rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.325, 1.326 policycoreutils.spec, 1.457, 1.458
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Oct 4 14:30:33 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16951
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Tue Oct 2 2007 Dan Walsh <dwalsh at redhat.com> 2.0.27-7
- Add genhomedircon script to rebuild file_context for shadow-utils
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.325
retrieving revision 1.326
diff -u -r1.325 -r1.326
--- policycoreutils-rhat.patch 24 Sep 2007 20:43:32 -0000 1.325
+++ policycoreutils-rhat.patch 4 Oct 2007 14:30:30 -0000 1.326
@@ -1,15 +1,15 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.26/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.27/Makefile
--- nsapolicycoreutils/Makefile 2007-07-16 14:20:43.000000000 -0400
-+++ policycoreutils-2.0.26/Makefile 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.27/Makefile 2007-10-03 11:23:39.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
all install relabel clean indent:
@for subdir in $(SUBDIRS); do \
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.26/restorecond/restorecond.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.27/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.26/restorecond/restorecond.c 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.27/restorecond/restorecond.c 2007-10-03 11:23:39.000000000 -0400
@@ -210,9 +210,10 @@
}
@@ -36,9 +36,33 @@
}
free(scontext);
close(fd);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.26/semanage/semanage
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.27/scripts/genhomedircon
+--- nsapolicycoreutils/scripts/genhomedircon 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.27/scripts/genhomedircon 2007-10-04 09:47:05.000000000 -0400
+@@ -0,0 +1,2 @@
++#!/bin/sh
++semodule -Bn
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.27/scripts/Makefile
+--- nsapolicycoreutils/scripts/Makefile 2007-08-23 16:52:26.000000000 -0400
++++ policycoreutils-2.0.27/scripts/Makefile 2007-10-04 10:25:50.000000000 -0400
+@@ -5,12 +5,13 @@
+ MANDIR ?= $(PREFIX)/share/man
+ LOCALEDIR ?= /usr/share/locale
+
+-all: fixfiles
++all: fixfiles genhomedircon
+
+ install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 chcat $(BINDIR)
+ install -m 755 fixfiles $(DESTDIR)/sbin
++ install -m 755 genhomedircon $(SBINDIR)
+ -mkdir -p $(MANDIR)/man8
+ install -m 644 fixfiles.8 $(MANDIR)/man8/
+ install -m 644 chcat.8 $(MANDIR)/man8/
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.27/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2007-08-23 16:52:26.000000000 -0400
-+++ policycoreutils-2.0.26/semanage/semanage 2007-09-24 16:41:52.000000000 -0400
++++ policycoreutils-2.0.27/semanage/semanage 2007-10-03 11:25:41.000000000 -0400
@@ -48,13 +48,14 @@
def usage(message = ""):
@@ -55,7 +79,7 @@
\
Primary Options:\n\
\
-@@ -62,6 +63,8 @@
+@@ -62,10 +63,12 @@
-d, --delete Delete a OBJECT record NAME\n\
-m, --modify Modify a OBJECT record NAME\n\
-l, --list List the OBJECTS\n\n\
@@ -63,13 +87,19 @@
+ -D, --deleteall Remove all OBJECTS local customizations\n\
\
-h, --help Display this message\n\
- -n, --noheading Do not print heading when listing OBJECTS\n\n\
+- -n, --noheading Do not print heading when listing OBJECTS\n\n\
+-\
++ -n, --noheading Do not print heading when listing OBJECTS\n\
++ -S, --store Select and alternate SELinux store to manage\n\n\
+ Object-specific Options (see above):\n\
+ -f, --ftype File Type of OBJECT \n\
+ "" (all files) \n\
@@ -98,7 +101,7 @@
def get_options():
valid_option={}
- valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ]
-+ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall']
++ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
valid_option["login"] = []
valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
valid_option["user"] = []
@@ -82,22 +112,23 @@
return valid_option
#
-@@ -134,7 +139,9 @@
+@@ -134,7 +139,10 @@
add = 0
modify = 0
delete = 0
+ deleteall = 0
list = 0
+ locallist = 0
++ store = ""
if len(sys.argv) < 3:
usage(_("Requires 2 or more arguments"))
-@@ -146,14 +153,16 @@
+@@ -146,16 +154,19 @@
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- 'adf:lhmnp:s:R:L:r:t:T:P:',
-+ 'adf:lhmnp:s:CDR:L:r:t:T:P:',
++ 'adf:lhmnp:s:CDR:L:r:t:T:P:S:',
['add',
'delete',
+ 'deleteall',
@@ -109,8 +140,11 @@
+ 'localist',
'proto=',
'seuser=',
++ 'store=',
'range=',
-@@ -177,6 +186,10 @@
+ 'level=',
+ 'roles=',
+@@ -177,6 +188,10 @@
if modify or add:
usage()
delete = 1
@@ -121,7 +155,7 @@
if o == "-f" or o == "--ftype":
ftype=a
if o == "-h" or o == "--help":
-@@ -185,6 +198,9 @@
+@@ -185,11 +200,17 @@
if o == "-n" or o == "--noheading":
heading=0
@@ -131,13 +165,40 @@
if o == "-m"or o == "--modify":
if delete or add:
usage()
-@@ -236,17 +252,24 @@
- if object == "fcontext":
- OBJECT = seobject.fcontextRecords()
+ modify = 1
+
++ if o == "-S" or o == '--store':
++ store = a
++
+ if o == "-r" or o == '--range':
+ if is_mls_enabled == 0:
+ errorExit(_("range not supported on Non MLS machines"))
+@@ -222,31 +243,38 @@
+ setrans = a
+
+ if object == "login":
+- OBJECT = seobject.loginRecords()
++ OBJECT = seobject.loginRecords(store)
+
+ if object == "user":
+- OBJECT = seobject.seluserRecords()
++ OBJECT = seobject.seluserRecords(store)
+
+ if object == "port":
+- OBJECT = seobject.portRecords()
++ OBJECT = seobject.portRecords(store)
-+ if object == "boolean":
-+ OBJECT = seobject.booleanRecords()
+ if object == "interface":
+- OBJECT = seobject.interfaceRecords()
++ OBJECT = seobject.interfaceRecords(store)
+
+ if object == "fcontext":
+- OBJECT = seobject.fcontextRecords()
++ OBJECT = seobject.fcontextRecords(store)
+
++ if object == "boolean":
++ OBJECT = seobject.booleanRecords(store)
+
if object == "translation":
OBJECT = seobject.setransRecords()
@@ -159,7 +220,7 @@
if add:
if object == "login":
-@@ -274,6 +297,9 @@
+@@ -274,6 +302,9 @@
sys.exit(0);
if modify:
@@ -169,9 +230,9 @@
if object == "login":
OBJECT.modify(target, seuser, serange)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.26/semanage/seobject.py
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.27/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.26/semanage/seobject.py 2007-09-24 16:42:14.000000000 -0400
++++ policycoreutils-2.0.27/semanage/seobject.py 2007-10-03 11:24:40.000000000 -0400
@@ -170,7 +170,7 @@
rec += "%s=%s\n" % (k, self.ddict[k])
return rec
@@ -181,15 +242,37 @@
if heading:
print "\n%-25s %s\n" % (_("Level"), _("Translation"))
keys = self.ddict.keys()
-@@ -210,6 +210,7 @@
+@@ -210,13 +210,17 @@
os.write(fd, self.out())
os.close(fd)
os.rename(newfilename, self.filename)
+ os.system("/sbin/service mcstrans reload > /dev/null")
class semanageRecords:
- def __init__(self):
-@@ -389,10 +390,12 @@
+- def __init__(self):
++ def __init__(self, store):
+ self.sh = semanage_handle_create()
+ if not self.sh:
+ raise ValueError(_("Could not create semanage handle"))
+
++ if store != "":
++ semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT);
++
+ self.semanaged = semanage_is_managed(self.sh)
+
+ if not self.semanaged:
+@@ -234,8 +238,8 @@
+ raise ValueError(_("Could not establish semanage connection"))
+
+ class loginRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
+
+ def add(self, name, sename, serange):
+ if is_mls_enabled == 1:
+@@ -389,10 +393,12 @@
mylog.log(1,"delete SELinux user mapping", name);
semanage_seuser_key_free(k)
@@ -205,7 +288,7 @@
if rc < 0:
raise ValueError(_("Could not list login mappings"))
-@@ -401,8 +404,8 @@
+@@ -401,8 +407,8 @@
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
return ddict
@@ -216,7 +299,18 @@
keys = ddict.keys()
keys.sort()
if is_mls_enabled == 1:
-@@ -601,9 +604,12 @@
+@@ -417,8 +423,8 @@
+ print "%-25s %-25s" % (k, ddict[k][0])
+
+ class seluserRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
+
+ def add(self, name, roles, selevel, serange, prefix):
+ if is_mls_enabled == 1:
+@@ -601,9 +607,12 @@
mylog.log(1,"delete SELinux user record", name)
semanage_user_key_free(k)
@@ -231,7 +325,7 @@
if rc < 0:
raise ValueError(_("Could not list SELinux users"))
-@@ -618,8 +624,8 @@
+@@ -618,8 +627,8 @@
return ddict
@@ -242,7 +336,18 @@
keys = ddict.keys()
keys.sort()
if is_mls_enabled == 1:
-@@ -795,9 +801,12 @@
+@@ -635,8 +644,8 @@
+ print "%-15s %s" % (k, ddict[k][3])
+
+ class portRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
+
+ def __genkey(self, port, proto):
+ if proto == "tcp":
+@@ -795,9 +804,12 @@
semanage_port_key_free(k)
@@ -257,7 +362,7 @@
if rc < 0:
raise ValueError(_("Could not list ports"))
-@@ -814,9 +823,12 @@
+@@ -814,9 +826,12 @@
ddict[(low, high)] = (ctype, proto_str, level)
return ddict
@@ -272,7 +377,7 @@
if rc < 0:
raise ValueError(_("Could not list ports"))
-@@ -837,10 +849,10 @@
+@@ -837,10 +852,10 @@
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
return ddict
@@ -285,7 +390,18 @@
keys = ddict.keys()
keys.sort()
for i in keys:
-@@ -995,9 +1007,12 @@
+@@ -851,8 +866,8 @@
+ print rec
+
+ class interfaceRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
+
+ def add(self, interface, serange, ctype):
+ if is_mls_enabled == 1:
+@@ -995,9 +1010,12 @@
semanage_iface_key_free(k)
@@ -300,7 +416,7 @@
if rc < 0:
raise ValueError(_("Could not list interfaces"))
-@@ -1007,10 +1022,10 @@
+@@ -1007,10 +1025,10 @@
return ddict
@@ -313,11 +429,17 @@
keys = ddict.keys()
keys.sort()
if is_mls_enabled:
-@@ -1024,14 +1039,31 @@
- def __init__(self):
- semanageRecords.__init__(self)
-
+@@ -1021,17 +1039,34 @@
+ print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
+
+ class fcontextRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
+-
- def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
++
+ def createcon(self, target, seuser = "system_u"):
+ (rc, con) = semanage_context_create(self.sh)
+ if rc < 0:
@@ -350,16 +472,14 @@
if type == "":
raise ValueError(_("SELinux Type is required"))
-@@ -1051,33 +1083,23 @@
+@@ -1051,33 +1086,23 @@
raise ValueError(_("Could not create file context for %s") % target)
rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
- (rc, con) = semanage_context_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create context for %s") % target)
-+ if type != "<<none>>":
-+ con = self.createcon(target, seuser)
-
+-
- rc = semanage_context_set_user(self.sh, con, seuser)
- if rc < 0:
- raise ValueError(_("Could not set user in file context for %s") % target)
@@ -367,7 +487,9 @@
- rc = semanage_context_set_role(self.sh, con, "object_r")
- if rc < 0:
- raise ValueError(_("Could not set role in file context for %s") % target)
--
++ if type != "<<none>>":
++ con = self.createcon(target, seuser)
+
- rc = semanage_context_set_type(self.sh, con, type)
- if rc < 0:
- raise ValueError(_("Could not set type in file context for %s") % target)
@@ -397,7 +519,7 @@
rc = semanage_begin_transaction(self.sh)
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
-@@ -1090,7 +1112,8 @@
+@@ -1090,7 +1115,8 @@
if rc < 0:
raise ValueError(_("Could not add file context for %s") % target)
@@ -407,7 +529,7 @@
semanage_fcontext_key_free(k)
semanage_fcontext_free(fcontext)
-@@ -1112,16 +1135,29 @@
+@@ -1112,16 +1138,29 @@
if rc < 0:
raise ValueError(_("Could not query file context for %s") % target)
@@ -446,7 +568,7 @@
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
-@@ -1167,17 +1203,20 @@
+@@ -1167,17 +1206,20 @@
semanage_fcontext_key_free(k)
@@ -476,7 +598,7 @@
for fcontext in self.flist:
expr = semanage_fcontext_get_expr(fcontext)
-@@ -1191,10 +1230,10 @@
+@@ -1191,10 +1233,10 @@
return l
@@ -489,7 +611,20 @@
for fcon in fcon_list:
if len(fcon) > 3:
if is_mls_enabled:
-@@ -1266,34 +1305,62 @@
+@@ -1205,9 +1247,9 @@
+ print "%-50s %-18s <<None>>" % (fcon[0], fcon[1])
+
+ class booleanRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
+-
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
++
+ def modify(self, name, value = ""):
+ if value == "":
+ raise ValueError(_("Requires value"))
+@@ -1266,34 +1308,62 @@
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
@@ -563,9 +698,9 @@
if ddict[k]:
- print "%-50s %-18s " % (k[0], ddict[k][0])
+ print "%-50s %7d %7d %7d " % (k, ddict[k][0],ddict[k][1], ddict[k][2])
-diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.26/semodule/semodule.8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.27/semodule/semodule.8
--- nsapolicycoreutils/semodule/semodule.8 2007-07-16 14:20:42.000000000 -0400
-+++ policycoreutils-2.0.26/semodule/semodule.8 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.27/semodule/semodule.8 2007-10-03 11:23:39.000000000 -0400
@@ -23,6 +23,9 @@
.B \-B, \-\-build
force a rebuild of policy (also reloads unless -n is used)
@@ -587,3 +722,43 @@
# Install or replace all non-base modules in the current directory.
$ semodule -i *.pp
# Install or replace all modules in the current directory.
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.27/setfiles/setfiles.c
+--- nsapolicycoreutils/setfiles/setfiles.c 2007-09-18 16:27:24.000000000 -0400
++++ policycoreutils-2.0.27/setfiles/setfiles.c 2007-10-03 11:23:39.000000000 -0400
+@@ -21,6 +21,7 @@
+ #include <libgen.h>
+ #ifdef USE_AUDIT
+ #include <libaudit.h>
++#include <time.h>
+
+ #ifndef AUDIT_FS_RELABEL
+ #define AUDIT_FS_RELABEL 2309
+@@ -28,6 +29,7 @@
+ #endif
+ static int mass_relabel;
+ static int mass_relabel_errs;
++static time_t starttime;
+
+ static FILE *outfile = NULL;
+ static int force = 0;
+@@ -540,6 +542,12 @@
+ if (!change || user_only_changed)
+ goto out;
+
++ if ( (my_sb.st_nlink>1) ) {
++ fprintf(stderr, "warning: %s has hard links\n", my_file);
++ if ( my_sb.st_ctime >= starttime) {
++ fprintf(stderr, "warning: %s changed since run %s\n", my_file, progname);
++ }
++ }
+ /*
+ * Relabel the file to the specified context.
+ */
+@@ -750,6 +758,7 @@
+ { SELABEL_OPT_BASEONLY, NULL },
+ { SELABEL_OPT_PATH, NULL }
+ };
++ starttime = time(NULL);
+
+ memset(excludeArray, 0, sizeof(excludeArray));
+ altpath = NULL;
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.457
retrieving revision 1.458
diff -u -r1.457 -r1.458
--- policycoreutils.spec 3 Oct 2007 02:45:19 -0000 1.457
+++ policycoreutils.spec 4 Oct 2007 14:30:30 -0000 1.458
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.27
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -134,6 +134,7 @@
/sbin/restorecon
/sbin/fixfiles
/sbin/setfiles
+%{_sbindir}/genhomedircon
%{_sbindir}/restorecond
%{_sbindir}/setsebool
%{_sbindir}/semodule
@@ -199,6 +200,9 @@
fi
%changelog
+* Tue Oct 2 2007 Dan Walsh <dwalsh at redhat.com> 2.0.27-7
+- Add genhomedircon script to rebuild file_context for shadow-utils
+
* Tue Oct 2 2007 Dan Walsh <dwalsh at redhat.com> 2.0.27-6
- Update translations
More information about the fedora-extras-commits
mailing list