rpms/policycoreutils/F-12 policycoreutils-rhat.patch, 1.448, 1.449 policycoreutils.spec, 1.649, 1.650
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Oct 6 16:11:12 UTC 2009
- Previous message (by thread): rpms/policycoreutils/devel policycoreutils-gui.patch, 1.93, 1.94 policycoreutils-rhat.patch, 1.448, 1.449 policycoreutils.spec, 1.649, 1.650
- Next message (by thread): rpms/sdcc/F-11 sdcc-2.9.0-r5508-fix-bug2805333.diff, NONE, 1.1 sdcc.spec, 1.15, 1.16
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26722
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Thu Oct 6 2009 Dan Walsh <dwalsh at redhat.com> 2.0.74-8
- Add check to sandbox to verify save changes - Chris Pardy
- Fix memory leak in restorecond - Steve Grubb
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 14
load_policy/Makefile | 5
restorecond/Makefile | 24 -
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.c | 422 +++---------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 18
restorecond/restorecond.init | 5
restorecond/restorecond_user.conf | 2
restorecond/user.c | 237 ++++++++++
restorecond/watch.c | 253 +++++++++++
sandbox/Makefile | 31 +
sandbox/deliverables/README | 32 +
sandbox/deliverables/basicwrapper | 4
sandbox/deliverables/run-in-sandbox.py | 49 ++
sandbox/deliverables/sandbox | 216 +++++++++
sandbox/sandbox | 242 ++++++++++
sandbox/sandbox.8 | 26 +
sandbox/sandboxX.sh | 16
sandbox/seunshare.c | 265 +++++++++++
scripts/Makefile | 2
scripts/chcat | 2
semanage/semanage | 99 ++--
semanage/seobject.py | 209 +++++----
semodule/semodule.8 | 6
semodule/semodule.c | 53 ++
setfiles/Makefile | 2
setfiles/restore.c | 519 ++++++++++++++++++++++
setfiles/restore.h | 49 ++
setfiles/setfiles.c | 643 +++-------------------------
32 files changed, 2398 insertions(+), 1064 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils-rhat.patch,v
retrieving revision 1.448
retrieving revision 1.449
diff -u -p -r1.448 -r1.449
--- policycoreutils-rhat.patch 1 Oct 2009 15:44:12 -0000 1.448
+++ policycoreutils-rhat.patch 6 Oct 2009 16:11:11 -0000 1.449
@@ -939,8 +939,8 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.74/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/watch.c 2009-09-20 21:26:36.000000000 -0400
-@@ -0,0 +1,254 @@
++++ policycoreutils-2.0.74/restorecond/watch.c 2009-10-06 12:06:56.000000000 -0400
+@@ -0,0 +1,253 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
+#include <errno.h>
@@ -985,8 +985,7 @@ diff --exclude-from=exclude --exclude=se
+ struct watchList *prev = NULL;
+ glob_t globbuf;
+ char *x = strdup(path);
-+ if (!x)
-+ exitApp("Out of Memory");
++ if (!x) exitApp("Out of Memory");
+ char *file = basename(x);
+ char *dir = dirname(x);
+ ptr = firstDir;
@@ -1017,12 +1016,12 @@ diff --exclude-from=exclude --exclude=se
+ }
+ ptr = calloc(1, sizeof(struct watchList));
+
-+ if (!ptr)
-+ exitApp("Out of Memory");
++ if (!ptr) exitApp("Out of Memory");
+
+ ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
+ if (ptr->wd == -1) {
+ free(ptr);
++ free(x);
+ syslog(LOG_ERR, "Unable to watch (%s) %s\n",
+ path, strerror(errno));
+ return;
@@ -1195,6 +1194,323 @@ diff --exclude-from=exclude --exclude=se
+ exitApp("Error watching config file.");
+}
+
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.74/sandbox/deliverables/basicwrapper
+--- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.74/sandbox/deliverables/basicwrapper 2009-08-14 10:53:53.000000000 -0400
+@@ -0,0 +1,4 @@
++import os, sys
++SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
++SANDBOX_ARGS.extend(sys.argv[1::])
++os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.74/sandbox/deliverables/README
+--- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.74/sandbox/deliverables/README 2009-08-14 10:56:22.000000000 -0400
+@@ -0,0 +1,32 @@
++Files:
++run-in-sandbox.py:
++ adds the run in sandbox extension to nautilus
++ copy to .nautilus/python-extensions
++ yum install nautilus-python
++
++sandbox:
++ adds support for file checking, This was working I don't know why it didn't at that presentation
++ adds support for file relabeling, This is/was also working.
++
++basicwrapper:
++ This is pretty much the most basic condor wrapper you can create, it requires the -f option in sandbox. Also I can't make this work, maybe the grid team will have more luck.
++
++Other:
++Xguest Live cd:
++ There's a tutorial on live cds here: http://www.ibm.com/developerworks/library/l-fedora-livecd/index.html?ca=dgr-lnxw16FedoraLiveCD
++ It looks like David Zeuthen is head guy in the live cd department, he might be worth talking to.
++
++System-config-selinux:
++ wiki: fedorahosted.org/system-config-selinux
++ realeases: fedorahosted.org/releases/s/y/system-config-selinux/ includes a spec,srpm, and tarball of current version
++ The project is technically owned by Roman Rakus (rrakus at redhat.com) I've sent him an email asking him to make you a git contributor.
++ I'll continue making updates to this and make sure it gets into the repos.
++
++Assuming I don't get to keep my RedHat email you can contact me:
++email: chris.pardy at gmail.com
++phone: 1-207-838-7119
++
++I'll probably continue to be on the #fedora-selinux and #selinux irc channels
++
++Thanks for a great summer.
++Chris Pardy
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.74/sandbox/deliverables/run-in-sandbox.py
+--- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.74/sandbox/deliverables/run-in-sandbox.py 2009-08-14 10:25:38.000000000 -0400
+@@ -0,0 +1,49 @@
++import os
++import os.path
++import urllib
++
++import nautilus
++import gtk
++import gconf
++
++class RunInSandboxExtension(nautilus.MenuProvider):
++ def __init__(self):
++ self.client = gconf.client_get_default()
++
++ def sandbox_init(self,file,path):
++ if os.path.basename(path).endswith('.desktop'):
++ import re
++ f = open(path,'r')
++ for i in f.readlines():
++ m = re.match(r'Exec=(?P<name>\S+)',i)
++ if m:
++ path = m.group('name')
++ f.close()
++ break
++ os.system('/usr/bin/sandbox -X %s &' % path)
++
++ def get_file_items(self, window, files):
++ if len(files) != 1:
++ return
++
++ file = files[0]
++
++ if file.is_directory():
++ return
++
++ if file.get_uri_scheme() != 'file':
++ return
++
++ path = file.get_uri().replace('file://','',1)
++ if not os.access(path,os.X_OK):
++ return
++
++ path = os.path.realpath(path)
++
++ item = nautilus.MenuItem('NautilusPython::openterminal_file_items','Run In Sandbox','Run %s in Sandbox' % file.get_name())
++ item.connect('activate',self.sandbox_init,path)
++ return item,
++
++ def get_background_items(self, window, file):
++ return
++
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/sandbox policycoreutils-2.0.74/sandbox/deliverables/sandbox
+--- nsapolicycoreutils/sandbox/deliverables/sandbox 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.74/sandbox/deliverables/sandbox 2009-08-14 10:22:47.000000000 -0400
+@@ -0,0 +1,216 @@
++#!/usr/bin/python -E
++import os, sys, getopt, socket, random, fcntl, shutil
++import selinux
++
++PROGNAME = "policycoreutils"
++
++import gettext
++gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
++gettext.textdomain(PROGNAME)
++
++try:
++ gettext.install(PROGNAME,
++ localedir = "/usr/share/locale",
++ unicode=False,
++ codeset = 'utf-8')
++except IOError:
++ import __builtin__
++ __builtin__.__dict__['_'] = unicode
++
++
++DEFAULT_TYPE = "sandbox_t"
++DEFAULT_X_TYPE = "sandbox_x_t"
++
++X_FILES = {}
++OLD_FCONTEXTS = {}
++
++random.seed(None)
++
++def error_exit(msg):
++ sys.stderr.write("%s: " % sys.argv[0])
++ sys.stderr.write("%s\n" % msg)
++ sys.stderr.flush()
++ sys.exit(1)
++
++def reserve(mcs):
++ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
++ sock.bind("\0%s" % mcs)
++ fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
++
++def gen_context(setype):
++ while True:
++ i1 = random.randrange(0, 1024)
++ i2 = random.randrange(0, 1024)
++ if i1 == i2:
++ continue
++ if i1 > i2:
++ tmp = i1
++ i1 = i2
++ i2 = tmp
++ mcs = "s0:c%d,c%d" % (i1, i2)
++ reserve(mcs)
++ try:
++ reserve(mcs)
++ except:
++ continue
++ break
++ con = selinux.getcon()[1].split(":")
++
++ execcon = "%s:%s:%s:%s" % (con[0], con[1], setype, mcs)
++
++ filecon = "%s:%s:%s:%s" % (con[0],
++ "object_r",
++ "%s_file_t" % setype[:-2],
++ mcs)
++ return execcon, filecon
++
++def copyfile(file, dir, dest):
++ import re
++ if file.startswith(dir):
++ dname = os.path.dirname(file)
++ bname = os.path.basename(file)
++ if dname == dir:
++ dest = dest + "/" + bname
++ else:
++ newdir = re.sub(dir, dest, dname)
++ os.makedirs(newdir)
++ dest = newdir + "/" + bname
++
++ if os.path.isdir(file):
++ shutil.copytree(file, dest)
++ else:
++ shutil.copy2(file, dest)
++ X_FILES[dest] = os.path.getmtime(dest)
++
++def copyfiles(newhomedir, newtmpdir, files):
++ import pwd
++ homedir=pwd.getpwuid(os.getuid()).pw_dir
++
++ for f in files:
++ copyfile(f,homedir, newhomedir)
++ copyfile(f,"/tmp", newtmpdir)
++
++def uncopyfile(newhomedir,file):
++ import pwd
++ homedir=pwd.getpwuid(os.getuid()).pw_dir
++ copyfile(file,newhomedir,homedir)
++
++if __name__ == '__main__':
++ if selinux.is_selinux_enabled() != 1:
++ error_exit("Requires an SELinux enabled system")
++
++ init_files = []
++
++ def usage(message = ""):
++ text = _("""
++sandbox [-h] [-I includefile ] [[-i file ] ...] [[-f file] ...][ -t type ] command
++""")
++ error_exit("%s\n%s" % (message, text))
++
++ setype = DEFAULT_TYPE
++ X_ind = False
++ try:
++ gopts, cmds = getopt.getopt(sys.argv[1:], "i:ht:XI:f:",
++ ["help",
++ "include=",
++ "includefile=",
++ "type="
++ "file="
++ ])
++ for o, a in gopts:
++ if o == "-t" or o == "--type":
++ setype = a
++
++ if o == "-i" or o == "--include":
++ rp = os.path.realpath(a)
++ if rp not in init_files:
++ init_files.append(rp)
++
++ if o == "-f" or o == "--file":
++ rp = os.path.realpath(a)
++ OLD_FCONTEXTS[a] = selinux.getfilecon(rp)[1]
++
++ if o == "-I" or o == "--includefile":
++ fd = open(a, "r")
++ for i in fd.read().split("\n"):
++ if os.path.exists(i):
++ rp = os.path.realpath(i)
++ if rp not in init_files:
++ init_files.append(rp)
++
++ fd.close
++
++ if o == "-X":
++ if DEFAULT_TYPE == setype:
++ setype = DEFAULT_X_TYPE
++ X_ind = True
++
++ if o == "-h" or o == "--help":
++ usage(_("Usage"));
++
++ if len(cmds) == 0:
++ usage(_("Command required"))
++
++ execcon, filecon = gen_context(setype)
++ rc = -1
++
++ if cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
++ for i in os.environ["PATH"].split(':'):
++ f = "%s/%s" % (i, cmds[0])
++ if os.access(f, os.X_OK):
++ cmds[0] = f
++ break
++
++ try:
++ if X_ind:
++ import warnings
++ warnings.simplefilter("ignore")
++ newhomedir = os.tempnam(".", ".sandbox%s")
++ os.mkdir(newhomedir)
++ selinux.setfilecon(newhomedir, filecon)
++ newtmpdir = os.tempnam("/tmp", ".sandbox")
++ os.mkdir(newtmpdir)
++ selinux.setfilecon(newtmpdir, filecon)
++ warnings.resetwarnings()
++ copyfiles(newhomedir, newtmpdir, init_files + cmds)
++ execfile = newhomedir + "/.sandboxrc"
++ fd = open(execfile, "w+")
++ fd.write("""#! /bin/sh
++%s
++""" % " ".join(cmds))
++ fd.close()
++ os.chmod(execfile, 0700)
++
++ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (newtmpdir, newhomedir, execcon)).split()
++ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
++ for i in X_FILES.keys():
++ if os.path.getmtime(i) > X_FILES[i]:
++ yn = raw_input("do you want to save your changes to the file %s (Y/N): " % os.path.basename(i)).lower()
++ if yn.startswith('y'):
++ uncopyfile(newhomedir,i)
++ else:
++ for i in OLD_FCONTEXTS.keys():
++ selinux.setfilecon(i,filecon)
++ selinux.setexeccon(execcon)
++ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
++ selinux.setexeccon(None)
++ for i in OLD_FCONTEXTS.keys():
++ selinux.setfilecon(i,OLD_FCONTEXTS[i])
++ finally:
++ if X_ind:
++ shutil.rmtree(newhomedir)
++ shutil.rmtree(newtmpdir)
++
++ except getopt.GetoptError, error:
++ usage(_("Options Error %s ") % error.msg)
++ except OSError, error:
++ error_exit(error.args[1])
++ except ValueError, error:
++ error_exit(error.args[0])
++ except KeyError, error:
++ error_exit(_("Invalid value %s") % error.args[0])
++ except IOError, error:
++ error_exit(error.args[1])
++
++ sys.exit(rc)
++
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.74/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.74/sandbox/Makefile 2009-09-20 21:26:36.000000000 -0400
@@ -1232,8 +1548,8 @@ diff --exclude-from=exclude --exclude=se
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.74/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/sandbox 2009-09-23 11:24:57.000000000 -0400
-@@ -0,0 +1,222 @@
++++ policycoreutils-2.0.74/sandbox/sandbox 2009-10-06 11:48:36.000000000 -0400
+@@ -0,0 +1,242 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil
+import selinux
@@ -1257,11 +1573,11 @@ diff --exclude-from=exclude --exclude=se
+
+DEFAULT_TYPE = "sandbox_t"
+DEFAULT_X_TYPE = "sandbox_x_t"
++X_FILES = {}
+
+random.seed(None)
+
+def sighandler(signum, frame):
-+ print "exiting on signal %s" % signum
+ signal.signal(signum, signal.SIG_IGN)
+ os.kill(0, signum)
+ raise KeyboardInterrupt
@@ -1325,6 +1641,7 @@ diff --exclude-from=exclude --exclude=se
+ shutil.copytree(file, dest)
+ else:
+ shutil.copy2(file, dest)
++ X_FILES[file] = (dest, os.path.getmtime(dest))
+
+def copyfiles(newhomedir, newtmpdir, files):
+ import pwd
@@ -1333,6 +1650,19 @@ diff --exclude-from=exclude --exclude=se
+ copyfile(f,homedir, newhomedir)
+ copyfile(f,"/tmp", newtmpdir)
+
++def savefile(new, orig):
++ import gtk
++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
++ gtk.BUTTONS_YES_NO,
++ _("Do you want to save changes to '%s' (Y/N): ") % orig)
++ dlg.set_title(_("Sandbox Message"))
++ dlg.set_position(gtk.WIN_POS_MOUSE)
++ dlg.show_all()
++ rc = dlg.run()
++ dlg.destroy()
++ if rc == gtk.RESPONSE_YES:
++ shutil.copy2(new,orig)
++
+if __name__ == '__main__':
+ setup_sighandlers()
+ if selinux.is_selinux_enabled() != 1:
@@ -1430,6 +1760,12 @@ diff --exclude-from=exclude --exclude=se
+
+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (newtmpdir, newhomedir, execcon)).split()
+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
++ for i in paths:
++ if i not in X_FILES:
++ continue
++ (dest, mtime) = X_FILES[i]
++ if os.path.getmtime(dest) > mtime:
++ savefile(dest, i)
+ else:
+ selinux.setexeccon(execcon)
+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils.spec,v
retrieving revision 1.649
retrieving revision 1.650
diff -u -p -r1.649 -r1.650
--- policycoreutils.spec 2 Oct 2009 12:49:35 -0000 1.649
+++ policycoreutils.spec 6 Oct 2009 16:11:12 -0000 1.650
@@ -296,8 +296,9 @@ fi
exit 0
%changelog
-* Fri Oct 2 2009 Dan Walsh <dwalsh at redhat.com> 2.0.74-8
-- More template fixes
+* Thu Oct 6 2009 Dan Walsh <dwalsh at redhat.com> 2.0.74-8
+- Add check to sandbox to verify save changes - Chris Pardy
+- Fix memory leak in restorecond - Steve Grubb
* Thu Oct 1 2009 Dan Walsh <dwalsh at redhat.com> 2.0.74-7
- Fixes Templates
- Previous message (by thread): rpms/policycoreutils/devel policycoreutils-gui.patch, 1.93, 1.94 policycoreutils-rhat.patch, 1.448, 1.449 policycoreutils.spec, 1.649, 1.650
- Next message (by thread): rpms/sdcc/F-11 sdcc-2.9.0-r5508-fix-bug2805333.diff, NONE, 1.1 sdcc.spec, 1.15, 1.16
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list