rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.129, 1.130 policycoreutils.spec, 1.192, 1.193
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Dec 9 23:23:06 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8890
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Thu Dec 8 2005 Dan Walsh <dwalsh at redhat.com> 1.29.1-2
- More fixes to chcat
policycoreutils-rhat.patch:
chcat | 178 ++++++++++++++++++++++++++++++++++++------------------------------
1 files changed, 99 insertions(+), 79 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.129
retrieving revision 1.130
diff -u -r1.129 -r1.130
--- policycoreutils-rhat.patch 8 Dec 2005 16:33:16 -0000 1.129
+++ policycoreutils-rhat.patch 9 Dec 2005 23:23:03 -0000 1.130
@@ -1,308 +1,232 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.28/audit2allow/audit2allow
---- nsapolicycoreutils/audit2allow/audit2allow 2005-12-01 10:11:27.000000000 -0500
-+++ policycoreutils-1.28/audit2allow/audit2allow 2005-12-07 15:30:48.000000000 -0500
-@@ -355,7 +355,7 @@
- 'lastreload',
- 'module=',
- 'output=',
-- 'requires'
-+ 'requires',
- 'tefile',
- 'verbose'
- ])
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.28/restorecon/restorecon.8
---- nsapolicycoreutils/restorecon/restorecon.8 2005-02-02 13:31:48.000000000 -0500
-+++ policycoreutils-1.28/restorecon/restorecon.8 2005-12-07 15:32:14.000000000 -0500
-@@ -29,7 +29,7 @@
- .B \-e directory
- directory to exclude (repeat option for more than one directory.)
- .TP
--.B \-R
-+.B \-R \-r
- change files and directories file labels recursively
- .TP
- .B \-n
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.28/restorecon/restorecon.c
---- nsapolicycoreutils/restorecon/restorecon.c 2005-09-20 14:13:05.000000000 -0400
-+++ policycoreutils-1.28/restorecon/restorecon.c 2005-12-07 15:31:40.000000000 -0500
-@@ -112,7 +112,7 @@
- void usage(const char * const name)
- {
- fprintf(stderr,
-- "usage: %s [-Rnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", name);
-+ "usage: %s [-rRnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", name);
- exit(1);
- }
- int restore(char *filename) {
-@@ -271,11 +271,12 @@
-
- memset(buf,0, sizeof(buf));
-
-- while ((opt = getopt(argc, argv, "FRnvf:o:e:")) > 0) {
-+ while ((opt = getopt(argc, argv, "FrRnvf:o:e:")) > 0) {
- switch (opt) {
- case 'n':
- change = 0;
- break;
-+ case 'r':
- case 'R':
- recurse = 1;
- break;
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.28/scripts/chcat
---- nsapolicycoreutils/scripts/chcat 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.28/scripts/chcat 2005-12-08 11:31:57.000000000 -0500
-@@ -0,0 +1,191 @@
-+#! /usr/bin/env python
-+# Copyright (C) 2005 Red Hat
-+# see file 'COPYING' for use and warranty information
-+#
-+# chcat is a script that allows you modify the Security label on a file
-+#
-+#` Author: Daniel Walsh <dwalsh at redhat.com>
-+#
-+# This program is free software; you can redistribute it and/or
-+# modify it under the terms of the GNU General Public License as
-+# published by the Free Software Foundation; either version 2 of
-+# the License, or (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-+# 02111-1307 USA
-+#
-+#
-+import commands, sys, os, pwd, string, getopt, re, selinux
-+
-+def chcat_add(orig, newcat, files):
-+ errors=0
-+ cmd='chcon -l '
-+ if len(newcat) > 1:
-+ sensitivity=newcat[0]
-+ cat=newcat[1]
-+ else:
-+ sensitivity=0
-+ cat=newcat[0]
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.1/scripts/chcat
+--- nsapolicycoreutils/scripts/chcat 2005-12-08 12:52:47.000000000 -0500
++++ policycoreutils-1.29.1/scripts/chcat 2005-12-09 18:20:29.000000000 -0500
+@@ -25,26 +25,20 @@
+ import commands, sys, os, pwd, string, getopt, re, selinux
+
+ def chcat_add(orig, newcat, files):
++ if len(newcat) == 1:
++ raise ValueError("Requires at least one category")
+ errors=0
+- cmd='chcon -l '
+- if len(newcat) > 1:
+- sensitivity=newcat[0]
+- cat=newcat[1]
+- else:
+- sensitivity=0
+- cat=newcat[0]
+-
+-
++ sensitivity=newcat[0]
++ cat=newcat[1]
++ cmd='chcon -l %s' % sensitivity
+ for f in files:
+- (rc, con) = selinux.getfilecon(f)
+- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
+- clist=raw.split(":")[3:]
+- if sensitivity == 0:
+- sensitivity = clist[0]
+- if len(clist) > 1:
+- if clist[0] != sensitivity:
++ (rc, c) = selinux.getfilecon(f)
++ con=c.split(":")[3:]
++ clist = translate(con)
++ if sensitivity != clist[0]:
+ print("Can not modify sensitivity levels using '+' on %s" % f)
+- continue
+
-+
-+ for f in files:
-+ (rc, con) = selinux.getfilecon(f)
-+ (rc, raw) = selinux.selinux_trans_to_raw_context(con)
-+ clist=raw.split(":")[3:]
-+ if sensitivity == 0:
-+ sensitivity = clist[0]
+ if len(clist) > 1:
-+ if clist[0] != sensitivity:
-+ print("Can not modify sensitivity levels using '+' on %s" % f)
-+ continue
-+ cats=clist[1].split(",")
-+ if cat in cats:
-+ print "%s is already in %s" % (f, orig)
-+ continue
-+ cats.append(cat)
-+ cats.sort()
-+ cat_string=cats[0]
-+ for c in cats[1:]:
-+ cat_string="%s,%s" % (cat_string, c)
+ cats=clist[1].split(",")
+ if cat in cats:
+ print "%s is already in %s" % (f, orig)
+@@ -64,23 +58,21 @@
+ return errors
+
+ def chcat_remove(orig, newcat, files):
++ if len(newcat) == 1:
++ raise ValueError("Requires at least one category")
+ errors=0
+- if len(newcat) > 1:
+- sensitivity=newcat[0]
+- cat=newcat[1]
+- else:
+- sensitivity=0
+- cat=newcat[0]
++ sensitivity=newcat[0]
++ cat=newcat[1]
++
+ for f in files:
+- (rc, con) = selinux.getfilecon(f)
+- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
+- clist=raw.split(":")[3:]
+- if sensitivity == 0:
+- sensitivity = clist[0]
+- if len(clist) > 1:
+- if clist[0] != sensitivity:
++ (rc, c) = selinux.getfilecon(f)
++ con=c.split(":")[3:]
++ clist = translate(con)
++ if sensitivity != clist[0]:
+ print("Can not modify sensitivity levels using '+' on %s" % f)
+ continue
++
++ if len(clist) > 1:
+ cats=clist[1].split(",")
+ if cat not in cats:
+ print "%s is not in %s" % (f, orig)
+@@ -108,51 +100,69 @@
+
+ def chcat_replace(orig, newcat, files):
+ errors=0
+- if len(newcat) > 1:
++ if len(newcat) == 1:
++ if newcat[0][0] == "s" and newcat[0][1:].isdigit() and int(newcat[0][1:]) in range(0,16):
++ sensitivity=newcat[0]
++ cmd='chcon -l %s ' % newcat[0]
+ else:
-+ cat_string=cat
-+ cmd='chcon -l %s:%s %s' % (sensitivity, cat_string, f)
-+ rc=commands.getstatusoutput(cmd)
-+ if rc[0] != 0:
-+ print rc[1]
-+ errors+=1
-+ return errors
-+
-+def chcat_remove(orig, newcat, files):
-+ errors=0
-+ if len(newcat) > 1:
-+ sensitivity=newcat[0]
-+ cat=newcat[1]
++ cmd='chcon -l s0:%s ' % newcat[0]
+ else:
-+ sensitivity=0
-+ cat=newcat[0]
+ sensitivity=newcat[0]
+ cat=newcat[1]
+ cmd='chcon -l %s:%s ' % (sensitivity, cat)
+- for f in files:
+- cmd = "%s %s" % (cmd, f)
+-
+- rc=commands.getstatusoutput(cmd)
+- if rc[0] != 0:
+- print rc[1]
+- errors += 1
+- else:
+- cat=newcat[0]
+- for f in files:
+- (rc, con) = selinux.getfilecon(f)
+- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
+- clist=raw.split(":")[3:]
+- sensitivity=clist[0]
+- cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
+- rc=commands.getstatusoutput(cmd)
+- if rc[0] != 0:
+- print rc[1]
+- errors+=1
+
+ for f in files:
-+ (rc, con) = selinux.getfilecon(f)
-+ (rc, raw) = selinux.selinux_trans_to_raw_context(con)
-+ clist=raw.split(":")[3:]
-+ if sensitivity == 0:
-+ sensitivity = clist[0]
-+ if len(clist) > 1:
-+ if clist[0] != sensitivity:
-+ print("Can not modify sensitivity levels using '+' on %s" % f)
-+ continue
-+ cats=clist[1].split(",")
-+ if cat not in cats:
-+ print "%s is not in %s" % (f, orig)
-+ continue
-+ cats.remove(cat)
-+ if len(cats) > 0:
-+ cat=cats[0]
-+ for c in cats[1:]:
-+ cat="%s,%s" % (cat, c)
-+ else:
-+ cat=""
++ cmd = "%s %s" % (cmd, f)
++ rc=commands.getstatusoutput(cmd)
++ if rc[0] != 0:
++ print rc[1]
++ errors += 1
++
+ return errors
+
+-def chcat(cats, files):
+- errors=0
++def check_replace(cats):
++ plus_ind=0
++ replace_ind=0
+ for c in cats:
+- if len(c) > 0 and c[0] == "+":
+- (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
+- rlist=raw.split(":")
+- errors += chcat_add(c[1:], rlist[3:], files)
+- continue
+- if len(c) > 0 and c[0] == "-":
+- (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
+- rlist=raw.split(":")
+- errors += chcat_remove(c[1:], rlist[3:], files)
+- continue
++ if len(c) > 0 and ( c[0] == "+" or c[0] == "-" ):
++ if replace_ind:
++ raise ValueError("Can not combine +/- with other types of categories")
++ plus_ind=1
+ else:
-+ print "%s is not in %s" % (f, orig)
-+ continue
-+
-+ if len(cat) == 0:
-+ cmd='chcon -l %s %s' % (sensitivity, f)
++ replace_ind=1
++ if plus_ind:
++ raise ValueError("Can not combine +/- with other types of categories")
++ return replace_ind
+
++def translate(cats):
++ newcat=[]
++ for c in cats:
+ (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c)
+- rlist=raw.split(":")
+- errors += chcat_replace(c[1:], rlist[3:], files)
+-
+- return errors
++ rlist=raw.split(":")[3:]
++ if len(rlist) > 1:
++ if len(newcat) == 0:
++ newcat.append(rlist[0])
++ else:
++ if newcat[0] != rlist[0]:
++ raise ValueError("Can not have multiple sensitivities")
++ newcat.append(rlist[1])
+ else:
-+ cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
-+ rc=commands.getstatusoutput(cmd)
-+ if rc[0] != 0:
-+ print rc[1]
-+ errors+=1
-+ return errors
-+
-+def chcat(context, files):
-+ errors=0
-+ for c in context:
-+ if len(c) > 0 and c[0] == "+":
-+ (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
-+ rlist=raw.split(":")
-+ errors += chcat_add(c[1:], rlist[3:], files)
-+ continue
-+ if len(c) > 0 and c[0] == "-":
-+ (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
-+ rlist=raw.split(":")
-+ errors += chcat_remove(c[1:], rlist[3:], files)
-+ continue
-+
-+ cmd='chcon -l "%s"' % c
-+ for f in files:
-+ cmd = "%s %s" % (cmd, f)
++ if rlist[0][0] == "s" and rlist[0][1:].isdigit() and int(rlist[0][1:]) in range(0,16):
+
-+ rc=commands.getstatusoutput(cmd)
-+ if rc[0] != 0:
-+ print rc[1]
-+ errors += 1
-+ return errors
-+
-+def usage():
-+ print "Usage %s CATEGORY File ..." % sys.argv[0]
-+ print "Usage %s [[+|-]CATEGORY],...]q File ..." % sys.argv[0]
-+ print "Usage %s -d File ..." % sys.argv[0]
-+ print "Use -- to end option list. For example"
-+ print "chcat -- -CompanyConfidential /docs/businessplan.odt."
-+ sys.exit(1)
-+
-+def error(msg):
-+ print "%s: %s" % (sys.argv[0], msg)
-+ sys.exit(1)
-+
-+if __name__ == '__main__':
-+ if selinux.is_selinux_mls_enabled() != 1:
-+ error("Requires a mls enabled system")
-+
-+ if selinux.is_selinux_enabled() != 1:
-+ error("Requires an SELinux enabled system")
-+
-+ delete_ind=0
-+ try:
-+ gopts, cmds = getopt.getopt(sys.argv[1:],
-+ 'dh',
-+ ['help',
-+ 'delete'])
-+
-+ for o,a in gopts:
-+ if o == "-h" or o == "--help":
-+ usage()
-+ if o == "-d" or o == "--delete":
-+ delete_ind=1
-+
-+ if len(cmds) < 1:
-+ usage()
-+ except:
-+ usage()
-+ if delete_ind:
-+ sys.exit(chcat([""], cmds))
-+
-+ if len(cmds) < 2:
-+ usage()
-+
++ if len(newcat) == 0:
++ newcat.append(rlist[0])
++ else:
++ if newcat[0] != rlist[0]:
++ raise ValueError("Can not have multiple sensitivities")
++ else:
++ if len(newcat) == 0:
++ newcat.append("s0")
++ else:
++ if newcat[0] != "s0":
++ raise ValueError("Can not have multiple sensitivities")
++ newcat.append(rlist[0])
++
++ return newcat
+
+ def usage():
+ print "Usage %s CATEGORY File ..." % sys.argv[0]
+@@ -190,26 +200,36 @@
+ usage()
+ except:
+ usage()
++
+ if delete_ind:
+- sys.exit(chcat([""], cmds))
++ sys.exit(chcat_replace(["s0"], ["s0"], cmds))
++
+
+ if len(cmds) < 2:
+ usage()
+
+- cats=cmds[0].split(",")
+ set_ind=0
+ cats=cmds[0].split(",")
-+ set_ind=0
-+ mod_ind=0
-+ for i in cats:
-+ if i[0]=='+' or i[0]=="-":
-+ mod_ind=1
-+ if set_ind == 1:
-+ error("You can not use '%s' with previous categories" % i)
+ mod_ind=0
+- for i in cats:
+- if i[0]=='+' or i[0]=="-":
+- mod_ind=1
+- if set_ind == 1:
+- error("You can not use '%s' with previous categories" % i)
+- else:
+- if mod_ind == 1 or set_ind==1:
+- error("You can not use '%s' with previous categories" % i)
+- set_ind=1
+-
++ errors=0
+ files=cmds[1:]
+- sys.exit(chcat(cats, files))
++ try:
++ if check_replace(cats):
++ errors=chcat_replace(cats,translate(cats), files)
+ else:
-+ if mod_ind == 1 or set_ind==1:
-+ error("You can not use '%s' with previous categories" % i)
-+ set_ind=1
-+
-+ files=cmds[1:]
-+ sys.exit(chcat(cats, files))
-+
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.28/scripts/chcat.8
---- nsapolicycoreutils/scripts/chcat.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.28/scripts/chcat.8 2005-12-07 15:30:48.000000000 -0500
-@@ -0,0 +1,29 @@
-+.TH CHCAT "8" "September 2005" "chcat" "User Commands"
-+.SH NAME
-+chcat \- change file security category
-+.SH SYNOPSIS
-+.B chcat
-+\fICATEGORY FILE\fR...
-+.br
-+.B chcat
-+\fI[[+|-]CATEGORY],...] FILE\fR...
-+.br
-+.B chcat
-+[\fI-d\fR] \fIFILE\fR...
-+.br
-+.PP
-+Change/Remove the security CATEGORY for each FILE.
-+.PP
-+Use +/- to add/remove categories from a FILE.
-+.TP
-+\fB\-d\fR
-+delete the category from each file.
-+.SH "SEE ALSO"
-+.TP
-+chcon(1), selinux(8)
-+.PP
-+.br
-+This script wraps the chcon command.
-+.SH "FILES"
-+/etc/selinux/{SELINUXTYPE}/setrans.conf
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-1.28/scripts/Makefile
---- nsapolicycoreutils/scripts/Makefile 2005-01-28 15:24:12.000000000 -0500
-+++ policycoreutils-1.28/scripts/Makefile 2005-12-07 15:30:48.000000000 -0500
-@@ -1,20 +1,23 @@
- # Installation directories.
- PREFIX ?= ${DESTDIR}/usr
--BINDIR ?= $(PREFIX)/sbin
-+BINDIR ?= $(PREFIX)/bin
-+SBINDIR ?= $(PREFIX)/sbin
- MANDIR ?= $(PREFIX)/share/man
- LOCALEDIR ?= /usr/share/locale
-
--TARGETS=genhomedircon
-+TARGETS=genhomedircon
-
- all: $(TARGETS) fixfiles
-
- install: all
- -mkdir -p $(BINDIR)
-- install -m 755 $(TARGETS) $(BINDIR)
-+ install -m 755 $(TARGETS) $(SBINDIR)
-+ install -m 755 chcat $(BINDIR)
- install -m 755 fixfiles $(DESTDIR)/sbin
- -mkdir -p $(MANDIR)/man8
- install -m 644 fixfiles.8 $(MANDIR)/man8/
- install -m 644 genhomedircon.8 $(MANDIR)/man8/
-+ install -m 644 chcat.8 $(MANDIR)/man8/
++ for c in cats:
++ l=[]
++ l.append(c[1:])
++ if len(c) > 0 and c[0] == "+":
++ errors += chcat_add(c[1:],translate(l), files)
++ continue
++ if len(c) > 0 and c[0] == "-":
++ errors += chcat_remove(c[1:],translate(l), files)
++ continue
++ except ValueError, e:
++ error(e)
++
++ sys.exit(errors)
++
- clean:
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.192
retrieving revision 1.193
diff -u -r1.192 -r1.193
--- policycoreutils.spec 9 Dec 2005 22:42:45 -0000 1.192
+++ policycoreutils.spec 9 Dec 2005 23:23:03 -0000 1.193
@@ -4,11 +4,11 @@
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.29.1
-Release: 1.1
+Release: 2
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
-#Patch: policycoreutils-rhat.patch
+Patch: policycoreutils-rhat.patch
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}
PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff
@@ -34,7 +34,7 @@
%prep
%setup -q
-#%patch -p1 -b .rhat
+%patch -p1 -b .rhat
%build
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all
@@ -96,6 +96,9 @@
%config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog
+* Thu Dec 8 2005 Dan Walsh <dwalsh at redhat.com> 1.29.1-2
+- More fixes to chcat
+
* Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
- rebuilt
More information about the fedora-cvs-commits
mailing list