rpms/policycoreutils/devel .cvsignore, 1.182, 1.183 policycoreutils-rhat.patch, 1.372, 1.373 policycoreutils.spec, 1.535, 1.536 sources, 1.187, 1.188
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Jul 2 21:23:45 UTC 2008
- Previous message (by thread): rpms/logjam/devel logjam-4.5.3-close_when_send.patch, NONE, 1.1 logjam-4.5.3-imageresize.patch, NONE, 1.1 logjam-4.5.3-no_quit_when_docked.patch, NONE, 1.1 logjam-4.5.3-uk.po.patch, NONE, 1.1 logjam.spec, 1.45, 1.46
- Next message (by thread): rpms/kernel/F-8 kernel.spec, 1.481, 1.482 linux-2.6-wireless-fixups.patch, 1.3, 1.4 linux-2.6-wireless-pending.patch, 1.49, 1.50 linux-2.6-wireless.patch, 1.44, 1.45
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21001
Modified Files:
.cvsignore policycoreutils-rhat.patch policycoreutils.spec
sources
Log Message:
* Wed Jul 2 2008 Dan Walsh <dwalsh at redhat.com> 2.0.52-1
- Default prefix to "user"
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.182
retrieving revision 1.183
diff -u -r1.182 -r1.183
--- .cvsignore 2 Jul 2008 00:52:32 -0000 1.182
+++ .cvsignore 2 Jul 2008 21:22:58 -0000 1.183
@@ -182,3 +182,4 @@
policycoreutils-2.0.50.tgz
sepolgen-1.0.12.tgz
policycoreutils-2.0.51.tgz
+policycoreutils-2.0.52.tgz
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.372
retrieving revision 1.373
diff -u -r1.372 -r1.373
--- policycoreutils-rhat.patch 2 Jul 2008 00:52:32 -0000 1.372
+++ policycoreutils-rhat.patch 2 Jul 2008 21:22:58 -0000 1.373
@@ -1,15 +1,15 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.50/Makefile
---- nsapolicycoreutils/Makefile 2007-12-19 06:02:52.000000000 -0500
-+++ policycoreutils-2.0.50/Makefile 2008-07-01 14:59:58.000000000 -0400
+diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.52/Makefile
+--- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400
++++ policycoreutils-2.0.52/Makefile 2008-07-02 13:43:21.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.50/restorecond/restorecond.c
---- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.50/restorecond/restorecond.c 2008-07-01 14:59:58.000000000 -0400
+diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.52/restorecond/restorecond.c
+--- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400
++++ policycoreutils-2.0.52/restorecond/restorecond.c 2008-07-02 13:43:21.000000000 -0400
@@ -210,9 +210,10 @@
}
@@ -36,137 +36,26 @@
}
free(scontext);
close(fd);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.50/semanage/semanage
---- nsapolicycoreutils/semanage/semanage 2008-05-06 14:33:04.000000000 -0400
-+++ policycoreutils-2.0.50/semanage/semanage 2008-07-01 20:31:40.000000000 -0400
-@@ -43,49 +43,52 @@
- if __name__ == '__main__':
-
- def usage(message = ""):
-- print _('\
--semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n] \n\
--semanage login -{a|d|m} [-sr] login_name\n\
--semanage user -{a|d|m} [-LrRP] selinux_name\n\
--semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range\n\
--semanage interface -{a|d|m} [-tr] interface_spec\n\
--semanage fcontext -{a|d|m} [-frst] file_spec\n\
--semanage translation -{a|d|m} [-T] level\n\n\
--semanage boolean -{d|m} boolean\n\n\
--\
--Primary Options:\n\
--\
-- -a, --add Add a OBJECT record NAME\n\
-- -d, --delete Delete a OBJECT record NAME\n\
-- -m, --modify Modify a OBJECT record NAME\n\
-- -l, --list List the OBJECTS\n\n\
-- -C, --locallist List OBJECTS local customizations\n\n\
-- -D, --deleteall Remove all OBJECTS local customizations\n\
--\
-- -h, --help Display this message\n\
-- -n, --noheading Do not print heading when listing OBJECTS\n\
-- -S, --store Select and alternate SELinux store to manage\n\n\
--Object-specific Options (see above):\n\
-- -f, --ftype File Type of OBJECT \n\
-- "" (all files) \n\
-- -- (regular file) \n\
-- -d (directory) \n\
-- -c (character device) \n\
-- -b (block device) \n\
-- -s (socket) \n\
-- -l (symbolic link) \n\
-- -p (named pipe) \n\n\
--\
-- -p, --proto Port protocol (tcp or udp)\n\
-- -P, --prefix Prefix for home directory labeling\n\
-- -L, --level Default SELinux Level (MLS/MCS Systems only)\n\
-- -R, --roles SELinux Roles (ex: "sysadm_r staff_r")\n\
-- -T, --trans SELinux Level Translation (MLS/MCS Systems only)\n\n\
--\
-- -s, --seuser SELinux User Name\n\
-- -t, --type SELinux Type for the object\n\
-- -r, --range MLS/MCS Security Range (MLS/MCS Systems only)\n\
--')
-+ print _("""
-+semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n]
-+semanage login -{a|d|m} [-sr] login_name
-+semanage user -{a|d|m} [-LrRP] selinux_name
-+semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
-+semanage interface -{a|d|m} [-tr] interface_spec
-+semanage fcontext -{a|d|m} [-frst] file_spec
-+semanage translation -{a|d|m} [-T] level
-+semanage boolean -{d|m} boolean
-+semanage permissive -{d|a} type
-+
-+Primary Options:
-+
-+ -a, --add Add a OBJECT record NAME
-+ -d, --delete Delete a OBJECT record NAME
-+ -m, --modify Modify a OBJECT record NAME
-+ -l, --list List the OBJECTS
-+ -C, --locallist List OBJECTS local customizations
-+ -D, --deleteall Remove all OBJECTS local customizations
-+
-+ -h, --help Display this message
-+ -n, --noheading Do not print heading when listing OBJECTS
-+ -S, --store Select and alternate SELinux store to manage
-+
-+Object-specific Options (see above):
-+
-+ -f, --ftype File Type of OBJECT
-+ "" (all files)
-+ -- (regular file)
-+ -d (directory)
-+ -c (character device)
-+ -b (block device)
-+ -s (socket)
-+ -l (symbolic link)
-+ -p (named pipe)
-+
-+ -p, --proto Port protocol (tcp or udp)
-+ -P, --prefix Prefix for home directory labeling
-+ -L, --level Default SELinux Level (MLS/MCS Systems only)
-+ -R, --roles SELinux Roles (ex: "sysadm_r staff_r")
-+ -T, --trans SELinux Level Translation (MLS/MCS Systems only)
-+
-+ -s, --seuser SELinux User Name
-+ -t, --type SELinux Type for the object
-+ -r, --range MLS/MCS Security Range (MLS/MCS Systems only)
-+""")
- print message
- sys.exit(1)
-
-@@ -112,6 +115,8 @@
- valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
- valid_option["boolean"] = []
- valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
-+ valid_option["permissive"] = []
-+ valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
- return valid_option
-
- #
-@@ -266,6 +271,9 @@
- if object == "translation":
- OBJECT = seobject.setransRecords()
-
-+ if object == "permissive":
-+ OBJECT = seobject.permissiveRecords(store)
-+
- if list:
- OBJECT.list(heading, locallist)
- sys.exit(0);
-@@ -302,6 +310,9 @@
-
- if object == "fcontext":
- OBJECT.add(target, setype, ftype, serange, seuser)
-+ if object == "permissive":
-+ OBJECT.add(target)
-+
- sys.exit(0);
-
- if modify:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.50/semanage/semanage.8
---- nsapolicycoreutils/semanage/semanage.8 2008-05-06 14:33:04.000000000 -0400
-+++ policycoreutils-2.0.50/semanage/semanage.8 2008-07-01 20:33:48.000000000 -0400
+diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.52/semanage/semanage
+--- nsapolicycoreutils/semanage/semanage 2008-07-02 17:19:15.000000000 -0400
++++ policycoreutils-2.0.52/semanage/semanage 2008-07-02 13:43:21.000000000 -0400
+@@ -297,9 +297,10 @@
+ if object == "user":
+ rlist = roles.split()
+ if len(rlist) == 0:
+- raise ValueError(_("You must specify a role"))
+- if prefix == "":
+- raise ValueError(_("You must specify a prefix"))
++ raise ValueError(_("You must specify a role"))
++ if prefix == "":
++ prefix = "user"
++
+ OBJECT.add(target, rlist, selevel, serange, prefix)
+
+ if object == "port":
+diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.52/semanage/semanage.8
+--- nsapolicycoreutils/semanage/semanage.8 2008-07-02 17:19:15.000000000 -0400
++++ policycoreutils-2.0.52/semanage/semanage.8 2008-07-02 13:43:21.000000000 -0400
@@ -3,7 +3,7 @@
semanage \- SELinux Policy Management tool
@@ -176,16 +65,7 @@
.br
.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
.br
-@@ -17,6 +17,8 @@
- .br
- .B semanage fcontext \-{a|d|m} [\-frst] file_spec
- .br
-+.B semanage permissive \-{a|d} type
-+.br
- .B semanage translation \-{a|d|m} [\-T] level
- .P
-
-@@ -85,6 +87,9 @@
+@@ -87,6 +87,9 @@
.I \-s, \-\-seuser
SELinux user name
.TP
@@ -195,150 +75,3 @@
.I \-t, \-\-type
SELinux Type for the object
.TP
-@@ -101,10 +106,11 @@
- $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
- # Allow Apache to listen on port 81
- $ semanage port -a -t http_port_t -p tcp 81
-+# Change apache to a permissive domain
-+$ semanage permissive -a http_t
- .fi
-
- .SH "AUTHOR"
- This man page was written by Daniel Walsh <dwalsh at redhat.com> and
- Russell Coker <rcoker at redhat.com>.
- Examples by Thomas Bleher <ThomasBleher at gmx.de>.
--
-diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.50/semanage/seobject.py
---- nsapolicycoreutils/semanage/seobject.py 2008-05-16 10:55:38.000000000 -0400
-+++ policycoreutils-2.0.50/semanage/seobject.py 2008-07-01 20:30:55.000000000 -0400
-@@ -1,5 +1,5 @@
- #! /usr/bin/python -E
--# Copyright (C) 2005, 2006, 2007 Red Hat
-+# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
- # see file 'COPYING' for use and warranty information
- #
- # semanage is a tool for managing SELinux configuration files
-@@ -24,7 +24,9 @@
- import pwd, string, selinux, tempfile, os, re, sys
- from semanage import *;
- PROGNAME="policycoreutils"
-+import sepolgen.module as module
-
-+import commands
- import gettext
- gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
- gettext.textdomain(PROGNAME)
-@@ -246,7 +248,103 @@
- os.close(fd)
- os.rename(newfilename, self.filename)
- os.system("/sbin/service mcstrans reload > /dev/null")
--
-+
-+class permissiveRecords:
-+ def __init__(self, store):
-+ self.store = store
-+ self.sh = semanage_handle_create()
-+ if not self.sh:
-+ raise ValueError(_("Could not create semanage handle"))
-+
-+ if store != "":
-+ semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT);
-+
-+ self.semanaged = semanage_is_managed(self.sh)
-+
-+ if not self.semanaged:
-+ semanage_handle_destroy(self.sh)
-+ raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
-+
-+ rc = semanage_access_check(self.sh)
-+ if rc < SEMANAGE_CAN_READ:
-+ semanage_handle_destroy(self.sh)
-+ raise ValueError(_("Cannot read policy store."))
-+
-+ rc = semanage_connect(self.sh)
-+ if rc < 0:
-+ semanage_handle_destroy(self.sh)
-+ raise ValueError(_("Could not establish semanage connection"))
-+
-+ def get_all(self):
-+ l = []
-+ (rc, mlist, number) = semanage_module_list(self.sh)
-+ if rc < 0:
-+ raise ValueError(_("Could not list SELinux modules"))
-+
-+ for i in range(number):
-+ mod = semanage_module_list_nth(mlist, i)
-+ name = semanage_module_get_name(mod)
-+ if name and name.startswith("permissive_"):
-+ l.append(name.split("permissive_")[1])
-+ return l
-+
-+ def list(self,heading = 1, locallist = 0):
-+ if heading:
-+ print "\n%-25s\n" % (_("Permissive Types"))
-+ for t in self.get_all():
-+ print t
-+
-+
-+ def add(self, type):
-+ name = "permissive_%s" % type
-+ dirname = "/var/lib/selinux"
-+ os.chdir(dirname)
-+ filename = "%s.te" % name
-+ modtxt = """
-+module %s 1.0;
-+
-+require {
-+ type %s;
-+}
-+
-+permissive %s;
-+""" % (name, type, type)
-+ fd = open(filename,'w')
-+ fd.write(modtxt)
-+ fd.close()
-+ mc = module.ModuleCompiler()
-+ mc.create_module_package(filename, 1)
-+ fd = open("permissive_%s.pp" % type)
-+ data = fd.read()
-+ fd.close()
-+
-+ rc = semanage_module_install(self.sh, data, len(data));
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError(_("Could not set permissive domain %s") % name)
-+ for root, dirs, files in os.walk("tmp", topdown=False):
-+ for name in files:
-+ os.remove(os.path.join(root, name))
-+ for name in dirs:
-+ os.rmdir(os.path.join(root, name))
-+
-+ if rc != 0:
-+ raise ValueError(out)
-+
-+
-+ def delete(self, name):
-+ for n in name.split():
-+ rc = semanage_module_remove(self.sh, "permissive_%s" % n)
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError(_("Could not remove permissive domain %s") % name)
-+
-+ def deleteall(self):
-+ l = self.get_all()
-+ if len(l) > 0:
-+ all = " ".join(l)
-+ self.delete(all)
-+
- class semanageRecords:
- def __init__(self, store):
- self.sh = semanage_handle_create()
-@@ -464,7 +562,7 @@
- def __init__(self, store = ""):
- semanageRecords.__init__(self, store)
-
-- def add(self, name, roles, selevel, serange, prefix):
-+ def add(self, name, roles, selevel, serange, prefix = "user"):
- if is_mls_enabled == 1:
- if serange == "":
- serange = "s0"
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.535
retrieving revision 1.536
diff -u -r1.535 -r1.536
--- policycoreutils.spec 2 Jul 2008 02:04:52 -0000 1.535
+++ policycoreutils.spec 2 Jul 2008 21:22:59 -0000 1.536
@@ -5,8 +5,8 @@
%define sepolgenver 1.0.12
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.0.51
-Release: 2%{?dist}
+Version: 2.0.52
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -192,6 +192,9 @@
fi
%changelog
+* Wed Jul 2 2008 Dan Walsh <dwalsh at redhat.com> 2.0.52-1
+- Default prefix to "user"
+
* Tue Jul 1 2008 Dan Walsh <dwalsh at redhat.com> 2.0.50-2
- Remove semodule use within semanage
- Fix launching of polgengui from toolbar
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/sources,v
retrieving revision 1.187
retrieving revision 1.188
diff -u -r1.187 -r1.188
--- sources 2 Jul 2008 00:52:32 -0000 1.187
+++ sources 2 Jul 2008 21:22:59 -0000 1.188
@@ -1,2 +1,2 @@
4813a1ed80f19068ed9897165f073e8b sepolgen-1.0.12.tgz
-9189683c9449c459ad5d7870d9e22085 policycoreutils-2.0.51.tgz
+311e95b3374fe1993fb91a303b6675b2 policycoreutils-2.0.52.tgz
- Previous message (by thread): rpms/logjam/devel logjam-4.5.3-close_when_send.patch, NONE, 1.1 logjam-4.5.3-imageresize.patch, NONE, 1.1 logjam-4.5.3-no_quit_when_docked.patch, NONE, 1.1 logjam-4.5.3-uk.po.patch, NONE, 1.1 logjam.spec, 1.45, 1.46
- Next message (by thread): rpms/kernel/F-8 kernel.spec, 1.481, 1.482 linux-2.6-wireless-fixups.patch, 1.3, 1.4 linux-2.6-wireless-pending.patch, 1.49, 1.50 linux-2.6-wireless.patch, 1.44, 1.45
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list