rpms/policycoreutils/devel .cvsignore, 1.199, 1.200 policycoreutils-rhat.patch, 1.426, 1.427 policycoreutils.spec, 1.618, 1.619 sources, 1.205, 1.206
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Aug 13 15:51:54 UTC 2009
- Previous message (by thread): rpms/virt-manager/devel virt-manager.spec,1.55,1.56
- Next message (by thread): rpms/ruby-icon-artist/F-10 .cvsignore, 1.2, 1.3 ruby-icon-artist.spec, 1.1, 1.2 sources, 1.2, 1.3 ruby-icon-artist-iconname.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27322
Modified Files:
.cvsignore policycoreutils-rhat.patch policycoreutils.spec
sources
Log Message:
* Thu Aug 13 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-1
- Fix chcat to report error on non existing file
- Update to upstream
* Modify setfiles/restorecon checking of exclude paths. Only check
user-supplied exclude paths (not automatically generated ones based on
lack of seclabel support), don't require them to be directories, and
ignore permission denied errors on them (it is ok to exclude a path to
which the caller lacks permission).
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.199
retrieving revision 1.200
diff -u -p -r1.199 -r1.200
--- .cvsignore 9 Aug 2009 13:35:33 -0000 1.199
+++ .cvsignore 13 Aug 2009 15:51:51 -0000 1.200
@@ -204,3 +204,4 @@ policycoreutils-2.0.67.tgz
policycoreutils-2.0.68.tgz
policycoreutils-2.0.70.tgz
policycoreutils_man_ru2.tar.bz2
+policycoreutils-2.0.71.tgz
policycoreutils-rhat.patch:
Makefile | 2
restorecond/Makefile | 20 +
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.c | 397 +++-------------------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 19 +
restorecond/restorecond_user.conf | 2
restorecond/user.c | 220 +++++++++++++++
restorecond/walk.c | 30 ++
restorecond/watch.c | 346 ++++++++++++++++++++++++
scripts/Makefile | 3
scripts/chcat | 2
scripts/sandbox | 139 +++++++++
scripts/sandbox.8 | 22 +
scripts/sandbox.py | 67 ++++
semanage/semanage | 49 +++
semanage/semanage.8 | 2
semanage/seobject.py | 109 +++++++
19 files changed, 1074 insertions(+), 370 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.426
retrieving revision 1.427
diff -u -p -r1.426 -r1.427
--- policycoreutils-rhat.patch 10 Aug 2009 15:26:43 -0000 1.426
+++ policycoreutils-rhat.patch 13 Aug 2009 15:51:52 -0000 1.427
@@ -1,15 +1,15 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.70/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.70/Makefile 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/Makefile 2009-08-13 11:48:14.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.70/restorecond/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.70/restorecond/Makefile 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-13 11:48:14.000000000 -0400
@@ -2,16 +2,23 @@
PREFIX ?= ${DESTDIR}/usr
SBINDIR ?= $(PREFIX)/sbin
@@ -51,16 +51,16 @@ diff --exclude-from=exclude --exclude=se
relabel: install
/sbin/restorecon $(SBINDIR)/restorecond
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.70/restorecond/org.selinux.Restorecond.service
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.70/restorecond/org.selinux.Restorecond.service 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-13 11:48:14.000000000 -0400
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.70/restorecond/restorecond.c
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.70/restorecond/restorecond.c 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-13 11:48:14.000000000 -0400
@@ -48,294 +48,37 @@
#include <signal.h>
#include <string.h>
@@ -173,7 +173,7 @@ diff --exclude-from=exclude --exclude=se
- }
- firstDir = NULL;
-}
-
+-
-/*
- Set the file context to the default file context for this system.
- Same as restorecon.
@@ -288,14 +288,11 @@ diff --exclude-from=exclude --exclude=se
- Files specified one per line. Files with "~" will be expanded to the logged in users
- homedirs.
-*/
-+static char *server_watch_file = "/etc/selinux/restorecond.conf";
-+static char *user_watch_file = "/etc/selinux/restorecond_user.conf";
-+static char *watch_file;
-
+-
-static void read_config(int fd)
-{
- char *watch_file_path = "/etc/selinux/restorecond.conf";
--
+
- FILE *cfg = NULL;
- if (debug_mode)
- printf("Read Config\n");
@@ -314,7 +311,9 @@ diff --exclude-from=exclude --exclude=se
- if (master_wd == -1)
- exitApp("Error watching config file.");
-}
-+#include <selinux/selinux.h>
++static char *server_watch_file = "/etc/selinux/restorecond.conf";
++static char *user_watch_file = "/etc/selinux/restorecond_user.conf";
++static char *watch_file;
-/*
- Inotify watch loop
@@ -349,21 +348,22 @@ diff --exclude-from=exclude --exclude=se
- if (event->len)
- watch_list_find(event->wd, event->name);
- break;
--
++#include <selinux/selinux.h>
+
- case 1: /* utmp has changed need to reload */
- read_config(fd);
- break;
--
-- default: /* No users logged in or out */
-- break;
-- }
-- }
+int debug_mode = 0;
+int verbose_mode = 0;
+int terminate = 0;
+int master_wd = -1;
+int run_as_user = 0;
+- default: /* No users logged in or out */
+- break;
+- }
+- }
+-
- i += EVENT_SIZE + event->len;
- }
- return 0;
@@ -485,7 +485,7 @@ diff --exclude-from=exclude --exclude=se
case 'v':
verbose_mode = 1;
break;
-@@ -483,22 +168,40 @@
+@@ -483,20 +168,36 @@
usage(argv[0]);
}
}
@@ -525,13 +525,9 @@ diff --exclude-from=exclude --exclude=se
if (pidfile)
unlink(pidfile);
- return 0;
- }
-+
-+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.70/restorecond/restorecond.conf
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-05-18 13:53:14.000000000 -0400
-+++ policycoreutils-2.0.70/restorecond/restorecond.conf 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-13 11:48:14.000000000 -0400
@@ -4,8 +4,5 @@
/etc/mtab
/var/run/utmp
@@ -542,9 +538,9 @@ diff --exclude-from=exclude --exclude=se
/root/.ssh/*
-
-
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.70/restorecond/restorecond.desktop
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.70/restorecond/restorecond.desktop 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-13 11:48:14.000000000 -0400
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=File Context maintainer
@@ -553,9 +549,9 @@ diff --exclude-from=exclude --exclude=se
+Encoding=UTF-8
+Type=Application
+StartupNotify=false
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.70/restorecond/restorecond.h
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.70/restorecond/restorecond.h 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-13 11:48:14.000000000 -0400
@@ -24,7 +24,22 @@
#ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H
@@ -581,15 +577,15 @@ diff --exclude-from=exclude --exclude=se
+extern void watch_list_free(int fd);
#endif
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.70/restorecond/restorecond_user.conf
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.70/restorecond/restorecond_user.conf 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-13 11:48:14.000000000 -0400
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.70/restorecond/user.c
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.70/restorecond/user.c 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/user.c 2009-08-13 11:48:14.000000000 -0400
@@ -0,0 +1,220 @@
+/*
+ * restorecond
@@ -811,9 +807,9 @@ diff --exclude-from=exclude --exclude=se
+ return 0;
+}
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/walk.c policycoreutils-2.0.70/restorecond/walk.c
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/walk.c policycoreutils-2.0.71/restorecond/walk.c
--- nsapolicycoreutils/restorecond/walk.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.70/restorecond/walk.c 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/walk.c 2009-08-13 11:48:14.000000000 -0400
@@ -0,0 +1,30 @@
+#define _XOPEN_SOURCE 500
+#include <ftw.h>
@@ -845,9 +841,9 @@ diff --exclude-from=exclude --exclude=se
+ printf("Total Dirs %d\n",ctr);
+ exit(EXIT_SUCCESS);
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.70/restorecond/watch.c
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.70/restorecond/watch.c 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-13 11:48:14.000000000 -0400
@@ -0,0 +1,346 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@@ -1195,9 +1191,21 @@ diff --exclude-from=exclude --exclude=se
+ exitApp("Error watching config file.");
+}
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.70/scripts/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat
+--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
++++ policycoreutils-2.0.71/scripts/chcat 2009-08-13 11:48:14.000000000 -0400
+@@ -435,6 +435,8 @@
+ continue
+ except ValueError, e:
+ error(e)
++ except OSError, e:
++ error(e)
+
+ sys.exit(errors)
+
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.70/scripts/Makefile 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/scripts/Makefile 2009-08-13 11:48:14.000000000 -0400
@@ -5,11 +5,12 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@@ -1212,9 +1220,9 @@ diff --exclude-from=exclude --exclude=se
install -m 755 fixfiles $(DESTDIR)/sbin
install -m 755 genhomedircon $(SBINDIR)
-mkdir -p $(MANDIR)/man8
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.70/scripts/sandbox
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.71/scripts/sandbox
--- nsapolicycoreutils/scripts/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.70/scripts/sandbox 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/scripts/sandbox 2009-08-13 11:48:14.000000000 -0400
@@ -0,0 +1,139 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl
@@ -1355,9 +1363,9 @@ diff --exclude-from=exclude --exclude=se
+ error_exit(error.args[1])
+
+ sys.exit(rc)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.70/scripts/sandbox.8
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.71/scripts/sandbox.8
--- nsapolicycoreutils/scripts/sandbox.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.70/scripts/sandbox.8 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/scripts/sandbox.8 2009-08-13 11:48:14.000000000 -0400
@@ -0,0 +1,22 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
@@ -1381,9 +1389,9 @@ diff --exclude-from=exclude --exclude=se
+.TP
+runcon(1)
+.PP
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.py policycoreutils-2.0.70/scripts/sandbox.py
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.py policycoreutils-2.0.71/scripts/sandbox.py
--- nsapolicycoreutils/scripts/sandbox.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.70/scripts/sandbox.py 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/scripts/sandbox.py 2009-08-13 11:48:14.000000000 -0400
@@ -0,0 +1,67 @@
+#!/usr/bin/python
+import os, sys, getopt, socket, random, fcntl
@@ -1452,9 +1460,9 @@ diff --exclude-from=exclude --exclude=se
+ mount(mount_src, filecon)
+ umount(filecon)
+os.execvp(cmds[0], cmds)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.70/semanage/semanage
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-05-18 13:53:14.000000000 -0400
-+++ policycoreutils-2.0.70/semanage/semanage 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/semanage/semanage 2009-08-13 11:48:14.000000000 -0400
@@ -44,16 +44,17 @@
text = _("""
semanage [ -S store ] -i [ input_file | - ]
@@ -1508,17 +1516,16 @@ diff --exclude-from=exclude --exclude=se
valid_option["permissive"] = []
valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
return valid_option
-@@ -192,7 +198,10 @@
+@@ -192,6 +198,9 @@
locallist = False
use_file = False
store = ""
+ equal=""
-
++
+ dontaudit = ""
-+
+
object = argv[0]
option_dict=get_options()
- if object not in option_dict.keys():
@@ -201,10 +210,12 @@
args = argv[1:]
@@ -1533,23 +1540,13 @@ diff --exclude-from=exclude --exclude=se
'ftype=',
'file',
'help',
-@@ -241,16 +252,24 @@
- if modify or add:
- raise ValueError(_("%s bad option") % o)
- delete = True
-+
- if o == "-D" or o == "--deleteall":
- if modify:
- raise ValueError(_("%s bad option") % o)
- deleteall = True
-+
+@@ -248,9 +261,15 @@
if o == "-f" or o == "--ftype":
-- ftype=a
-+ ftype = a
-+
+ ftype=a
+
+ if o == "-e" or o == "--equal":
+ equal = a
-
++
if o == "-F" or o == "--file":
use_file = True
@@ -1559,16 +1556,16 @@ diff --exclude-from=exclude --exclude=se
if o == "-h" or o == "--help":
raise ValueError(_("%s bad option") % o)
-@@ -323,6 +342,9 @@
-
+@@ -324,6 +343,9 @@
if object == "boolean":
OBJECT = seobject.booleanRecords(store)
-+
+
+ if object == "module":
+ OBJECT = seobject.moduleRecords(store)
-
++
if object == "translation":
OBJECT = seobject.setransRecords()
+
@@ -341,6 +363,13 @@
OBJECT.deleteall()
return
@@ -1594,9 +1591,8 @@ diff --exclude-from=exclude --exclude=se
OBJECT.add(target, mask, proto, serange, setype)
if object == "fcontext":
-- OBJECT.add(target, setype, ftype, serange, seuser)
+ if equal == "":
-+ OBJECT.add(target, setype, ftype, serange, seuser)
+ OBJECT.add(target, setype, ftype, serange, seuser)
+ else:
+ OBJECT.add_equal(target, equal)
if object == "permissive":
@@ -1616,26 +1612,16 @@ diff --exclude-from=exclude --exclude=se
OBJECT.modify(target, mask, proto, serange, setype)
if object == "fcontext":
-- OBJECT.modify(target, setype, ftype, serange, seuser)
+ if equal == "":
-+ OBJECT.modify(target, setype, ftype, serange, seuser)
+ OBJECT.modify(target, setype, ftype, serange, seuser)
+ else:
+ OBJECT.modify_equal(target, equal)
return
-@@ -405,7 +446,7 @@
- OBJECT.delete(target, proto)
-
- elif object == "fcontext":
-- OBJECT.delete(target, ftype)
-+ OBJECT.delete(target, ftype)
-
- elif object == "node":
- OBJECT.delete(target, mask, proto)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.70/semanage/semanage.8
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.71/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.70/semanage/semanage.8 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/semanage/semanage.8 2009-08-13 11:48:14.000000000 -0400
@@ -21,6 +21,8 @@
.br
.B semanage permissive \-{a|d} type
@@ -1645,9 +1631,9 @@ diff --exclude-from=exclude --exclude=se
.B semanage translation \-{a|d|m} [\-T] level
.P
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.70/semanage/seobject.py
+diff -b -B --ignore-all-space --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-05-18 13:53:14.000000000 -0400
-+++ policycoreutils-2.0.70/semanage/seobject.py 2009-08-05 15:24:16.000000000 -0400
++++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-13 11:48:14.000000000 -0400
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
@@ -1655,93 +1641,15 @@ diff --exclude-from=exclude --exclude=se
# see file 'COPYING' for use and warranty information
#
# semanage is a tool for managing SELinux configuration files
-@@ -21,16 +21,16 @@
+@@ -21,7 +21,7 @@
#
#
-import pwd, grp, string, selinux, tempfile, os, re, sys
+import pwd, grp, string, selinux, tempfile, os, re, sys, stat
from semanage import *;
--PROGNAME="policycoreutils"
-+PROGNAME = "policycoreutils"
+ PROGNAME="policycoreutils"
import sepolgen.module as module
-
- import gettext
- gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
- gettext.textdomain(PROGNAME)
- try:
-- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1)
-+ gettext.install(PROGNAME, localedir = "/usr/share/locale", unicode = 1)
- except IOError:
- import __builtin__
- __builtin__.__dict__['_'] = unicode
-@@ -96,7 +96,7 @@
- self.audit_fd = audit.audit_open()
-
- def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
-- audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],str(msg), name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success);
-+ audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0], str(msg), name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success);
- except:
- class logger:
- def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
-@@ -104,7 +104,7 @@
- message = "Successful: "
- else:
- message = "Failed: "
-- message += " %s name=%s" % (msg,name)
-+ message += " %s name=%s" % (msg, name)
- if sename != "":
- message += " sename=" + sename
- if old_sename != "":
-@@ -123,9 +123,9 @@
-
- import xml.etree.ElementTree
-
--booleans_dict={}
-+booleans_dict = {}
- try:
-- tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
-+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
- for l in tree.findall("layer"):
- for m in l.findall("module"):
- for b in m.findall("tunable"):
-@@ -160,12 +160,12 @@
- cat_range = category + "(\." + category +")?"
- categories = cat_range + "(\," + cat_range + ")*"
- reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
-- return re.search("^" + reg +"$",raw)
-+ return re.search("^" + reg +"$", raw)
-
- def translate(raw, prepend = 1):
-- filler="a:b:c:"
-+ filler = "a:b:c:"
- if prepend == 1:
-- context = "%s%s" % (filler,raw)
-+ context = "%s%s" % (filler, raw)
- else:
- context = raw
- (rc, trans) = selinux.selinux_raw_to_trans_context(context)
-@@ -179,9 +179,9 @@
- return trans
-
- def untranslate(trans, prepend = 1):
-- filler="a:b:c:"
-+ filler = "a:b:c:"
- if prepend == 1:
-- context = "%s%s" % (filler,trans)
-+ context = "%s%s" % (filler, trans)
- else:
- context = trans
-
-@@ -234,7 +234,7 @@
- rec += "%s=%s\n" % (k, self.ddict[k])
- return rec
-
-- def list(self,heading = 1, locallist = 0):
-+ def list(self, heading = 1, locallist = 0):
- if heading:
- print "\n%-25s %s\n" % (_("Level"), _("Translation"))
- keys = self.ddict.keys()
@@ -273,6 +273,7 @@
(fd, newfilename) = tempfile.mkstemp('', self.filename)
os.write(fd, self.out())
@@ -1750,15 +1658,6 @@ diff --exclude-from=exclude --exclude=se
os.rename(newfilename, self.filename)
os.system("/sbin/service mcstrans reload > /dev/null")
-@@ -283,7 +284,7 @@
- if handle != None:
- self.sh = handle
- else:
-- self.sh=get_handle(store)
-+ self.sh = get_handle(store)
- self.transaction = False
-
- def deleteall(self):
@@ -314,6 +315,49 @@
self.transaction = False
self.commit()
@@ -1809,254 +1708,6 @@ diff --exclude-from=exclude --exclude=se
class permissiveRecords(semanageRecords):
def __init__(self, store):
semanageRecords.__init__(self, store)
-@@ -331,7 +375,7 @@
- l.append(name.split("permissive_")[1])
- return l
-
-- def list(self,heading = 1, locallist = 0):
-+ def list(self, heading = 1, locallist = 0):
- if heading:
- print "\n%-25s\n" % (_("Permissive Types"))
- for t in self.get_all():
-@@ -353,7 +397,7 @@
-
- permissive %s;
- """ % (name, type, type)
-- fd = open(filename,'w')
-+ fd = open(filename, 'w')
- fd.write(modtxt)
- fd.close()
- mc = module.ModuleCompiler()
-@@ -366,7 +410,7 @@
- if rc >= 0:
- self.commit()
-
-- for root, dirs, files in os.walk("tmp", topdown=False):
-+ for root, dirs, files in os.walk("tmp", topdown = False):
- for name in files:
- os.remove(os.path.join(root, name))
- for name in dirs:
-@@ -405,11 +449,11 @@
- if sename == "":
- sename = "user_u"
-
-- (rc,k) = semanage_seuser_key_create(self.sh, name)
-+ (rc, k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
-- (rc,exists) = semanage_seuser_exists(self.sh, k)
-+ (rc, exists) = semanage_seuser_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if login mapping for %s is defined") % name)
- if exists:
-@@ -425,7 +469,7 @@
- except:
- raise ValueError(_("Linux User %s does not exist") % name)
-
-- (rc,u) = semanage_seuser_create(self.sh)
-+ (rc, u) = semanage_seuser_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create login mapping for %s") % name)
-
-@@ -465,17 +509,17 @@
- if sename == "" and serange == "":
- raise ValueError(_("Requires seuser or serange"))
-
-- (rc,k) = semanage_seuser_key_create(self.sh, name)
-+ (rc, k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
-- (rc,exists) = semanage_seuser_exists(self.sh, k)
-+ (rc, exists) = semanage_seuser_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if login mapping for %s is defined") % name)
- if not exists:
- raise ValueError(_("Login mapping for %s is not defined") % name)
-
-- (rc,u) = semanage_seuser_query(self.sh, k)
-+ (rc, u) = semanage_seuser_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query seuser for %s") % name)
-
-@@ -498,7 +542,7 @@
- semanage_seuser_key_free(k)
- semanage_seuser_free(u)
-
-- mylog.log(1,"modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange);
-+ mylog.log(1, "modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange);
-
- def modify(self, name, sename = "", serange = ""):
- try:
-@@ -507,21 +551,21 @@
- self.commit()
-
- except ValueError, error:
-- mylog.log(0,"modify selinux user mapping", name, sename,"", serange, "", "", "");
-+ mylog.log(0, "modify selinux user mapping", name, sename, "", serange, "", "", "");
- raise error
-
- def __delete(self, name):
-- (rc,k) = semanage_seuser_key_create(self.sh, name)
-+ (rc, k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
-- (rc,exists) = semanage_seuser_exists(self.sh, k)
-+ (rc, exists) = semanage_seuser_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if login mapping for %s is defined") % name)
- if not exists:
- raise ValueError(_("Login mapping for %s is not defined") % name)
-
-- (rc,exists) = semanage_seuser_exists_local(self.sh, k)
-+ (rc, exists) = semanage_seuser_exists_local(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if login mapping for %s is defined") % name)
- if not exists:
-@@ -540,10 +584,10 @@
- self.commit()
-
- except ValueError, error:
-- mylog.log(0,"delete SELinux user mapping", name);
-+ mylog.log(0, "delete SELinux user mapping", name);
- raise error
-
-- mylog.log(1,"delete SELinux user mapping", name);
-+ mylog.log(1, "delete SELinux user mapping", name);
-
- def get_all(self, locallist = 0):
- ddict = {}
-@@ -593,17 +637,17 @@
- if len(roles) < 1:
- raise ValueError(_("You must add at least one role for %s") % name)
-
-- (rc,k) = semanage_user_key_create(self.sh, name)
-+ (rc, k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
-- (rc,exists) = semanage_user_exists(self.sh, k)
-+ (rc, exists) = semanage_user_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if SELinux user %s is defined") % name)
- if exists:
- raise ValueError(_("SELinux user %s is already defined") % name)
-
-- (rc,u) = semanage_user_create(self.sh)
-+ (rc, u) = semanage_user_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create SELinux user for %s") % name)
-
-@@ -627,7 +671,7 @@
- rc = semanage_user_set_prefix(self.sh, u, prefix)
- if rc < 0:
- raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
-- (rc,key) = semanage_user_key_extract(self.sh,u)
-+ (rc, key) = semanage_user_key_extract(self.sh,u)
- if rc < 0:
- raise ValueError(_("Could not extract key for %s") % name)
-
-@@ -660,17 +704,17 @@
- else:
- raise ValueError(_("Requires prefix or roles"))
-
-- (rc,k) = semanage_user_key_create(self.sh, name)
-+ (rc, k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
-- (rc,exists) = semanage_user_exists(self.sh, k)
-+ (rc, exists) = semanage_user_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if SELinux user %s is defined") % name)
- if not exists:
- raise ValueError(_("SELinux user %s is not defined") % name)
-
-- (rc,u) = semanage_user_query(self.sh, k)
-+ (rc, u) = semanage_user_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query user for %s") % name)
-
-@@ -718,17 +762,17 @@
- raise error
-
- def __delete(self, name):
-- (rc,k) = semanage_user_key_create(self.sh, name)
-+ (rc, k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
-- (rc,exists) = semanage_user_exists(self.sh, k)
-+ (rc, exists) = semanage_user_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if SELinux user %s is defined") % name)
- if not exists:
- raise ValueError(_("SELinux user %s is not defined") % name)
-
-- (rc,exists) = semanage_user_exists_local(self.sh, k)
-+ (rc, exists) = semanage_user_exists_local(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if SELinux user %s is defined") % name)
- if not exists:
-@@ -810,7 +854,7 @@
- low = int(ports[0])
- high = int(ports[1])
-
-- (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
-+ (rc, k) = semanage_port_key_create(self.sh, low, high, proto_d)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
- return ( k, proto_d, low, high )
-@@ -827,13 +871,13 @@
-
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
-
-- (rc,exists) = semanage_port_exists(self.sh, k)
-+ (rc, exists) = semanage_port_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
- if exists:
- raise ValueError(_("Port %s/%s already defined") % (proto, port))
-
-- (rc,p) = semanage_port_create(self.sh)
-+ (rc, p) = semanage_port_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create port for %s/%s") % (proto, port))
-
-@@ -886,13 +930,13 @@
-
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
-
-- (rc,exists) = semanage_port_exists(self.sh, k)
-+ (rc, exists) = semanage_port_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
- if not exists:
- raise ValueError(_("Port %s/%s is not defined") % (proto,port))
-
-- (rc,p) = semanage_port_query(self.sh, k)
-+ (rc, p) = semanage_port_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query port %s/%s") % (proto, port))
-
-@@ -941,13 +985,13 @@
-
- def __delete(self, port, proto):
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
-- (rc,exists) = semanage_port_exists(self.sh, k)
-+ (rc, exists) = semanage_port_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
- if not exists:
- raise ValueError(_("Port %s/%s is not defined") % (proto, port))
-
-- (rc,exists) = semanage_port_exists_local(self.sh, k)
-+ (rc, exists) = semanage_port_exists_local(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
- if not exists:
@@ -983,7 +1027,7 @@
proto_str = semanage_port_get_proto_str(proto)
low = semanage_port_get_low(port)
@@ -2066,132 +1717,6 @@ diff --exclude-from=exclude --exclude=se
return ddict
def get_all_by_type(self, locallist = 0):
-@@ -1053,17 +1097,17 @@
- if ctype == "":
- raise ValueError(_("SELinux Type is required"))
-
-- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto)
-+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
- if rc < 0:
- raise ValueError(_("Could not create key for %s") % addr)
- if rc < 0:
- raise ValueError(_("Could not check if addr %s is defined") % addr)
-
-- (rc,exists) = semanage_node_exists(self.sh, k)
-+ (rc, exists) = semanage_node_exists(self.sh, k)
- if exists:
- raise ValueError(_("Addr %s already defined") % addr)
-
-- (rc,node) = semanage_node_create(self.sh)
-+ (rc, node) = semanage_node_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create addr for %s") % addr)
-
-@@ -1128,17 +1172,17 @@
- if serange == "" and setype == "":
- raise ValueError(_("Requires setype or serange"))
-
-- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto)
-+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
- if rc < 0:
- raise ValueError(_("Could not create key for %s") % addr)
-
-- (rc,exists) = semanage_node_exists(self.sh, k)
-+ (rc, exists) = semanage_node_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if addr %s is defined") % addr)
- if not exists:
- raise ValueError(_("Addr %s is not defined") % addr)
-
-- (rc,node) = semanage_node_query(self.sh, k)
-+ (rc, node) = semanage_node_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query addr %s") % addr)
-
-@@ -1175,17 +1219,17 @@
- else:
- raise ValueError(_("Unknown or missing protocol"))
-
-- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto)
-+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
- if rc < 0:
- raise ValueError(_("Could not create key for %s") % addr)
-
-- (rc,exists) = semanage_node_exists(self.sh, k)
-+ (rc, exists) = semanage_node_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if addr %s is defined") % addr)
- if not exists:
- raise ValueError(_("Addr %s is not defined") % addr)
-
-- (rc,exists) = semanage_node_exists_local(self.sh, k)
-+ (rc, exists) = semanage_node_exists_local(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if addr %s is defined") % addr)
- if not exists:
-@@ -1255,17 +1299,17 @@
- if ctype == "":
- raise ValueError(_("SELinux Type is required"))
-
-- (rc,k) = semanage_iface_key_create(self.sh, interface)
-+ (rc, k) = semanage_iface_key_create(self.sh, interface)
- if rc < 0:
- raise ValueError(_("Could not create key for %s") % interface)
-
-- (rc,exists) = semanage_iface_exists(self.sh, k)
-+ (rc, exists) = semanage_iface_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if interface %s is defined") % interface)
- if exists:
- raise ValueError(_("Interface %s already defined") % interface)
-
-- (rc,iface) = semanage_iface_create(self.sh)
-+ (rc, iface) = semanage_iface_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create interface for %s") % interface)
-
-@@ -1316,17 +1360,17 @@
- if serange == "" and setype == "":
- raise ValueError(_("Requires setype or serange"))
-
-- (rc,k) = semanage_iface_key_create(self.sh, interface)
-+ (rc, k) = semanage_iface_key_create(self.sh, interface)
- if rc < 0:
- raise ValueError(_("Could not create key for %s") % interface)
-
-- (rc,exists) = semanage_iface_exists(self.sh, k)
-+ (rc, exists) = semanage_iface_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if interface %s is defined") % interface)
- if not exists:
- raise ValueError(_("Interface %s is not defined") % interface)
-
-- (rc,iface) = semanage_iface_query(self.sh, k)
-+ (rc, iface) = semanage_iface_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query interface %s") % interface)
-
-@@ -1350,17 +1394,17 @@
- self.commit()
-
- def __delete(self, interface):
-- (rc,k) = semanage_iface_key_create(self.sh, interface)
-+ (rc, k) = semanage_iface_key_create(self.sh, interface)
- if rc < 0:
- raise ValueError(_("Could not create key for %s") % interface)
-
-- (rc,exists) = semanage_iface_exists(self.sh, k)
-+ (rc, exists) = semanage_iface_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if interface %s is defined") % interface)
- if not exists:
- raise ValueError(_("Interface %s is not defined") % interface)
-
-- (rc,exists) = semanage_iface_exists_local(self.sh, k)
-+ (rc, exists) = semanage_iface_exists_local(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if interface %s is defined") % interface)
- if not exists:
@@ -1408,6 +1452,48 @@
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
@@ -2241,101 +1766,23 @@ diff --exclude-from=exclude --exclude=se
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
-@@ -1444,23 +1530,23 @@
- if type == "":
- raise ValueError(_("SELinux Type is required"))
-
-- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
-+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
- if rc < 0:
- raise ValueError(_("Could not create key for %s") % target)
-
-- (rc,exists) = semanage_fcontext_exists(self.sh, k)
-+ (rc, exists) = semanage_fcontext_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if file context for %s is defined") % target)
-
- if not exists:
-- (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
-+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if file context for %s is defined") % target)
-
- if exists:
- raise ValueError(_("File context for %s already defined") % target)
-
-- (rc,fcontext) = semanage_fcontext_create(self.sh)
-+ (rc, fcontext) = semanage_fcontext_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create file context for %s") % target)
-
-@@ -1501,21 +1587,21 @@
- raise ValueError(_("Requires setype, serange or seuser"))
- self.validate(target)
-
-- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
-+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % target)
-
-- (rc,exists) = semanage_fcontext_exists(self.sh, k)
-+ (rc, exists) = semanage_fcontext_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if file context for %s is defined") % target)
- if not exists:
-- (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
-+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
- if not exists:
- raise ValueError(_("File context for %s is not defined") % target)
-
-- (rc,fcontext) = semanage_fcontext_query_local(self.sh, k)
-+ (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
- if rc < 0:
-- (rc,fcontext) = semanage_fcontext_query(self.sh, k)
-+ (rc, fcontext) = semanage_fcontext_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query file context for %s") % target)
-
-@@ -1565,7 +1651,7 @@
- target = semanage_fcontext_get_expr(fcontext)
- ftype = semanage_fcontext_get_type(fcontext)
- ftype_str = semanage_fcontext_get_type_str(ftype)
-- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str])
-+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str])
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % target)
-
-@@ -1573,19 +1659,26 @@
- if rc < 0:
+@@ -1574,9 +1660,16 @@
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
--
-+
+
+ self.equiv = {}
+ self.equal_ind = True
self.commit()
def __delete(self, target, ftype):
-- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ if target in self.equiv.keys():
+ self.equiv.pop(target)
+ self.equal_ind = True
+ return
+
-+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
-
-- (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
-+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if file context for %s is defined") % target)
- if not exists:
-- (rc,exists) = semanage_fcontext_exists(self.sh, k)
-+ (rc, exists) = semanage_fcontext_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if file context for %s is defined") % target)
- if exists:
@@ -1632,11 +1725,11 @@
return ddict
@@ -2350,7 +1797,7 @@ diff --exclude-from=exclude --exclude=se
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
-@@ -1645,11 +1738,17 @@
+@@ -1645,6 +1738,12 @@
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
else:
print "%-50s %-18s <<None>>" % (k[0], k[1])
@@ -2363,108 +1810,3 @@ diff --exclude-from=exclude --exclude=se
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
- semanageRecords.__init__(self, store)
-- self.dict={}
-+ self.dict = {}
- self.dict["TRUE"] = 1
- self.dict["FALSE"] = 0
- self.dict["ON"] = 1
-@@ -1658,16 +1757,16 @@
- self.dict["0"] = 0
-
- def __mod(self, name, value):
-- (rc,k) = semanage_bool_key_create(self.sh, name)
-+ (rc, k) = semanage_bool_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-- (rc,exists) = semanage_bool_exists(self.sh, k)
-+ (rc, exists) = semanage_bool_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if boolean %s is defined") % name)
- if not exists:
- raise ValueError(_("Boolean %s is not defined") % name)
-
-- (rc,b) = semanage_bool_query(self.sh, k)
-+ (rc, b) = semanage_bool_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query file context %s") % name)
-
-@@ -1685,7 +1784,7 @@
- semanage_bool_key_free(k)
- semanage_bool_free(b)
-
-- def modify(self, name, value=None, use_file=False):
-+ def modify(self, name, value = None, use_file = False):
-
- self.begin()
-
-@@ -1709,16 +1808,16 @@
-
- def __delete(self, name):
-
-- (rc,k) = semanage_bool_key_create(self.sh, name)
-+ (rc, k) = semanage_bool_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-- (rc,exists) = semanage_bool_exists(self.sh, k)
-+ (rc, exists) = semanage_bool_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if boolean %s is defined") % name)
- if not exists:
- raise ValueError(_("Boolean %s is not defined") % name)
-
-- (rc,exists) = semanage_bool_exists_local(self.sh, k)
-+ (rc, exists) = semanage_bool_exists_local(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if boolean %s is defined") % name)
- if not exists:
-@@ -1777,7 +1876,7 @@
- return _("unknown")
-
- def list(self, heading = True, locallist = False, use_file = False):
-- on_off = (_("off"),_("on"))
-+ on_off = (_("off"), _("on"))
- if use_file:
- ddict = self.get_all(locallist)
- keys = ddict.keys()
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.70/setfiles/setfiles.c
---- nsapolicycoreutils/setfiles/setfiles.c 2009-08-05 15:10:56.000000000 -0400
-+++ policycoreutils-2.0.70/setfiles/setfiles.c 2009-08-10 11:06:54.000000000 -0400
-@@ -234,7 +234,7 @@
- fl_head = NULL;
- }
-
--static int add_exclude(const char *directory)
-+static int add_exclude(const char *directory, int warn)
- {
- struct stat sb;
- size_t len = 0;
-@@ -244,8 +244,8 @@
- return 1;
- }
- if (lstat(directory, &sb)) {
-- fprintf(stderr, "Can't stat directory \"%s\", %s.\n",
-- directory, strerror(errno));
-+ if (warn) fprintf(stderr, "Can't stat directory \"%s\", %s.\n",
-+ directory, strerror(errno));
- return 0;
- }
- if ((sb.st_mode & S_IFDIR) == 0) {
-@@ -727,7 +727,7 @@
-
- /* exclude mount points without the seclabel option */
- if (!found)
-- add_exclude(mount_info[1]);
-+ add_exclude(mount_info[1], 0);
- }
-
- free(buf);
-@@ -840,7 +840,7 @@
- }
- case 'e':
- remove_exclude(optarg);
-- if (add_exclude(optarg))
-+ if (add_exclude(optarg, 1))
- exit(1);
- break;
- case 'f':
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.618
retrieving revision 1.619
diff -u -p -r1.618 -r1.619
--- policycoreutils.spec 10 Aug 2009 15:26:45 -0000 1.618
+++ policycoreutils.spec 13 Aug 2009 15:51:54 -0000 1.619
@@ -5,8 +5,8 @@
%define sepolgenver 1.0.16
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.0.70
-Release: 2%{?dist}
+Version: 2.0.71
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -266,6 +266,15 @@ else
fi
%changelog
+* Thu Aug 13 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-1
+- Fix chcat to report error on non existing file
+- Update to upstream
+ * Modify setfiles/restorecon checking of exclude paths. Only check
+ user-supplied exclude paths (not automatically generated ones based on
+ lack of seclabel support), don't require them to be directories, and
+ ignore permission denied errors on them (it is ok to exclude a path to
+ which the caller lacks permission).
+
* Mon Aug 10 2009 Dan Walsh <dwalsh at redhat.com> 2.0.70-2
- Don't warn if the user did not specify the exclude if root can not stat file system
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/sources,v
retrieving revision 1.205
retrieving revision 1.206
diff -u -p -r1.205 -r1.206
--- sources 9 Aug 2009 13:35:33 -0000 1.205
+++ sources 13 Aug 2009 15:51:54 -0000 1.206
@@ -1,3 +1,2 @@
e1b5416c3e0d76e5d702b3f54f4def45 sepolgen-1.0.16.tgz
-8c4c0c43a9b6c3865e2a8b8bdd222f90 policycoreutils-2.0.70.tgz
-4c24e437f254291bc6d1378ee5a5712c policycoreutils_man_ru2.tar.bz2
+00fd9d86bd6a8066da710d6fda910b01 policycoreutils-2.0.71.tgz
- Previous message (by thread): rpms/virt-manager/devel virt-manager.spec,1.55,1.56
- Next message (by thread): rpms/ruby-icon-artist/F-10 .cvsignore, 1.2, 1.3 ruby-icon-artist.spec, 1.1, 1.2 sources, 1.2, 1.3 ruby-icon-artist-iconname.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list