rpms/policycoreutils/F-12 policycoreutils-rhat.patch, 1.450, 1.451 policycoreutils.spec, 1.653, 1.654
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Nov 2 16:40:36 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5090
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Fri Oct 30 2009 Dan Walsh <dwalsh at redhat.com> 2.0.74-15
- Fix typo in seobject.py
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 14
load_policy/Makefile | 5
restorecond/Makefile | 24 -
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.8 | 15
restorecond/restorecond.c | 426 +++---------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 18
restorecond/restorecond.init | 5
restorecond/restorecond_user.conf | 2
restorecond/user.c | 237 ++++++++++
restorecond/watch.c | 253 ++++++++++
sandbox/Makefile | 31 +
sandbox/deliverables/README | 32 +
sandbox/deliverables/basicwrapper | 4
sandbox/deliverables/run-in-sandbox.py | 49 ++
sandbox/deliverables/sandbox | 216 +++++++++
sandbox/sandbox | 242 ++++++++++
sandbox/sandbox.8 | 26 +
sandbox/sandboxX.sh | 16
sandbox/seunshare.c | 265 +++++++++++
scripts/Makefile | 2
scripts/chcat | 2
scripts/fixfiles | 28 -
scripts/fixfiles.8 | 17
semanage/semanage | 136 ++++-
semanage/seobject.py | 470 +++++++++++++-------
semodule/semodule.8 | 6
semodule/semodule.c | 53 +-
setfiles/Makefile | 2
setfiles/restore.c | 519 ++++++++++++++++++++++
setfiles/restore.h | 49 ++
setfiles/restorecon.8 | 7
setfiles/setfiles.8 | 3
setfiles/setfiles.c | 647 +++-------------------------
37 files changed, 2667 insertions(+), 1171 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils-rhat.patch,v
retrieving revision 1.450
retrieving revision 1.451
diff -u -p -r1.450 -r1.451
--- policycoreutils-rhat.patch 16 Oct 2009 13:38:03 -0000 1.450
+++ policycoreutils-rhat.patch 2 Nov 2009 16:40:35 -0000 1.451
@@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.74/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.74/audit2allow/audit2allow 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/audit2allow/audit2allow 2009-10-15 10:37:41.000000000 -0400
@@ -42,6 +42,8 @@
from optparse import OptionParser
@@ -40,7 +40,7 @@ diff --exclude-from=exclude --exclude=se
f = sys.stdin
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/Makefile policycoreutils-2.0.74/load_policy/Makefile
--- nsapolicycoreutils/load_policy/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.74/load_policy/Makefile 2009-09-25 15:28:19.000000000 -0400
++++ policycoreutils-2.0.74/load_policy/Makefile 2009-10-15 10:37:41.000000000 -0400
@@ -1,6 +1,7 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
@@ -61,7 +61,7 @@ diff --exclude-from=exclude --exclude=se
-rm -f $(TARGETS) *.o
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.74/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.74/Makefile 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/Makefile 2009-10-15 10:37:41.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@@ -70,7 +70,7 @@ diff --exclude-from=exclude --exclude=se
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.74/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/Makefile 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/restorecond/Makefile 2009-10-15 10:37:41.000000000 -0400
@@ -1,17 +1,28 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
@@ -119,16 +119,65 @@ diff --exclude-from=exclude --exclude=se
/sbin/restorecon $(SBINDIR)/restorecond
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.74/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/org.selinux.Restorecond.service 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/restorecond/org.selinux.Restorecond.service 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
-Binary files nsapolicycoreutils/restorecond/restorecond and policycoreutils-2.0.74/restorecond/restorecond differ
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.74/restorecond/restorecond.8
+--- nsapolicycoreutils/restorecond/restorecond.8 2009-08-20 15:49:21.000000000 -0400
++++ policycoreutils-2.0.74/restorecond/restorecond.8 2009-10-20 09:32:14.000000000 -0400
+@@ -3,7 +3,7 @@
+ restorecond \- daemon that watches for file creation and then sets the default SELinux file context
+
+ .SH "SYNOPSIS"
+-.B restorecond [\-d]
++.B restorecond [\-d] [\-f restorecond_file ] [\-u] [\-v]
+ .P
+
+ .SH "DESCRIPTION"
+@@ -19,13 +19,22 @@
+ .B \-d
+ Turns on debugging mode. Application will stay in the foreground and lots of
+ debugs messages start printing.
++.TP
++.B \-f restorecond_file
++Use alternative restorecond.conf file.
++.TP
++.B \-u
++Turns on user mode. Runs restorecond in the user session and reads /etc/selinux/restorecond_user.conf. Uses dbus to make sure only one restorecond is running per user session.
++.TP
++.B \-v
++Turns on verbose debugging. (Report missing files)
+
+ .SH "AUTHOR"
+-This man page was written by Dan Walsh <dwalsh at redhat.com>.
+-The program was written by Dan Walsh <dwalsh at redhat.com>.
++This man page and program was written by Dan Walsh <dwalsh at redhat.com>.
+
+ .SH "FILES"
+ /etc/selinux/restorecond.conf
++/etc/selinux/restorecond_user.conf
+
+ .SH "SEE ALSO"
+ .BR restorecon (8),
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.74/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/restorecond.c 2009-09-24 22:59:01.000000000 -0400
-@@ -48,294 +48,38 @@
++++ policycoreutils-2.0.74/restorecond/restorecond.c 2009-10-20 09:29:06.000000000 -0400
+@@ -30,9 +30,11 @@
+ * and makes sure that there security context matches the systems defaults
+ *
+ * USAGE:
+- * restorecond [-d] [-v]
++ * restorecond [-d] [-u] [-v] [-f restorecond_file ]
+ *
+ * -d Run in debug mode
++ * -f Use alternative restorecond_file
++ * -u Run in user mode
+ * -v Run in verbose mode (Report missing files)
+ *
+ * EXAMPLE USAGE:
+@@ -48,294 +50,38 @@
#include <signal.h>
#include <string.h>
#include <unistd.h>
@@ -289,7 +338,7 @@ diff --exclude-from=exclude --exclude=se
- return;
- }
- retcontext = fgetfilecon_raw(fd, &prev_context);
--
+
- if (retcontext >= 0 || errno == ENODATA) {
- if (retcontext < 0)
- prev_context = NULL;
@@ -356,15 +405,16 @@ diff --exclude-from=exclude --exclude=se
- Files specified one per line. Files with "~" will be expanded to the logged in users
- homedirs.
-*/
-
--static void read_config(int fd)
--{
-- char *watch_file_path = "/etc/selinux/restorecond.conf";
+static char *server_watch_file = "/etc/selinux/restorecond.conf";
+static char *user_watch_file = "/etc/selinux/restorecond_user.conf";
+static char *watch_file;
+static struct restore_opts r_opts;
+-static void read_config(int fd)
+-{
+- char *watch_file_path = "/etc/selinux/restorecond.conf";
++#include <selinux/selinux.h>
+
- FILE *cfg = NULL;
- if (debug_mode)
- printf("Read Config\n");
@@ -383,7 +433,10 @@ diff --exclude-from=exclude --exclude=se
- if (master_wd == -1)
- exitApp("Error watching config file.");
-}
-+#include <selinux/selinux.h>
++int debug_mode = 0;
++int terminate = 0;
++int master_wd = -1;
++int run_as_user = 0;
-/*
- Inotify watch loop
@@ -427,11 +480,7 @@ diff --exclude-from=exclude --exclude=se
- break;
- }
- }
-+int debug_mode = 0;
-+int terminate = 0;
-+int master_wd = -1;
-+int run_as_user = 0;
-
+-
- i += EVENT_SIZE + event->len;
- }
- return 0;
@@ -443,16 +492,16 @@ diff --exclude-from=exclude --exclude=se
}
static const char *pidfile = "/var/run/restorecond.pid";
-@@ -374,7 +118,7 @@
+@@ -374,7 +120,7 @@
static void usage(char *program)
{
- printf("%s [-d] [-v] \n", program);
-+ printf("%s [-d] [-s] [-f restorecond_file ] [-v] \n", program);
++ printf("%s [-d] [-f restorecond_file ] [-u] [-v] \n", program);
exit(0);
}
-@@ -390,74 +134,33 @@
+@@ -390,74 +136,33 @@
to see if it is one that we are watching.
*/
@@ -549,7 +598,7 @@ diff --exclude-from=exclude --exclude=se
/* Register sighandlers */
sa.sa_flags = 0;
-@@ -467,38 +170,59 @@
+@@ -467,38 +172,59 @@
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
@@ -559,7 +608,7 @@ diff --exclude-from=exclude --exclude=se
-
- while ((opt = getopt(argc, argv, "dv")) > 0) {
+ atexit( done );
-+ while ((opt = getopt(argc, argv, "uf:dv")) > 0) {
++ while ((opt = getopt(argc, argv, "df:uv")) > 0) {
switch (opt) {
case 'd':
debug_mode = 1;
@@ -620,7 +669,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.74/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/restorecond.conf 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/restorecond/restorecond.conf 2009-10-15 10:37:41.000000000 -0400
@@ -4,8 +4,5 @@
/etc/mtab
/var/run/utmp
@@ -633,7 +682,7 @@ diff --exclude-from=exclude --exclude=se
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.74/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/restorecond.desktop 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/restorecond/restorecond.desktop 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=File Context maintainer
@@ -644,7 +693,7 @@ diff --exclude-from=exclude --exclude=se
+StartupNotify=false
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.74/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/restorecond.h 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/restorecond/restorecond.h 2009-10-15 10:37:41.000000000 -0400
@@ -24,7 +24,21 @@
#ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H
@@ -671,7 +720,7 @@ diff --exclude-from=exclude --exclude=se
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.74/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/restorecond.init 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/restorecond/restorecond.init 2009-10-15 10:37:41.000000000 -0400
@@ -75,16 +75,15 @@
status restorecond
RETVAL=$?
@@ -691,17 +740,15 @@ diff --exclude-from=exclude --exclude=se
exit $RETVAL
-
-Binary files nsapolicycoreutils/restorecond/restorecond.o and policycoreutils-2.0.74/restorecond/restorecond.o differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.74/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/restorecond_user.conf 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/restorecond/restorecond_user.conf 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
-Binary files nsapolicycoreutils/restorecond/stringslist.o and policycoreutils-2.0.74/restorecond/stringslist.o differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.74/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/user.c 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/restorecond/user.c 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,237 @@
+/*
+ * restorecond
@@ -940,11 +987,9 @@ diff --exclude-from=exclude --exclude=se
+ return 0;
+}
+
-Binary files nsapolicycoreutils/restorecond/user.o and policycoreutils-2.0.74/restorecond/user.o differ
-Binary files nsapolicycoreutils/restorecond/utmpwatcher.o and policycoreutils-2.0.74/restorecond/utmpwatcher.o differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.74/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/watch.c 2009-10-06 12:06:56.000000000 -0400
++++ policycoreutils-2.0.74/restorecond/watch.c 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,253 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@@ -1199,10 +1244,9 @@ diff --exclude-from=exclude --exclude=se
+ exitApp("Error watching config file.");
+}
+
-Binary files nsapolicycoreutils/restorecond/watch.o and policycoreutils-2.0.74/restorecond/watch.o differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.74/sandbox/deliverables/basicwrapper
--- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/deliverables/basicwrapper 2009-08-14 10:53:53.000000000 -0400
++++ policycoreutils-2.0.74/sandbox/deliverables/basicwrapper 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,4 @@
+import os, sys
+SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
@@ -1210,7 +1254,7 @@ diff --exclude-from=exclude --exclude=se
+os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.74/sandbox/deliverables/README
--- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/deliverables/README 2009-08-14 10:56:22.000000000 -0400
++++ policycoreutils-2.0.74/sandbox/deliverables/README 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,32 @@
+Files:
+run-in-sandbox.py:
@@ -1246,7 +1290,7 @@ diff --exclude-from=exclude --exclude=se
+Chris Pardy
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.74/sandbox/deliverables/run-in-sandbox.py
--- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/deliverables/run-in-sandbox.py 2009-08-14 10:25:38.000000000 -0400
++++ policycoreutils-2.0.74/sandbox/deliverables/run-in-sandbox.py 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,49 @@
+import os
+import os.path
@@ -1299,7 +1343,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/sandbox policycoreutils-2.0.74/sandbox/deliverables/sandbox
--- nsapolicycoreutils/sandbox/deliverables/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/deliverables/sandbox 2009-08-14 10:22:47.000000000 -0400
++++ policycoreutils-2.0.74/sandbox/deliverables/sandbox 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,216 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil
@@ -1519,7 +1563,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.74/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/Makefile 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/sandbox/Makefile 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,31 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -1554,7 +1598,7 @@ diff --exclude-from=exclude --exclude=se
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.74/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/sandbox 2009-10-06 11:48:36.000000000 -0400
++++ policycoreutils-2.0.74/sandbox/sandbox 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,242 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil
@@ -1800,7 +1844,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.74/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/sandbox.8 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/sandbox/sandbox.8 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,26 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
@@ -1830,7 +1874,7 @@ diff --exclude-from=exclude --exclude=se
+.PP
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.74/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/sandboxX.sh 2009-09-20 21:51:31.000000000 -0400
++++ policycoreutils-2.0.74/sandbox/sandboxX.sh 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,16 @@
+#!/bin/bash
+export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`"
@@ -1850,7 +1894,7 @@ diff --exclude-from=exclude --exclude=se
+done
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.74/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/seunshare.c 2009-09-20 21:48:31.000000000 -0400
++++ policycoreutils-2.0.74/sandbox/seunshare.c 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,265 @@
+#include <signal.h>
+#include <sys/types.h>
@@ -2119,7 +2163,7 @@ diff --exclude-from=exclude --exclude=se
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.74/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
-+++ policycoreutils-2.0.74/scripts/chcat 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/scripts/chcat 2009-10-15 10:37:41.000000000 -0400
@@ -435,6 +435,8 @@
continue
except ValueError, e:
@@ -2131,18 +2175,121 @@ diff --exclude-from=exclude --exclude=se
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.74/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2009-08-05 15:10:56.000000000 -0400
-+++ policycoreutils-2.0.74/scripts/fixfiles 2009-10-14 08:51:36.000000000 -0400
-@@ -136,6 +136,7 @@
++++ policycoreutils-2.0.74/scripts/fixfiles 2009-10-22 08:49:41.000000000 -0400
+@@ -27,7 +27,6 @@
+ FORCEFLAG=""
+ DIRS=""
+ RPMILES=""
+-OUTFILES=""
+ LOGFILE=`tty`
+ if [ $? != 0 ]; then
+ LOGFILE="/dev/null"
+@@ -122,7 +121,7 @@
+ fi
+ if [ ! -z "$RPMFILES" ]; then
+ for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
+- rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
++ rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
+ done
+ exit $?
+ fi
+@@ -130,14 +129,15 @@
+ if [ -x /usr/bin/find ]; then
+ /usr/bin/find "$FILEPATH" \
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o -print0 | \
+- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
++ ${RESTORECON} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
+ else
+- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
++ ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
fi
return
fi
+[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
LogReadOnly
- ${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+-${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
++${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+ find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
+ find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
+@@ -193,10 +193,15 @@
+ esac
+ }
+ usage() {
+- echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
+- echo or
+- echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
+- echo $"Usage: $0 onboot"
++ echo $"""
++Usage: $0 [-F] [-l logfile ] { check | restore| [-f] relabel | verify } [[dir/file] ... ]
++or
++Usage: $0 [-F] -R rpmpackage[,rpmpackage...] [-l logfile ] { check | restore | verify }
++or
++Usage: $0 [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify }
++or
++Usage: $0 onboot
++"""
+ }
+
+ if [ $# = 0 ]; then
+@@ -205,7 +210,7 @@
+ fi
+
+ # See how we were called.
+-while getopts "C:Ffo:R:l:" i; do
++while getopts "C:FfR:l:" i; do
+ case "$i" in
+ f)
+ fullFlag=1
+@@ -213,9 +218,6 @@
+ R)
+ RPMFILES=$OPTARG
+ ;;
+- o)
+- OUTFILES=$OPTARG
+- ;;
+ l)
+ LOGFILE=$OPTARG
+ ;;
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.74/scripts/fixfiles.8
+--- nsapolicycoreutils/scripts/fixfiles.8 2008-08-28 09:34:24.000000000 -0400
++++ policycoreutils-2.0.74/scripts/fixfiles.8 2009-10-22 08:55:09.000000000 -0400
+@@ -3,11 +3,18 @@
+ fixfiles \- fix file SELinux security contexts.
+
+ .SH "SYNOPSIS"
+-.B fixfiles [-F] [ -R rpmpackagename[,rpmpackagename...] ] [ -C PREVIOUS_FILECONTEXT ] [-l logfile ] [-o outputfile ] { check | restore | [-F] relabel | verify }"
+
+-.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
++.B fixfiles
++.I [-F] [-l logfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
+
+-.B fixfiles onboot
++.B fixfiles
++.I [-F] [ -R rpmpackagename[,rpmpackagename...] ] [-l logfile ] { check | restore | verify }
++
++.B fixfiles
++.I [ -C PREVIOUS_FILECONTEXT ] [-l logfile ] { check | restore | verify }
++
++.B fixfiles
++.I onboot
+
+ .SH "DESCRIPTION"
+ This manual page describes the
+@@ -31,10 +38,6 @@
+ .B -l logfile
+ Save the output to the specified logfile
+ .TP
+-.B -o outputfile
+-Save all files that have file_context that differs from the default, in outputfile.
+-
+-.TP
+ .B -F
+ Force reset of context to match file_context for customizable files
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.74/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.74/scripts/Makefile 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/scripts/Makefile 2009-10-15 10:37:41.000000000 -0400
@@ -5,7 +5,7 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@@ -2154,13 +2301,14 @@ diff --exclude-from=exclude --exclude=se
-mkdir -p $(BINDIR)
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.74/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-09-08 09:03:10.000000000 -0400
-+++ policycoreutils-2.0.74/semanage/semanage 2009-10-01 11:43:48.000000000 -0400
-@@ -39,19 +39,26 @@
++++ policycoreutils-2.0.74/semanage/semanage 2009-10-30 16:31:40.000000000 -0400
+@@ -39,19 +39,27 @@
__builtin__.__dict__['_'] = unicode
if __name__ == '__main__':
+-
+ action = False
-
++ manageditems=[ "boolean", "login", "user", "port", "interface", "node", "fcontext"]
+ def set_action(option):
+ global action
+ if action:
@@ -2170,9 +2318,10 @@ diff --exclude-from=exclude --exclude=se
def usage(message = ""):
text = _("""
semanage [ -S store ] -i [ input_file | - ]
++semanage [ -S store ] -o [ output_file | - ]
-semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
-+semanage {boolean|login|user|port|interface|module|node|fcontext} -{l|D} [-n]
++semanage {boolean|login|user|port|interface|module|node|fcontext} -{l|D|E} [-n]
semanage login -{a|d|m} [-sr] login_name | %groupname
semanage user -{a|d|m} [-LrRP] selinux_name
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
@@ -2184,7 +2333,17 @@ diff --exclude-from=exclude --exclude=se
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a} type
semanage dontaudit [ on | off ]
-@@ -85,14 +92,15 @@
+@@ -62,7 +70,9 @@
+ -d, --delete Delete a OBJECT record NAME
+ -m, --modify Modify a OBJECT record NAME
+ -i, --input Input multiple semange commands in a transaction
++ -o, --output Output current customizations as semange commands
+ -l, --list List the OBJECTS
++ -E, --extract extract customizable commands
+ -C, --locallist List OBJECTS local customizations
+ -D, --deleteall Remove all OBJECTS local customizations
+
+@@ -85,14 +95,15 @@
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask Netmask
@@ -2202,7 +2361,16 @@ diff --exclude-from=exclude --exclude=se
""")
raise ValueError("%s\n%s" % (text, message))
-@@ -115,11 +123,11 @@
+@@ -104,7 +115,7 @@
+
+ def get_options():
+ valid_option={}
+- valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
++ valid_everyone=[ '-a', '--add', '-d', '--delete', '-E', '--extract', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
+ valid_option["login"] = []
+ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
+ valid_option["user"] = []
+@@ -115,11 +126,11 @@
valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
valid_option["node"] = []
valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
@@ -2217,7 +2385,16 @@ diff --exclude-from=exclude --exclude=se
valid_option["boolean"] = []
valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
valid_option["permissive"] = []
-@@ -180,7 +188,6 @@
+@@ -173,6 +184,8 @@
+ return ret
+
+ def process_args(argv):
++ global action
++ action = False
+ serange = ""
+ port = ""
+ proto = ""
+@@ -180,7 +193,6 @@
selevel = ""
setype = ""
ftype = ""
@@ -2225,11 +2402,12 @@ diff --exclude-from=exclude --exclude=se
roles = ""
seuser = ""
prefix = "user"
-@@ -190,10 +197,13 @@
+@@ -190,10 +202,14 @@
modify = False
delete = False
deleteall = False
+ enable = False
++ extract = False
+ disable = False
list = False
locallist = False
@@ -2239,22 +2417,23 @@ diff --exclude-from=exclude --exclude=se
object = argv[0]
option_dict=get_options()
-@@ -203,10 +213,13 @@
+@@ -203,10 +219,14 @@
args = argv[1:]
gopts, cmds = getopt.getopt(args,
- '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
-+ '01ade:f:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
++ '01adEe:f:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
['add',
'delete',
'deleteall',
+ 'equal=',
+ 'enable',
++ 'extract',
+ 'disable',
'ftype=',
'file',
'help',
-@@ -225,7 +238,6 @@
+@@ -225,7 +245,6 @@
'level=',
'roles=',
'type=',
@@ -2262,7 +2441,7 @@ diff --exclude-from=exclude --exclude=se
'prefix=',
'mask='
])
-@@ -235,26 +247,39 @@
+@@ -235,26 +254,42 @@
for o,a in gopts:
if o == "-a" or o == "--add":
@@ -2283,6 +2462,9 @@ diff --exclude-from=exclude --exclude=se
+ set_action(o)
deleteall = True
+
++ if o == "-E" or o == "--extract":
++ set_action(o)
++ extract = True
if o == "-f" or o == "--ftype":
ftype=a
@@ -2309,7 +2491,7 @@ diff --exclude-from=exclude --exclude=se
if o == "-n" or o == "--noheading":
heading = False
-@@ -263,8 +288,7 @@
+@@ -263,8 +298,7 @@
locallist = True
if o == "-m"or o == "--modify":
@@ -2319,7 +2501,7 @@ diff --exclude-from=exclude --exclude=se
modify = True
if o == "-S" or o == '--store':
-@@ -297,9 +321,6 @@
+@@ -297,14 +331,12 @@
if o == "-t" or o == "--type":
setype = a
@@ -2329,7 +2511,13 @@ diff --exclude-from=exclude --exclude=se
if o == "--on" or o == "-1":
value = "on"
if o == "--off" or o == "-0":
-@@ -325,9 +346,10 @@
+ value = "off"
+
++
+ if object == "login":
+ OBJECT = seobject.loginRecords(store)
+
+@@ -325,9 +357,10 @@
if object == "boolean":
OBJECT = seobject.booleanRecords(store)
@@ -2342,7 +2530,22 @@ diff --exclude-from=exclude --exclude=se
if object == "permissive":
OBJECT = seobject.permissiveRecords(store)
-@@ -358,9 +380,6 @@
+@@ -343,8 +376,13 @@
+ OBJECT.deleteall()
+ return
+
++ if extract:
++ for i in OBJECT.customized():
++ print "%s %s" % (object, str(i))
++ return
++
+ if len(cmds) != 1:
+- raise ValueError(_("%s bad option") % o)
++ raise ValueError(_("bad option"))
+
+ target = cmds[0]
+
+@@ -358,9 +396,6 @@
if object == "login":
OBJECT.add(target, seuser, serange)
@@ -2352,7 +2555,7 @@ diff --exclude-from=exclude --exclude=se
if object == "user":
OBJECT.add(target, roles.split(), selevel, serange, prefix)
-@@ -370,11 +389,17 @@
+@@ -370,11 +405,17 @@
if object == "interface":
OBJECT.add(target, serange, setype)
@@ -2371,7 +2574,7 @@ diff --exclude-from=exclude --exclude=se
if object == "permissive":
OBJECT.add(target)
-@@ -387,13 +412,18 @@
+@@ -387,13 +428,18 @@
if object == "login":
OBJECT.modify(target, seuser, serange)
@@ -2393,7 +2596,7 @@ diff --exclude-from=exclude --exclude=se
if object == "port":
OBJECT.modify(target, proto, serange, setype)
-@@ -404,7 +434,10 @@
+@@ -404,7 +450,10 @@
OBJECT.modify(target, mask, proto, serange, setype)
if object == "fcontext":
@@ -2405,7 +2608,7 @@ diff --exclude-from=exclude --exclude=se
return
-@@ -423,7 +456,7 @@
+@@ -423,12 +472,13 @@
return
@@ -2414,13 +2617,103 @@ diff --exclude-from=exclude --exclude=se
#
#
+ #
+ try:
++ output = None
+ input = None
+ store = ""
+
+@@ -436,7 +486,7 @@
+ usage(_("Requires 2 or more arguments"))
+
+ gopts, cmds = getopt.getopt(sys.argv[1:],
+- '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:',
++ '01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:',
+ ['add',
+ 'delete',
+ 'deleteall',
+@@ -450,6 +500,7 @@
+ 'localist',
+ 'off',
+ 'on',
++ 'output=',
+ 'proto=',
+ 'seuser=',
+ 'store=',
+@@ -465,6 +516,16 @@
+ store = a
+ if o == "-i" or o == '--input':
+ input = a
++ if o == "-o" or o == '--output':
++ output = a
++
++ if output != None:
++ if output != "-":
++ sys.stdout = open(output, 'w')
++ for i in manageditems:
++ print "%s -D" % i
++ process_args([i, "-E"])
++ sys.exit(0)
+
+ if input != None:
+ if input == "-":
+@@ -474,6 +535,7 @@
+ trans = seobject.semanageRecords(store)
+ trans.start()
+ for l in fd.readlines():
++ print l
+ process_args(mkargv(l))
+ trans.finish()
+ else:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.74/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-09-08 09:03:10.000000000 -0400
-+++ policycoreutils-2.0.74/semanage/seobject.py 2009-10-01 11:34:19.000000000 -0400
-@@ -195,88 +195,6 @@
++++ policycoreutils-2.0.74/semanage/seobject.py 2009-11-02 11:39:02.000000000 -0500
+@@ -37,40 +37,6 @@
+
+ import syslog
+
+-handle = None
+-
+-def get_handle(store):
+- global handle
+- global is_mls_enabled
+-
+- handle = semanage_handle_create()
+- if not handle:
+- raise ValueError(_("Could not create semanage handle"))
+-
+- if store != "":
+- semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
+-
+- if not semanage_is_managed(handle):
+- semanage_handle_destroy(handle)
+- raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
+-
+- rc = semanage_access_check(handle)
+- if rc < SEMANAGE_CAN_READ:
+- semanage_handle_destroy(handle)
+- raise ValueError(_("Cannot read policy store."))
+-
+- rc = semanage_connect(handle)
+- if rc < 0:
+- semanage_handle_destroy(handle)
+- raise ValueError(_("Could not establish semanage connection"))
+-
+- is_mls_enabled = semanage_mls_enabled(handle)
+- if is_mls_enabled < 0:
+- semanage_handle_destroy(handle)
+- raise ValueError(_("Could not test MLS enabled status"))
+-
+- return handle
+-
+ file_types = {}
+ file_types[""] = SEMANAGE_FCONTEXT_ALL;
+ file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
+@@ -194,127 +160,152 @@
+ return trans
else:
return raw
-
+-
-class setransRecords:
- def __init__(self):
- self.filename = selinux.selinux_translations_path()
@@ -2446,10 +2739,13 @@ diff --exclude-from=exclude --exclude=se
- continue
- if self.ddict.has_key(i[0]) == 0:
- self.ddict[i[0]] = i[1]
--
+
- def get_all(self):
- return self.ddict
--
++class semanageRecords:
++ transaction = False
++ handle = None
+
- def out(self):
- rec = ""
- for c in self.comments:
@@ -2471,7 +2767,11 @@ diff --exclude-from=exclude --exclude=se
- def add(self, raw, trans):
- if trans.find(" ") >= 0:
- raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
--
++ def __init__(self, store):
++ global handle
++
++ self.sh = self.get_handle(store)
+
- if validate_level(raw) == None:
- raise ValueError(_("Invalid Level '%s' ") % raw)
-
@@ -2483,7 +2783,9 @@ diff --exclude-from=exclude --exclude=se
-
- def modify(self, raw, trans):
- if trans.find(" ") >= 0:
--
++ def get_handle(self, store):
++ global is_mls_enabled
+
- raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
- if self.ddict.has_key(raw):
- self.ddict[raw] = trans
@@ -2502,12 +2804,81 @@ diff --exclude-from=exclude --exclude=se
- os.chmod(newfilename, os.stat(self.filename)[stat.ST_MODE])
- os.rename(newfilename, self.filename)
- os.system("/sbin/service mcstrans reload > /dev/null")
--
- class semanageRecords:
- def __init__(self, store):
- global handle
-@@ -315,6 +233,77 @@
- self.transaction = False
++ if semanageRecords.handle:
++ return semanageRecords.handle
+
+-class semanageRecords:
+- def __init__(self, store):
+- global handle
++ handle = semanage_handle_create()
++ if not handle:
++ raise ValueError(_("Could not create semanage handle"))
++
++ if store != "":
++ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
+
+- if handle != None:
+- self.sh = handle
+- else:
+- self.sh = get_handle(store)
+- self.transaction = False
++ if not semanage_is_managed(handle):
++ semanage_handle_destroy(handle)
++ raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
++
++ rc = semanage_access_check(handle)
++ if rc < SEMANAGE_CAN_READ:
++ semanage_handle_destroy(handle)
++ raise ValueError(_("Cannot read policy store."))
++
++ rc = semanage_connect(handle)
++ if rc < 0:
++ semanage_handle_destroy(handle)
++ raise ValueError(_("Could not establish semanage connection"))
++
++ is_mls_enabled = semanage_mls_enabled(handle)
++ if is_mls_enabled < 0:
++ semanage_handle_destroy(handle)
++ raise ValueError(_("Could not test MLS enabled status"))
++
++ semanageRecords.handle = handle
++ return semanageRecords.handle
+
+ def deleteall(self):
+ raise ValueError(_("Not yet implemented"))
+
+ def start(self):
+- if self.transaction:
++ if semanageRecords.transaction:
+ raise ValueError(_("Semanage transaction already in progress"))
+ self.begin()
+- self.transaction = True
+-
++ semanageRecords.transaction = True
+ def begin(self):
+- if self.transaction:
++ if semanageRecords.transaction:
+ return
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
++ def customized(self):
++ raise ValueError(_("Not yet implemented"))
++
+ def commit(self):
+- if self.transaction:
++ if semanageRecords.transaction:
+ return
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not commit semanage transaction"))
+
+ def finish(self):
+- if not self.transaction:
++ if not semanageRecords.transaction:
+ raise ValueError(_("Semanage transaction not in progress"))
+- self.transaction = False
++ semanageRecords.transaction = False
self.commit()
+class moduleRecords(semanageRecords):
@@ -2584,7 +2955,7 @@ diff --exclude-from=exclude --exclude=se
class dontauditClass(semanageRecords):
def __init__(self, store):
semanageRecords.__init__(self, store)
-@@ -341,6 +330,7 @@
+@@ -341,6 +332,7 @@
name = semanage_module_get_name(mod)
if name and name.startswith("permissive_"):
l.append(name.split("permissive_")[1])
@@ -2592,7 +2963,186 @@ diff --exclude-from=exclude --exclude=se
return l
def list(self, heading = 1, locallist = 0):
-@@ -1120,7 +1110,7 @@
+@@ -425,7 +417,9 @@
+ if rc < 0:
+ raise ValueError(_("Could not check if login mapping for %s is defined") % name)
+ if exists:
+- raise ValueError(_("Login mapping for %s is already defined") % name)
++ semanage_seuser_key_free(k)
++ return self.__modify(name, sename, serange)
++
+ if name[0] == '%':
+ try:
+ grp.getgrnam(name[1:])
+@@ -557,6 +551,16 @@
+
+ mylog.log(1, "delete SELinux user mapping", name);
+
++ def deleteall(self):
++ (rc, ulist) = semanage_seuser_list_local(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not list login mappings"))
++
++ self.begin()
++ for u in ulist:
++ self.__delete(semanage_seuser_get_name(u))
++ self.commit()
++
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+@@ -571,6 +575,15 @@
+ ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
+ return ddict
+
++ def customized(self):
++ l = []
++ ddict = self.get_all(True)
++ keys = ddict.keys()
++ keys.sort()
++ for k in keys:
++ l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
++ return l
++
+ def list(self,heading = 1, locallist = 0):
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+@@ -613,7 +626,8 @@
+ if rc < 0:
+ raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+ if exists:
+- raise ValueError(_("SELinux user %s is already defined") % name)
++ semanage_user_key_free(k)
++ return self.__modify(name, roles, selevel, serange, prefix)
+
+ (rc, u) = semanage_user_create(self.sh)
+ if rc < 0:
+@@ -764,6 +778,16 @@
+
+ mylog.log(1,"delete SELinux user record", name)
+
++ def deleteall(self):
++ (rc, ulist) = semanage_user_list_local(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not list login mappings"))
++
++ self.begin()
++ for u in ulist:
++ self.__delete(semanage_user_get_name(u))
++ self.commit()
++
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+@@ -784,6 +808,15 @@
+
+ return ddict
+
++ def customized(self):
++ l = []
++ ddict = self.get_all(True)
++ keys = ddict.keys()
++ keys.sort()
++ for k in keys:
++ l.append("-a -r %s -R '%s' %s" % (ddict[k][2], ddict[k][3], k))
++ return l
++
+ def list(self, heading = 1, locallist = 0):
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+@@ -822,12 +855,16 @@
+ low = int(ports[0])
+ high = int(ports[1])
+
++ if high > 65536:
++ raise ValueError(_("Invalid Port"))
++
+ (rc, k) = semanage_port_key_create(self.sh, low, high, proto_d)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
+ return ( k, proto_d, low, high )
+
+ def __add(self, port, proto, serange, type):
++
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+@@ -843,7 +880,8 @@
+ if rc < 0:
+ raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
+ if exists:
+- raise ValueError(_("Port %s/%s already defined") % (proto, port))
++ semanage_port_key_free(k)
++ return self.__modify(port, proto, serange, type)
+
+ (rc, p) = semanage_port_create(self.sh)
+ if rc < 0:
+@@ -890,6 +928,7 @@
+ self.commit()
+
+ def __modify(self, port, proto, serange, setype):
++
+ if serange == "" and setype == "":
+ if is_mls_enabled == 1:
+ raise ValueError(_("Requires setype or serange"))
+@@ -1024,6 +1063,18 @@
+ ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
+ return ddict
+
++ def customized(self):
++ l = []
++ ddict = self.get_all(True)
++ keys = ddict.keys()
++ keys.sort()
++ for k in keys:
++ if k[0] == k[1]:
++ l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], k[0]))
++ else:
++ l.append("-a -t %s -p %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
++ return l
++
+ def list(self, heading = 1, locallist = 0):
+ if heading:
+ print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
+@@ -1040,7 +1091,8 @@
+ class nodeRecords(semanageRecords):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self,store)
+-
++ self.protocol = ["ipv4", "ipv6"]
++
+ def __add(self, addr, mask, proto, serange, ctype):
+ if addr == "":
+ raise ValueError(_("Node Address is required"))
+@@ -1048,14 +1100,11 @@
+ if mask == "":
+ raise ValueError(_("Node Netmask is required"))
+
+- if proto == "ipv4":
+- proto = 0
+- elif proto == "ipv6":
+- proto = 1
+- else:
++ try:
++ proto = self.protocol.index(proto)
++ except:
+ raise ValueError(_("Unknown or missing protocol"))
+
+-
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+@@ -1073,7 +1122,8 @@
+
+ (rc, exists) = semanage_node_exists(self.sh, k)
+ if exists:
+- raise ValueError(_("Addr %s already defined") % addr)
++ semanage_node_key_free(k)
++ return self.__modify(addr, mask, self.protocol[proto], serange, ctype)
+
+ (rc, node) = semanage_node_create(self.sh)
+ if rc < 0:
+@@ -1120,7 +1170,7 @@
def add(self, addr, mask, proto, serange, ctype):
self.begin()
@@ -2601,7 +3151,126 @@ diff --exclude-from=exclude --exclude=se
self.commit()
def __modify(self, addr, mask, proto, serange, setype):
-@@ -1420,6 +1410,48 @@
+@@ -1129,13 +1179,10 @@
+
+ if mask == "":
+ raise ValueError(_("Node Netmask is required"))
+- if proto == "ipv4":
+- proto = 0
+- elif proto == "ipv6":
+- proto = 1
+- else:
+- raise ValueError(_("Unknown or missing protocol"))
+-
++ try:
++ proto = self.protocol.index(proto)
++ except:
++ raise ValueError(_("Unknown or missing protocol"))
+
+ if serange == "" and setype == "":
+ raise ValueError(_("Requires setype or serange"))
+@@ -1180,11 +1227,9 @@
+ if mask == "":
+ raise ValueError(_("Node Netmask is required"))
+
+- if proto == "ipv4":
+- proto = 0
+- elif proto == "ipv6":
+- proto = 1
+- else:
++ try:
++ proto = self.protocol.index(proto)
++ except:
+ raise ValueError(_("Unknown or missing protocol"))
+
+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
+@@ -1214,6 +1259,16 @@
+ self.__delete(addr, mask, proto)
+ self.commit()
+
++ def deleteall(self):
++ (rc, nlist) = semanage_node_list_local(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not deleteall node mappings"))
++
++ self.begin()
++ for node in nlist:
++ self.__delete(semanage_node_get_addr(self.sh, node)[1], semanage_node_get_mask(self.sh, node)[1], self.protocol[semanage_node_get_proto(node)])
++ self.commit()
++
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist :
+@@ -1227,15 +1282,20 @@
+ con = semanage_node_get_con(node)
+ addr = semanage_node_get_addr(self.sh, node)
+ mask = semanage_node_get_mask(self.sh, node)
+- proto = semanage_node_get_proto(node)
+- if proto == 0:
+- proto = "ipv4"
+- elif proto == 1:
+- proto = "ipv6"
++ proto = self.protocol[semanage_node_get_proto(node)]
+ ddict[(addr[1], mask[1], proto)] = (semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
+
+ return ddict
+
++ def customized(self):
++ l = []
++ ddict = self.get_all(True)
++ keys = ddict.keys()
++ keys.sort()
++ for k in keys:
++ l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2],ddict[k][2], k[0]))
++ return l
++
+ def list(self, heading = 1, locallist = 0):
+ if heading:
+ print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
+@@ -1275,7 +1335,8 @@
+ if rc < 0:
+ raise ValueError(_("Could not check if interface %s is defined") % interface)
+ if exists:
+- raise ValueError(_("Interface %s already defined") % interface)
++ semanage_iface_key_free(k)
++ return self.__modify(interface, serange, ctype)
+
+ (rc, iface) = semanage_iface_create(self.sh)
+ if rc < 0:
+@@ -1389,6 +1450,16 @@
+ self.__delete(interface)
+ self.commit()
+
++ def deleteall(self):
++ (rc, ulist) = semanage_iface_list_local(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not delete all interface mappings"))
++
++ self.begin()
++ for i in ulist:
++ self.__delete(semanage_iface_get_name(i))
++ self.commit()
++
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+@@ -1404,6 +1475,15 @@
+
+ return ddict
+
++ def customized(self):
++ l = []
++ ddict = self.get_all(True)
++ keys = ddict.keys()
++ keys.sort()
++ for k in keys:
++ l.append("-a -t %s %s" % (ddict[k][2], k))
++ return l
++
+ def list(self, heading = 1, locallist = 0):
+ if heading:
+ print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
+@@ -1420,6 +1500,48 @@
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@@ -2650,7 +3319,17 @@ diff --exclude-from=exclude --exclude=se
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
-@@ -1586,9 +1618,16 @@
+@@ -1470,7 +1592,8 @@
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
+
+ if exists:
+- raise ValueError(_("File context for %s already defined") % target)
++ semanage_fcontext_key_free(k)
++ return self.__modify(target, type, ftype, serange, seuser)
+
+ (rc, fcontext) = semanage_fcontext_create(self.sh)
+ if rc < 0:
+@@ -1586,9 +1709,16 @@
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@@ -2667,9 +3346,20 @@ diff --exclude-from=exclude --exclude=se
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
-@@ -1644,11 +1683,11 @@
+@@ -1643,12 +1773,22 @@
+
return ddict
++ def customized(self):
++ l = []
++ fcon_dict = self.get_all(True)
++ keys = fcon_dict.keys()
++ keys.sort()
++ for k in keys:
++ if fcon_dict[k]:
++ l.append("-a -f '%s' -t %s '%s'" % (k[1], fcon_dict[k][2], k[0]))
++ return l
++
def list(self, heading = 1, locallist = 0 ):
- if heading:
- print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
@@ -2681,9 +3371,26 @@ diff --exclude-from=exclude --exclude=se
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
+@@ -1794,6 +1934,16 @@
+ else:
+ return _("unknown")
+
++ def customized(self):
++ l = []
++ ddict = self.get_all(True)
++ keys = ddict.keys()
++ keys.sort()
++ for k in keys:
++ if ddict[k]:
++ l.append("-%s %s" % (ddict[k][2], k))
++ return l
++
+ def list(self, heading = True, locallist = False, use_file = False):
+ on_off = (_("off"), _("on"))
+ if use_file:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.74/semodule/semodule.8
--- nsapolicycoreutils/semodule/semodule.8 2009-09-17 08:59:43.000000000 -0400
-+++ policycoreutils-2.0.74/semodule/semodule.8 2009-09-25 15:21:16.000000000 -0400
++++ policycoreutils-2.0.74/semodule/semodule.8 2009-10-15 10:37:41.000000000 -0400
@@ -35,6 +35,12 @@
.B \-b,\-\-base=MODULE_PKG
install/replace base module package
@@ -2699,7 +3406,7 @@ diff --exclude-from=exclude --exclude=se
.TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.74/semodule/semodule.c
--- nsapolicycoreutils/semodule/semodule.c 2009-09-17 08:59:43.000000000 -0400
-+++ policycoreutils-2.0.74/semodule/semodule.c 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/semodule/semodule.c 2009-10-15 10:37:41.000000000 -0400
@@ -22,12 +22,12 @@
#include <semanage/modules.h>
@@ -2819,7 +3526,7 @@ diff --exclude-from=exclude --exclude=se
}
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.74/setfiles/Makefile
--- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400
-+++ policycoreutils-2.0.74/setfiles/Makefile 2009-09-25 15:21:58.000000000 -0400
++++ policycoreutils-2.0.74/setfiles/Makefile 2009-10-15 10:37:41.000000000 -0400
@@ -16,7 +16,7 @@
all: setfiles restorecon
@@ -2831,7 +3538,7 @@ diff --exclude-from=exclude --exclude=se
ln -sf setfiles restorecon
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.74/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/setfiles/restore.c 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/setfiles/restore.c 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,519 @@
+#include "restore.h"
+
@@ -3352,9 +4059,35 @@ diff --exclude-from=exclude --exclude=se
+
+
+
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.74/setfiles/restorecon.8
+--- nsapolicycoreutils/setfiles/restorecon.8 2008-08-28 09:34:24.000000000 -0400
++++ policycoreutils-2.0.74/setfiles/restorecon.8 2009-10-22 08:41:15.000000000 -0400
+@@ -4,10 +4,10 @@
+
+ .SH "SYNOPSIS"
+ .B restorecon
+-.I [\-o outfilename ] [\-R] [\-n] [\-v] [\-e directory ] pathname...
++.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] pathname...
+ .P
+ .B restorecon
+-.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-v] [\-F]
++.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-p] [\-v] [\-F]
+
+ .SH "DESCRIPTION"
+ This manual page describes the
+@@ -40,6 +40,9 @@
+ .TP
+ .B \-o outfilename
+ save list of files with incorrect context in outfilename.
++.TP
++.B \-p
++show progress by printing * every 1000 files.
+ .TP
+ .B \-v
+ show changes in file labels.
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.74/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/setfiles/restore.h 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/setfiles/restore.h 2009-10-15 10:37:41.000000000 -0400
@@ -0,0 +1,49 @@
+#ifndef RESTORE_H
+#define RESTORE_H
@@ -3405,10 +4138,22 @@ diff --exclude-from=exclude --exclude=se
+int process_one(char *name, int recurse);
+
+#endif
-Binary files nsapolicycoreutils/setfiles/restore.o and policycoreutils-2.0.74/setfiles/restore.o differ
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.74/setfiles/setfiles.8
+--- nsapolicycoreutils/setfiles/setfiles.8 2008-08-28 09:34:24.000000000 -0400
++++ policycoreutils-2.0.74/setfiles/setfiles.8 2009-10-22 08:37:16.000000000 -0400
+@@ -31,6 +31,9 @@
+ .TP
+ .B \-n
+ don't change any file labels.
++.TP
++.B \-p
++show progress by printing * every 1000 files.
+ .TP
+ .B \-q
+ suppress non-error output.
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.74/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-09-17 08:59:43.000000000 -0400
-+++ policycoreutils-2.0.74/setfiles/setfiles.c 2009-09-20 21:26:36.000000000 -0400
++++ policycoreutils-2.0.74/setfiles/setfiles.c 2009-10-22 08:42:29.000000000 -0400
@@ -1,26 +1,12 @@
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
@@ -3484,7 +4229,7 @@ diff --exclude-from=exclude --exclude=se
#define SETFILES "setfiles"
#define RESTORECON "restorecon"
-@@ -73,246 +41,9 @@
+@@ -73,257 +41,20 @@
/* Behavior flags determined based on setfiles vs. restorecon */
static int expand_realpath; /* Expand paths via realpath. */
@@ -3731,6 +4476,19 @@ diff --exclude-from=exclude --exclude=se
void usage(const char *const name)
{
if (iamrestorecon) {
+ fprintf(stderr,
+- "usage: %s [-iFnrRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
++ "usage: %s [-iFnprRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ name);
+ } else {
+ fprintf(stderr,
+ "usage: %s [-dnpqvW] [-o filename] [-r alt_root_path ] spec_file pathname...\n"
+ "usage: %s -c policyfile spec_file\n"
+- "usage: %s -s [-dnqvW] [-o filename ] spec_file\n", name, name,
++ "usage: %s -s [-dnpqvW] [-o filename ] spec_file\n", name, name,
+ name);
+ }
+ exit(1);
@@ -334,194 +65,30 @@
void inc_err()
{
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils.spec,v
retrieving revision 1.653
retrieving revision 1.654
diff -u -p -r1.653 -r1.654
--- policycoreutils.spec 19 Oct 2009 20:14:48 -0000 1.653
+++ policycoreutils.spec 2 Nov 2009 16:40:36 -0000 1.654
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.74
-Release: 12%{?dist}
+Release: 15%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -296,6 +296,16 @@ fi
exit 0
%changelog
+* Fri Oct 30 2009 Dan Walsh <dwalsh at redhat.com> 2.0.74-15
+- Fix typo in seobject.py
+
+* Fri Oct 30 2009 Dan Walsh <dwalsh at redhat.com> 2.0.74-14
+- Allow semanage -i and semanage -o to generate customization files.
+- semanage -o will generate a customization file that semanage -i can read and set a machines to the same selinux configuration
+
+* Tue Oct 20 2009 Dan Walsh <dwalsh at redhat.com> 2.0.74-13
+- Fix restorecond man page
+
* Mon Oct 19 2009 Dan Walsh <dwalsh at redhat.com> 2.0.74-12
- Add generation of the users context file to polgengui
More information about the fedora-extras-commits
mailing list