rpms/policycoreutils/FC-6 policycoreutils-rhat.patch,1.253,1.254
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Apr 16 18:18:18 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv12037
Modified Files:
policycoreutils-rhat.patch
Log Message:
* Mon Apr 16 2007 Dan Walsh <dwalsh at redhat.com> 1.34.1-6
- Add sepolgen/gui
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/Makefile | 16 -
audit2allow/audit2allow | 473 +++++++++++++++++++++++--------------------
audit2allow/sepolgen-ifgen | 86 +++++++
restorecon/restorecon.c | 4
restorecond/restorecond.c | 12 -
restorecond/restorecond.conf | 3
restorecond/restorecond.init | 43 +++
scripts/chcat | 36 ++-
scripts/fixfiles.8 | 2
semanage/seobject.py | 10
11 files changed, 432 insertions(+), 255 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/FC-6/policycoreutils-rhat.patch,v
retrieving revision 1.253
retrieving revision 1.254
diff -u -r1.253 -r1.254
--- policycoreutils-rhat.patch 16 Apr 2007 18:04:13 -0000 1.253
+++ policycoreutils-rhat.patch 16 Apr 2007 18:18:15 -0000 1.254
@@ -1,5 +1,638 @@
---- policycoreutils-1.34.1/restorecond/restorecond.c.rhat 2007-01-24 10:04:01.000000000 -0500
-+++ policycoreutils-1.34.1/restorecond/restorecond.c 2007-04-16 08:04:45.000000000 -0400
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.34.1/audit2allow/audit2allow
+--- nsapolicycoreutils/audit2allow/audit2allow 2007-01-24 10:04:01.000000000 -0500
++++ policycoreutils-1.34.1/audit2allow/audit2allow 2007-04-16 14:12:28.000000000 -0400
+@@ -1,226 +1,265 @@
+ #! /usr/bin/python -E
+-# Copyright (C) 2005 Red Hat
+-# see file 'COPYING' for use and warranty information
+-#
+-# Audit2allow is a rewrite of prior perl script.
++# Authors: Karl MacMillan <kmacmillan at mentalrootkit.com>
+ #
+-# Based off original audit2allow perl script: which credits
+-# newrules.pl, Copyright (C) 2001 Justin R. Smith (jsmith at mcs.drexel.edu)
+-# 2003 Oct 11: Add -l option by Yuichi Nakamura(ynakam at users.sourceforge.jp)
++# Copyright (C) 2006-2007 Red Hat
++# see file 'COPYING' for use and warranty information
+ #
+-# This program is free software; you can redistribute it and/or
+-# modify it under the terms of the GNU General Public License as
+-# published by the Free Software Foundation; either version 2 of
+-# the License, or (at your option) any later version.
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; version 2 only
+ #
+-# This program is distributed in the hope that it will be useful,
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-# GNU General Public License for more details.
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
+ #
+-# You should have received a copy of the GNU General Public License
+-# along with this program; if not, write to the Free Software
+-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+-# 02111-1307 USA
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ #
+-#
+-from avc import *
+
+-if __name__ == '__main__':
+- import commands, sys, os, getopt, selinux
+- import gettext
+- import re
++import sys
++import tempfile
++
++import sepolgen.audit as audit
++import sepolgen.policygen as policygen
++import sepolgen.interfaces as interfaces
++import sepolgen.output as output
++import sepolgen.objectmodel as objectmodel
++import sepolgen.defaults as defaults
++import sepolgen.module as module
++from sepolgen.sepolgeni18n import _
++
++class AuditToPolicy:
++ VERSION = "%prog .1"
++ SYSLOG = "/var/log/messages"
++
++ def __init__(self):
++ self.__options = None
++ self.__parser = None
++ self.__avs = None
++
++ def __parse_options(self):
++ from optparse import OptionParser
++
++ parser = OptionParser(version=self.VERSION)
++ parser.add_option("-a", "--audit", action="store_true", dest="audit", default=False,
++ help="read input from audit log - conflicts with -i")
++ parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
++ help="read input from dmesg - conflicts with --audit and --input")
++ parser.add_option("-i", "--input", dest="input",
++ help="read input from <input> - conflicts with -a")
++ parser.add_option("-l", "--lastreload", action="store_true", dest="lastreload", default=False,
++ help="read input only after the last reload")
++ parser.add_option("-r", "--requires", action="store_true", dest="requires", default=False,
++ help="generate require statements for rules")
++ parser.add_option("-m", "--module", dest="module",
++ help="set the module name - implies --requires")
++ parser.add_option("-M", "--module-package", dest="module_package",
++ help="generate a module package - conflicts with -o and -m")
++ parser.add_option("-o", "--output", dest="output",
++ help="append output to <filename>, conflicts with -M")
++ parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
++ default=False, help="generate refpolicy style output")
++ parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
++ default=False, help="explain generated output")
++ parser.add_option("-e", "--explain", action="store_true", dest="explain_long",
++ default=False, help="fully explain generated output")
++ parser.add_option("-t", "--type", help="only process messages with a type that matches this regex",
++ dest="type")
++ parser.add_option("--perm-map", dest="perm_map", help="file name of perm map")
++ parser.add_option("--interface-info", dest="interface_info", help="file name of interface information")
++ parser.add_option("--debug", dest="debug", action="store_true", default=False,
++ help="leave generated modules for -M")
++
++ options, args = parser.parse_args()
++
++ # Make -d, -a, and -i conflict
++ if options.audit is True:
++ if options.input is not None:
++ sys.stderr.write("error: --audit conflicts with --input\n")
++ if options.dmesg is True:
++ sys.stderr.write("error: --audit conflicts with --dmesg\n")
++ if options.input is not None and options.dmesg is True:
++ sys.stderr.write("error: --input conflicts with --dmesg\n")
++
++ # Turn on requires generation if a module name is given. Also verify
++ # the module name.
++ if options.module:
++ name = options.module
++ else:
++ name = options.module_package
++ if name:
++ options.requires = True
++ if not module.is_valid_name(name):
++ sys.stderr.write("only letters and numbers allowed in module names\n")
++ sys.exit(2)
++
++ # Make -M and -o conflict
++ if options.module_package:
++ if options.output:
++ sys.stderr.write("error: --module-package conflicts with --output\n")
++ sys.exit(2)
++ if options.module:
++ sys.stderr.write("error: --module-package conflicts with --module\n")
++ sys.exit(2)
++
++ self.__options = options
++
++ def __read_input(self):
++ parser = audit.AuditParser(last_load_only=self.__options.lastreload)
++
++ filename = None
++ messages = None
++ f = None
++
++ # Figure out what input we want
++ if self.__options.input is not None:
++ filename = self.__options.input
++ elif self.__options.dmesg:
++ messages = audit.get_dmesg_msgs()
++ elif self.__options.audit:
++ try:
++ messages = audit.get_audit_msgs()
++ except OSError, e:
++ sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
++ sys.exit(1)
++ else:
++ # This is the default if no input is specified
++ f = sys.stdin
++
++ # Get the input
++ if filename is not None:
++ try:
++ f = open(filename)
++ except IOError, e:
++ sys.stderr.write('could not open file %s - "%s"\n' % (filename, str(e)))
++ sys.exit(1)
++
++ if f is not None:
++ parser.parse_file(f)
++ f.close()
++
++ if messages is not None:
++ parser.parse_string(messages)
++
++ self.__parser = parser
++
++ def __process_input(self):
++ if self.__options.type:
++ filter = audit.TypeFilter(self.__options.type)
++ self.__avs = self.__parser.to_access(filter)
++ else:
++ self.__avs = self.__parser.to_access()
++
++ def __load_interface_info(self):
++ # Load interface info file
++ if self.__options.interface_info:
++ fn = self.__options.interface_info
++ else:
++ fn = defaults.interface_info()
+ try:
+- gettext.install('policycoreutils')
++ fd = open(fn)
+ except:
+- pass
+- def get_mls_flag():
+- if selinux.is_selinux_mls_enabled():
+- return "-M"
+- else:
+- return ""
+-
+- def usage(msg = ""):
+- print _('audit2allow [-adhilrv] [-t file ] [ -f fcfile ] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
+- -a, --all read input from audit and message log, conflicts with -i\n\
+- -d, --dmesg read input from output of /bin/dmesg\n\
+- -h, --help display this message\n\
+- -i, --input read input from <inputfile> conflicts with -a\n\
+- -l, --lastreload read input only after last \"load_policy\"\n\
+- -m, --module generate module/require output <modulename> \n\
+- -M generate loadable module package, conflicts with -o\n\
+- -o, --output append output to <outputfile>, conflicts with -M\n\
+- -r, --requires generate require output \n\
+- -t, --tefile Add input from Existing Type Enforcement file\n\
+- -f, --fcfile Existing Type Enforcement file, requires -M\n\
+- -v, --verbose verbose output\n\
+- -A, --analyze Analyze output\n\
+- ')
+- if msg != "":
+- print msg
+- sys.exit(1)
+-
+- def verify_module(module):
+- m = re.findall("[^a-zA-Z0-9]", module)
+- if len(m) != 0:
+- usage(_("Alphanumeric Charaters Only"))
+-
+- def errorExit(error):
+- sys.stderr.write("%s: " % sys.argv[0])
+- sys.stderr.write("%s\n" % error)
+- sys.stderr.flush()
+- sys.exit(1)
+-
+- #
+- #
+- #
+- try:
+- last_reload = 0
+- inputfd = sys.stdin
+- output = sys.stdout
+- module = ""
+- requires = 0
+- verbose = 0
+- auditlogs = 0
+- buildPP = 0
+- input_ind = 0
+- output_ind = 0
+- ref_ind = False
+- analyze = False
+- te_inputs = []
+-
+- fc_file = ""
+- gopts, cmds = getopt.getopt(sys.argv[1:],
+- 'Aadf:hi:lm:M:o:rt:vR',
+- ['all',
+- 'analyze',
+- 'dmesg',
+- 'fcfile=',
+- 'help',
+- 'input=',
+- 'lastreload',
+- 'module=',
+- 'output=',
+- 'requires',
+- 'reference',
+- 'tefile=',
+- 'verbose'
+- ])
+- for o,a in gopts:
+- if o == "-a" or o == "--all":
+- if input_ind:
+- usage()
+- inputfd = open("/var/log/messages", "r")
+- auditlogs = 1
+- if o == "-d" or o == "--dmesg":
+- inputfd = os.popen("/bin/dmesg", "r")
+- if o == "-f" or o == "--fcfile":
+- if a[0] == "-":
+- usage()
+- fc_file = a
+- if o == "-h" or o == "--help":
+- usage()
+- if o == "-i"or o == "--input":
+- if auditlogs or a[0] == "-":
+- usage()
+- input_ind = 1
+- inputfd = open(a, "r")
+- if o == '--lastreload' or o == "-l":
+- last_reload = 1
+- if o == "-m" or o == "--module":
+- if module != "" or a[0] == "-":
+- usage()
+- module = a
+- verify_module(module)
+- if o == "-M":
+- if module != "" or output_ind or a[0] == "-":
+- usage()
+- module = a
+- verify_module(module)
+- outfile = a+".te"
+- buildPP = 1
+- if not os.path.exists("/usr/bin/checkmodule"):
+- errorExit("-M Requires the checkmodule command, you need to install the checkpolicy rpm package")
+- output = open(outfile, "w")
+- if o == "-r" or o == "--requires":
+- requires = 1
+- if o == "-t" or o == "--tefile":
+- te_inputs.append(open(a, "r"))
+-
+- if o == "-R" or o == "--reference":
+- ref_ind = True
+-
+- if o == "-o" or o == "--output":
+- if module != "" or a[0] == "-":
+- usage()
+- output = open(a, "a")
+- output_ind = 1
+- if o == "-v" or o == "--verbose":
+- verbose = 1
+-
+- if o == "-A" or o == "--analyze":
+- analyze = True
+-
+- if len(cmds) != 0:
+- usage()
+-
+- if fc_file != "" and not buildPP:
+- usage("Error %s: Option -fc requires -M" % sys.argv[0])
+-
+- serules = SERules(last_reload, verbose)
+-
+- for i in te_inputs:
+- te = TERules(serules)
+- te.load(i)
+-
+- serules.load(inputfd)
+-
+-
+- if ref_ind:
+- serules.gen_reference_policy()
+-
+- if analyze:
+- serules.analyze()
+- sys.exit(0)
+-
+- if auditlogs and os.path.exists("/var/log/audit/audit.log"):
+- inputfd = os.popen("ausearch -m avc,MAC_POLICY_LOAD")
+- serules.load(inputfd)
+-
+- if buildPP:
+- print (_("Generating type enforcment file: %s.te") % module)
+- output.write(serules.out(requires, module))
+- output.flush()
+- if buildPP:
+- if ref_ind:
+- rc, type = selinux.selinux_getpolicytype()
+- cmd = "make -f /usr/share/selinux/%s/include/Makefile %s.pp" % (type, module)
+- print _("Compiling policy")
+- print cmd
+- rc = commands.getstatusoutput(cmd)
+- else:
+- cmd = "checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
+- print _("Compiling policy")
+- print cmd
+- rc = commands.getstatusoutput(cmd)
+- if rc[0] == 0:
+- cmd = "semodule_package -o %s.pp -m %s.mod" % (module, module)
+- if fc_file != "":
+- cmd = "%s -f %s" % (cmd, fc_file)
+-
+- print cmd
+- rc = commands.getstatusoutput(cmd)
+- if rc[0] == 0:
+- print _("\n******************** IMPORTANT ***********************\n")
+- print (_("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n") % module)
+- else:
+- errorExit(rc[1])
+-
+- except getopt.error, error:
+- errorExit(_("Options Error: %s ") % error.msg)
+- except ValueError, error:
+- errorExit(error.args[0])
+- except IOError, error:
+- errorExit(error)
+- except KeyboardInterrupt, error:
+- sys.exit(0)
++ sys.stderr.write("could not open interface info [%s]\n" % fn)
++ sys.exit(1)
++
++ ifs = interfaces.InterfaceSet()
++ ifs.from_file(fd)
++ fd.close()
++
++ # Also load perm maps
++ if self.__options.perm_map:
++ fn = self.__options.perm_map
++ else:
++ fn = defaults.perm_map()
++ try:
++ fd = open(fn)
++ except:
++ sys.stderr.write("could not open perm map [%s]\n" % fn)
++ sys.exit(1)
++
++ perm_maps = objectmodel.PermMappings()
++ perm_maps.from_file(fd)
++
++ return (ifs, perm_maps)
++
++ def __output_modulepackage(self, writer, generator):
++ generator.set_module_name(self.__options.module_package)
++ filename = self.__options.module_package + ".te"
++ packagename = self.__options.module_package + ".pp"
++
++ try:
++ fd = open(filename, "w")
++ except IOError, e:
++ sys.stderr.write("could not write output file: %s\n", str(e))
++ sys.exit(1)
++
++ writer.write(generator.get_module(), fd)
++ fd.close()
++
++ mc = module.ModuleCompiler()
++
++ try:
++ mc.create_module_package(filename, self.__options.refpolicy)
++ except RuntimeError, e:
++ print e
++ sys.exit(1)
++
++ sys.stdout.write(_("******************** IMPORTANT ***********************\n"))
++ sys.stdout.write((_("To make this policy package active, execute:" +\
++ "\n\nsemodule -i %s\n\n") % packagename))
++
++ def __output(self):
++ g = policygen.PolicyGenerator()
++
++ if self.__options.module:
++ g.set_module_name(self.__options.module)
++
++ # Interface generation
++ if self.__options.refpolicy:
++ ifs, perm_maps = self.__load_interface_info()
++ g.set_gen_refpol(ifs, perm_maps)
++
++ # Explanation
++ if self.__options.verbose:
++ g.set_gen_explain(policygen.SHORT_EXPLANATION)
++ if self.__options.explain_long:
++ g.set_gen_explain(policygen.LONG_EXPLANATION)
++
++ # Requires
++ if self.__options.requires:
++ g.set_gen_requires(True)
++
++ # Generate the policy
++ g.add_access(self.__avs)
++
++ # Output
++ writer = output.ModuleWriter()
++
++ # Module package
++ if self.__options.module_package:
++ self.__output_modulepackage(writer, g)
++ else:
++ # File or stdout
++ if self.__options.module:
++ g.set_module_name(self.__options.module)
++
++ if self.__options.output:
++ fd = open(self.__options.output, "w")
++ else:
++ fd = sys.stdout
++ writer.write(g.get_module(), fd)
++
++ def main(self):
++ try:
++ self.__parse_options()
++ self.__read_input()
++ self.__process_input()
++ self.__output()
++ except KeyboardInterrupt:
++ sys.exit(0)
++
++if __name__ == "__main__":
++ app = AuditToPolicy()
++ app.main()
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-1.34.1/audit2allow/Makefile
+--- nsapolicycoreutils/audit2allow/Makefile 2007-01-24 10:04:01.000000000 -0500
++++ policycoreutils-1.34.1/audit2allow/Makefile 2007-04-16 14:12:03.000000000 -0400
+@@ -4,23 +4,19 @@
+ LIBDIR ?= $(PREFIX)/lib
+ MANDIR ?= $(PREFIX)/share/man
+ LOCALEDIR ?= /usr/share/locale
+-PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+-PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
+
+-TARGETS=audit2allow
+-
+-all: $(TARGETS)
++all: ;
+
+ install: all
+ -mkdir -p $(BINDIR)
+- install -m 755 $(TARGETS) $(BINDIR)
++ install -m 755 audit2allow $(BINDIR)
++ install -m 755 sepolgen-ifgen $(BINDIR)
+ -mkdir -p $(MANDIR)/man1
+ install -m 644 audit2allow.1 $(MANDIR)/man1/
+- test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
+- install -m 755 avc.py $(PYTHONLIBDIR)/site-packages
+
+ clean:
++ rm -f *~
+
+-indent:
++indent: ;
+
+-relabel:
++relabel: ;
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/sepolgen-ifgen policycoreutils-1.34.1/audit2allow/sepolgen-ifgen
+--- nsapolicycoreutils/audit2allow/sepolgen-ifgen 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.34.1/audit2allow/sepolgen-ifgen 2007-04-16 14:12:33.000000000 -0400
+@@ -0,0 +1,86 @@
++#! /usr/bin/python -E
++#
++# Authors: Karl MacMillan <kmacmillan at mentalrootkit.com>
++#
++# Copyright (C) 2006 Red Hat
++# see file 'COPYING' for use and warranty information
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; version 2 only
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++#
++
++# Parse interfaces and output extracted information about them
++# suitable for policy generation. By default writes the output
++# to the default location (obtained from sepolgen.defaults), but
++# will output to another file provided as an argument:
++# sepolgen-ifgen [headers] [output-filename]
++
++
++import sys
++import os
++
++import sepolgen.refparser as refparser
++import sepolgen.defaults as defaults
++import sepolgen.interfaces as interfaces
++
++
++VERSION = "%prog .1"
++
++def parse_options():
++ from optparse import OptionParser
++
++ parser = OptionParser(version=VERSION)
++ parser.add_option("-o", "--output", dest="output", default=defaults.interface_info(),
++ help="filename to store output")
++ parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),
++ help="location of the interface header files")
++ parser.add_option("-v", "--verbose", action="store_true", default=False,
++ help="print debuging output")
++ parser.add_option("-d", "--debug", action="store_true", default=False,
++ help="extra debugging output")
++ options, args = parser.parse_args()
++
++ return options
++
++
++def main():
++ options = parse_options()
++
++ # Open the output first to generate errors before parsing
++ try:
++ f = open(options.output, "w")
++ except IOError, e:
++ sys.stderr.write("could not open output file [%s]\n" % options.output)
++ return 1
++
++ if options.verbose:
++ log = sys.stdout
++ else:
++ log = None
++
++ try:
++ headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
++ except ValueError, e:
++ print "error parsing headers"
++ print str(e)
++ return 1
++
++ if_set = interfaces.InterfaceSet(output=log)
++ if_set.add_headers(headers)
++ if_set.to_file(f)
++ f.close()
++
++ return 0
++
++if __name__ == "__main__":
++ sys.exit(main())
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.34.1/Makefile
+--- nsapolicycoreutils/Makefile 2007-01-24 10:04:00.000000000 -0500
++++ policycoreutils-1.34.1/Makefile 2007-04-16 14:08:01.000000000 -0400
+@@ -1,4 +1,4 @@
+-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
++SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
+
+ all install relabel clean indent:
+ @for subdir in $(SUBDIRS); do \
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.34.1/restorecon/restorecon.c
+--- nsapolicycoreutils/restorecon/restorecon.c 2007-01-24 10:04:01.000000000 -0500
++++ policycoreutils-1.34.1/restorecon/restorecon.c 2007-04-16 14:08:01.000000000 -0400
+@@ -336,8 +336,8 @@
+ if (!file_exist && errno == ENOENT)
+ return;
+ fprintf(stderr,
+- "%s: error while labeling files under %s\n",
+- progname, buf);
++ "%s: %s: %s\n",
++ progname, buf, strerror(errno));
+ errors++;
+ }
+ }
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-1.34.1/restorecond/restorecond.c
+--- nsapolicycoreutils/restorecond/restorecond.c 2007-01-24 10:04:01.000000000 -0500
++++ policycoreutils-1.34.1/restorecond/restorecond.c 2007-04-16 14:08:01.000000000 -0400
@@ -210,9 +210,10 @@
}
@@ -26,8 +659,23 @@
}
free(scontext);
close(fd);
---- policycoreutils-1.34.1/restorecond/restorecond.init.rhat 2007-01-24 10:04:01.000000000 -0500
-+++ policycoreutils-1.34.1/restorecond/restorecond.init 2007-04-16 08:04:45.000000000 -0400
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.34.1/restorecond/restorecond.conf
+--- nsapolicycoreutils/restorecond/restorecond.conf 2007-01-24 10:04:01.000000000 -0500
++++ policycoreutils-1.34.1/restorecond/restorecond.conf 2007-04-16 14:08:01.000000000 -0400
+@@ -1,7 +1,10 @@
+ /etc/resolv.conf
++/etc/localtime
+ /etc/samba/secrets.tdb
+ /etc/mtab
+ /var/run/utmp
++/var/run/faillog
+ /var/log/wtmp
++/etc/lvm/.cache
+ ~/public_html
+ ~/.mozilla/plugins/libflashplayer.so
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-1.34.1/restorecond/restorecond.init
+--- nsapolicycoreutils/restorecond/restorecond.init 2007-01-24 10:04:01.000000000 -0500
++++ policycoreutils-1.34.1/restorecond/restorecond.init 2007-04-16 14:08:01.000000000 -0400
@@ -1,43 +1,68 @@
#!/bin/sh
#
@@ -122,65 +770,9 @@
-exit 0
+exit $RETVAL
+
---- policycoreutils-1.34.1/restorecon/restorecon.c.rhat 2007-01-24 10:04:01.000000000 -0500
-+++ policycoreutils-1.34.1/restorecon/restorecon.c 2007-04-16 08:04:45.000000000 -0400
-@@ -336,8 +336,8 @@
- if (!file_exist && errno == ENOENT)
- return;
- fprintf(stderr,
-- "%s: error while labeling files under %s\n",
-- progname, buf);
-+ "%s: %s: %s\n",
-+ progname, buf, strerror(errno));
- errors++;
- }
- }
---- policycoreutils-1.34.1/semanage/seobject.py.rhat 2007-01-24 10:04:01.000000000 -0500
-+++ policycoreutils-1.34.1/semanage/seobject.py 2007-04-16 08:04:45.000000000 -0400
-@@ -209,7 +209,8 @@
- os.write(fd, self.out())
- os.close(fd)
- os.rename(newfilename, self.filename)
--
-+ os.system("/sbin/service mcstrans reload > /dev/null")
-+
- class semanageRecords:
- def __init__(self):
- self.sh = semanage_handle_create()
-@@ -464,7 +465,8 @@
- rc = semanage_user_set_mlslevel(self.sh, u, selevel)
- if rc < 0:
- raise ValueError(_("Could not set MLS level for %s") % name)
--
-+ if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0:
-+ raise ValueError(_("Invalid prefix %s") % prefix)
- rc = semanage_user_set_prefix(self.sh, u, prefix)
- if rc < 0:
- raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
-@@ -530,7 +532,9 @@
- semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
-
- if prefix != "":
-- semanage_user_set_prefix(self.sh, u, prefix)
-+ if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
-+ raise ValueError(_("Invalid prefix %s") % prefix)
-+ semanage_user_set_prefix(self.sh, u, prefix)
-
- if len(roles) != 0:
- for r in rlist:
---- policycoreutils-1.34.1/scripts/fixfiles.8.rhat 2007-04-16 08:04:45.000000000 -0400
-+++ policycoreutils-1.34.1/scripts/fixfiles.8 2007-04-16 08:04:54.000000000 -0400
-@@ -35,7 +35,7 @@
-
- .TP
- .B -f
--Don't prompt for removal of /tmp directory.
-+Don't prompt for removal of /tmp directory, always remove it.
-
- .TP
- .B -R rpmpackagename[,rpmpackagename...]
---- policycoreutils-1.34.1/scripts/chcat.rhat 2007-01-24 10:04:01.000000000 -0500
-+++ policycoreutils-1.34.1/scripts/chcat 2007-04-16 08:04:45.000000000 -0400
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.34.1/scripts/chcat
+--- nsapolicycoreutils/scripts/chcat 2007-01-24 10:04:01.000000000 -0500
++++ policycoreutils-1.34.1/scripts/chcat 2007-04-16 14:08:01.000000000 -0400
@@ -62,12 +62,20 @@
for i in newcat[1:]:
if i not in cats:
@@ -246,39 +838,49 @@
return errors
def chcat_replace(newcat, objects, login_ind):
---- policycoreutils-1.34.1/audit2allow/audit2allow.rhat 2007-01-24 10:04:01.000000000 -0500
-+++ policycoreutils-1.34.1/audit2allow/audit2allow 2007-04-16 08:04:45.000000000 -0400
-@@ -32,8 +32,10 @@
- import re
- try:
- gettext.install('policycoreutils')
-- except:
-- pass
-+ except IOError:
-+ import __builtin__
-+ __builtin__.__dict__['_'] = unicode
-+
- def get_mls_flag():
- if selinux.is_selinux_mls_enabled():
- return "-M"
---- policycoreutils-1.34.1/Makefile.rhat 2007-01-24 10:04:00.000000000 -0500
-+++ policycoreutils-1.34.1/Makefile 2007-04-16 08:04:45.000000000 -0400
-@@ -1,4 +1,4 @@
--SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
-+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-1.34.1/scripts/fixfiles.8
+--- nsapolicycoreutils/scripts/fixfiles.8 2007-01-24 10:04:01.000000000 -0500
++++ policycoreutils-1.34.1/scripts/fixfiles.8 2007-04-16 14:08:01.000000000 -0400
+@@ -35,7 +35,7 @@
- all install relabel clean indent:
- @for subdir in $(SUBDIRS); do \
---- nsapolicycoreutils/restorecond/restorecond.conf 2006-11-20 12:19:55.000000000 -0500
-+++ policycoreutils-2.0.7/restorecond/restorecond.conf 2007-03-23 09:03:56.000000000 -0400
-@@ -1,7 +1,10 @@
- /etc/resolv.conf
-+/etc/localtime
- /etc/samba/secrets.tdb
- /etc/mtab
- /var/run/utmp
-+/var/run/faillog
- /var/log/wtmp
-+/etc/lvm/.cache
- ~/public_html
- ~/.mozilla/plugins/libflashplayer.so
+ .TP
+ .B -f
+-Don't prompt for removal of /tmp directory.
++Don't prompt for removal of /tmp directory, always remove it.
+
+ .TP
+ .B -R rpmpackagename[,rpmpackagename...]
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.34.1/semanage/seobject.py
+--- nsapolicycoreutils/semanage/seobject.py 2007-01-24 10:04:01.000000000 -0500
++++ policycoreutils-1.34.1/semanage/seobject.py 2007-04-16 14:08:01.000000000 -0400
+@@ -209,7 +209,8 @@
+ os.write(fd, self.out())
+ os.close(fd)
+ os.rename(newfilename, self.filename)
+-
++ os.system("/sbin/service mcstrans reload > /dev/null")
++
+ class semanageRecords:
+ def __init__(self):
+ self.sh = semanage_handle_create()
+@@ -464,7 +465,8 @@
+ rc = semanage_user_set_mlslevel(self.sh, u, selevel)
+ if rc < 0:
+ raise ValueError(_("Could not set MLS level for %s") % name)
+-
++ if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0:
++ raise ValueError(_("Invalid prefix %s") % prefix)
+ rc = semanage_user_set_prefix(self.sh, u, prefix)
+ if rc < 0:
+ raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
+@@ -530,7 +532,9 @@
+ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
+
+ if prefix != "":
+- semanage_user_set_prefix(self.sh, u, prefix)
++ if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
++ raise ValueError(_("Invalid prefix %s") % prefix)
++ semanage_user_set_prefix(self.sh, u, prefix)
+
+ if len(roles) != 0:
+ for r in rlist:
More information about the fedora-cvs-commits
mailing list