rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.131, 1.132 policycoreutils.spec, 1.197, 1.198
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Dec 19 23:22:13 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv31857
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Wed Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 1.29.2-3
- Remove commands from genhomedircon for installer
policycoreutils-rhat.patch:
genhomedircon | 236 +++++++++++++++++++++++++++++++---------------------------
1 files changed, 127 insertions(+), 109 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.131
retrieving revision 1.132
diff -u -r1.131 -r1.132
--- policycoreutils-rhat.patch 14 Dec 2005 20:34:32 -0000 1.131
+++ policycoreutils-rhat.patch 19 Dec 2005 23:22:09 -0000 1.132
@@ -1,8 +1,12 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.1/scripts/genhomedircon
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2005-12-07 07:28:00.000000000 -0500
-+++ policycoreutils-1.29.1/scripts/genhomedircon 2005-12-14 14:12:00.000000000 -0500
-@@ -29,11 +29,14 @@
- import commands, sys, os, pwd, string, getopt, re
++++ policycoreutils-1.29.2/scripts/genhomedircon 2005-12-19 18:17:05.000000000 -0500
+@@ -26,64 +26,70 @@
+ #
+ #
+
+-import commands, sys, os, pwd, string, getopt, re
++import sys, os, pwd, string, getopt, re
from semanage import *;
-fd=open("/etc/shells", 'r')
@@ -18,10 +22,134 @@
+ VALID_SHELLS.remove("/sbin/nologin")
+except:
+ VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']
++
++def findval(file, var, delim=""):
++ val=""
++ fd=open(file, 'r')
++ for i in fd.read().split('\n'):
++ if i.startswith(var) == 1:
++ if delim == "":
++ val = i.split()[1]
++ else:
++ val = i.split(delim)[1]
++ val = val.split("#")[0]
++ val = val.strip()
++ fd.close()
++ return val
def getStartingUID():
starting_uid = sys.maxint
-@@ -163,21 +166,29 @@
+- rc=commands.getstatusoutput("grep -h '^UID_MIN' /etc/login.defs")
+- if rc[0] == 0:
+- uid_min = re.sub("^UID_MIN[^0-9]*", "", rc[1])
+- #stip any comment from the end of the line
++ uid_min= findval("/etc/login.defs", "UID_MIN")
++ if uid_min != "":
+ uid_min = uid_min.split("#")[0]
+ uid_min = uid_min.strip()
+ if int(uid_min) < starting_uid:
+ starting_uid = int(uid_min)
+- rc=commands.getstatusoutput("grep -h '^LU_UIDNUMBER' /etc/libuser.conf")
+- if rc[0] == 0:
+- lu_uidnumber = re.sub("^LU_UIDNUMBER[^0-9]*", "", rc[1])
+- #stip any comment from the end of the line
+- lu_uidnumber = re.sub("[ \t].*", "", lu_uidnumber)
+- lu_uidnumber = lu_uidnumber.split("#")[0]
+- lu_uidnumber = lu_uidnumber.strip()
+- if int(lu_uidnumber) < starting_uid:
+- starting_uid = int(lu_uidnumber)
++
++ uid_min= findval("/etc/libuser.conf", "LU_UIDNUMBER", "=")
++ if uid_min != "":
++ uid_min = uid_min.split("#")[0]
++ uid_min = uid_min.strip()
++ if int(uid_min) < starting_uid:
++ starting_uid = int(uid_min)
++
+ if starting_uid == sys.maxint:
+ starting_uid = 500
+ return starting_uid
+
+ def getDefaultHomeDir():
+ ret = []
+- rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd")
+- if rc[0] == 0:
+- homedir = rc[1].split("=")[1]
+- homedir = homedir.split("#")[0]
+- homedir = homedir.strip()
+- if not homedir in ret:
+- ret.append(homedir)
+-
+- rc=commands.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf")
+- if rc[0] == 0:
+- homedir = rc[1].split("=")[1]
+- homedir = homedir.split("#")[0]
+- homedir = homedir.strip()
+- if not homedir in ret:
+- ret.append(homedir)
+-
++ homedir=findval("/etc/default/useradd", "HOME", "=")
++ if homedir != "" and not homedir in ret:
++ ret.append(homedir)
++
++ homedir=findval("/etc/libuser.conf", "LU_HOMEDIRECTORY", "=")
++ if homedir != "" and not homedir in ret:
++ ret.append(homedir)
++
+ if ret == []:
+ ret.append("/home")
+ return ret
+
+ def getSELinuxType(directory):
+- rc=commands.getstatusoutput("grep ^SELINUXTYPE= %s/config" % directory)
+- if rc[0]==0:
+- return rc[1].split("=")[-1].strip()
++ val=findval(directory+"/config", "SELINUXTYPE", "=")
++ if val != "":
++ return val
+ return "targeted"
+
+ def usage(error = ""):
+@@ -129,11 +135,17 @@
+ return self.getFileContextDir()+"/homedir_template"
+
+ def getHomeRootContext(self, homedir):
+- rc=commands.getstatusoutput("grep HOME_ROOT %s | sed -e \"s|^HOME_ROOT|%s|\"" % ( self.getHomeDirTemplate(), homedir))
+- if rc[0] == 0:
+- return rc[1]+"\n"
+- else:
+- errorExit("sed error %s" % rc[1])
++ ret=""
++ fd=open(self.getHomeDirTemplate(), 'r')
++
++ for i in fd.read().split('\n'):
++ if i.find("HOME_ROOT") == 0:
++ i=i.replace("HOME_ROOT", homedir)
++ ret = i+"\n"
++ fd.close()
++ if ret=="":
++ errorExit("No Home Root Context Found")
++ return ret
+
+ def heading(self):
+ ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
+@@ -152,32 +164,40 @@
+ return "user_r"
+ return name
+ def getOldRole(self, role):
+- rc = commands.getstatusoutput('grep "^user %s" %s' % (role, self.selinuxdir+self.type+"/users/system.users"))
+- if rc[0] != 0:
+- rc = commands.getstatusoutput('grep "^user %s" %s' % (role, self.selinuxdir+self.type+"/users/local.users"))
+- if rc[0] == 0:
+- user=rc[1].split()
++ rc=findval(self.selinuxdir+self.type+"/users/system.users", 'grep "^user %s" %s' % role, "=")
++ if rc == "":
++ rc=findval(self.selinuxdir+self.type+"/users/local.users", 'grep "^user %s" %s' % role, "=")
++ if rc != "":
++ user=rc.split()
+ role = user[3]
+ if role == "{":
+ role = user[4]
return role
def adduser(self, udict, user, seuser, role):
@@ -62,3 +190,136 @@
def getUsers(self):
udict = {}
+@@ -190,30 +210,45 @@
+ self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.defaultrole(seusername))
+
+ else:
+- rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.selinuxdir+self.type+"/seusers")
+- if rc[0] == 0 and rc[1] != "":
+- ulist = rc[1].split("\n")
+- for u in ulist:
+- if len(u)==0:
+- continue
+- user = u.split(":")
+- if len(user) < 3:
+- continue
+- role=self.getOldRole(user[1])
+- self.adduser(udict, user[0], user[1], role)
++ fd =open(self.selinuxdir+self.type+"/seusers")
++ for u in fd.read().split('\n'):
++ u=u.strip()
++ if len(u)==0 or u[0]=="#":
++ continue
++ user = u.split(":")
++ if len(user) < 3:
++ continue
++ role=self.getOldRole(user[1])
++ self.adduser(udict, user[0], user[1], role)
++ fd.close()
+ return udict
+
+ def getHomeDirContext(self, user, home, role):
+ ret="\n\n#\n# Home Context for user %s\n#\n\n" % user
+- rc=commands.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user))
+- return ret + rc[1] + "\n"
++ fd=open(self.getHomeDirTemplate(), 'r')
++ for i in fd.read().split('\n'):
++ if i.startswith("HOME_DIR") == 1:
++ i=i.replace("HOME_DIR", home)
++ i=i.replace("ROLE", role)
++ i=i.replace("system_u", user)
++ ret = ret+i+"\n"
++ fd.close()
++ return ret
+
+ def getUserContext(self, user, sel_user, role):
+- rc=commands.getstatusoutput("grep 'USER' %s | sed -e 's/USER/%s/' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), user, role, sel_user))
+- return rc[1] + "\n"
++ ret=""
++ fd=open(self.getHomeDirTemplate(), 'r')
++ for i in fd.read().split('\n'):
++ if i.find("USER") == 1:
++ i=i.replace("USER", user)
++ i=i.replace("ROLE", role)
++ i=i.replace("system_u", sel_user)
++ ret=ret+i+"\n"
++ fd.close()
++ return ret
+
+ def genHomeDirContext(self):
+- if commands.getstatusoutput("grep -q 'ROLE' %s" % self.getHomeDirTemplate())[0] == 0 and self.semanaged:
++ if self.semanaged and findval(self.getHomeDirTemplate(), "ROLE", "=") != "":
+ warning("genhomedircon: Warning! No support yet for expanding ROLE macros in the %s file when using libsemanage." % self.getHomeDirTemplate());
+ warning("genhomedircon: You must manually update file_contexts.homedirs for any non-user_r users (including root).");
+ users = self.getUsers()
+@@ -225,40 +260,23 @@
+ return ret+"\n"
+
+ def checkExists(self, home):
+- if commands.getstatusoutput("grep -E '^%s[^[:alnum:]_-]' %s" % (home, self.getFileContextFile()))[0] == 0:
+- return 0
+- #this works by grepping the file_contexts for
+- # 1. ^/ makes sure this is not a comment
+- # 2. prints only the regex in the first column first cut on \t then on space
+- rc=commands.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " % self.getFileContextFile() )
+- if rc[0] == 0:
+- prefix_regex = rc[1].split("\n")
+- else:
+- warning("%s\nYou do not have access to read %s\n" % (rc[1], self.getFileContextFile()))
+-
+- exists=1
+- for regex in prefix_regex:
+- #match a trailing (/*)? which is actually a bug in rpc_pipefs
+- regex = re.sub("\(/\*\)\?$", "", regex)
+- #match a trailing .+
+- regex = re.sub("\.+$", "", regex)
+- #match a trailing .*
+- regex = re.sub("\.\*$", "", regex)
+- #strip a (/.*)? which matches anything trailing to a /*$ which matches trailing /'s
+- regex = re.sub("\(\/\.\*\)\?", "", regex)
+- regex = regex + "/*$"
+- if re.search(regex, home, 0):
+- exists = 0
+- break
+- if exists == 1:
+- return 1
+- else:
+- return 0
+-
++ fd=open(self.getFileContextFile())
++ for i in fd.read().split('\n'):
++ if len(i)==0:
++ return
++ regex=i.split()[0]
++ #match a trailing .+
++ regex = re.sub("\.+$", "", regex)
++ regex = re.sub("\.\*$", "", regex)
++ #strip a (/.*)? which matches anything trailing to a /*$ which matches trailing /'s
++ regex = re.sub("\(\/\.\*\)\?", "", regex)
++ regex = regex + "/*$"
++ if re.search(home, regex, 0):
++ return 1
++ return 0
+
+ def getHomeDirs(self):
+- homedirs = []
+- homedirs = homedirs + getDefaultHomeDir()
++ homedirs = getDefaultHomeDir()
+ starting_uid=getStartingUID()
+ if self.usepwd==0:
+ return homedirs
+@@ -270,7 +288,7 @@
+ string.count(u[5], "/") > 1:
+ homedir = u[5][:string.rfind(u[5], "/")]
+ if not homedir in homedirs:
+- if self.checkExists(homedir)==0:
++ if self.checkExists(homedir)==1:
+ warning("%s homedir %s or its parent directoy conflicts with a\ndefined context in %s,\n%s will not create a new context." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))
+ else:
+ homedirs.append(homedir)
+@@ -336,4 +354,4 @@
+ except ValueError, error:
+ errorExit("ValueError %s" % error)
+ except IndexError, error:
+- errorExit("IndexError")
++ errorExit("IndexError %s" % error)
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.197
retrieving revision 1.198
diff -u -r1.197 -r1.198
--- policycoreutils.spec 16 Dec 2005 14:28:16 -0000 1.197
+++ policycoreutils.spec 19 Dec 2005 23:22:09 -0000 1.198
@@ -4,7 +4,7 @@
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.29.2
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -96,6 +96,9 @@
%config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog
+* Wed Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 1.29.2-3
+- Remove commands from genhomedircon for installer
+
* Wed Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 1.29.2-1
- Fix genhomedircon to work in installer
- Update to match NSA
More information about the fedora-cvs-commits
mailing list