rpms/policycoreutils/devel policycoreutils-gui.patch, 1.22, 1.23 policycoreutils-rhat.patch, 1.313, 1.314 policycoreutils.spec, 1.430, 1.431
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jul 31 19:39:23 UTC 2007
- Previous message (by thread): rpms/gnome-mount/devel .cvsignore, 1.9, 1.10 gnome-mount.spec, 1.29, 1.30 sources, 1.9, 1.10
- Next message (by thread): rpms/glibc/devel glibc-fallocate.patch, NONE, 1.1 glibc.spec, 1.310, 1.311
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32548
Modified Files:
policycoreutils-gui.patch policycoreutils-rhat.patch
policycoreutils.spec
Log Message:
* Fri Jul 27 2007 Dan Walsh <dwalsh at redhat.com> 2.0.22-11
- Fixfiles update required to match new regex
policycoreutils-gui.patch:
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-gui.patch,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- policycoreutils-gui.patch 27 Jul 2007 19:10:57 -0000 1.22
+++ policycoreutils-gui.patch 31 Jul 2007 19:39:20 -0000 1.23
@@ -3059,50 +3059,50 @@
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.22/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/selinux.tbl 2007-07-27 14:57:41.000000000 -0400
-@@ -0,0 +1,295 @@
++++ policycoreutils-2.0.22/gui/selinux.tbl 2007-07-28 11:01:13.000000000 -0400
+@@ -0,0 +1,296 @@
+allow_console_login _("Login") _("Allow direct login to the console device. Requiered for System 390")
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow")
-+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /.")
-+allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys.")
++allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
++allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys")
+allow_execheap _("Memory Protection") _("Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
+allow_execmem _("Memory Protection") _("Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
+allow_execmod _("Memory Protection") _("Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
+allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be neessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
+allow_ftpd_full_access _("FTP") _("Allow ftpd to full access to the system")
+allow_ftpd_anon_write _("FTP") _("Allow ftpd to upload files to directories labeled public_content_rw_t")
-+allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services.")
-+allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services.")
++allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services")
++allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services")
+allow_gpg_execstack _("Memory Protection") _("Allow gpg executable stack")
-+allow_gadmin_exec_content _("User Privs") _("Allow gadmin SELinux user accounts to execute files in his homedirectory or /tmp")
-+allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory.")
-+allow_guest_exec_content _("User Privs") _("Allow guest SELinux user accounts to execute files in his homedirectory or /tmp")
++allow_gadmin_exec_content _("User Privs") _("Allow gadmin SELinux user accounts to execute files in his home directory or /tmp")
++allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory")
++allow_guest_exec_content _("User Privs") _("Allow guest SELinux user accounts to execute files in his home directory or /tmp")
+allow_httpd_anon_write _("HTTPD Service") _("Allow httpd daemon to write files in directories labeled public_content_rw_t")
-+allow_httpd_dbus_avahi _("HTTPD Service") _("Allow Apache to communicate with avahi service.")
-+allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam.")
++allow_httpd_dbus_avahi _("HTTPD Service") _("Allow Apache to communicate with avahi service")
++allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam")
+allow_httpd_sys_script_anon_write _("HTTPD Service") _("Allow httpd scripts to write files in directories labeled public_content_rw_t")
+allow_java_execstack _("Memory Protection") _("Allow java executable stack")
+allow_kerberos _("Kerberos") _("Allow daemons to use kerberos files")
+allow_mount_anyfile _("Mount") _("Allow mount to mount any file")
-+allow_mounton_anydir _("Mount") _("Allow mount to mount any dir")
++allow_mounton_anydir _("Mount") _("Allow mount to mount any directory")
+allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack")
-+allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services.")
-+allow_polyinstantiation _("Polyinstatiation") _("Enable polyinstantiated directory support.")
-+allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications)
++allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services")
++allow_polyinstantiation _("Polyinstatiation") _("Enable polyinstantiated directory support")
++allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications")
+allow_rsync_anon_write _("rsync") _("Allow rsync to write files in directories labeled public_content_rw_t")
+allow_smbd_anon_write _("Samba") _("Allow Samba to write files in directories labeled public_content_rw_t")
+allow_ssh_keysign _("SSH") _("Allow ssh to run ssh-keysign")
-+allow_staff_exec_content _("User Privs") _("Allow staff SELinux user accounts to execute files in his homedirectory or /tmp")
-+allow_sysadm_exec_content _("User Privs") _("Allow sysadm SELinux user accounts to execute files in his homedirectory or /tmp")
-+allow_unconfined_exec_content _("User Privs") _("Allow unconfined SELinux user accounts to execute files in his homedirectory or /tmp")
++allow_staff_exec_content _("User Privs") _("Allow staff SELinux user accounts to execute files in his home directory or /tmp")
++allow_sysadm_exec_content _("User Privs") _("Allow sysadm SELinux user accounts to execute files in his home directory or /tmp")
++allow_unconfined_exec_content _("User Privs") _("Allow unconfined SELinux user accounts to execute files in his home directory or /tmp")
+allow_unlabeled_packets _("Network Configuration") _("Allow unlabeled packets to flow on the network")
-+allow_user_exec_content _("User Privs") _("Allow user SELinux user accounts to execute files in his homedirectory or /tmp")
++allow_user_exec_content _("User Privs") _("Allow user SELinux user accounts to execute files in his home directory or /tmp")
+allow_unconfined_execmem_dyntrans _("Memory Protection") _("Allow unconfined to dyntrans to unconfined_execmem")
+allow_user_mysql_connect _("Databases") _("Allow user to connect to mysql socket")
+allow_user_postgresql_connect _("Databases") _("Allow user to connect to postgres socket")
+allow_write_xshm _("XServer") _("Allow clients to write to X shared memory")
-+allow_xguest_exec_content _("User Privs") _("Allow xguest SELinux user accounts to execute files in his homedirectory or /tmp")
++allow_xguest_exec_content _("User Privs") _("Allow xguest SELinux user accounts to execute files in his home directory or /tmp")
+allow_ypbind _("NIS") _("Allow daemons to run with NIS")
+allow_zebra_write_config _("Zebra") _("Allow zebra daemon to write it configuration files")
+browser_confine_staff _("Web Applications") _("Transition staff SELinux user to Web Browser Domain")
@@ -3137,7 +3137,7 @@
+courier_tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
+cpucontrol_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpucontrol daemon")
+cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon")
-+cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts.")
++cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts")
+crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon")
+cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd backend server")
+cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon")
@@ -3164,7 +3164,7 @@
+dnsmasq_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dnsmasq daemon")
+dovecot_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dovecot daemon")
+entropyd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for entropyd daemon")
-+fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron.")
++fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron")
+fetchmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fetchmail")
+fingerd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fingerd daemon")
+freshclam_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for freshclam daemon")
@@ -3172,7 +3172,7 @@
+ftpd_disable_trans _("FTP") _("Disable SELinux protection for ftpd daemon")
+ftpd_is_daemon _("FTP") _("Allow ftpd to run directly without inetd")
+ftp_home_dir _("FTP") _("Allow ftp to read/write files in the user home directories")
-+global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom.")
++global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom")
+gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon")
+gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon")
+hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hal daemon")
@@ -3183,18 +3183,18 @@
+hplip_disable_trans _("Printing") _("Disable SELinux protection for cups hplip daemon")
+httpd_builtin_scripting _("HTTPD Service") _("Allow HTTPD to support built-in scripting")
+httpd_can_sendmail _("HTTPD Service") _("Allow HTTPD to send mail")
-+httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases.")
-+httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network.")
-+httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay.")
++httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases")
++httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network")
++httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay")
+httpd_disable_trans _("HTTPD Service") _("Disable SELinux protection for httpd daemon")
+httpd_enable_cgi _("HTTPD Service") _("Allow HTTPD cgi support")
+httpd_enable_ftp_server _("HTTPD Service") _("Allow HTTPD to run as a ftp server")
+httpd_enable_homedirs _("HTTPD Service") _("Allow HTTPD to read home directories")
+httpd_rotatelogs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for httpd rotatelogs")
-+httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts.")
++httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts")
+httpd_suexec_disable_trans _("HTTPD Service") _("Disable SELinux protection for http suexec")
-+httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal. Needed for handling certificates.")
-+httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files.")
++httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal. Needed for handling certificates")
++httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files")
+hwclock_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hwclock daemon")
+i18n_input_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for i18n daemon")
+imazesrv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for imazesrv daemon")
@@ -3249,7 +3249,7 @@
+pppd_can_insmod _("pppd") _("Allow pppd daemon to insert modules into the kernel")
+pppd_disable_trans _("pppd") _("Disable SELinux protection for pppd daemon")
+pppd_disable_trans _("pppd") _("Disable SELinux protection for the mozilla ppp daemon")
-+pppd_for_user _("pppd") _("Allow pppd to be run for a regular user.")
++pppd_for_user _("pppd") _("Allow pppd to be run for a regular user")
+pptp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pptp")
+prelink_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for prelink daemon")
+privoxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for privoxy daemon")
@@ -3275,6 +3275,7 @@
+samba_enable_home_dirs _("Samba") _("Allow Samba to share users home directories")
+samba_share_nfs _("Samba") _("Allow Samba to share nfs directories")
+allow_saslauthd_read_shadow _("SASL authentication server") _("Allow sasl authentication server to read /etc/shadow")
++allow_xserver_execmem _("XServer") _("Allow X-Windows server to map a memory region as both executable and writable")
+saslauthd_disable_trans _("SASL authentication server") _("Disable SELinux protection for saslauthd daemon")
+scannerdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for scannerdaemon daemon")
+secure_mode _("Admin") _("Do not allow transition to sysadm_t, sudo and su effected")
@@ -3312,15 +3313,15 @@
+transproxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for transproxy daemon")
+udev_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for udev daemon")
+uml_switch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uml daemon")
-+unlimitedInetd _("Admin") _("Allow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly defined.")
-+unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined.")
-+unlimitedRPM _("Admin") _("Allow rpm to run unconfined.")
-+unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined.")
++unlimitedInetd _("Admin") _("Allow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly defined")
++unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined")
++unlimitedRPM _("Admin") _("Allow rpm to run unconfined")
++unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined")
+updfstab_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for updfstab daemon")
+uptimed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uptimed daemon")
+use_lpd_server _("Printing") _("Use lpd server instead of cups")
+use_nfs_home_dirs _("NFS") _("Support NFS home directories")
-+user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so.")
++user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so")
+user_can_mount _("Mount") _("Allow users to execute the mount command")
+user_direct_mouse _("User Privs") _("Allow regular users direct mouse access (only allow the X server)")
+user_dmesg _("User Privs") _("Allow users to run the dmesg command")
@@ -3347,14 +3348,14 @@
+ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon")
+ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon")
+zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon")
-+httpd_use_cifs _("HTTPD Service") _("Allow httpd to access samba/cifs file systems.")
-+httpd_use_nfs _("HTTPD Service") _("Allow httpd to access nfs file systems.")
++httpd_use_cifs _("HTTPD Service") _("Allow httpd to access samba/cifs file systems")
++httpd_use_nfs _("HTTPD Service") _("Allow httpd to access nfs file systems")
+samba_domain_controller _("Samba") _("Allow samba to act as the domain controller, add users, groups and change passwords")
+samba_export_all_ro _("Samba") _("Allow Samba to share any file/directory read only")
+samba_export_all_rw _("Samba") _("Allow Samba to share any file/directory read/write")
+samba_run_unconfined _("Samba") _("Allow Samba to run unconfined scripts in /var/lib/samba/scripts directory")
-+webadm_manage_users_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivledged users home directories.")
-+webadm_read_users_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivledged users home directories.")
++webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivledged users home directories")
++webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivledged users home directories")
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.22/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.313
retrieving revision 1.314
diff -u -r1.313 -r1.314
--- policycoreutils-rhat.patch 23 Jul 2007 14:40:24 -0000 1.313
+++ policycoreutils-rhat.patch 31 Jul 2007 19:39:20 -0000 1.314
@@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-2.0.22/audit2allow/Makefile
--- nsapolicycoreutils/audit2allow/Makefile 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/audit2allow/Makefile 2007-07-20 12:07:46.000000000 -0400
++++ policycoreutils-2.0.22/audit2allow/Makefile 2007-07-23 10:40:06.000000000 -0400
@@ -1,6 +1,7 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
@@ -18,9 +18,20 @@
-mkdir -p $(MANDIR)/man1
install -m 644 audit2allow.1 $(MANDIR)/man1/
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/ChangeLog policycoreutils-2.0.22/ChangeLog
+--- nsapolicycoreutils/ChangeLog 2007-07-16 14:20:43.000000000 -0400
++++ policycoreutils-2.0.22/ChangeLog 2007-06-21 05:17:13.000000000 -0400
+@@ -91,7 +91,6 @@
+ 1.33.15 2007-01-17
+ * Merged unicode-to-string fix for seobject audit from Dan Walsh.
+ * Merged man page updates to make "apropos selinux" work from Dan Walsh.
+-
+ 1.33.14 2007-01-16
+ * Merged newrole man page patch from Michael Thompson.
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.22/Makefile
--- nsapolicycoreutils/Makefile 2007-07-16 14:20:43.000000000 -0400
-+++ policycoreutils-2.0.22/Makefile 2007-07-20 12:07:46.000000000 -0400
++++ policycoreutils-2.0.22/Makefile 2007-07-23 10:40:06.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@@ -29,7 +40,7 @@
@for subdir in $(SUBDIRS); do \
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.22/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/restorecond/Makefile 2007-07-20 12:07:46.000000000 -0400
++++ policycoreutils-2.0.22/restorecond/Makefile 2007-07-23 10:40:06.000000000 -0400
@@ -22,7 +22,7 @@
-mkdir -p $(INITDIR)
install -m 644 restorecond.init $(INITDIR)/restorecond
@@ -41,7 +52,7 @@
/sbin/restorecon $(SBINDIR)/restorecond
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.22/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/restorecond/restorecond.c 2007-07-20 12:07:46.000000000 -0400
++++ policycoreutils-2.0.22/restorecond/restorecond.c 2007-07-23 10:40:06.000000000 -0400
@@ -210,9 +210,10 @@
}
@@ -70,7 +81,7 @@
close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/run_init/Makefile policycoreutils-2.0.22/run_init/Makefile
--- nsapolicycoreutils/run_init/Makefile 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/run_init/Makefile 2007-07-20 12:07:46.000000000 -0400
++++ policycoreutils-2.0.22/run_init/Makefile 2007-07-23 10:40:06.000000000 -0400
@@ -34,8 +34,8 @@
install: all
test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
@@ -84,7 +95,7 @@
ifeq (${PAMH}, /usr/include/security/pam_appl.h)
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.22/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/scripts/chcat 2007-07-20 12:07:46.000000000 -0400
++++ policycoreutils-2.0.22/scripts/chcat 2007-07-23 10:40:06.000000000 -0400
@@ -77,7 +77,7 @@
if len(cats) > 0:
@@ -105,7 +116,16 @@
if add_ind:
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.22/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/scripts/fixfiles 2007-07-23 10:25:32.000000000 -0400
++++ policycoreutils-2.0.22/scripts/fixfiles 2007-07-31 15:36:53.000000000 -0400
+@@ -88,7 +88,7 @@
+ esac; \
+ fi; \
+ done | \
+- while read pattern ; do find $pattern \
++ while read pattern ; do sh -c "find $pattern" \
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
+ \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
+ done 2> /dev/null | \
@@ -108,6 +108,7 @@
rpmlist() {
@@ -116,7 +136,7 @@
#
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.22/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/scripts/genhomedircon 2007-07-20 12:07:46.000000000 -0400
++++ policycoreutils-2.0.22/scripts/genhomedircon 2007-07-23 10:40:06.000000000 -0400
@@ -302,7 +302,7 @@
regex = re.sub("\(\/\.\*\)\?", "", regex)
@@ -128,7 +148,7 @@
continue
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.22/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/semanage/semanage 2007-07-20 12:07:46.000000000 -0400
++++ policycoreutils-2.0.22/semanage/semanage 2007-07-23 10:40:06.000000000 -0400
@@ -34,7 +34,10 @@
sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
@@ -143,7 +163,7 @@
__builtin__.__dict__['_'] = unicode
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.22/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/semanage/seobject.py 2007-07-20 12:07:46.000000000 -0400
++++ policycoreutils-2.0.22/semanage/seobject.py 2007-07-31 09:55:36.000000000 -0400
@@ -210,6 +210,7 @@
os.write(fd, self.out())
os.close(fd)
@@ -152,7 +172,58 @@
class semanageRecords:
def __init__(self):
-@@ -1283,9 +1284,12 @@
+@@ -1051,26 +1052,30 @@
+ raise ValueError(_("Could not create file context for %s") % target)
+
+ rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
+- (rc, con) = semanage_context_create(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not create context for %s") % target)
+-
+- rc = semanage_context_set_user(self.sh, con, seuser)
+- if rc < 0:
+- raise ValueError(_("Could not set user in file context for %s") % target)
+-
+- rc = semanage_context_set_role(self.sh, con, "object_r")
+- if rc < 0:
+- raise ValueError(_("Could not set role in file context for %s") % target)
+-
+- rc = semanage_context_set_type(self.sh, con, type)
+- if rc < 0:
+- raise ValueError(_("Could not set type in file context for %s") % target)
+-
+- if serange != "":
+- rc = semanage_context_set_mls(self.sh, con, serange)
+- if rc < 0:
+- raise ValueError(_("Could not set mls fields in file context for %s") % target)
++ if type == "<<none>>":
++ rc, con = semanage_context_from_string(self.sh, type)
++ if rc < 0:
++ raise ValueError(_("Could not set context from string %s for %s") % (type, target))
++ else:
++ (rc, con) = semanage_context_create(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not create context for %s") % target)
++ rc = semanage_context_set_user(self.sh, con, seuser)
++ if rc < 0:
++ raise ValueError(_("Could not set user in file context for %s") % target)
++
++ rc = semanage_context_set_role(self.sh, con, "object_r")
++ if rc < 0:
++ raise ValueError(_("Could not set role in file context for %s") % target)
++
++ rc = semanage_context_set_type(self.sh, con, type)
++ if rc < 0:
++ raise ValueError(_("Could not set type in file context for %s") % target)
++
++ if serange != "":
++ rc = semanage_context_set_mls(self.sh, con, serange)
++ if rc < 0:
++ raise ValueError(_("Could not set mls fields in file context for %s") % target)
+
+ semanage_fcontext_set_type(fcontext, file_types[ftype])
+
+@@ -1283,9 +1288,12 @@
raise ValueError(_("Could not list booleans"))
for boolean in self.blist:
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.430
retrieving revision 1.431
diff -u -r1.430 -r1.431
--- policycoreutils.spec 27 Jul 2007 19:10:57 -0000 1.430
+++ policycoreutils.spec 31 Jul 2007 19:39:20 -0000 1.431
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.22
-Release: 10%{?dist}
+Release: 11%{?dist}
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -192,6 +192,9 @@
fi
%changelog
+* Fri Jul 27 2007 Dan Walsh <dwalsh at redhat.com> 2.0.22-11
+- Fixfiles update required to match new regex
+
* Fri Jul 27 2007 Dan Walsh <dwalsh at redhat.com> 2.0.22-10
- Update booleans translations
- Previous message (by thread): rpms/gnome-mount/devel .cvsignore, 1.9, 1.10 gnome-mount.spec, 1.29, 1.30 sources, 1.9, 1.10
- Next message (by thread): rpms/glibc/devel glibc-fallocate.patch, NONE, 1.1 glibc.spec, 1.310, 1.311
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list