diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 75a56d1..d6ae07e 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,117 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.23.7/scripts/fixfiles +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-1.23.8/audit2allow/Makefile +--- nsapolicycoreutils/audit2allow/Makefile 2005-01-25 10:32:01.000000000 -0500 ++++ policycoreutils-1.23.8/audit2allow/Makefile 2005-05-13 15:30:55.000000000 -0400 +@@ -13,7 +13,6 @@ + install -m 755 $(TARGETS) $(BINDIR) + -mkdir -p $(MANDIR)/man1 + install -m 644 audit2allow.1 $(MANDIR)/man1/ +- + clean: + + relabel: +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.1 policycoreutils-1.23.8/audit2why/audit2why.1 +--- nsapolicycoreutils/audit2why/audit2why.1 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-1.23.8/audit2why/audit2why.1 2005-05-13 15:28:05.000000000 -0400 +@@ -0,0 +1,62 @@ ++.\" Hey, Emacs! This is an -*- nroff -*- source file. ++.\" Copyright (c) 2005 Dan Walsh ++.\" ++.\" This is free documentation; you can redistribute it and/or ++.\" modify it under the terms of the GNU General Public License as ++.\" published by the Free Software Foundation; either version 2 of ++.\" the License, or (at your option) any later version. ++.\" ++.\" The GNU General Public License's references to "object code" ++.\" and "executables" are to be interpreted as the output of any ++.\" document formatting or typesetting system, including ++.\" intermediate and printed output. ++.\" ++.\" This manual is distributed in the hope that it will be useful, ++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of ++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++.\" GNU General Public License for more details. ++.\" ++.\" You should have received a copy of the GNU General Public ++.\" License along with this manual; if not, write to the Free ++.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, ++.\" USA. ++.\" ++.\" ++.TH AUDIT2ALLOW "1" "May 2005" "Security Enhanced Linux" NSA ++.SH NAME ++audit2why \- Translates auditmessages into a description of why the access was denied ++.SH SYNOPSIS ++.B audit2why ++.RI [ options "] " ++.SH OPTIONS ++.TP ++ ++.B "\-\-help" ++Print a short usage message ++.TP ++.B "\-p " ++Specify an alternate policy file. ++.SH DESCRIPTION ++.PP ++This utility scans stdin (logfiles) for messages logged when the ++system denied permission for operations, and generates a reason why the ++access was denied ++.PP ++.SH EXAMPLE ++$ /usr/sbin/audit2why < /var/log/audit/audit.log ++ ++type=KERNEL msg=audit(1115316525.803:399552): avc: denied { getattr } for path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir ++ Was caused by: ++ Missing TE allow rule for the type pair (use audit2allow). ++ ++type=KERNEL msg=audit(1115320071.648:606858): avc: denied { append } for name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file ++ Was caused by: ++ Constraint violation (add type attribute to domain to satisfy constraints or alter constraint). ++ ++ ++.PP ++.SH AUTHOR ++This manual page was written by ++.I Dan Walsh , ++.B audit2why ++utility was written by Stephen Smalley . +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-1.23.8/audit2why/audit2why.c +--- nsapolicycoreutils/audit2why/audit2why.c 2005-05-13 10:56:05.000000000 -0400 ++++ policycoreutils-1.23.8/audit2why/audit2why.c 2005-05-13 15:17:46.000000000 -0400 +@@ -36,7 +36,7 @@ + char *buffer = NULL, *bufcopy = NULL; + unsigned int lineno = 0; + size_t len = 0, bufcopy_len = 0; +- FILE *fp; ++ FILE *fp=NULL; + int opt, rc, set_path = 0; + char *p, *scon, *tcon, *tclassstr, *permstr; + security_id_t ssid, tsid; +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-1.23.8/audit2why/Makefile +--- nsapolicycoreutils/audit2why/Makefile 2005-05-13 10:56:05.000000000 -0400 ++++ policycoreutils-1.23.8/audit2why/Makefile 2005-05-13 15:31:15.000000000 -0400 +@@ -1,6 +1,6 @@ + # Installation directories. + PREFIX ?= ${DESTDIR}/usr +-BINDIR ?= $(PREFIX)/sbin ++BINDIR ?= $(PREFIX)/bin + LIBDIR ?= ${PREFIX}/lib + MANDIR ?= $(PREFIX)/share/man + LOCALEDIR ?= /usr/share/locale +@@ -16,7 +16,9 @@ + + install: all + -mkdir -p $(BINDIR) +- install -m 755 $(TARGETS) $(SBINDIR) ++ install -m 755 $(TARGETS) $(BINDIR) ++ -mkdir -p $(MANDIR)/man1 ++ install -m 644 audit2why.1 $(MANDIR)/man1/ + + clean: + rm -f $(TARGETS) *.o +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.23.8/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2005-04-29 14:11:23.000000000 -0400 -+++ policycoreutils-1.23.7/scripts/fixfiles 2005-05-13 12:26:21.000000000 -0400 ++++ policycoreutils-1.23.8/scripts/fixfiles 2005-05-13 15:17:46.000000000 -0400 @@ -164,7 +164,7 @@ fi diff --git a/policycoreutils.spec b/policycoreutils.spec index abcd3b5..35e92b4 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,5 +1,5 @@ %define libselinuxver 1.23.1-1 -%define libsepolver 1.5.1-1 +%define libsepolver 1.5.7-1 Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.23.8 @@ -67,12 +67,14 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man8/fixfiles.8.gz %{_mandir}/man8/load_policy.8.gz %{_mandir}/man1/audit2allow.1.gz +%{_mandir}/man1/audit2why.1.gz %{_mandir}/man8/genhomedircon.8.gz %{_mandir}/man8/open_init_pty.8.gz %{_sbindir}/load_policy %{_bindir}/newrole %{_bindir}/audit2allow +%{_bindir}/audit2why %{_mandir}/man1/newrole.1.gz %config %{_sysconfdir}/pam.d/newrole %{_sbindir}/run_init @@ -82,6 +84,11 @@ rm -rf ${RPM_BUILD_ROOT} %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog +* Fri May 13 2005 Dan Walsh 1.23.8-1 +- Fix fixfiles to accept -f +- Update to match NSA + * Added audit2why utility. + * Fri Apr 29 2005 Dan Walsh 1.23.7-1 - Change -f flag in fixfiles to remove stuff from /tmp - Change -F flag to pass -F flag to restorecon/fixfiles. (IE Force relabel).