rpms/policycoreutils/devel .cvsignore, 1.103, 1.104 policycoreutils-rhat.patch, 1.167, 1.168 policycoreutils.spec, 1.241, 1.242 sources, 1.107, 1.108
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Mar 17 20:29:41 UTC 2006
- Previous message (by thread): rpms/libsemanage/devel .cvsignore, 1.54, 1.55 libsemanage-rhat.patch, 1.10, 1.11 libsemanage.spec, 1.77, 1.78 sources, 1.56, 1.57
- Next message (by thread): rpms/policycoreutils/devel policycoreutils.spec,1.242,1.243
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv23165
Modified Files:
.cvsignore policycoreutils-rhat.patch policycoreutils.spec
sources
Log Message:
* Fri Mar 10 2006 Dan Walsh <dwalsh at redhat.com> 1.29.27-1
- Add restorecond
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -r1.103 -r1.104
--- .cvsignore 21 Feb 2006 19:09:17 -0000 1.103
+++ .cvsignore 17 Mar 2006 20:29:37 -0000 1.104
@@ -92,3 +92,5 @@
policycoreutils-1.29.20.tgz
policycoreutils-1.29.23.tgz
policycoreutils-1.29.26.tgz
+policycoreutils-1.29.27.tgz
+policycoreutils-1.30.tgz
policycoreutils-rhat.patch:
Makefile | 2
restorecond/Makefile | 29 ++
restorecond/restorecond.8 | 31 ++
restorecond/restorecond.c | 463 +++++++++++++++++++++++++++++++++++++++++++
restorecond/restorecond.conf | 3
restorecond/restorecond.h | 4
restorecond/restorecond.init | 54 +++++
restorecond/stringslist.c | 120 +++++++++++
restorecond/stringslist.h | 10
restorecond/utmpwatcher.c | 105 +++++++++
restorecond/utmpwatcher.h | 2
scripts/Makefile | 2
scripts/fixfiles | 5
semanage/seobject.py | 7
14 files changed, 830 insertions(+), 7 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -r1.167 -r1.168
--- policycoreutils-rhat.patch 6 Mar 2006 14:45:58 -0000 1.167
+++ policycoreutils-rhat.patch 17 Mar 2006 20:29:37 -0000 1.168
@@ -1,324 +1,876 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.29.26/audit2allow/audit2allow
---- nsapolicycoreutils/audit2allow/audit2allow 2005-12-08 12:52:44.000000000 -0500
-+++ policycoreutils-1.29.26/audit2allow/audit2allow 2006-03-06 09:44:31.000000000 -0500
-@@ -25,6 +25,118 @@
- #
- #
- import commands, sys, os, pwd, string, getopt, re, selinux
-+
-+obj="(\{[^\}]*\}|[^ \t:]*)"
-+allow_regexp="allow[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj)
-+
-+awk_script='/^[[:blank:]]*interface[[:blank:]]*\(/ {\n\
-+ IFACEFILE=FILENAME\n\
-+ IFACENAME = gensub("^[[:blank:]]*interface[[:blank:]]*\\\\(\`?","","g",$0);\n\
-+ IFACENAME = gensub("\'?,.*$","","g",IFACENAME);\n\
-+}\n\
-+\n\
-+/^[[:blank:]]*allow[[:blank:]]+.*;[[:blank:]]*$/ {\n\
-+\n\
-+ if ((length(IFACENAME) > 0) && (IFACEFILE == FILENAME)){\n\
-+ ALLOW = gensub("^[[:blank:]]*","","g",$0)\n\
-+ ALLOW = gensub(";[[:blank:]]*$","","g",$0)\n\
-+ print FILENAME "\\t" IFACENAME "\\t" ALLOW;\n\
-+ }\n\
-+}\
-+'
-+
-+class accessTrans:
-+ def __init__(self):
-+ self.dict={}
-+ try:
-+ fd=open("/usr/share/selinux/devel/include/support/obj_perm_sets.spt")
-+ except IOError, error:
-+ raise IOError("Reference policy generation requires the policy development package.\n%s" % error)
-+ records=fd.read().split("\n")
-+ regexp="^define *\(`([^']*)' *, *` *\{([^}]*)}'"
-+ for r in records:
-+ m=re.match(regexp,r)
-+ if m!=None:
-+ self.dict[m.groups()[0]] = m.groups()[1].split()
-+ fd.close()
-+ def get(self, var):
-+ l=[]
-+ for v in var:
-+ if v in self.dict.keys():
-+ l += self.dict[v]
-+ else:
-+ if v not in ("{", "}"):
-+ l.append(v)
-+ return l
-+
-+class interfaces:
-+ def __init__(self):
-+ self.dict={}
-+ trans=accessTrans()
-+ (input, output) = os.popen2("awk -f - /usr/share/selinux/devel/include/*/*.if 2> /dev/null")
-+ input.write(awk_script)
-+ input.close()
-+ records=output.read().split("\n")
-+ input.close()
-+ if len(records) > 0:
-+ regexp="([^ \t]*)[ \t]+([^ \t]*)[ \t]+%s" % allow_regexp
-+ for r in records:
-+ m=re.match(regexp,r)
-+ if m==None:
-+ continue
-+ else:
-+ val=m.groups()
-+ file=os.path.basename(val[0]).split(".")[0]
-+ iface=val[1]
-+ Scon=val[2].split()
-+ Tcon=val[3].split()
-+ Class=val[4].split()
-+ Access=trans.get(val[5].split())
-+ for s in Scon:
-+ for t in Tcon:
-+ for c in Class:
-+ if (s, t, c) not in self.dict.keys():
-+ self.dict[(s, t, c)]=[]
-+ self.dict[(s, t, c)].append((Access, file, iface))
-+ def out(self):
-+ keys=self.dict.keys()
-+ keys.sort()
-+ for k in keys:
-+ print k
-+ for i in self.dict[k]:
-+ print "\t", i
-+
-+ def match(self, Scon, Tcon, Class, Access):
-+ keys=self.dict.keys()
-+ ret=[]
-+ if (Scon, Tcon, Class) in keys:
-+ for i in self.dict[(Scon, Tcon, Class)]:
-+ if Access in i[0]:
-+ if i[2].find(Access) >= 0:
-+ ret.insert(0, i)
-+ else:
-+ ret.append(i)
-+ return ret
-+ if ("$1", Tcon, Class) in keys:
-+ for i in self.dict[("$1", Tcon, Class)]:
-+ if Access in i[0]:
-+ if i[2].find(Access) >= 0:
-+ ret.insert(0, i)
-+ else:
-+ ret.append(i)
-+ return ret
-+ if (Scon, "$1", Class) in keys:
-+ for i in self.dict[(Scon, "$1", Class)]:
-+ if Access in i[0]:
-+ if i[2].find(Access) >= 0:
-+ ret.insert(0, i)
-+ else:
-+ ret.append(i)
-+ return ret
-+ else:
-+ return ret
-+
-+
- class serule:
- def __init__(self, type, source, target, seclass):
- self.type=type
-@@ -32,6 +144,8 @@
- self.target=target
- self.seclass=seclass
- self.avcinfo={}
-+ self.iface=None
-+
- def add(self, avc):
- for a in avc[0]:
- if a not in self.avcinfo.keys():
-@@ -67,6 +181,33 @@
- ret=ret + " : " + i
- return ret
-
-+ def gen_reference_policy(self, iface):
-+ ret=""
-+ Scon=self.source
-+ Tcon=self.gettarget()
-+ Class=self.seclass
-+ Access=self.getAccess()
-+ m=iface.match(Scon,Tcon,Class,Access)
-+ if len(m)==0:
-+ return self.out()
-+ else:
-+ file=m[0][1]
-+ ret="\n#%s\n"% self.out()
-+ ret += "optional_policy(`%s', `\n" % m[0][1]
-+ first=True
-+ for i in m:
-+ if file != i[1]:
-+ ret += "')\ngen_require(`%s', `\n" % i[1]
-+ file = i[1]
-+ first=True
-+ if first:
-+ ret += "\t%s(%s)\n" % (i[2], Scon)
-+ first=False
-+ else:
-+ ret += "#\t%s(%s)\n" % (i[2], Scon)
-+ ret += "');"
-+ return ret
-+
- def gettarget(self):
- if self.source == self.target:
- return "self"
-@@ -81,7 +222,12 @@
- self.types=[]
- self.roles=[]
- self.load(input, te_ind)
--
-+ self.gen_ref_policy = False
-+
-+ def gen_reference_policy(self):
-+ self.gen_ref_policy = True
-+ self.iface=interfaces()
-+
- def warning(self, error):
- sys.stderr.write("%s: " % sys.argv[0])
- sys.stderr.write("%s\n" % error)
-@@ -104,7 +250,8 @@
- while line:
- rec=line.split()
- for i in rec:
-- if i=="avc:" or i=="message=avc:":
-+ if i=="avc:" or i=="message=avc:" or i=="msg='avc:":
-+
- found=1
- else:
- avc.append(i)
-@@ -166,7 +313,7 @@
- self.add_seclass(seclass, access)
- self.add_type(tcon)
- self.add_type(scon)
-- if (type, scon, tcon, seclass) not in self.seRules.keys():
-+ if (rule_type, scon, tcon, seclass) not in self.seRules.keys():
- self.seRules[(rule_type, scon, tcon, seclass)]=serule(rule_type, scon, tcon, seclass)
-
- self.seRules[(rule_type, scon, tcon, seclass)].add((access, msg, comm, name ))
-@@ -182,9 +329,10 @@
- if "security_compute_sid" in avc:
- return
-
-+ if "load_policy" in avc and self.last_reload:
-+ self.seRules={}
-+
- if "granted" in avc:
-- if "load_policy" in avc and self.last_reload:
-- self.seRules={}
- return
- try:
- for i in range (0, len(avc)):
-@@ -292,7 +440,10 @@
- keys=self.seRules.keys()
- keys.sort()
- for i in keys:
-- rec += self.seRules[i].out(verbose)+"\n"
-+ if self.gen_ref_policy:
-+ rec += self.seRules[i].gen_reference_policy(self.iface)+"\n"
-+ else:
-+ rec += self.seRules[i].out(verbose)+"\n"
- return rec
-
- if __name__ == '__main__':
-@@ -342,11 +493,12 @@
- buildPP=0
- input_ind=0
- output_ind=0
-+ ref_ind=False
- te_ind=0
-
- fc_file=""
- gopts, cmds = getopt.getopt(sys.argv[1:],
-- 'adf:hi:lm:M:o:rtv',
-+ 'adf:hi:lm:M:o:rtvR',
- ['all',
- 'dmesg',
- 'fcfile=',
-@@ -356,6 +508,7 @@
- 'module=',
- 'output=',
- 'requires',
-+ 'reference',
- 'tefile',
- 'verbose'
- ])
-@@ -397,6 +550,9 @@
- if auditlogs:
- usage()
- te_ind=1
-+ if o == "-R" or o == "--reference":
-+ ref_ind=True
-+
- if o == "-o" or o == "--output":
- if module != "" or a[0]=="-":
- usage()
-@@ -413,6 +569,10 @@
-
- out=seruleRecords(input, last_reload, verbose, te_ind)
-
-+
-+ if ref_ind:
-+ out.gen_reference_policy()
-+
- if auditlogs:
- input=os.popen("ausearch -m avc")
- out.load(input)
-@@ -423,15 +583,15 @@
- output.flush()
- if buildPP:
- cmd="checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
-- print "Compiling policy: %s" % cmd
-+ print "Compiling policy"
-+ print cmd
- rc=commands.getstatusoutput(cmd)
- if rc[0]==0:
- cmd="semodule_package -o %s.pp -m %s.mod" % (module, module)
-- print cmd
- if fc_file != "":
- cmd = "%s -f %s" % (cmd, fc_file)
-
-- print "Building package: %s" % cmd
-+ print cmd
- rc=commands.getstatusoutput(cmd)
- if rc[0]==0:
- print ("\n******************** IMPORTANT ***********************\n")
-@@ -446,6 +606,6 @@
- except ValueError, error:
- errorExit(error.args[0])
- except IOError, error:
-- errorExit(error.args[1])
-+ errorExit(error)
- except KeyboardInterrupt, error:
- sys.exit(0)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.29.26/audit2allow/audit2allow.1
---- nsapolicycoreutils/audit2allow/audit2allow.1 2005-12-01 10:11:27.000000000 -0500
-+++ policycoreutils-1.29.26/audit2allow/audit2allow.1 2006-02-23 16:32:45.000000000 -0500
-@@ -65,6 +65,9 @@
- .B "\-r" | "\-\-requires"
- Generate require output syntax for loadable modules.
- .TP
-+.B "\-R" | "\-\-reference"
-+Generate reference policy using installed macros
-+.TP
- .B "\-t " | "\-\-tefile"
- Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
- .TP
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.26/scripts/chcat
---- nsapolicycoreutils/scripts/chcat 2006-01-27 01:16:33.000000000 -0500
-+++ policycoreutils-1.29.26/scripts/chcat 2006-03-03 18:21:05.000000000 -0500
-@@ -320,7 +320,7 @@
- if len(cats) > 1 and cats[1] != "s0":
- print "%s: %s" % (u, cats[1])
- else:
-- print "%s:" % u
-+ print "%s: %s" % (u, cats[0])
-
- def error(msg):
- print "%s: %s" % (sys.argv[0], msg)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.29.26/scripts/fixfiles
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.29.27/Makefile
+--- nsapolicycoreutils/Makefile 2005-11-29 10:55:01.000000000 -0500
++++ policycoreutils-1.29.27/Makefile 2006-03-15 16:06:43.000000000 -0500
+@@ -1,4 +1,4 @@
+-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand setsebool po
++SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand setsebool po
+
+ all install relabel clean:
+ @for subdir in $(SUBDIRS); do \
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-1.29.27/restorecond/Makefile
+--- nsapolicycoreutils/restorecond/Makefile 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.27/restorecond/Makefile 2006-03-15 16:08:46.000000000 -0500
+@@ -0,0 +1,29 @@
++# Installation directories.
++PREFIX ?= ${DESTDIR}/usr
++SBINDIR ?= $(PREFIX)/sbin
++MANDIR = $(PREFIX)/share/man
++INITDIR = $(DESTDIR)/etc/rc.d/init.d
++SELINUXDIR = $(DESTDIR)/etc/selinux
++
++CFLAGS ?= -g -Werror -Wall -W
++override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
++LDLIBS += -lselinux -L$(PREFIX)/lib
++
++all: restorecond
++
++restorecond: restorecond.o utmpwatcher.o stringslist.o
++ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
++
++install: all
++ [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
++ -mkdir -p $(SBINDIR)
++ install -m 755 restorecond $(SBINDIR)
++ install -m 644 restorecond.8 $(MANDIR)/man8
++ -mkdir -p $(INITDIR)
++ install -m 644 restorecond.init $(INITDIR)/restorecond
++ -mkdir -p $(SELINUXDIR)
++ install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf
++
++clean:
++ -rm -f restorecond *.o *~
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-1.29.27/restorecond/restorecond.8
+--- nsapolicycoreutils/restorecond/restorecond.8 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.27/restorecond/restorecond.8 2006-03-15 16:06:43.000000000 -0500
+@@ -0,0 +1,31 @@
++.TH "restorecond" "8" "2002031409" "" ""
++.SH "NAME"
++restorecond \- daemon that watches for file creation and then corrects file context
++
++.SH "SYNOPSIS"
++.B restorecond [\-d]
++.P
++
++.SH "DESCRIPTION"
++This manual page describes the
++.BR restorecond
++program.
++.P
++This daemon uses inotify to watch files listed in the /etc/selinux/POLICYTYPE/restorconfiles.conf, when they are created, this daemon will make sure they have
++the correct file context associated with the policy.
++
++.SH "OPTIONS"
++.TP
++.B \-d
++Turns on debugging mode. Application will stay in the foreground and lots of
++debugs messages start printing.
++
++.SH "AUTHOR"
++This man page was written by Dan Walsh <dwalsh at redhat.com>.
++The program was written by Dan Walsh <dwalsh at redhat.com>.
++
++.SH "FILES"
++/etc/selinux/POLICYTYPE/restorconfiles.conf
++
++.SH "SEE ALSO"
++.BR restorecon (8),
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-1.29.27/restorecond/restorecond.c
+--- nsapolicycoreutils/restorecond/restorecond.c 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.27/restorecond/restorecond.c 2006-03-15 16:06:43.000000000 -0500
+@@ -0,0 +1,463 @@
++/*
++ * restorecond
++ *
++ * AUTHOR: Dan Walsh <dwalsh at redhat.com>
++ *
++ * Copyright (C) 2006 Red Hat
++ * see file 'COPYING' for use and warranty information
++ *
++ * semanage is a tool for managing SELinux configuration files
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of
++ * the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++.*
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++ * 02111-1307 USA
++ *
++*/
++
++/*
++ * PURPOSE:
++ * This daemon program watches for the creation of files listed in a config file
++ * and makes sure that there security context matches the systems defaults
++ *
++ * USAGE:
++ * restorecond [-d]
++ *
++ * -d Run in debug mode
++ *
++ * EXAMPLE USAGE:
++ * restorecond
++ *
++ */
++
++#define _GNU_SOURCE
++#include <sys/inotify.h>
++#include <errno.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <signal.h>
++#include <string.h>
++#include <unistd.h>
++#include <ctype.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <syslog.h>
++#include <limits.h>
++#include <fcntl.h>
++
++#include "restorecond.h"
++#include "stringslist.h"
++#include "utmpwatcher.h"
++
++extern char *dirname(char *path);
++static int master_fd=-1;
++static int master_wd=-1;
++#include <selinux/selinux.h>
++#include <utmp.h>
++
++/* size of the event structure, not counting name */
++#define EVENT_SIZE (sizeof (struct inotify_event))
++/* reasonable guess as to size of 1024 events */
++#define BUF_LEN (1024 * (EVENT_SIZE + 16))
++
++static int debug_mode=0;
++
++static void restore(const char *filename);
++
++struct watchList {
++ struct watchList *next;
++ int wd;
++ char *dir;
++ struct stringsList *files;
++};
++struct watchList *firstDir=NULL;
++
++/* Compare two contexts to see if their differences are "significant",
++ * or whether the only difference is in the user. */
++static int only_changed_user(const char *a, const char *b)
++{
++ char *rest_a, *rest_b; /* Rest of the context after the user */
++ if (!a || !b) return 0;
++ rest_a = strchr(a, ':');
++ rest_b = strchr(b, ':');
++ if (!rest_a || !rest_b) return 0;
++ return (strcmp(rest_a, rest_b) == 0);
++}
++
++/*
++ A file was in a direcroty has been created. This function checks to
++ see if it is one that we are watching.
++*/
++
++static int watch_list_find(int wd, const char *file) {
++ struct watchList *ptr=NULL;
++ ptr=firstDir;
++
++ if (debug_mode)
++ printf("%d: File=%s\n", wd, file);
++ while (ptr != NULL) {
++ if (ptr->wd == wd) {
++ if (strings_list_find(ptr->files, file) == 0) {
++ char *path=NULL;
++ if (asprintf(&path, "%s/%s",ptr->dir, file) < 0)
++ exitApp("Error allocating memory.");
++ restore (path);
++ free(path);
++ return 0;
++ }
++ if (debug_mode)
++ strings_list_print(ptr->files);
++
++ /* Not found in this directory */
++ return -1;
++ }
++ ptr=ptr->next;
++ }
++ /* Did not find a directory */
++ return -1;
++}
++
++static void watch_list_free(int fd) {
++ struct watchList *ptr=NULL;
++ struct watchList *prev=NULL;
++ ptr=firstDir;
++
++ while (ptr!=NULL) {
++ inotify_rm_watch(fd, ptr->wd);
++ strings_list_free(ptr->files);
++ free(ptr->dir);
++ prev=ptr;
++ ptr=ptr->next;
++ free(prev);
++ }
++ firstDir=NULL;
++}
++
++/*
++ Set the file context to the default file context for this system.
++ Same as restorecon.
++*/
++static void restore(const char *filename) {
++ int retcontext=0;
++ security_context_t scontext=NULL;
++ security_context_t prev_context=NULL;
++ struct stat st;
++ char path[PATH_MAX+1];
++ if (debug_mode)
++ printf("restore %s\n", filename);
++
++ if (lstat(filename, &st)!=0) return;
++
++ if (S_ISLNK(st.st_mode)) {
++ char *p = NULL, *file_sep;
++ char *tmp_path = strdupa(filename);
++ size_t len=0;
++ if (!tmp_path) {
++ exitApp("Out of Memory");
++ }
++ file_sep = strrchr(tmp_path, '/');
++ if(file_sep)
++ {
++ *file_sep = 0;
++ file_sep++;
++ p = realpath(tmp_path, path);
++ }
++ else {
++ file_sep = tmp_path;
++ p = realpath("./", path);
++ }
++ if(p)
++ len = strlen(p);
++ if (!p || len + strlen(file_sep) + 2 > PATH_MAX) {
++ syslog(LOG_ERR,"realpath(%s) failed %s\n", filename, strerror(errno));
++ return;
++ }
++ p += len;
++ *p = '/';
++ p++;
++ strcpy(p, file_sep);
++ filename = path;
++ } else {
++ char *p;
++ p = realpath(filename, path);
++ if (!p) {
++ syslog(LOG_ERR,"realpath(%s) failed %s\n", filename, strerror(errno));
++ return;
++ }
++ filename = p;
++ }
++ if (matchpathcon(filename, st.st_mode, &scontext) < 0) {
++ if (errno == ENOENT)
++ return;
++ syslog(LOG_ERR,"matchpathcon(%s) failed %s\n", filename,strerror(errno));
++ return;
++ }
++ retcontext=lgetfilecon(filename,&prev_context);
++
++ if (retcontext >= 0 || errno == ENODATA) {
++ if (retcontext < 0) prev_context=NULL;
++ if (retcontext < 0 ||
++ (strcmp(prev_context,scontext) != 0)) {
++
++ if (only_changed_user(scontext, prev_context) != 0) {
++ free(scontext);
++ free(prev_context);
++ return;
++ }
++
++ if (lsetfilecon(filename,scontext) < 0) {
++ syslog(LOG_ERR,"set context %s->%s failed:'%s'\n",
++ filename, scontext, strerror(errno));
++ if (retcontext >= 0)
++ free(prev_context);
++ free(scontext);
++ return;
++ }
++ syslog(LOG_WARNING,"Reset file context %s: %s->%s\n", filename, prev_context, scontext);
++ }
++ if (retcontext >= 0)
++ free(prev_context);
++ }
++ else {
++ syslog(LOG_ERR,"get context on %s failed: '%s'\n",
++ filename, strerror(errno));
++ }
++ free(scontext);
++}
++
++static void process_config(int fd, FILE *cfg) {
++ char *line_buf=NULL;
++ unsigned int len=0;
++
++ while (getline(&line_buf, &len, cfg)>0) {
++ char *buffer=line_buf;
++ while(isspace(*buffer))
++ buffer++;
++ if(buffer[0] == '#') continue;
++ int l=strlen(buffer)-1;
++ if ( l <= 0 ) continue;
++ buffer[l]=0;
++ if(buffer[0] == '~')
++ utmpwatcher_add(fd, &buffer[1]);
++ else {
++ watch_list_add(fd, buffer);
++ }
++ }
++ free(line_buf);
++}
++
++/*
++ Read config file ignoring Comment lines
++ Files specified one per line. Files with "~" will be expanded to the logged in users
++ homedirs.
++*/
++
++static void read_config(int fd) {
++ char *watch_file_path="/etc/selinux/restorecond.conf";
++
++ FILE *cfg = NULL;
++ if (debug_mode)
++ printf("Read Config\n");
++
++ watch_list_free(fd);
++
++ cfg=fopen(watch_file_path, "r");
++ if (!cfg) exitApp("Error reading config file.");
++ process_config(fd, cfg);
++ fclose(cfg);
++
++ inotify_rm_watch(fd, master_wd);
++ master_wd=inotify_add_watch (fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
++}
++
++/*
++ Inotify watch loop
++*/
++static int watch(int fd) {
++ char buf[BUF_LEN];
++ int len, i = 0;
++ len = read(fd, buf, BUF_LEN);
++ if (len < 0) {
++ return -1;
++ } else if (!len)
++ /* BUF_LEN too small? */
++ return -1;
++ while (i < len) {
++ struct inotify_event *event;
++ event = (struct inotify_event *) &buf[i];
++ if (debug_mode)
++ printf ("wd=%d mask=%u cookie=%u len=%u\n",
++ event->wd, event->mask,
++ event->cookie, event->len);
++ if (event->wd == master_wd)
++ read_config(fd);
++ else {
++ switch (utmpwatcher_handle(fd, event->wd)) {
++ case -1: /* Message was not for utmpwatcher */
++ if (event->len)
++ watch_list_find (event->wd, event->name);
++ break;
++
++ case 1: /* utmp has changed need to reload */
++ read_config(fd);
++ break;
++
++ default: /* No users logged in or out */
++ break;
++ }
++ }
++
++
++ i += EVENT_SIZE + event->len;
++ }
++ return 0;
++}
++
++static const char *pidfile = "/var/run/restorecond.pid";
++
++static int write_pid_file(void)
++{
++ int pidfd, len;
++ char val[16];
++
++ len = snprintf(val, sizeof(val), "%u\n", getpid());
++ if (len < 0) {
++ syslog(LOG_ERR, "Pid error (%s)", strerror(errno));
++ pidfile = 0;
++ return 1;
++ }
++ pidfd = open(pidfile, O_CREAT | O_TRUNC | O_NOFOLLOW | O_WRONLY, 0644);
++ if (pidfd < 0) {
++ syslog(LOG_ERR, "Unable to set pidfile (%s)",
++ strerror(errno));
++ pidfile = 0;
++ return 1;
++ }
++ (void)write(pidfd, val, (unsigned int)len);
++ close(pidfd);
++ return 0;
++}
++
++/*
++ * SIGTERM handler
++ */
++static void term_handler()
++{
++ /* trigger a failure in the watch */
++ close(master_fd);
++}
++
++
++static void usage(char *program) {
++ printf("%s [-d] \n", program);
++ exit(0);
++}
++
++void exitApp(const char *msg) {
++ perror(msg);
++ exit(-1);
++}
++
++/*
++ Add a file to the watch list. We are watching for file creation, so we actually
++ put the watch on the directory and then examine all files created in that directory
++ to see if it is one that we are watching.
++*/
++
++void watch_list_add(int fd, const char *path) {
++ struct watchList *ptr=NULL;
++ struct watchList *prev=NULL;
++ char *x=strdup(path);
++ if (!x) exitApp("Out of Memory");
++ char *dir=dirname(x);
++ char *file=basename(path);
++ ptr=firstDir;
++
++ restore(path);
++
++ while (ptr!=NULL) {
++ if (strcmp(dir, ptr->dir) == 0) {
++ strings_list_add(&ptr->files, file);
++ free(x);
++ return;
++ }
++ prev=ptr;
++ ptr=ptr->next;
++ }
++ ptr=calloc(1, sizeof(struct watchList));
++
++ if (!ptr) exitApp("Out of Memory");
++ ptr->wd=inotify_add_watch (fd, dir, IN_CREATE);
++
++ ptr->dir=strdup(dir);
++ if (!ptr->dir) exitApp("Out of Memory");
++
++ strings_list_add(&ptr->files, file);
++ if (prev)
++ prev->next=ptr;
++ else
++ firstDir=ptr;
++
++ if (debug_mode)
++ printf("%d: Dir=%s, File=%s\n", ptr->wd, ptr->dir, file);
++
++ free(x);
++}
++
++int main(int argc, char **argv) {
++ int opt;
++ struct sigaction sa;
++
++#ifndef DEBUG
++ /* Make sure we are root */
++ if (getuid() != 0) {
++ fprintf(stderr, "You must be root to run this program.\n");
++ return 4;
++ }
++#endif
++
++ /* Register sighandlers */
++ sa.sa_flags = 0 ;
++ sa.sa_handler = term_handler;
++ sigemptyset( &sa.sa_mask ) ;
++ sigaction( SIGTERM, &sa, NULL );
++
++ master_fd = inotify_init ();
++ if (master_fd < 0)
++ exitApp("inotify_init");
++
++ while ((opt = getopt(argc, argv, "d")) > 0) {
++ switch (opt) {
++ case 'd':
++ debug_mode = 1;
++ break;
++ case '?':
++ usage(argv[0]);
++ }
++ }
++ read_config(master_fd);
++
++ write_pid_file();
++
++ if (! debug_mode)
++ daemon(0, 0);
++
++ while (watch(master_fd) == 0 ) {};
++
++ watch_list_free(master_fd);
++ close(master_fd);
++ if (pidfile)
++ unlink(pidfile);
++
++ return 0;
++}
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.29.27/restorecond/restorecond.conf
+--- nsapolicycoreutils/restorecond/restorecond.conf 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.27/restorecond/restorecond.conf 2006-03-15 16:06:43.000000000 -0500
+@@ -0,0 +1,3 @@
++/etc/resolv.conf
++/etc/mtab
++~/public_html
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-1.29.27/restorecond/restorecond.h
+--- nsapolicycoreutils/restorecond/restorecond.h 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.27/restorecond/restorecond.h 2006-03-15 16:06:43.000000000 -0500
+@@ -0,0 +1,4 @@
++void exitApp(const char *msg);
++void watch_list_add(int inotify_fd, const char *path);
++
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-1.29.27/restorecond/restorecond.init
+--- nsapolicycoreutils/restorecond/restorecond.init 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.27/restorecond/restorecond.init 2006-03-15 16:13:32.000000000 -0500
+@@ -0,0 +1,54 @@
++#!/bin/sh
++#
++# restorecond: Daemo used to maintain path file context
++#
++# chkconfig: 2345 10 90
++# description: restorecond uses inotify to look for creation of new files listed in the
++# /etc/selinux/POLICYTYPE/restorefiles.conf file, and sets the correct security
++# context.
++#
++
++# Source function library.
++. /etc/rc.d/init.d/functions
++
++start()
++{
++ echo -n $"Starting restorecond: "
++ daemon /usr/sbin/restorecond
++
++ touch /var/lock/subsys/restorecond
++ echo
++}
++
++stop()
++{
++ echo -n $"Shutting down restorecond: "
++ killproc restorecond
++
++ rm -f /var/lock/subsys/restorecond
++ echo
++}
++
++[ -f /usr/sbin/restorecond ] || exit 0
++
++# See how we were called.
++case "$1" in
++ start)
++ start
++ ;;
++ stop)
++ stop
++ ;;
++ restart|reload)
++ stop
++ start
++ ;;
++ condrestart)
++ [ -e /var/lock/subsys/restorecond ] && (stop; start)
++ ;;
++ *)
++ echo $"Usage: $0 {start|stop|restart|reload|condrestart}"
++ exit 1
++esac
++
++exit 0
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/stringslist.c policycoreutils-1.29.27/restorecond/stringslist.c
+--- nsapolicycoreutils/restorecond/stringslist.c 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.27/restorecond/stringslist.c 2006-03-15 16:06:43.000000000 -0500
+@@ -0,0 +1,120 @@
++/*
++
++ * AUTHOR: Dan Walsh <dwalsh at redhat.com>
++
++ * Copyright (C) 2006 Red Hat
++ * see file 'COPYING' for use and warranty information
++ *
++ * semanage is a tool for managing SELinux configuration files
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of
++ * the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++.*
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++ * 02111-1307 USA
++ *
++*/
++
++#include <string.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include "stringslist.h"
++#include "restorecond.h"
++
++/* Sorted lists */
++void strings_list_add(struct stringsList **list, const char *string) {
++ struct stringsList *ptr=*list;
++ struct stringsList *prev=NULL;
++ struct stringsList *newptr=NULL;
++ while(ptr) {
++ int cmp=strcmp(string, ptr->string);
++ if (cmp < 0) break; /* Not on list break out to add */
++ if (cmp == 0) return; /* Already on list */
++ prev=ptr;
++ ptr=ptr->next;
++ }
++ newptr=calloc(1, sizeof(struct stringsList));
++ if (!newptr) exitApp("Out of Memory");
++ newptr->string=strdup(string);
++ newptr->next = ptr;
++ if (prev)
++ prev->next=newptr;
++ else
++ *list=newptr;
++}
++
++int strings_list_find(struct stringsList *ptr, const char *string) {
++ while (ptr) {
++ int cmp=strcmp(string, ptr->string);
++ if (cmp < 0) return -1; /* Not on list break out to add */
++ if (cmp == 0) return 0; /* Already on list */
++ ptr=ptr->next;
++ }
++ return -1;
++}
++
++void strings_list_free(struct stringsList *ptr) {
++ struct stringsList *prev=NULL;
++ while (ptr) {
++ free(ptr->string);
++ prev=ptr;
++ ptr=ptr->next;
++ free(prev);
++ }
++}
++
++int strings_list_diff(struct stringsList *from, struct stringsList *to) {
++ while (from != NULL && to != NULL) {
++ if (strcmp(from->string, to->string) != 0) return 1;
++ from=from->next;
++ to=to->next;
++ }
++ if (from != NULL || to != NULL) return 1;
++ return 0;
++}
++
++void strings_list_print(struct stringsList *ptr) {
++ while (ptr) {
++ printf("%s\n", ptr->string);
++ ptr=ptr->next;
++ }
++}
++
++
++#ifdef TEST
++void exitApp(const char *msg) {
++ perror(msg);
++ exit(-1);
++}
++
++int main(int argc, char **argv) {
++ struct stringsList *list=NULL;
++ struct stringsList *list1=NULL;
++ strings_list_add(&list, "/etc/resolv.conf");
++ strings_list_add(&list, "/etc/walsh");
++ strings_list_add(&list, "/etc/mtab");
++ strings_list_add(&list, "/etc/walsh");
++ if (strings_list_diff(list, list) != 0) printf ("strings_list_diff test1 bug\n");
++ strings_list_add(&list1, "/etc/walsh");
++ if (strings_list_diff(list, list1) == 0) printf ("strings_list_diff test2 bug\n");
++ strings_list_add(&list1, "/etc/walsh");
++ strings_list_add(&list1, "/etc/resolv.conf");
++ strings_list_add(&list1, "/etc/mtab1");
++ if (strings_list_diff(list, list1) == 0) printf ("strings_list_diff test3 bug\n");
++ printf ("strings list\n");
++ strings_list_print(list);
++ printf ("strings list1\n");
++ strings_list_print(list1);
++ strings_list_free(list);
++ strings_list_free(list1);
++}
++#endif
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/stringslist.h policycoreutils-1.29.27/restorecond/stringslist.h
+--- nsapolicycoreutils/restorecond/stringslist.h 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.27/restorecond/stringslist.h 2006-03-15 16:06:43.000000000 -0500
+@@ -0,0 +1,10 @@
++struct stringsList {
++ struct stringsList *next;
++ char *string;
++};
++
++void strings_list_free(struct stringsList *list);
++void strings_list_add(struct stringsList **list, const char *string);
++void strings_list_print(struct stringsList *list);
++int strings_list_find(struct stringsList *list, const char *string);
++int strings_list_diff(struct stringsList *from, struct stringsList *to);
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-1.29.27/restorecond/utmpwatcher.c
+--- nsapolicycoreutils/restorecond/utmpwatcher.c 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.27/restorecond/utmpwatcher.c 2006-03-15 16:06:43.000000000 -0500
+@@ -0,0 +1,105 @@
++/*
++ * restorecond
++ *
++ * AUTHOR: Dan Walsh <dwalsh at redhat.com>
++ *
++ * Copyright (C) 2006 Red Hat
++ * see file 'COPYING' for use and warranty information
++ *
++ * semanage is a tool for managing SELinux configuration files
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of
++ * the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++.*
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++ * 02111-1307 USA
++ *
++*/
++
++#define _GNU_SOURCE
++#include <sys/inotify.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <syslog.h>
++
++#include <limits.h>
++#include <utmp.h>
++#include <sys/types.h>
++#include <pwd.h>
++#include "restorecond.h"
++#include "utmpwatcher.h"
++#include "stringslist.h"
++
++static struct stringsList *utmp_ptr=NULL;
++static int utmp_wd=-1;
++
++unsigned int utmpwatcher_handle(int inotify_fd, int wd) {
++ int changed=0;
++ struct utmp u;
++ char *utmp_path="/var/run/utmp";
++ struct stringsList *prev_utmp_ptr=utmp_ptr;
++ if (wd != utmp_wd) return -1;
++
++ utmp_ptr=NULL;
++ FILE *cfg=fopen(utmp_path, "r");
++ if (!cfg) exitApp("Error reading config file.");
++
++ while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
++ if (u.ut_type == USER_PROCESS)
++ strings_list_add(&utmp_ptr, u.ut_user);
++ }
++ fclose(cfg);
++ if (utmp_wd >= 0)
++ inotify_rm_watch(inotify_fd, utmp_wd);
++
++ utmp_wd=inotify_add_watch (inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
++ if (prev_utmp_ptr) {
++ changed=strings_list_diff(prev_utmp_ptr, utmp_ptr);
++ strings_list_free(prev_utmp_ptr);
++ }
++ return changed;
++}
++
++static void watch_file(int inotify_fd, const char *file) {
++ struct stringsList *ptr=utmp_ptr;
++
++ while(ptr) {
++ struct passwd *pwd=getpwnam(ptr->string);
++ if (pwd) {
++ char *path=NULL;
++ if (asprintf(&path, "%s%s",pwd->pw_dir, file) < 0)
++ exitApp("Error allocating memory.");
++ watch_list_add(inotify_fd, path);
++ free(path);
++ }
++ ptr=ptr->next;
++ }
++}
++
++void utmpwatcher_add(int inotify_fd, const char *path) {
++ if (utmp_ptr == NULL) {
++ utmpwatcher_handle(inotify_fd, utmp_wd);
++ }
++ watch_file(inotify_fd, path);
++}
++
++#ifdef TEST
++int main(int argc, char **argv) {
++ read_utmp();
++ return 0;
++}
++#endif
++
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.h policycoreutils-1.29.27/restorecond/utmpwatcher.h
+--- nsapolicycoreutils/restorecond/utmpwatcher.h 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.27/restorecond/utmpwatcher.h 2006-03-15 16:06:43.000000000 -0500
+@@ -0,0 +1,2 @@
++unsigned int utmpwatcher_handle(int inotify_fd, int wd);
++void utmpwatcher_add(int inotify_fd, const char *path);
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.29.27/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2006-01-04 13:07:46.000000000 -0500
-+++ policycoreutils-1.29.26/scripts/fixfiles 2006-02-23 17:12:53.000000000 -0500
++++ policycoreutils-1.29.27/scripts/fixfiles 2006-03-15 16:06:43.000000000 -0500
@@ -124,7 +124,10 @@
exit $?
fi
@@ -331,756 +883,32 @@
exit $?
fi
LogReadOnly
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.26/semanage/semanage
---- nsapolicycoreutils/semanage/semanage 2006-02-16 13:35:28.000000000 -0500
-+++ policycoreutils-1.29.26/semanage/semanage 2006-02-23 16:32:45.000000000 -0500
-@@ -22,6 +22,9 @@
- #
- import os, sys, getopt
- import seobject
-+import selinux
-+
-+is_mls_enabled=selinux.is_selinux_mls_enabled()
-
- if __name__ == '__main__':
-
-@@ -57,13 +60,13 @@
- -p (named pipe) \n\n\
- \
- -p, --proto Port protocol (tcp or udp)\n\
-- -L, --level Default SELinux Level\n\
-+ -L, --level Default SELinux Level (MLS/MCS Systems only)\n\
- -R, --roles SELinux Roles (ex: "sysadm_r staff_r")\n\
- -T, --trans SELinux Level Translation\n\n\
- \
- -s, --seuser SELinux User Name\n\
- -t, --type SELinux Type for the object\n\
-- -r, --range MLS/MCS Security Range\n\
-+ -r, --range MLS/MCS Security Range (MLS/MCS Systems only\n\
- '
- print message
- sys.exit(1)
-@@ -167,12 +170,16 @@
- modify = 1
-
- if o == "-r" or o == '--range':
-+ if is_mls_enabled == 0:
-+ errorExit("range not supported on Non MLS machines")
- serange = a
-
- if o == "-l" or o == "--list":
- list = 1
-
- if o == "-L" or o == '--level':
-+ if is_mls_enabled == 0:
-+ errorExit("range not supported on Non MLS machines")
- selevel = a
-
- if o == "-p" or o == '--proto':
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.26/semanage/semanage.8
---- nsapolicycoreutils/semanage/semanage.8 2006-01-27 01:16:33.000000000 -0500
-+++ policycoreutils-1.29.26/semanage/semanage.8 2006-02-23 16:32:45.000000000 -0500
-@@ -46,7 +46,7 @@
- List the OBJECTS
- .TP
- .I \-L, \-\-level
--Default SELinux Level for SELinux use. (s0)
-+Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Systems only)
- .TP
- .I \-m, \-\-modify
- Modify a OBJECT record NAME
-@@ -58,7 +58,7 @@
- Protocol for the specified port (tcp|udp).
- .TP
- .I \-r, \-\-range
--MLS/MCS Security Range
-+MLS/MCS Security Range (MLS/MCS Systems only)
- .TP
- .I \-R, \-\-role
- SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify \-R multiple times.
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.26/semanage/seobject.py
---- nsapolicycoreutils/semanage/seobject.py 2006-02-16 13:35:28.000000000 -0500
-+++ policycoreutils-1.29.26/semanage/seobject.py 2006-03-03 18:20:37.000000000 -0500
-@@ -21,9 +21,43 @@
- #
- #
-
--import pwd, string, selinux, tempfile, os, re
-+import pwd, string, selinux, tempfile, os, re, sys
- from semanage import *;
-
-+is_mls_enabled=selinux.is_selinux_mls_enabled()
-+import syslog
-+try:
-+ import audit
-+ class logger:
-+ def __init__(self):
-+ self.audit_fd=audit.audit_open()
-+
-+ def log(self, success, msg, name="", sename="", serole="", serange="", old_sename="", old_serole="", old_serange=""):
-+ audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],msg, name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success);
-+except:
-+ class logger:
-+ def log(self, success, msg, name="", sename="", serole="", serange="", old_sename="", old_serole="", old_serange=""):
-+ if success == 1:
-+ message = "Successful: "
-+ else:
-+ message = "Failed: "
-+ message += " %s name=%s" % (msg,name)
-+ if sename != "":
-+ message += " sename=" + sename
-+ if old_sename != "":
-+ message += " old_sename=" + old_sename
-+ if serole != "":
-+ message += " role=" + serole
-+ if old_serole != "":
-+ message += " old_role=" + old_serole
-+ if serange != "":
-+ message += " MLSRange=" + serange
-+ if old_serange != "":
-+ message += " old_MLSRange=" + old_serange
-+ syslog.syslog(message);
-+
-+mylog=logger()
-+
- def validate_level(raw):
- sensitivity="s([0-9]|1[0-5])"
- category="c(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])"
-@@ -143,6 +177,7 @@
- def __init__(self):
- self.sh = semanage_handle_create()
- self.semanaged = semanage_is_managed(self.sh)
-+
- if not self.semanaged:
- semanage_handle_destroy(self.sh)
- raise ValueError("SELinux policy is not managed or store cannot be accessed.")
-@@ -162,127 +197,154 @@
- semanageRecords.__init__(self)
-
- def add(self, name, sename, serange):
-- if serange == "":
-- serange = "s0"
-- else:
-- serange = untranslate(serange)
-+ if is_mls_enabled == 1:
-+ if serange == "":
-+ serange = "s0"
-+ else:
-+ serange = untranslate(serange)
-
- if sename == "":
- sename = "user_u"
-
-- (rc,k) = semanage_seuser_key_create(self.sh, name)
-- if rc < 0:
-- raise ValueError("Could not create a key for %s" % name)
--
-- (rc,exists) = semanage_seuser_exists(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not check if login mapping for %s is defined" % name)
-- if exists:
-- raise ValueError("Login mapping for %s is already defined" % name)
- try:
-- pwd.getpwnam(name)
-- except:
-- raise ValueError("Linux User %s does not exist" % name)
--
-- (rc,u) = semanage_seuser_create(self.sh)
-- if rc < 0:
-- raise ValueError("Could not create login mapping for %s" % name)
-+ (rc,k) = semanage_seuser_key_create(self.sh, name)
-+ if rc < 0:
-+ raise ValueError("Could not create a key for %s" % name)
-
-- rc = semanage_seuser_set_name(self.sh, u, name)
-- if rc < 0:
-- raise ValueError("Could not set name for %s" % name)
-+ (rc,exists) = semanage_seuser_exists(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not check if login mapping for %s is defined" % name)
-+ if exists:
-+ raise ValueError("Login mapping for %s is already defined" % name)
-+ try:
-+ pwd.getpwnam(name)
-+ except:
-+ raise ValueError("Linux User %s does not exist" % name)
-
-- rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
-- if rc < 0:
-- raise ValueError("Could not set MLS range for %s" % name)
-+ (rc,u) = semanage_seuser_create(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not create login mapping for %s" % name)
-
-- rc = semanage_seuser_set_sename(self.sh, u, sename)
-- if rc < 0:
-- raise ValueError("Could not set SELinux user for %s" % name)
-+ rc = semanage_seuser_set_name(self.sh, u, name)
-+ if rc < 0:
-+ raise ValueError("Could not set name for %s" % name)
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-1.29.27/scripts/Makefile
+--- nsapolicycoreutils/scripts/Makefile 2005-12-08 12:59:25.000000000 -0500
++++ policycoreutils-1.29.27/scripts/Makefile 2006-03-15 16:06:43.000000000 -0500
+@@ -13,7 +13,7 @@
+ -mkdir -p $(BINDIR)
+ install -m 755 $(TARGETS) $(SBINDIR)
+ install -m 755 chcat $(BINDIR)
+- install -m 755 fixfiles $(DESTDIR)/sbin
++ install -m 755 fixfiles $(PREFIX)/sbin
+ -mkdir -p $(MANDIR)/man8
+ install -m 644 fixfiles.8 $(MANDIR)/man8/
+ install -m 644 genhomedircon.8 $(MANDIR)/man8/
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.27/semanage/seobject.py
+--- nsapolicycoreutils/semanage/seobject.py 2006-03-10 09:48:05.000000000 -0500
++++ policycoreutils-1.29.27/semanage/seobject.py 2006-03-15 16:06:43.000000000 -0500
+@@ -229,10 +229,9 @@
+ if rc < 0:
+ raise ValueError("Could not set name for %s" % name)
-- rc = semanage_begin_transaction(self.sh)
-- if rc < 0:
-- raise ValueError("Could not start semanage transaction")
+- if serange != "":
+- rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
+- if rc < 0:
+- raise ValueError("Could not set MLS range for %s" % name)
+ rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
+ if rc < 0:
+ raise ValueError("Could not set MLS range for %s" % name)
-- rc = semanage_seuser_modify_local(self.sh, k, u)
-- if rc < 0:
-- raise ValueError("Could not add login mapping for %s" % name)
-+ rc = semanage_seuser_set_sename(self.sh, u, sename)
-+ if rc < 0:
-+ raise ValueError("Could not set SELinux user for %s" % name)
-
-- rc = semanage_commit(self.sh)
-- if rc < 0:
-- raise ValueError("Could not add login mapping for %s" % name)
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-
-+ rc = semanage_seuser_modify_local(self.sh, k, u)
-+ if rc < 0:
-+ raise ValueError("Could not add login mapping for %s" % name)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not add login mapping for %s" % name)
-+
-+ except ValueError, error:
-+ mylog.log(0, "add SELinux user mapping", name, sename, "", serange);
-+ raise error
-+
-+ mylog.log(1, "add SELinux user mapping", name, sename, "", serange);
- semanage_seuser_key_free(k)
- semanage_seuser_free(u)
-
- def modify(self, name, sename = "", serange = ""):
-- if sename == "" and serange == "":
-- raise ValueError("Requires seuser or serange")
-+ oldsename=""
-+ oldserange=""
-+ try:
-+ if sename == "" and serange == "":
-+ raise ValueError("Requires seuser or serange")
-
-- (rc,k) = semanage_seuser_key_create(self.sh, name)
-- if rc < 0:
-- raise ValueError("Could not create a key for %s" % name)
-+ (rc,k) = semanage_seuser_key_create(self.sh, name)
-+ if rc < 0:
-+ raise ValueError("Could not create a key for %s" % name)
-
-- (rc,exists) = semanage_seuser_exists(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not check if login mapping for %s is defined" % name)
-- if not exists:
-- raise ValueError("Login mapping for %s is not defined" % name)
-+ (rc,exists) = semanage_seuser_exists(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not check if login mapping for %s is defined" % name)
-+ if not exists:
-+ raise ValueError("Login mapping for %s is not defined" % name)
-
-- (rc,u) = semanage_seuser_query(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not query seuser for %s" % name)
-+ (rc,u) = semanage_seuser_query(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not query seuser for %s" % name)
-
-- if serange != "":
-- semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
-- if sename != "":
-- semanage_seuser_set_sename(self.sh, u, sename)
-+ oldserange=semanage_seuser_get_mlsrange(u)
-+ oldsename=semanage_seuser_get_sename(u)
-+ if serange != "":
-+ semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
-+ else:
-+ serange=oldserange
-+ if sename != "":
-+ semanage_seuser_set_sename(self.sh, u, sename)
-+ else:
-+ sename=oldsename
-
-- rc = semanage_begin_transaction(self.sh)
-- if rc < 0:
-- raise ValueError("Could not srart semanage transaction")
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not srart semanage transaction")
-
-- rc = semanage_seuser_modify_local(self.sh, k, u)
-- if rc < 0:
-- raise ValueError("Could not modify login mapping for %s" % name)
--
-- rc = semanage_commit(self.sh)
-- if rc < 0:
-- raise ValueError("Could not modify login mapping for %s" % name)
-+ rc = semanage_seuser_modify_local(self.sh, k, u)
-+ if rc < 0:
-+ raise ValueError("Could not modify login mapping for %s" % name)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not modify login mapping for %s" % name)
-
-+ except ValueError, error:
-+ mylog.log(0,"modify selinux user mapping", name, sename,"", serange, oldsename, "", oldserange);
-+ raise error
-+
-+ mylog.log(1,"modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange);
- semanage_seuser_key_free(k)
- semanage_seuser_free(u)
-
- def delete(self, name):
-- (rc,k) = semanage_seuser_key_create(self.sh, name)
-- if rc < 0:
-- raise ValueError("Could not create a key for %s" % name)
-+ try:
-+ (rc,k) = semanage_seuser_key_create(self.sh, name)
-+ if rc < 0:
-+ raise ValueError("Could not create a key for %s" % name)
-
-- (rc,exists) = semanage_seuser_exists(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not check if login mapping for %s is defined" % name)
-- if not exists:
-- raise ValueError("Login mapping for %s is not defined" % name)
-+ (rc,exists) = semanage_seuser_exists(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not check if login mapping for %s is defined" % name)
-+ if not exists:
-+ raise ValueError("Login mapping for %s is not defined" % name)
-
-- (rc,exists) = semanage_seuser_exists_local(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not check if login mapping for %s is defined" % name)
-- if not exists:
-- raise ValueError("Login mapping for %s is defined in policy, cannot be deleted" % name)
-+ (rc,exists) = semanage_seuser_exists_local(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not check if login mapping for %s is defined" % name)
-+ if not exists:
-+ raise ValueError("Login mapping for %s is defined in policy, cannot be deleted" % name)
-
-- rc = semanage_begin_transaction(self.sh)
-- if rc < 0:
-- raise ValueError("Could not start semanage transaction")
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-
-- rc = semanage_seuser_del_local(self.sh, k)
-+ rc = semanage_seuser_del_local(self.sh, k)
-
-- if rc < 0:
-- raise ValueError("Could not delete login mapping for %s" % name)
-+ if rc < 0:
-+ raise ValueError("Could not delete login mapping for %s" % name)
-
-- rc = semanage_commit(self.sh)
-- if rc < 0:
-- raise ValueError("Could not delete login mapping for %s" % name)
--
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not delete login mapping for %s" % name)
-+
-+ except ValueError, error:
-+ mylog.log(0,"delete SELinux user mapping", name);
-+ raise error
-+
-+ mylog.log(1,"delete SELinux user mapping", name);
- semanage_seuser_key_free(k)
-
-
-@@ -298,150 +360,179 @@
- return ddict
-
- def list(self,heading=1):
-- if heading:
-- print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
- ddict=self.get_all()
- keys=ddict.keys()
- keys.sort()
-- for k in keys:
-- print "%-25s %-25s %-25s" % (k, ddict[k][0], translate(ddict[k][1]))
-+ if is_mls_enabled == 1:
-+ if heading:
-+ print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
-+ for k in keys:
-+ print "%-25s %-25s %-25s" % (k, ddict[k][0], translate(ddict[k][1]))
-+ else:
-+ if heading:
-+ print "\n%-25s %-25s\n" % ("Login Name", "SELinux User")
-+ for k in keys:
-+ print "%-25s %-25s %-25s" % (k, ddict[k][0])
-
- class seluserRecords(semanageRecords):
- def __init__(self):
- semanageRecords.__init__(self)
-
- def add(self, name, roles, selevel, serange):
-- if serange == "":
-- serange = "s0"
-- else:
-- serange = untranslate(serange)
-+ if is_mls_enabled == 1:
-+ if serange == "":
-+ serange = "s0"
-+ else:
-+ serange = untranslate(serange)
-
-- if selevel == "":
-- selevel = "s0"
-- else:
-- selevel = untranslate(selevel)
--
-- (rc,k) = semanage_user_key_create(self.sh, name)
-- if rc < 0:
-- raise ValueError("Could not create a key for %s" % name)
--
-- (rc,exists) = semanage_user_exists(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not check if SELinux user %s is defined" % name)
-- if exists:
-- raise ValueError("SELinux user %s is already defined" % name)
--
-- (rc,u) = semanage_user_create(self.sh)
-- if rc < 0:
-- raise ValueError("Could not create SELinux user for %s" % name)
-+ if selevel == "":
-+ selevel = "s0"
-+ else:
-+ selevel = untranslate(selevel)
-+
-+ seroles=" ".join(roles)
-+ try:
-+ (rc,k) = semanage_user_key_create(self.sh, name)
-+ if rc < 0:
-+ raise ValueError("Could not create a key for %s" % name)
-
-- rc = semanage_user_set_name(self.sh, u, name)
-- if rc < 0:
-- raise ValueError("Could not set name for %s" % name)
-+ (rc,exists) = semanage_user_exists(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not check if SELinux user %s is defined" % name)
-+ if exists:
-+ raise ValueError("SELinux user %s is already defined" % name)
-
-- for r in roles:
-- rc = semanage_user_add_role(self.sh, u, r)
-+ (rc,u) = semanage_user_create(self.sh)
+ rc = semanage_seuser_set_sename(self.sh, u, sename)
if rc < 0:
-- raise ValueError("Could not add role %s for %s" % (r, name))
-+ raise ValueError("Could not create SELinux user for %s" % name)
-
-- rc = semanage_user_set_mlsrange(self.sh, u, serange)
-- if rc < 0:
-- raise ValueError("Could not set MLS range for %s" % name)
-+ rc = semanage_user_set_name(self.sh, u, name)
-+ if rc < 0:
-+ raise ValueError("Could not set name for %s" % name)
-
-- rc = semanage_user_set_mlslevel(self.sh, u, selevel)
-- if rc < 0:
-- raise ValueError("Could not set MLS level for %s" % name)
-+ for r in roles:
-+ rc = semanage_user_add_role(self.sh, u, r)
-+ if rc < 0:
-+ raise ValueError("Could not add role %s for %s" % (r, name))
-+
-+ if is_mls_enabled == 1:
-+ rc = semanage_user_set_mlsrange(self.sh, u, serange)
-+ if rc < 0:
-+ raise ValueError("Could not set MLS range for %s" % name)
-+
-+ rc = semanage_user_set_mlslevel(self.sh, u, selevel)
-+ if rc < 0:
-+ raise ValueError("Could not set MLS level for %s" % name)
-
-- (rc,key) = semanage_user_key_extract(self.sh,u)
-- if rc < 0:
-- raise ValueError("Could not extract key for %s" % name)
-+ (rc,key) = semanage_user_key_extract(self.sh,u)
-+ if rc < 0:
-+ raise ValueError("Could not extract key for %s" % name)
-
-- rc = semanage_begin_transaction(self.sh)
-- if rc < 0:
-- raise ValueError("Could not start semanage transaction")
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-
-- rc = semanage_user_modify_local(self.sh, k, u)
-- if rc < 0:
-- raise ValueError("Could not add SELinux user %s" % name)
-+ rc = semanage_user_modify_local(self.sh, k, u)
-+ if rc < 0:
-+ raise ValueError("Could not add SELinux user %s" % name)
-
-- rc = semanage_commit(self.sh)
-- if rc < 0:
-- raise ValueError("Could not add SELinux user %s" % name)
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not add SELinux user %s" % name)
-
-+ except ValueError, error:
-+ mylog.log(0,"add SELinux user record", name, name, seroles, serange)
-+ raise error
-+
-+ mylog.log(1,"add SELinux user record", name, name, seroles, serange)
- semanage_user_key_free(k)
- semanage_user_free(u)
-
- def modify(self, name, roles = [], selevel = "", serange = ""):
-- if len(roles) == 0 and serange == "" and selevel == "":
-- raise ValueError("Requires roles, level or range")
-+ try:
-+ if len(roles) == 0 and serange == "" and selevel == "":
-+ if is_mls_enabled == 1:
-+ raise ValueError("Requires roles, level or range")
-+ else:
-+ raise ValueError("Requires roles")
-
-- (rc,k) = semanage_user_key_create(self.sh, name)
-- if rc < 0:
-- raise ValueError("Could not create a key for %s" % name)
-+ (rc,k) = semanage_user_key_create(self.sh, name)
-+ if rc < 0:
-+ raise ValueError("Could not create a key for %s" % name)
-
-- (rc,exists) = semanage_user_exists(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not check if SELinux user %s is defined" % name)
-- if not exists:
-- raise ValueError("SELinux user %s is not defined" % name)
--
-- (rc,u) = semanage_user_query(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not query user for %s" % name)
-+ (rc,exists) = semanage_user_exists(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not check if SELinux user %s is defined" % name)
-+ if not exists:
-+ raise ValueError("SELinux user %s is not defined" % name)
-
-- if serange != "":
-- semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
-- if selevel != "":
-- semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
--
-- if len(roles) != 0:
-- for r in roles:
-- semanage_user_add_role(self.sh, u, r)
-+ (rc,u) = semanage_user_query(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not query user for %s" % name)
-
-- rc = semanage_begin_transaction(self.sh)
-- if rc < 0:
-- raise ValueError("Could not start semanage transaction")
-+ if serange != "":
-+ semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
-+ if selevel != "":
-+ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
-+
-+ if len(roles) != 0:
-+ for r in roles:
-+ semanage_user_add_role(self.sh, u, r)
-
-- rc = semanage_user_modify_local(self.sh, k, u)
-- if rc < 0:
-- raise ValueError("Could not modify SELinux user %s" % name)
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-
-- rc = semanage_commit(self.sh)
-- if rc < 0:
-- raise ValueError("Could not modify SELinux user %s" % name)
-+ rc = semanage_user_modify_local(self.sh, k, u)
-+ if rc < 0:
-+ raise ValueError("Could not modify SELinux user %s" % name)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not modify SELinux user %s" % name)
-+
-+ except ValueError, error:
-+ mylog.log(0,"modify SELinux user record", name, seuser, seroles, serange, oldseuser, oldseroles, olrserange)
-+ raise error
-
-+ mylog.log(1,"modify SELinux user record", name, seuser, seroles, serange, oldseuser, oldseroles, olrserange)
- semanage_user_key_free(k)
- semanage_user_free(u)
-
- def delete(self, name):
-- (rc,k) = semanage_user_key_create(self.sh, name)
-- if rc < 0:
-- raise ValueError("Could not create a key for %s" % name)
--
-- (rc,exists) = semanage_user_exists(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not check if SELinux user %s is defined" % name)
-- if not exists:
-- raise ValueError("SELinux user %s is not defined" % name)
-+ try:
-+ (rc,k) = semanage_user_key_create(self.sh, name)
-+ if rc < 0:
-+ raise ValueError("Could not create a key for %s" % name)
-+
-+ (rc,exists) = semanage_user_exists(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not check if SELinux user %s is defined" % name)
-+ if not exists:
-+ raise ValueError("SELinux user %s is not defined" % name)
-
-- (rc,exists) = semanage_user_exists_local(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not check if SELinux user %s is defined" % name)
-- if not exists:
-- raise ValueError("SELinux user %s is defined in policy, cannot be deleted" % name)
-+ (rc,exists) = semanage_user_exists_local(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not check if SELinux user %s is defined" % name)
-+ if not exists:
-+ raise ValueError("SELinux user %s is defined in policy, cannot be deleted" % name)
-
-- rc = semanage_begin_transaction(self.sh)
-- if rc < 0:
-- raise ValueError("Could not start semanage transaction")
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-
-- rc = semanage_user_del_local(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not delete SELinux user %s" % name)
-+ rc = semanage_user_del_local(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not delete SELinux user %s" % name)
-
-- rc = semanage_commit(self.sh)
-- if rc < 0:
-- raise ValueError("Could not delete SELinux user %s" % name)
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not delete SELinux user %s" % name)
-+ except ValueError, error:
-+ mylog.log(0,"delete SELinux user record", name)
-+ raise error
-
-+ mylog.log(1,"delete SELinux user record", name)
- semanage_user_key_free(k)
-
- def get_all(self):
-@@ -462,14 +553,20 @@
- return ddict
-
- def list(self, heading=1):
-- if heading:
-- print "\n%-15s %-10s %-30s" % ("", "MLS/", "MLS/")
-- print "%-15s %-10s %-30s %s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
- ddict=self.get_all()
- keys=ddict.keys()
- keys.sort()
-- for k in keys:
-- print "%-15s %-10s %-30s %s" % (k, translate(ddict[k][0]), translate(ddict[k][1]), ddict[k][2])
-+ if is_mls_enabled == 1:
-+ if heading:
-+ print "\n%-15s %-10s %-30s" % ("", "MLS/", "MLS/")
-+ print "%-15s %-10s %-30s %s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
-+ for k in keys:
-+ print "%-15s %-10s %-30s %s" % (k, translate(ddict[k][0]), translate(ddict[k][1]), ddict[k][2])
-+ else:
-+ if heading:
-+ print "%-15s %s\n" % ("SELinux User", "SELinux Roles")
-+ for k in keys:
-+ print "%-15s %s" % (k, ddict[k][2])
-
- class portRecords(semanageRecords):
- def __init__(self):
-@@ -500,10 +597,11 @@
- return ( k, proto_d, low, high )
-
- def add(self, port, proto, serange, type):
-- if serange == "":
-- serange="s0"
-- else:
-- serange=untranslate(serange)
-+ if is_mls_enabled == 1:
-+ if serange == "":
-+ serange="s0"
-+ else:
-+ serange=untranslate(serange)
-
- if type == "":
- raise ValueError("Type is required")
-@@ -564,7 +662,10 @@
-
- def modify(self, port, proto, serange, setype):
- if serange == "" and setype == "":
-- raise ValueError("Requires setype or serange")
-+ if is_mls_enabled == 1:
-+ raise ValueError("Requires setype or serange")
-+ else:
-+ raise ValueError("Requires setype")
-
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
-
-@@ -688,10 +789,11 @@
- semanageRecords.__init__(self)
-
- def add(self, interface, serange, ctype):
-- if serange == "":
-- serange="s0"
-- else:
-- serange=untranslate(serange)
-+ if is_mls_enabled == 1:
-+ if serange == "":
-+ serange="s0"
-+ else:
-+ serange=untranslate(serange)
-
- if ctype == "":
- raise ValueError("SELinux Type is required")
-@@ -869,14 +971,14 @@
- self.file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
-
-
-- def add(self, target, type, ftype="", serange="s0", seuser="system_u"):
-+ def add(self, target, type, ftype="", serange="", seuser="system_u"):
- if seuser == "":
- seuser="system_u"
--
-- if serange == "":
-- serange="s0"
-- else:
-- serange=untranslate(serange)
-+ if is_mls_enabled == 1:
-+ if serange == "":
-+ serange="s0"
-+ else:
-+ serange=untranslate(serange)
-
- if type == "":
- raise ValueError("SELinux Type is required")
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/Makefile policycoreutils-1.29.26/setsebool/Makefile
---- nsapolicycoreutils/setsebool/Makefile 2005-11-04 15:37:49.000000000 -0500
-+++ policycoreutils-1.29.26/setsebool/Makefile 2006-02-25 06:56:54.000000000 -0500
-@@ -17,6 +17,8 @@
- install: all
- -mkdir -p $(SBINDIR)
- install -m 755 setsebool $(SBINDIR)
-+ -mkdir -p $(MANDIR)/man8
-+ install -m 644 setsebool.8 $(MANDIR)/man8/
-
- relabel:
-
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.241
retrieving revision 1.242
diff -u -r1.241 -r1.242
--- policycoreutils.spec 10 Mar 2006 19:19:11 -0000 1.241
+++ policycoreutils.spec 17 Mar 2006 20:29:37 -0000 1.242
@@ -1,11 +1,11 @@
%define libauditver 1.1.4-3
-%define libsepolver 1.11.18-1
-%define libsemanagever 1.5.28-1
-%define libselinuxver 1.29.7-1
+%define libsepolver 1.12-1
+%define libsemanagever 1.6-1
+%define libselinuxver 1.30-1
Summary: SELinux policy core utilities.
Name: policycoreutils
-Version: 1.29.26
-Release: 6
+Version: 1.30
+Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -42,6 +42,7 @@
%install
rm -rf ${RPM_BUILD_ROOT}
+mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
mkdir -p ${RPM_BUILD_ROOT}/sbin
@@ -57,8 +58,9 @@
%files -f %{name}.lang
%defattr(-,root,root)
-/sbin/fixfiles
/sbin/restorecon
+%{_sbindir}/restorecond
+%{_sbindir}/fixfiles
%{_sbindir}/setfiles
%{_sbindir}/setsebool
%{_sbindir}/semodule
@@ -76,6 +78,7 @@
%{_bindir}/semodule_link
%{_bindir}/semodule_package
%{_mandir}/man8/chcat.8.gz
+%{_mandir}/man8/restorecond.8.gz
%{_mandir}/man8/restorecon.8.gz
%{_mandir}/man8/sestatus.8.gz
%{_mandir}/man8/semanage.8.gz
@@ -97,8 +100,13 @@
%config %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
%{_libdir}/python2.4/site-packages/seobject.py*
+%attr(755,root,root) /etc/rc.d/init.d/restorecond
+%config(noreplace) /etc/selinux/restorecond.conf
%changelog
+* Fri Mar 10 2006 Dan Walsh <dwalsh at redhat.com> 1.29.27-1
+- Add restorecond
+
* Fri Mar 10 2006 Dan Walsh <dwalsh at redhat.com> 1.29.26-6
- Remove prereq
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/sources,v
retrieving revision 1.107
retrieving revision 1.108
diff -u -r1.107 -r1.108
--- sources 21 Feb 2006 19:09:17 -0000 1.107
+++ sources 17 Mar 2006 20:29:37 -0000 1.108
@@ -1 +1 @@
-58fe44013f3515957fc626d0c11baf7c policycoreutils-1.29.26.tgz
+e017bfddf27e124cef2743496dcfcc49 policycoreutils-1.30.tgz
- Previous message (by thread): rpms/libsemanage/devel .cvsignore, 1.54, 1.55 libsemanage-rhat.patch, 1.10, 1.11 libsemanage.spec, 1.77, 1.78 sources, 1.56, 1.57
- Next message (by thread): rpms/policycoreutils/devel policycoreutils.spec,1.242,1.243
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list