From 0965f99c89bd23e3c0e1d09b8517460fe777a324 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mar 21 2006 14:19:08 +0000 Subject: * Tue Mar 21 2006 Dan Walsh 1.30-5 - Fix audit2allow to retrieve dontaudit rules --- diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 771ebb2..199f406 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,3 +1,44 @@ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30/audit2allow/audit2allow +--- nsapolicycoreutils/audit2allow/audit2allow 2006-03-10 09:48:04.000000000 -0500 ++++ policycoreutils-1.30/audit2allow/audit2allow 2006-03-21 09:17:27.000000000 -0500 +@@ -27,15 +27,14 @@ + import commands, sys, os, pwd, string, getopt, re, selinux + + obj="(\{[^\}]*\}|[^ \t:]*)" +-allow_regexp="allow[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj) +- ++allow_regexp="(allow|dontaudit)[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj) + awk_script='/^[[:blank:]]*interface[[:blank:]]*\(/ {\n\ + IFACEFILE=FILENAME\n\ + IFACENAME = gensub("^[[:blank:]]*interface[[:blank:]]*\\\\(\`?","","g",$0);\n\ + IFACENAME = gensub("\'?,.*$","","g",IFACENAME);\n\ + }\n\ + \n\ +-/^[[:blank:]]*allow[[:blank:]]+.*;[[:blank:]]*$/ {\n\ ++/^[[:blank:]]*(allow|dontaudit)[[:blank:]]+.*;[[:blank:]]*$/ {\n\ + \n\ + if ((length(IFACENAME) > 0) && (IFACEFILE == FILENAME)){\n\ + ALLOW = gensub("^[[:blank:]]*","","g",$0)\n\ +@@ -84,14 +83,13 @@ + m=re.match(regexp,r) + if m==None: + continue +- else: +- val=m.groups() ++ val=m.groups() + file=os.path.basename(val[0]).split(".")[0] + iface=val[1] +- Scon=val[2].split() +- Tcon=val[3].split() +- Class=val[4].split() +- Access=trans.get(val[5].split()) ++ Scon=val[3].split() ++ Tcon=val[4].split() ++ Class=val[5].split() ++ Access=trans.get(val[6].split()) + for s in Scon: + for t in Tcon: + for c in Class: diff --exclude-from=exclude -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.30/Makefile --- nsapolicycoreutils/Makefile 2005-11-29 10:55:01.000000000 -0500 +++ policycoreutils-1.30/Makefile 2006-03-20 22:51:07.000000000 -0500 diff --git a/policycoreutils.spec b/policycoreutils.spec index 5397840..e5a046c 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -5,7 +5,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.30 -Release: 4 +Release: 5 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -107,6 +107,9 @@ rm -rf ${RPM_BUILD_ROOT} service restorecond condrestart %changelog +* Tue Mar 21 2006 Dan Walsh 1.30-5 +- Fix audit2allow to retrieve dontaudit rules + * Mon Mar 20 2006 Dan Walsh 1.30-4 - Open file descriptor to make sure file does not change from underneath.