rpms/policycoreutils/devel .cvsignore, 1.90, 1.91 policycoreutils-rhat.patch, 1.130, 1.131 policycoreutils.spec, 1.195, 1.196 sources, 1.94, 1.95
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Dec 14 20:34:35 UTC 2005
- Previous message (by thread): rpms/control-center/devel .cvsignore, 1.29, 1.30 control-center.spec, 1.103, 1.104 sources, 1.32, 1.33
- Next message (by thread): rpms/eog/devel .cvsignore, 1.21, 1.22 eog.spec, 1.32, 1.33 sources, 1.21, 1.22
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1631
Modified Files:
.cvsignore policycoreutils-rhat.patch policycoreutils.spec
sources
Log Message:
* Wed Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 1.29.2-1
- Fix genhomedircon to work in installer
- Update to match NSA
* Merged patch for chcat script from Dan Walsh.
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- .cvsignore 8 Dec 2005 18:01:36 -0000 1.90
+++ .cvsignore 14 Dec 2005 20:34:32 -0000 1.91
@@ -75,3 +75,4 @@
policycoreutils-1.27.37.tgz
policycoreutils-1.28.tgz
policycoreutils-1.29.1.tgz
+policycoreutils-1.29.2.tgz
policycoreutils-rhat.patch:
genhomedircon | 43 +++++++++++++++++++++++++++----------------
1 files changed, 27 insertions(+), 16 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.130
retrieving revision 1.131
diff -u -r1.130 -r1.131
--- policycoreutils-rhat.patch 9 Dec 2005 23:23:03 -0000 1.130
+++ policycoreutils-rhat.patch 14 Dec 2005 20:34:32 -0000 1.131
@@ -1,232 +1,64 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.1/scripts/chcat
---- nsapolicycoreutils/scripts/chcat 2005-12-08 12:52:47.000000000 -0500
-+++ policycoreutils-1.29.1/scripts/chcat 2005-12-09 18:20:29.000000000 -0500
-@@ -25,26 +25,20 @@
- import commands, sys, os, pwd, string, getopt, re, selinux
-
- def chcat_add(orig, newcat, files):
-+ if len(newcat) == 1:
-+ raise ValueError("Requires at least one category")
- errors=0
-- cmd='chcon -l '
-- if len(newcat) > 1:
-- sensitivity=newcat[0]
-- cat=newcat[1]
-- else:
-- sensitivity=0
-- cat=newcat[0]
--
--
-+ sensitivity=newcat[0]
-+ cat=newcat[1]
-+ cmd='chcon -l %s' % sensitivity
- for f in files:
-- (rc, con) = selinux.getfilecon(f)
-- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
-- clist=raw.split(":")[3:]
-- if sensitivity == 0:
-- sensitivity = clist[0]
-- if len(clist) > 1:
-- if clist[0] != sensitivity:
-+ (rc, c) = selinux.getfilecon(f)
-+ con=c.split(":")[3:]
-+ clist = translate(con)
-+ if sensitivity != clist[0]:
- print("Can not modify sensitivity levels using '+' on %s" % f)
-- continue
-+
-+ if len(clist) > 1:
- cats=clist[1].split(",")
- if cat in cats:
- print "%s is already in %s" % (f, orig)
-@@ -64,23 +58,21 @@
- return errors
-
- def chcat_remove(orig, newcat, files):
-+ if len(newcat) == 1:
-+ raise ValueError("Requires at least one category")
- errors=0
-- if len(newcat) > 1:
-- sensitivity=newcat[0]
-- cat=newcat[1]
-- else:
-- sensitivity=0
-- cat=newcat[0]
-+ sensitivity=newcat[0]
-+ cat=newcat[1]
-+
- for f in files:
-- (rc, con) = selinux.getfilecon(f)
-- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
-- clist=raw.split(":")[3:]
-- if sensitivity == 0:
-- sensitivity = clist[0]
-- if len(clist) > 1:
-- if clist[0] != sensitivity:
-+ (rc, c) = selinux.getfilecon(f)
-+ con=c.split(":")[3:]
-+ clist = translate(con)
-+ if sensitivity != clist[0]:
- print("Can not modify sensitivity levels using '+' on %s" % f)
- continue
-+
-+ if len(clist) > 1:
- cats=clist[1].split(",")
- if cat not in cats:
- print "%s is not in %s" % (f, orig)
-@@ -108,51 +100,69 @@
-
- def chcat_replace(orig, newcat, files):
- errors=0
-- if len(newcat) > 1:
-+ if len(newcat) == 1:
-+ if newcat[0][0] == "s" and newcat[0][1:].isdigit() and int(newcat[0][1:]) in range(0,16):
-+ sensitivity=newcat[0]
-+ cmd='chcon -l %s ' % newcat[0]
-+ else:
-+ cmd='chcon -l s0:%s ' % newcat[0]
-+ else:
- sensitivity=newcat[0]
- cat=newcat[1]
- cmd='chcon -l %s:%s ' % (sensitivity, cat)
-- for f in files:
-- cmd = "%s %s" % (cmd, f)
--
-- rc=commands.getstatusoutput(cmd)
-- if rc[0] != 0:
-- print rc[1]
-- errors += 1
-- else:
-- cat=newcat[0]
-- for f in files:
-- (rc, con) = selinux.getfilecon(f)
-- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
-- clist=raw.split(":")[3:]
-- sensitivity=clist[0]
-- cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
-- rc=commands.getstatusoutput(cmd)
-- if rc[0] != 0:
-- print rc[1]
-- errors+=1
-
-+ for f in files:
-+ cmd = "%s %s" % (cmd, f)
-+ rc=commands.getstatusoutput(cmd)
-+ if rc[0] != 0:
-+ print rc[1]
-+ errors += 1
-+
- return errors
-
--def chcat(cats, files):
-- errors=0
-+def check_replace(cats):
-+ plus_ind=0
-+ replace_ind=0
- for c in cats:
-- if len(c) > 0 and c[0] == "+":
-- (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
-- rlist=raw.split(":")
-- errors += chcat_add(c[1:], rlist[3:], files)
-- continue
-- if len(c) > 0 and c[0] == "-":
-- (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
-- rlist=raw.split(":")
-- errors += chcat_remove(c[1:], rlist[3:], files)
-- continue
-+ if len(c) > 0 and ( c[0] == "+" or c[0] == "-" ):
-+ if replace_ind:
-+ raise ValueError("Can not combine +/- with other types of categories")
-+ plus_ind=1
-+ else:
-+ replace_ind=1
-+ if plus_ind:
-+ raise ValueError("Can not combine +/- with other types of categories")
-+ return replace_ind
-
-+def translate(cats):
-+ newcat=[]
-+ for c in cats:
- (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c)
-- rlist=raw.split(":")
-- errors += chcat_replace(c[1:], rlist[3:], files)
--
-- return errors
-+ rlist=raw.split(":")[3:]
-+ if len(rlist) > 1:
-+ if len(newcat) == 0:
-+ newcat.append(rlist[0])
-+ else:
-+ if newcat[0] != rlist[0]:
-+ raise ValueError("Can not have multiple sensitivities")
-+ newcat.append(rlist[1])
-+ else:
-+ if rlist[0][0] == "s" and rlist[0][1:].isdigit() and int(rlist[0][1:]) in range(0,16):
-+
-+ if len(newcat) == 0:
-+ newcat.append(rlist[0])
-+ else:
-+ if newcat[0] != rlist[0]:
-+ raise ValueError("Can not have multiple sensitivities")
-+ else:
-+ if len(newcat) == 0:
-+ newcat.append("s0")
-+ else:
-+ if newcat[0] != "s0":
-+ raise ValueError("Can not have multiple sensitivities")
-+ newcat.append(rlist[0])
-+
-+ return newcat
-
- def usage():
- print "Usage %s CATEGORY File ..." % sys.argv[0]
-@@ -190,26 +200,36 @@
- usage()
- except:
- usage()
-+
- if delete_ind:
-- sys.exit(chcat([""], cmds))
-+ sys.exit(chcat_replace(["s0"], ["s0"], cmds))
-+
-
- if len(cmds) < 2:
- usage()
-
-- cats=cmds[0].split(",")
- set_ind=0
-+ cats=cmds[0].split(",")
- mod_ind=0
-- for i in cats:
-- if i[0]=='+' or i[0]=="-":
-- mod_ind=1
-- if set_ind == 1:
-- error("You can not use '%s' with previous categories" % i)
-- else:
-- if mod_ind == 1 or set_ind==1:
-- error("You can not use '%s' with previous categories" % i)
-- set_ind=1
--
-+ errors=0
- files=cmds[1:]
-- sys.exit(chcat(cats, files))
-+ try:
-+ if check_replace(cats):
-+ errors=chcat_replace(cats,translate(cats), files)
-+ else:
-+ for c in cats:
-+ l=[]
-+ l.append(c[1:])
-+ if len(c) > 0 and c[0] == "+":
-+ errors += chcat_add(c[1:],translate(l), files)
-+ continue
-+ if len(c) > 0 and c[0] == "-":
-+ errors += chcat_remove(c[1:],translate(l), files)
-+ continue
-+ except ValueError, e:
-+ error(e)
-+
-+ sys.exit(errors)
-+
-
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.1/scripts/genhomedircon
+--- nsapolicycoreutils/scripts/genhomedircon 2005-12-07 07:28:00.000000000 -0500
++++ policycoreutils-1.29.1/scripts/genhomedircon 2005-12-14 14:12:00.000000000 -0500
+@@ -29,11 +29,14 @@
+ import commands, sys, os, pwd, string, getopt, re
+ from semanage import *;
+
+-fd=open("/etc/shells", 'r')
+-VALID_SHELLS=fd.read().split('\n')
+-fd.close()
+-if "/sbin/nologin" in VALID_SHELLS:
+- VALID_SHELLS.remove("/sbin/nologin")
++try:
++ fd=open("/etc/shells", 'r')
++ VALID_SHELLS=fd.read().split('\n')
++ fd.close()
++ if "/sbin/nologin" in VALID_SHELLS:
++ VALID_SHELLS.remove("/sbin/nologin")
++except:
++ VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']
+
+ def getStartingUID():
+ starting_uid = sys.maxint
+@@ -163,21 +166,29 @@
+ return role
+
+ def adduser(self, udict, user, seuser, role):
++ if seuser == "user_u" or user == "__default__":
++ return
++ # !!! chooses first role in the list to use in the file context !!!
++ if role[-2:] == "_r" or role[-2:] == "_u":
++ role = role[:-2]
+ try:
+- if seuser == "user_u" or user == "__default__":
+- return
+- # !!! chooses first role in the list to use in the file context !!!
+- if role[-2:] == "_r" or role[-2:] == "_u":
+- role = role[:-2]
+ home = pwd.getpwnam(user)[5]
+ if home == "/":
+- return
+- prefs = {}
+- prefs["role"] = role
+- prefs["home"] = home
+- udict[seuser] = prefs
++ # Probably install so hard code to /root
++ if user == "root":
++ home="/root"
++ else:
++ return
+ except KeyError:
+- sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
++ if user == "root":
++ home = "/root"
++ else:
++ sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
++ return
++ prefs = {}
++ prefs["role"] = role
++ prefs["home"] = home
++ udict[seuser] = prefs
+ def getUsers(self):
+ udict = {}
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.195
retrieving revision 1.196
diff -u -r1.195 -r1.196
--- policycoreutils.spec 13 Dec 2005 04:55:51 -0000 1.195
+++ policycoreutils.spec 14 Dec 2005 20:34:32 -0000 1.196
@@ -1,10 +1,10 @@
%define libsepolver 1.10-1
-%define libsemanagever 1.4-1
-%define libselinuxver 1.29.1-2
+%define libsemanagever 1.5.3-1
+%define libselinuxver 1.29.2-1
Summary: SELinux policy core utilities.
Name: policycoreutils
-Version: 1.29.1
-Release: 3
+Version: 1.29.2
+Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -96,6 +96,11 @@
%config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog
+* Wed Dec 14 2005 Dan Walsh <dwalsh at redhat.com> 1.29.2-1
+- Fix genhomedircon to work in installer
+- Update to match NSA
+ * Merged patch for chcat script from Dan Walsh.
+
* Fri Dec 9 2005 Dan Walsh <dwalsh at redhat.com> 1.29.1-2
- More fixes to chcat
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/sources,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- sources 8 Dec 2005 20:39:02 -0000 1.94
+++ sources 14 Dec 2005 20:34:32 -0000 1.95
@@ -1 +1 @@
-92504be57af5d7dd21191f66014126d7 policycoreutils-1.29.1.tgz
+db981cfd14f597746ed87ada3a815d0e policycoreutils-1.29.2.tgz
- Previous message (by thread): rpms/control-center/devel .cvsignore, 1.29, 1.30 control-center.spec, 1.103, 1.104 sources, 1.32, 1.33
- Next message (by thread): rpms/eog/devel .cvsignore, 1.21, 1.22 eog.spec, 1.32, 1.33 sources, 1.21, 1.22
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list