|
 |
18134cb |
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-2.0.16/audit2allow/Makefile
|
|
|
18134cb |
--- nsapolicycoreutils/audit2allow/Makefile 2007-05-04 09:14:49.000000000 -0400
|
|
|
14baf19 |
+++ policycoreutils-2.0.16/audit2allow/Makefile 2007-06-13 09:13:09.000000000 -0400
|
|
|
4d432c7 |
@@ -1,6 +1,7 @@
|
|
|
5d00d2f |
# Installation directories.
|
|
|
5d00d2f |
PREFIX ?= ${DESTDIR}/usr
|
|
|
4d432c7 |
BINDIR ?= $(PREFIX)/bin
|
|
|
4d432c7 |
+SBINDIR ?= $(PREFIX)/sbin
|
|
|
5d00d2f |
LIBDIR ?= $(PREFIX)/lib
|
|
|
5d00d2f |
MANDIR ?= $(PREFIX)/share/man
|
|
|
5d00d2f |
LOCALEDIR ?= /usr/share/locale
|
|
|
4d432c7 |
@@ -10,7 +11,7 @@
|
|
|
4d432c7 |
install: all
|
|
|
4d432c7 |
-mkdir -p $(BINDIR)
|
|
|
4d432c7 |
install -m 755 audit2allow $(BINDIR)
|
|
|
4d432c7 |
- install -m 755 sepolgen-ifgen $(BINDIR)
|
|
|
4d432c7 |
+ install -m 755 sepolgen-ifgen $(SBINDIR)
|
|
|
4d432c7 |
-mkdir -p $(MANDIR)/man1
|
|
|
4d432c7 |
install -m 644 audit2allow.1 $(MANDIR)/man1/
|
|
|
4d432c7 |
|
|
|
18134cb |
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.16/Makefile
|
|
|
18134cb |
--- nsapolicycoreutils/Makefile 2007-05-04 09:14:49.000000000 -0400
|
|
|
14baf19 |
+++ policycoreutils-2.0.16/Makefile 2007-06-13 09:13:09.000000000 -0400
|
|
|
06b3267 |
@@ -1,4 +1,4 @@
|
|
|
06b3267 |
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
|
|
06b3267 |
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
|
|
06b3267 |
|
|
|
06b3267 |
all install relabel clean indent:
|
|
|
06b3267 |
@for subdir in $(SUBDIRS); do \
|
|
|
18134cb |
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-2.0.16/restorecon/restorecon.c
|
|
|
18134cb |
--- nsapolicycoreutils/restorecon/restorecon.c 2007-05-04 09:14:48.000000000 -0400
|
|
|
14baf19 |
+++ policycoreutils-2.0.16/restorecon/restorecon.c 2007-06-13 09:13:09.000000000 -0400
|
|
|
4d432c7 |
@@ -16,6 +16,7 @@
|
|
|
4d432c7 |
* -v Show changes in file labels.
|
|
|
4d432c7 |
* -o filename save list of files with incorrect context
|
|
|
4d432c7 |
* -F Force reset of context to match file_context for customizable files
|
|
|
4d432c7 |
+ * -l Limit directory tree walk to a single filesystem
|
|
|
4d432c7 |
*
|
|
|
4d432c7 |
* pathname... The file(s) to label
|
|
|
4d432c7 |
*
|
|
|
4d432c7 |
@@ -50,6 +51,7 @@
|
|
|
4d432c7 |
static int recurse = 0;
|
|
|
4d432c7 |
static int file_exist = 1;
|
|
|
4d432c7 |
static int force = 0;
|
|
|
4d432c7 |
+static int onefs = 0;
|
|
|
4d432c7 |
#define STAT_BLOCK_SIZE 1
|
|
|
4d432c7 |
static int pipe_fds[2] = { -1, -1 };
|
|
|
4d432c7 |
static unsigned long long count = 0;
|
|
|
aaffbb2 |
@@ -326,17 +328,19 @@
|
|
|
4d432c7 |
rc = fork();
|
|
|
4d432c7 |
if (rc == 0) {
|
|
|
4d432c7 |
close(pipe_fds[0]);
|
|
|
4d432c7 |
- nftw(buf, pre_stat, 1024, FTW_PHYS);
|
|
|
4d432c7 |
+ nftw(buf, pre_stat, 1024,
|
|
|
4d432c7 |
+ FTW_PHYS | (onefs ? FTW_MOUNT : 0));
|
|
|
4d432c7 |
exit(1);
|
|
|
4d432c7 |
}
|
|
|
4d432c7 |
if (rc > 0)
|
|
|
4d432c7 |
close(pipe_fds[1]);
|
|
|
4d432c7 |
if (rc == -1 || rc > 0) {
|
|
|
4d432c7 |
- if (nftw(buf, apply_spec, 1024, FTW_PHYS)) {
|
|
|
4d432c7 |
+ if (nftw(buf, apply_spec, 1024,
|
|
|
4d432c7 |
+ FTW_PHYS | (onefs ? FTW_MOUNT : 0))) {
|
|
|
5d00d2f |
if (!file_exist && errno == ENOENT)
|
|
|
5d00d2f |
return;
|
|
|
5d00d2f |
fprintf(stderr,
|
|
|
aaffbb2 |
- "%s: error while traversing %s: %s\n",
|
|
|
5d00d2f |
+ "%s: %s: %s\n",
|
|
|
aaffbb2 |
progname, buf, strerror(errno));
|
|
|
5d00d2f |
errors++;
|
|
|
5d00d2f |
}
|
|
|
4d432c7 |
@@ -367,11 +371,14 @@
|
|
|
4d432c7 |
|
|
|
4d432c7 |
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
|
|
|
4d432c7 |
|
|
|
4d432c7 |
- while ((opt = getopt(argc, argv, "ipFrRnvf:o:e:")) > 0) {
|
|
|
4d432c7 |
+ while ((opt = getopt(argc, argv, "ipFrRnvf:lo:e:")) > 0) {
|
|
|
4d432c7 |
switch (opt) {
|
|
|
4d432c7 |
case 'n':
|
|
|
4d432c7 |
change = 0;
|
|
|
4d432c7 |
break;
|
|
|
4d432c7 |
+ case 'l':
|
|
|
4d432c7 |
+ onefs = 1;
|
|
|
4d432c7 |
+ break;
|
|
|
4d432c7 |
case 'i':
|
|
|
4d432c7 |
file_exist = 0;
|
|
|
4d432c7 |
break;
|
|
|
18134cb |
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.16/restorecond/restorecond.c
|
|
|
18134cb |
--- nsapolicycoreutils/restorecond/restorecond.c 2007-05-04 09:14:47.000000000 -0400
|
|
|
14baf19 |
+++ policycoreutils-2.0.16/restorecond/restorecond.c 2007-06-13 09:13:09.000000000 -0400
|
|
|
9a06a71 |
@@ -210,9 +210,10 @@
|
|
|
9a06a71 |
}
|
|
|
9a06a71 |
|
|
|
9a06a71 |
if (fsetfilecon(fd, scontext) < 0) {
|
|
|
9a06a71 |
- syslog(LOG_ERR,
|
|
|
9a06a71 |
- "set context %s->%s failed:'%s'\n",
|
|
|
9a06a71 |
- filename, scontext, strerror(errno));
|
|
|
9a06a71 |
+ if (errno != EOPNOTSUPP)
|
|
|
9a06a71 |
+ syslog(LOG_ERR,
|
|
|
9a06a71 |
+ "set context %s->%s failed:'%s'\n",
|
|
|
9a06a71 |
+ filename, scontext, strerror(errno));
|
|
|
9a06a71 |
if (retcontext >= 0)
|
|
|
9a06a71 |
free(prev_context);
|
|
|
9a06a71 |
free(scontext);
|
|
|
9a06a71 |
@@ -225,8 +226,9 @@
|
|
|
9a06a71 |
if (retcontext >= 0)
|
|
|
9a06a71 |
free(prev_context);
|
|
|
9a06a71 |
} else {
|
|
|
9a06a71 |
- syslog(LOG_ERR, "get context on %s failed: '%s'\n",
|
|
|
9a06a71 |
- filename, strerror(errno));
|
|
|
9a06a71 |
+ if (errno != EOPNOTSUPP)
|
|
|
9a06a71 |
+ syslog(LOG_ERR, "get context on %s failed: '%s'\n",
|
|
|
9a06a71 |
+ filename, strerror(errno));
|
|
|
9a06a71 |
}
|
|
|
9a06a71 |
free(scontext);
|
|
|
9a06a71 |
close(fd);
|
|
|
b363ff2 |
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.16/scripts/chcat
|
|
|
b363ff2 |
--- nsapolicycoreutils/scripts/chcat 2007-05-04 09:14:49.000000000 -0400
|
|
|
b363ff2 |
+++ policycoreutils-2.0.16/scripts/chcat 2007-06-22 09:34:36.000000000 -0400
|
|
|
b363ff2 |
@@ -77,7 +77,7 @@
|
|
|
b363ff2 |
|
|
|
b363ff2 |
if len(cats) > 0:
|
|
|
b363ff2 |
new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
|
|
|
b363ff2 |
- else
|
|
|
b363ff2 |
+ else:
|
|
|
b363ff2 |
new_serange = "%s-%s" % (serange[0], top[0])
|
|
|
b363ff2 |
|
|
|
b363ff2 |
if add_ind:
|
|
|
b363ff2 |
@@ -155,7 +155,7 @@
|
|
|
b363ff2 |
|
|
|
b363ff2 |
if len(cats) > 0:
|
|
|
b363ff2 |
new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
|
|
|
b363ff2 |
- else
|
|
|
b363ff2 |
+ else:
|
|
|
b363ff2 |
new_serange = "%s-%s" % (serange[0], top[0])
|
|
|
b363ff2 |
|
|
|
b363ff2 |
if add_ind:
|
|
|
18134cb |
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.16/scripts/genhomedircon
|
|
|
18134cb |
--- nsapolicycoreutils/scripts/genhomedircon 2007-05-04 09:14:49.000000000 -0400
|
|
|
14baf19 |
+++ policycoreutils-2.0.16/scripts/genhomedircon 2007-06-13 09:13:09.000000000 -0400
|
|
|
18134cb |
@@ -193,7 +193,7 @@
|
|
|
18134cb |
return prefix
|
|
|
18134cb |
|
|
|
18134cb |
def adduser(self, udict, user, seuser, prefix):
|
|
|
18134cb |
- if seuser == "user_u" or user == "__default__" or user == "system_u":
|
|
|
18134cb |
+ if seuser == self.default_user or user == "__default__" or user == "system_u":
|
|
|
18134cb |
return
|
|
|
18134cb |
# !!! chooses first prefix in the list to use in the file context !!!
|
|
|
18134cb |
try:
|
|
|
18134cb |
@@ -263,7 +263,7 @@
|
|
|
18134cb |
i = i.replace("system_u", seuser)
|
|
|
18134cb |
# Validate if the generated context exists. Some user types may not exist
|
|
|
18134cb |
scon = i.split()[-1]
|
|
|
18134cb |
- if selinux.security_check_context(scon) == 0:
|
|
|
18134cb |
+ if selinux.is_selinux_enabled() < 1 or selinux.security_check_context(scon) == 0:
|
|
|
18134cb |
ret = ret+i
|
|
|
18134cb |
fd.close()
|
|
|
18134cb |
return ret
|
|
|
8ecd9d3 |
@@ -302,7 +302,7 @@
|
|
|
8ecd9d3 |
|
|
|
8ecd9d3 |
regex = re.sub("\(\/\.\*\)\?", "", regex)
|
|
|
8ecd9d3 |
regex = regex + "/*$"
|
|
|
8ecd9d3 |
- if re.search(home, regex, 0):
|
|
|
8ecd9d3 |
+ if re.search(regex,home, 0):
|
|
|
8ecd9d3 |
return 1
|
|
|
8ecd9d3 |
except:
|
|
|
8ecd9d3 |
continue
|
|
|
18134cb |
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.16/semanage/seobject.py
|
|
|
18134cb |
--- nsapolicycoreutils/semanage/seobject.py 2007-05-04 09:14:48.000000000 -0400
|
|
|
14baf19 |
+++ policycoreutils-2.0.16/semanage/seobject.py 2007-06-13 09:13:09.000000000 -0400
|
|
|
4d432c7 |
@@ -210,6 +210,7 @@
|
|
|
36c9fbc |
os.write(fd, self.out())
|
|
|
36c9fbc |
os.close(fd)
|
|
|
36c9fbc |
os.rename(newfilename, self.filename)
|
|
|
36c9fbc |
+ os.system("/sbin/service mcstrans reload > /dev/null")
|
|
|
23c8d43 |
|
|
|
36c9fbc |
class semanageRecords:
|
|
|
36c9fbc |
def __init__(self):
|
|
|
4d432c7 |
@@ -1283,9 +1284,12 @@
|
|
|
0ed7f2e |
raise ValueError(_("Could not list booleans"))
|
|
|
0ed7f2e |
|
|
|
0ed7f2e |
for boolean in self.blist:
|
|
|
0ed7f2e |
- name = semanage_bool_get_name(boolean)
|
|
|
0ed7f2e |
- value = semanage_bool_get_value(boolean)
|
|
|
0ed7f2e |
- ddict[name] = value
|
|
|
0ed7f2e |
+ value = []
|
|
|
0ed7f2e |
+ name = semanage_bool_get_name(boolean)
|
|
|
0ed7f2e |
+ value[0] = semanage_bool_get_value(boolean)
|
|
|
0ed7f2e |
+ value[1] = selinux.security_get_boolean_pending(boolean)
|
|
|
0ed7f2e |
+ value[2] = selinux.security_get_boolean_active(boolean)
|
|
|
0ed7f2e |
+ ddict[name] = value
|
|
|
0ed7f2e |
|
|
|
0ed7f2e |
return ddict
|
|
|
0ed7f2e |
|
|
|
14baf19 |
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setsebool/setsebool.c policycoreutils-2.0.16/setsebool/setsebool.c
|
|
|
14baf19 |
--- nsapolicycoreutils/setsebool/setsebool.c 2007-05-04 09:14:48.000000000 -0400
|
|
|
14baf19 |
+++ policycoreutils-2.0.16/setsebool/setsebool.c 2007-06-13 09:13:58.000000000 -0400
|
|
|
14baf19 |
@@ -160,6 +160,8 @@
|
|
|
14baf19 |
goto err;
|
|
|
14baf19 |
|
|
|
14baf19 |
semanage_disconnect(handle);
|
|
|
14baf19 |
+ semanage_handle_destroy(handle);
|
|
|
14baf19 |
+ return 0;
|
|
|
14baf19 |
|
|
|
14baf19 |
err:
|
|
|
14baf19 |
semanage_bool_key_free(bool_key);
|