":
-+ print msg
- sys.exit(1)
-
- def errorExit(error):
-@@ -270,41 +342,50 @@
- buildPP=0
- input_ind=0
- output_ind=0
-+ te_ind=0
-+
-+ fc_file=""
- gopts, cmds = getopt.getopt(sys.argv[1:],
-- 'adhi:lm:M:o:rv',
-+ 'adf:hi:lm:M:o:rtv',
- ['all',
- 'dmesg',
-+ 'fcfile=',
- 'help',
- 'input=',
- 'lastreload',
- 'module=',
- 'output=',
- 'requires'
-+ 'tefile',
- 'verbose'
- ])
- for o,a in gopts:
- if o == "-a" or o == "--all":
-- if input_ind:
-+ if input_ind or te_ind:
- usage()
- input=open("/var/log/messages", "r")
- auditlogs=1
- if o == "-d" or o == "--dmesg":
- input=os.popen("/bin/dmesg", "r")
-+ if o == "-f" or o == "--fcfile":
-+ if a[0]=="-":
-+ usage()
-+ fc_file=a
- if o == "-h" or o == "--help":
- usage()
- if o == "-i"or o == "--input":
-- if auditlogs:
-+ if auditlogs or a[0]=="-":
- usage()
- input_ind=1
- input=open(a, "r")
- if o == '--lastreload' or o == "-l":
- last_reload=1
- if o == "-m" or o == "--module":
-- if module != "":
-+ if module != "" or a[0]=="-":
- usage()
- module=a
- if o == "-M":
-- if module != "" or output_ind:
-+ if module != "" or output_ind or a[0]=="-":
- usage()
- module=a
- outfile=a+".te"
-@@ -312,19 +393,30 @@
- output=open(outfile, "w")
- if o == "-r" or o == "--requires":
- requires=1
-+ if o == "-t" or o == "--tefile":
-+ if auditlogs:
-+ usage()
-+ te_ind=1
- if o == "-o" or o == "--output":
-- if module != "":
-+ if module != "" or a[0]=="-":
- usage()
- output=open(a, "a")
- output_ind=1
- if o == "-v" or o == "--verbose":
- verbose=1
-- if len(cmds) != 0:
-- usage()
-- out=allowRecords(input, last_reload, verbose)
-+
-+ if len(cmds) != 0:
-+ usage()
-+
-+ if fc_file != "" and not buildPP:
-+ usage("Error %s: Option -fc requires -M" % sys.argv[0])
-+
-+ out=seruleRecords(input, last_reload, verbose, te_ind)
-+
- if auditlogs:
-- input=open("/var/log/audit/audit.log", "r")
-- out.load(input)
-+ input=os.popen("ausearch -m avc")
-+ out.load(input)
-+
- if buildPP:
- print ("Generating type enforcment file: %s.te" % module)
- output.write(out.out(requires, module))
-@@ -334,8 +426,13 @@
- print "Compiling policy: %s" % cmd
- rc=commands.getstatusoutput(cmd)
- if rc[0]==0:
-- print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module))
-- rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module))
-+ cmd="semodule_package -o %s.pp -m %s.mod" % (module, module)
-+ print cmd
-+ if fc_file != "":
-+ cmd = "%s -f %s" % (cmd, fc_file)
-+
-+ print "Building package: %s" % cmd
-+ rc=commands.getstatusoutput(cmd)
- if rc[0]==0:
- print ("\n******************** IMPORTANT ***********************\n")
- print ("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n" % module)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.27.31/audit2allow/audit2allow.1
---- nsapolicycoreutils/audit2allow/audit2allow.1 2005-11-29 13:43:42.000000000 -0500
-+++ policycoreutils-1.27.31/audit2allow/audit2allow.1 2005-11-30 14:53:31.000000000 -0500
-@@ -33,37 +33,44 @@
- .B "\-a" | "\-\-all"
- Read input from audit and message log, conflicts with -i
- .TP
--.B "\-h" | "\-\-help"
--Print a short usage message
--.TP
- .B "\-d" | "\-\-dmesg"
- Read input from output of
- .I /bin/dmesg.
--Note that audit messages are not available via dmesg when
--auditd is running; use -i /var/log/audit/audit.log instead.
-+Note that all audit messages are not available via dmesg when
-+auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
- .TP
--.B "\-v" | "\-\-verbose"
--Turn on verbose output
-+.B "\-f" | "\-\-fcfile" <File Context File>
-+Add File Context File to generated Module Package. Requires -M option.
-+.TP
-+.B "\-h" | "\-\-help"
-+Print a short usage message
-+.TP
-+.B "\-i <inputfile>" | "\-\-input <inputfile>"
-+read input from
-+.I <inputfile>
- .TP
- .B "\-l" | "\-\-lastreload"
- read input only after last policy reload
- .TP
--.B "\-r" | "\-\-requires"
--Generate require output syntax for loadable modules.
--.TP
- .B "\-m <modulename>" | "\-\-module <modulename>"
- Generate module/require output <modulename>
- .TP
- .B "\-M <modulename>"
- Generate loadable module package, conflicts with -o
- .TP
--.B "\-i <inputfile>" | "\-\-input <inputfile>"
--read input from
--.I <inputfile>
--.TP
- .B "\-o <outputfile>" | "\-\-output <outputfile>"
- append output to
- .I <outputfile>
-+.TP
-+.B "\-r" | "\-\-requires"
-+Generate require output syntax for loadable modules.
-+.TP
-+.B "\-t " | "\-\-tefile"
-+Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
-+.TP
-+.B "\-v" | "\-\-verbose"
-+Turn on verbose output
-+
- .SH DESCRIPTION
- .PP
- This utility scans the logs for messages logged when the system denied
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.31/scripts/genhomedircon
---- nsapolicycoreutils/scripts/genhomedircon 2005-11-30 13:59:30.000000000 -0500
-+++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 14:31:26.000000000 -0500
-@@ -32,6 +32,8 @@
- fd=open("/etc/shells", 'r')
- VALID_SHELLS=fd.read().split('\n')
- fd.close()
-+if "/sbin/nologin" in VALID_SHELLS:
-+ VALID_SHELLS.remove("/sbin/nologin")
-
- def getStartingUID():
- starting_uid = sys.maxint
-@@ -266,7 +268,7 @@
- homedir = u[5][:string.rfind(u[5], "/")]
- if not homedir in homedirs:
- if self.checkExists(homedir)==0:
-- warning("%s is already defined in %s,\n%s will not create a new context." % (homedir, self.getFileContextFile(), sys.argv[0]))
-+ warning("%s homedir %s or its parent directoy conflicts with a\ndefined context in %s,\n%s will not create a new context." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))
- else:
- homedirs.append(homedir)
-
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule/Makefile policycoreutils-1.27.31/semodule/Makefile
---- nsapolicycoreutils/semodule/Makefile 2005-10-10 09:02:48.000000000 -0400
-+++ policycoreutils-1.27.31/semodule/Makefile 2005-11-30 14:31:26.000000000 -0500
-@@ -17,6 +17,8 @@
- install: all
- -mkdir -p $(SBINDIR)
- install -m 755 semodule $(SBINDIR)
-+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
-+ install -m 644 semodule.8 $(MANDIR)/man8/
-
- relabel:
-
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-1.27.31/semodule/semodule.8
---- nsapolicycoreutils/semodule/semodule.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.27.31/semodule/semodule.8 2005-11-30 14:31:26.000000000 -0500
-@@ -0,0 +1,53 @@
-+.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
-+.SH NAME
-+semodule \- Manage SELinux policy modules.
-+
-+.SH SYNOPSIS
-+.B semodule
-+.br
-+.SH DESCRIPTION
-+.PP
-+semodule is the tool used to manage policy, it can call functions to load/replace the policy in the kernel, as well as setup load_able modules.
-+
-+.SH "OPTIONS"
-+.TP
-+.B \-R, \-\-reload
-+reload policy
-+.TP
-+.B \-B, \-\-build
-+build and reload policy
-+.TP
-+.B \-i,\-\-install=MODULE_PKG
-+install a new module
-+.TP
-+.B \-u,\-\-upgrade=MODULE_PKG
-+upgrade existing module
-+.TP
-+.B \-b,\-\-base=MODULE_PKG
-+install new base module
-+.TP
-+.B \-r,\-\-remove=MODULE_NAME
-+remove existing module
-+.TP
-+.B \-l,\-\-list-modules
-+display list of installed modules
-+.TP
-+.B \-s,\-\-store
-+name of the store to operate on
-+.TP
-+.B \-n,\-\-noreload
-+do not reload policy after commit
-+.TP
-+.B \-h,\-\-help
-+prints help message and quit
-+.TP
-+.B \-v,\-\-verbose
-+be verbose reset the policy boolean values to the saved policy settings.
-+
-+.SH SEE ALSO
-+.B load_policy(8), semodule_package(8), semodule_expand(8), semodule_link(8)
-+(8),
-+.SH AUTHORS
-+.nf
-+This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+The program was written by Karl MacMillan <kmacmillan at tresys.com>, Joshua Brindle <jbrindle at tresys.com>, Jason Tang <jtang at tresys.com>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_expand/Makefile policycoreutils-1.27.31/semodule_expand/Makefile
---- nsapolicycoreutils/semodule_expand/Makefile 2005-10-12 15:25:33.000000000 -0400
-+++ policycoreutils-1.27.31/semodule_expand/Makefile 2005-11-30 14:31:26.000000000 -0500
-@@ -3,6 +3,7 @@
- INCLUDEDIR ?= $(PREFIX)/include
- BINDIR ?= $(PREFIX)/bin
- LIBDIR ?= ${PREFIX}/lib
-+MANDIR ?= $(PREFIX)/share/man
-
- CFLAGS ?= -Werror -Wall -W
- override CFLAGS += -I$(INCLUDEDIR)
-@@ -15,6 +16,8 @@
- install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_expand $(BINDIR)
-+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
-+ install -m 644 semodule_expand.8 $(MANDIR)/man8/
-
- relabel:
-
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_expand/semodule_expand.8 policycoreutils-1.27.31/semodule_expand/semodule_expand.8
---- nsapolicycoreutils/semodule_expand/semodule_expand.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.27.31/semodule_expand/semodule_expand.8 2005-11-30 14:31:26.000000000 -0500
-@@ -0,0 +1,26 @@
-+.TH SEMODULE_EXPAND "8" "Nov 2005" "Security Enhanced Linux" NSA
-+.SH NAME
-+semodule_expand \- Manage SELinux policy modules.
-+
-+.SH SYNOPSIS
-+.B semodule_expand [-V -c [version]] basemodpkg outputfile
-+.br
-+.SH DESCRIPTION
-+.PP
-+semodule_expand is the tool used to create a policy file from a base policy module. Tool takes to arguments: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
-+
-+.SH "OPTIONS"
-+.TP
-+.B \-V
-+verbose mode
-+.TP
-+.B \-c [version]
-+policy version to create
-+
-+.SH SEE ALSO
-+.B load_policy(8), semodule_package(8), semodule(8), semodule_link(8)
-+(8),
-+.SH AUTHORS
-+.nf
-+This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+The program was written by Karl MacMillan <kmacmillan at tresys.com>, Joshua Brindle <jbrindle at tresys.com>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_link/Makefile policycoreutils-1.27.31/semodule_link/Makefile
---- nsapolicycoreutils/semodule_link/Makefile 2005-10-12 15:25:33.000000000 -0400
-+++ policycoreutils-1.27.31/semodule_link/Makefile 2005-11-30 14:31:26.000000000 -0500
-@@ -2,6 +2,7 @@
- PREFIX ?= ${DESTDIR}/usr
- INCLUDEDIR ?= $(PREFIX)/include
- BINDIR ?= $(PREFIX)/bin
-+MANDIR ?= $(PREFIX)/share/man
- LIBDIR ?= ${PREFIX}/lib
-
- CFLAGS ?= -Werror -Wall -W
-@@ -15,6 +16,8 @@
- install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_link $(BINDIR)
-+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
-+ install -m 644 semodule_link.8 $(MANDIR)/man8/
-
- relabel:
-
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_link/semodule_link.8 policycoreutils-1.27.31/semodule_link/semodule_link.8
---- nsapolicycoreutils/semodule_link/semodule_link.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.27.31/semodule_link/semodule_link.8 2005-11-30 14:31:26.000000000 -0500
-@@ -0,0 +1,27 @@
-+.TH SEMODULE_LINK "8" "Nov 2005" "Security Enhanced Linux" NSA
-+.SH NAME
-+semodule_link \- Link a group of modules together with a base module
-+
-+.SH SYNOPSIS
-+.B semodule_link [-V] [-o outfile] basemodpkg modpkg1 [modpkg2]...
-+.br
-+.SH DESCRIPTION
-+.PP
-+semodule_link is the tool used to create a policy file from a base policy module. and one of more loadable policy modules: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
-+
-+.SH "OPTIONS"
-+.TP
-+.B \-V
-+verbose mode
-+.TP
-+.B \-o \-\-outfile <output file>
-+Loadable package Output file
-+
-+
-+.SH SEE ALSO
-+.B load_policy(8), semodule_package(8), semodule(8), semodule_expand(8)
-+(8),
-+.SH AUTHORS
-+.nf
-+This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+The program was written by Karl MacMillan <kmacmillan at tresys.com>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_package/Makefile policycoreutils-1.27.31/semodule_package/Makefile
---- nsapolicycoreutils/semodule_package/Makefile 2005-10-12 15:25:33.000000000 -0400
-+++ policycoreutils-1.27.31/semodule_package/Makefile 2005-11-30 14:31:26.000000000 -0500
-@@ -3,6 +3,7 @@
- INCLUDEDIR ?= $(PREFIX)/include
- BINDIR ?= $(PREFIX)/bin
- LIBDIR ?= ${PREFIX}/lib
-+MANDIR ?= $(PREFIX)/share/man
-
- CFLAGS ?= -Werror -Wall -W
- override CFLAGS += -I$(INCLUDEDIR)
-@@ -15,6 +16,8 @@
- install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_package $(BINDIR)
-+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
-+ install -m 644 semodule_package.8 $(MANDIR)/man8/
-
- relabel:
+--- nsapolicycoreutils/scripts/genhomedircon 2005-12-01 14:18:40.000000000 -0500
++++ policycoreutils-1.27.31/scripts/genhomedircon 2005-11-30 20:19:55.000000000 -0500
+@@ -133,7 +133,7 @@
+ if rc[0] == 0:
+ return rc[1]+"\n"
+ else:
+- errorExit(string.join("sed error ", rc[1]))
++ errorExit("sed error %s" % rc[1])
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semodule_package/semodule_package.8 policycoreutils-1.27.31/semodule_package/semodule_package.8
---- nsapolicycoreutils/semodule_package/semodule_package.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.27.31/semodule_package/semodule_package.8 2005-11-30 14:31:26.000000000 -0500
-@@ -0,0 +1,29 @@
-+.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
-+.SH NAME
-+semodule_package \- Create loadable policy modules.
-+
-+.SH SYNOPSIS
-+.B semodule_package -o <output file> -m <module> [-f <file contexts>]
-+.br
-+.SH DESCRIPTION
-+.PP
-+semodule_package is the tool used to create a policy file from a base policy module. Tool takes to arguments: The name of the base policy package (usually base.pp) and the name of the policy output file (policy.20).
-+
-+.SH "OPTIONS"
-+.TP
-+.B \-o \-\-outfile <output file>
-+Loadable package Output file
-+.TP
-+.B \-m \-\-module <Module file>
-+Module file (te file)
-+.TP
-+.B \-f \-\-fc <File context file>
-+Policy File contexts file
-+
-+.SH SEE ALSO
-+.B load_policy(8), semodule(8), semodule_expand(8), semodule_link(8)
-+(8),
-+.SH AUTHORS
-+.nf
-+This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+The program was written by Karl MacMillan <kmacmillan at tresys.com>
+ def heading(self):
+ ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
+@@ -329,8 +329,8 @@
+ selconf.write()
+
+ except getopt.error, error:
+- errorExit(string.join("Options Error ", error))
++ errorExit("Options Error %s " % error)
+ except ValueError, error:
+- errorExit(string.join("ValueError ", error))
++ errorExit("ValueError %s" % error)
+ except IndexError, error:
+ errorExit("IndexError")
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.182
retrieving revision 1.183
diff -u -r1.182 -r1.183
--- policycoreutils.spec 30 Nov 2005 19:32:20 -0000 1.182
+++ policycoreutils.spec 2 Dec 2005 12:25:31 -0000 1.183
@@ -1,16 +1,16 @@
%define libsepolver 1.9.41-1
%define libsemanagever 1.3.61-1
+%define libselinuxver 1.27.28-1
Summary: SELinux policy core utilities.
Name: policycoreutils
-Version: 1.27.31
+Version: 1.27.33
Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
Patch: policycoreutils-rhat.patch
-BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever}
-
+BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}
PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff
Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python
BuildRoot: %{_tmppath}/%{name}-buildroot
@@ -95,6 +95,14 @@
%changelog
+* Thu Dec 1 2005 Dan Walsh <dwalsh at redhat.com> 1.27.31-1
+- Update to match NSA
+ * Merged audit2allow --tefile and --fcfile support from Dan Walsh.
+ * Merged genhomedircon fix from Dan Walsh.
+ * Merged semodule* man pages from Dan Walsh, and edited them.
+ * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
+ retain validation/canonicalization of contexts during init.
+
* Wed Nov 30 2005 Dan Walsh <dwalsh at redhat.com> 1.27.31-1
- Update to match NSA
* Changed genhomedircon to always use user_r for the role in the
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/sources,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- sources 30 Nov 2005 19:32:33 -0000 1.87
+++ sources 2 Dec 2005 12:25:31 -0000 1.88
@@ -1 +1 @@
-baf3d49d7f7b8805aa8bb7b465f54f76 policycoreutils-1.27.31.tgz
+d302f9dbd0c9555cdfbfa7629c4c28a9 policycoreutils-1.27.33.tgz
- Previous message (by thread): rpms/squid/devel squid-2.5.STABLE12-fd-config.patch, NONE, 1.1 squid.spec, 1.48, 1.49
- Next message (by thread): rpms/diffstat/devel .cvsignore, 1.5, 1.6 diffstat.spec, 1.13, 1.14 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list