diff --exclude-from=exclude -N -u -r nsapolicycoreutils/debugfiles.list policycoreutils-1.27.37/debugfiles.list --- nsapolicycoreutils/debugfiles.list 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.27.37/debugfiles.list 2005-12-07 11:55:05.000000000 -0500 @@ -0,0 +1,14 @@ +/usr/lib/debug/usr/bin/newrole.debug +/usr/lib/debug/usr/bin/semodule_link.debug +/usr/lib/debug/usr/bin/semodule_expand.debug +/usr/lib/debug/usr/bin/semodule_package.debug +/usr/lib/debug/usr/sbin/sestatus.debug +/usr/lib/debug/usr/sbin/setfiles.debug +/usr/lib/debug/usr/sbin/open_init_pty.debug +/usr/lib/debug/usr/sbin/run_init.debug +/usr/lib/debug/usr/sbin/load_policy.debug +/usr/lib/debug/usr/sbin/semodule.debug +/usr/lib/debug/usr/sbin/audit2why.debug +/usr/lib/debug/usr/sbin/setsebool.debug +/usr/lib/debug/sbin/restorecon.debug +/usr/src/debug/policycoreutils-1.27.37 Binary files nsapolicycoreutils/debugsources.list and policycoreutils-1.27.37/debugsources.list differ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/policycoreutils.lang policycoreutils-1.27.37/policycoreutils.lang --- nsapolicycoreutils/policycoreutils.lang 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.27.37/policycoreutils.lang 2005-12-07 11:55:05.000000000 -0500 @@ -0,0 +1,80 @@ +%defattr (644, root, root, 755) + + + + + + + + + + + + + + + + + +%lang(sv) /usr/share/locale/sv/LC_MESSAGES/policycoreutils.mo + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.27.37/scripts/chcat --- nsapolicycoreutils/scripts/chcat 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.27.37/scripts/chcat 2005-12-07 11:54:57.000000000 -0500 @@ -0,0 +1,175 @@ +#! /usr/bin/env python +# Copyright (C) 2005 Red Hat +# see file 'COPYING' for use and warranty information +# +# chcat is a script that allows you modify the Security label on a file +# +#` Author: Daniel Walsh +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# +# +import commands, sys, os, pwd, string, getopt, re, selinux + +def chcat_add(orig, newcat, files): + errors=0 + cmd='chcon -l ' + sensitivity=newcat[0] + cat=newcat[1] + for f in files: + (rc, con) = selinux.getfilecon(f) + (rc, raw) = selinux.selinux_trans_to_raw_context(con) + clist=raw.split(":")[3:] + if len(clist) > 1: + if clist[0] != sensitivity: + print("Can not modify sensitivity levels using '+' on %s" % f) + continue + cats=clist[1].split(",") + if newcat[1] in cats: + print "%s is already in %s" % (f, orig) + continue + cats.append(newcat[1]) + cats.sort() + cat=cats[0] + for c in cats[1:]: + cat="%s,%s" % (cat, c) + cmd='chcon -l %s:%s %s' % (sensitivity, cat, f) + rc=commands.getstatusoutput(cmd) + if rc[0] != 0: + errors+=1 + return errors + +def chcat_remove(orig, newcat, files): + errors=0 + sensitivity=newcat[0] + cat=newcat[1] + for f in files: + (rc, con) = selinux.getfilecon(f) + (rc, raw) = selinux.selinux_trans_to_raw_context(con) + clist=raw.split(":")[3:] + if len(clist) > 1: + if clist[0] != sensitivity: + print("Can not modify sensitivity levels using '+' on %s" % f) + continue + cats=clist[1].split(",") + if newcat[1] not in cats: + print "%s is not in %s" % (f, orig) + continue + cats.remove(newcat[1]) + if len(cats) > 0: + cat=cats[0] + for c in cats[1:]: + cat="%s,%s" % (cat, c) + else: + cat="" + else: + print "%s is not in %s" % (f, orig) + continue + + if len(cat) == 0: + cmd='chcon -l %s %s' % (sensitivity, f) + else: + cmd='chcon -l %s:%s %s' % (sensitivity, cat, f) + rc=commands.getstatusoutput(cmd) + if rc[0] != 0: + errors+=1 + return errors + +def chcat(context, files): + errors=0 + for c in context: + if len(c) > 0 and c[0] == "+": + (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:]) + rlist=raw.split(":") + if len(rlist) < 5: + print "%s must have a sensitivity and at least one category" % c[1:] + continue + errors += chcat_add(c[1:], rlist[3:], files) + continue + if len(c) > 0 and c[0] == "-": + (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:]) + rlist=raw.split(":") + if len(rlist) < 5: + print "%s must have a sensitivity and at least one category" % c[1:] + continue + errors += chcat_remove(c[1:], rlist[3:], files) + continue + + cmd='chcon -l "%s"' % c + for f in files: + cmd = "%s %s" % (cmd, f) + + rc=commands.getstatusoutput(cmd) + if rc[0] != 0: + print rc[1] + errors += 1 + return errors + +def usage(): + print "Usage %s CATEGORY File ..." % sys.argv[0] + print "Usage %s [[+|-]CATEGORY],...]q File ..." % sys.argv[0] + print "Usage %s -d File ..." % sys.argv[0] + sys.exit(1) + +def error(msg): + print "%s: %s" % (sys.argv[0], msg) + sys.exit(1) + +if __name__ == '__main__': + if selinux.is_selinux_mls_enabled() != 1: + error("Requires a mls enabled system") + + if selinux.is_selinux_enabled() != 1: + error("Requires an SELinux enabled system") + + delete_ind=0 + gopts, cmds = getopt.getopt(sys.argv[1:], + 'dh', + ['help', + 'delete']) + + for o,a in gopts: + if o == "-h" or o == "--help": + usage() + if o == "-d" or o == "--delete": + delete_ind=1 + + if len(cmds) < 1: + usage() + + if delete_ind: + sys.exit(chcat([""], cmds)) + + if len(cmds) < 2: + usage() + + cats=cmds[0].split(",") + set_ind=0 + mod_ind=0 + for i in cats: + if i[0]=='+' or i[0]=="-": + mod_ind=1 + if set_ind == 1: + error("You can not use '%s' with previous categories" % i) + else: + if mod_ind == 1 or set_ind==1: + error("You can not use '%s' with previous categories" % i) + set_ind=1 + + files=cmds[1:] + sys.exit(chcat(cats, files)) + + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.27.37/scripts/chcat.8 --- nsapolicycoreutils/scripts/chcat.8 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.27.37/scripts/chcat.8 2005-12-07 11:54:57.000000000 -0500 @@ -0,0 +1,29 @@ +.TH CHCAT "8" "September 2005" "chcat" "User Commands" +.SH NAME +chcat \- change file security category +.SH SYNOPSIS +.B chcat +\fICATEGORY FILE\fR... +.br +.B chcat +\fI[[+|-]CATEGORY],...] FILE\fR... +.br +.B chcat +[\fI-d\fR] \fIFILE\fR... +.br +.PP +Change/Remove the security CATEGORY for each FILE. +.PP +Use +/- to add/remove categories from a FILE. +.TP +\fB\-d\fR +delete the category from each file. +.SH "SEE ALSO" +.TP +chcon(1), selinux(8) +.PP +.br +This script wraps the chcon command. +.SH "FILES" +/etc/selinux/{SELINUXTYPE}/setrans.conf + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-1.27.37/scripts/Makefile --- nsapolicycoreutils/scripts/Makefile 2005-01-28 15:24:12.000000000 -0500 +++ policycoreutils-1.27.37/scripts/Makefile 2005-12-07 11:56:07.000000000 -0500 @@ -1,20 +1,23 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr -BINDIR ?= $(PREFIX)/sbin +BINDIR ?= $(PREFIX)/bin +SBINDIR ?= $(PREFIX)/sbin MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale -TARGETS=genhomedircon +TARGETS=genhomedircon all: $(TARGETS) fixfiles install: all -mkdir -p $(BINDIR) - install -m 755 $(TARGETS) $(BINDIR) + install -m 755 $(TARGETS) $(SBINDIR) + install -m 755 chcat $(BINDIR) install -m 755 fixfiles $(DESTDIR)/sbin -mkdir -p $(MANDIR)/man8 install -m 644 fixfiles.8 $(MANDIR)/man8/ install -m 644 genhomedircon.8 $(MANDIR)/man8/ + install -m 644 chcat.8 $(MANDIR)/man8/ clean: