rpms/policycoreutils/devel .cvsignore, 1.95, 1.96 policycoreutils-rhat.patch, 1.152, 1.153 policycoreutils.spec, 1.221, 1.222 sources, 1.99, 1.100
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jan 19 21:14:43 UTC 2006
- Previous message (by thread): rpms/gnome-screensaver/devel gnome-screensaver.spec, 1.47, 1.48 sources, 1.14, 1.15
- Next message (by thread): rpms/fedora-logos/devel .cvsignore, 1.20, 1.21 fedora-logos.spec, 1.22, 1.23 sources, 1.21, 1.22
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv7445
Modified Files:
.cvsignore policycoreutils-rhat.patch policycoreutils.spec
sources
Log Message:
* Thu Jan 19 2006 Dan Walsh <dwalsh at redhat.com> 1.29.9-1
- Update to match NSA
* Merged chcat, semanage, and setsebool patches from Dan Walsh.
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- .cvsignore 18 Jan 2006 17:43:23 -0000 1.95
+++ .cvsignore 19 Jan 2006 21:14:38 -0000 1.96
@@ -81,3 +81,4 @@
policycoreutils-1.29.5.tgz
policycoreutils-1.29.7.tgz
policycoreutils-1.29.8.tgz
+policycoreutils-1.29.9.tgz
policycoreutils-rhat.patch:
chcat.8 | 5 +++++
1 files changed, 5 insertions(+)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.152
retrieving revision 1.153
diff -u -r1.152 -r1.153
--- policycoreutils-rhat.patch 19 Jan 2006 14:45:25 -0000 1.152
+++ policycoreutils-rhat.patch 19 Jan 2006 21:14:38 -0000 1.153
@@ -1,418 +1,15 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.8/scripts/chcat
---- nsapolicycoreutils/scripts/chcat 2006-01-18 11:12:43.000000000 -0500
-+++ policycoreutils-1.29.8/scripts/chcat 2006-01-19 09:41:13.000000000 -0500
-@@ -25,11 +25,19 @@
- import commands, sys, os, pwd, string, getopt, re, selinux
- import seobject
-
-+def verify_users(users):
-+ for u in users:
-+ try:
-+ pwd.getpwnam(u)
-+ except KeyError, e:
-+ error( "User %s does not exist" % u)
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.29.8/scripts/chcat.8
+--- nsapolicycoreutils/scripts/chcat.8 2006-01-18 11:12:43.000000000 -0500
++++ policycoreutils-1.29.8/scripts/chcat.8 2006-01-19 10:48:59.000000000 -0500
+@@ -27,6 +27,11 @@
+ Change/Remove the security CATEGORY for each FILE/USER.
+ .PP
+ Use +/- to add/remove categories from a FILE/USER.
++.PP
++.B
++Note:
++When removing a category you must specify '--' on the command line before using the -Category syntax. This tells the shell that you have finished entering options.
+
- def chcat_user_add(orig, newcat, users):
- errors=0
- logins = seobject.loginRecords()
- seusers=logins.get_all()
- add_ind=0
-+ verify_users(users)
- for u in users:
- if u in seusers.keys():
- user=seusers[u]
-@@ -98,6 +106,7 @@
- logins = seobject.loginRecords()
- seusers=logins.get_all()
- add_ind=0
-+ verify_users(users)
- for u in users:
- if u in seusers.keys():
- user=seusers[u]
-@@ -174,6 +183,7 @@
- logins = seobject.loginRecords()
- seusers=logins.get_all()
- add_ind=0
-+ verify_users(users)
- for u in users:
- if u in seusers.keys():
- user=seusers[u]
-@@ -281,6 +291,7 @@
- print "Usage %s -d File ..." % sys.argv[0]
- print "Usage %s -l -d user ..." % sys.argv[0]
- print "Usage %s -L" % sys.argv[0]
-+ print "Usage %s -L -l user" % sys.argv[0]
- print "Use -- to end option list. For example"
- print "chcat -- -CompanyConfidential /docs/businessplan.odt"
- print "chcat -l +CompanyConfidential juser"
-@@ -297,13 +308,14 @@
- fd.close()
- return 0
-
-+
- def listusercats(users):
-- seusers = seobject.loginRecords().get_all()
-+ if len(users) == 0:
-+ users.append(os.getlogin())
-+
-+ verify_users(users)
- for u in users:
-- if u in seusers.keys():
-- cats=seobject.translate(seusers[u][1])
-- else:
-- cats=seobject.translate(seusers["__default__"][1])
-+ cats=seobject.translate(selinux.getseuserbyname(u)[2])
- cats=cats.split("-")
- if len(cats) > 1 and cats[1] != "s0":
- print "%s: %s" % (u, cats[1])
-@@ -352,8 +364,6 @@
-
- if list_ind:
- if login_ind:
-- if len(cmds) < 1:
-- usage()
- sys.exit(listusercats(cmds))
- else:
- if len(cmds) > 0:
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.8/semanage/semanage
---- nsapolicycoreutils/semanage/semanage 2006-01-18 11:12:43.000000000 -0500
-+++ policycoreutils-1.29.8/semanage/semanage 2006-01-18 17:02:47.000000000 -0500
-@@ -30,11 +30,12 @@
-
- def usage(message = ""):
- print '\
--semanage user [-admLRr] SELINUX_USER\n\
-+semanage fcontext [-admhfrst] INTERFACE\n\
-+semanage interface [-admtr] INTERFACE\n\
- semanage login [-admsr] LOGIN_NAME\n\
- semanage port [-admtpr] PORT | PORTRANGE\n\
--semanage interface [-admtr] INTERFACE\n\
--semanage fcontext [-admhfrst] INTERFACE\n\
-+semanage translation [-adm] LEVEL\n\
-+semanage user [-admLRr] SELINUX_USER\n\
- -a, --add Add a OBJECT record NAME\n\
- -d, --delete Delete a OBJECT record NAME\n\
- -f, --ftype File Type of OBJECT \n\
-@@ -47,6 +48,7 @@
- -R, --roles SELinux Roles (Separate by spaces)\n\
- -s, --seuser SELinux user name\n\
- -t, --type SELinux Type for the object\n\
-+ -T, --trans SELinux Level Translation\n\
- -v, --verbose verbose output\n\
- '
- print message
-@@ -62,7 +64,7 @@
- #
- #
- try:
-- objectlist = ("login", "user", "port", "interface", "fcontext")
-+ objectlist = ("login", "user", "port", "interface", "fcontext", "translation")
- input = sys.stdin
- output = sys.stdout
- serange = ""
-@@ -71,6 +73,7 @@
- selevel = ""
- setype = ""
- ftype = ""
-+ setrans = ""
- roles = ""
- seuser = ""
- heading=1
-@@ -88,7 +91,7 @@
-
- args = sys.argv[2:]
- gopts, cmds = getopt.getopt(args,
-- 'adf:lhmnp:P:s:R:L:r:t:v',
-+ 'adf:lhmnp:P:s:R:L:r:t:vT:',
- ['add',
- 'delete',
- 'ftype=',
-@@ -103,6 +106,7 @@
- 'level=',
- 'roles=',
- 'type=',
-+ 'trans=',
- 'verbose'
- ])
- for o,a in gopts:
-@@ -149,6 +153,9 @@
- if o == "-t" or o == "--type":
- setype = a
-
-+ if o == "-T" or o == "--trans":
-+ setrans = a
-+
- if o == "-v" or o == "--verbose":
- verbose = 1
-
-@@ -167,6 +174,9 @@
- if object == "fcontext":
- OBJECT = seobject.fcontextRecords()
-
-+ if object == "translation":
-+ OBJECT = seobject.setransRecords()
-+
- if list:
- OBJECT.list(heading)
- sys.exit(0);
-@@ -180,6 +190,9 @@
- if object == "login":
- OBJECT.add(target, seuser, serange)
-
-+ if object == "translation":
-+ OBJECT.add(target, setrans)
-+
- if object == "user":
- rlist = roles.split()
- if len(rlist) == 0:
-@@ -200,6 +213,9 @@
- if object == "login":
- OBJECT.modify(target, seuser, serange)
-
-+ if object == "translation":
-+ OBJECT.modify(target, setrans)
-+
- if object == "user":
- rlist = roles.split()
- OBJECT.modify(target, rlist, selevel, serange)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.8/semanage/semanage.8
---- nsapolicycoreutils/semanage/semanage.8 2006-01-18 11:12:43.000000000 -0500
-+++ policycoreutils-1.29.8/semanage/semanage.8 2006-01-18 17:04:31.000000000 -0500
-@@ -13,6 +13,8 @@
- .br
- .B semanage interface \-{a|d|m} [\-tr] interface_spec
- .br
-+.B semanage translation \-{a|d|m} [\-T] level
-+.br
- .B semanage fcontext \-{a|d|m} [\-frst] file_spec
- .P
-
-@@ -23,7 +25,7 @@
- .BR semanage
- program.
- .br
--This tool is used to configure SELinux Policy. You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users. File Context and Network Interfaces.
-+This tool is used to configure SELinux Policy. You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users. File Context and Network Interfaces and MLS/MCS Translations.
-
- .SH "OPTIONS"
- .TP
-@@ -64,6 +66,9 @@
- .I \-t, \-\-type
- SELinux Type for the object
.TP
-+.I \-T, \-\-trans
-+SELinux Translation
-+.TP
- .I \-v, \-\-verbose
- verbose output
-
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.8/semanage/seobject.py
---- nsapolicycoreutils/semanage/seobject.py 2006-01-18 11:12:43.000000000 -0500
-+++ policycoreutils-1.29.8/semanage/seobject.py 2006-01-19 09:43:38.000000000 -0500
-@@ -21,9 +21,18 @@
- #
- #
-
--import pwd, string, selinux
-+import pwd, string, selinux, tempfile, os, re
- from semanage import *;
-
-+def validate_level(raw):
-+ sensitivity="s([0-9]|1[0-5])"
-+ category="c(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])"
-+ range=category + "(\." + category +")?"
-+ categories = range + "(\," + range + ")*"
-+ sensitivity + "(:categies)?"
-+ reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
-+ return re.search("^" + reg +"$",raw)
-+
- def translate(raw, prepend=1):
- if prepend == 1:
- context="a:b:c:%s" % raw
-@@ -54,6 +63,82 @@
- else:
- return raw
-
-+class setransRecords:
-+ def __init__(self):
-+ self.filename=selinux.selinux_translations_path()
-+ fd=open(self.filename, "r")
-+ translations=fd.read().split('\n')
-+ fd.close()
-+ self.dict={}
-+ self.comments=[]
-+ for r in translations:
-+ if len(r) == 0:
-+ continue
-+ i=r.strip()
-+ if i== "" or i[0] == "#":
-+ self.comments.append(r)
-+ continue
-+ i=i.split("=")
-+ if len(i) != 2:
-+ self.comments.append(r)
-+ continue
-+ self.dict[i[0]] = i[1]
-+
-+ def get_all(self):
-+ return self.dict
-+
-+ def out(self):
-+ rec=""
-+ for c in self.comments:
-+ rec+=c +"\n"
-+ keys=self.dict.keys()
-+ keys.sort()
-+ for k in keys:
-+ rec += "%s=%s\n" % (k, self.dict[k])
-+ return rec
-+
-+ def list(self,heading=1):
-+ if heading:
-+ print "\n%-25s %s\n" % ("Level", "Translation")
-+ keys=self.dict.keys()
-+ keys.sort()
-+ for k in keys:
-+ print "%-25s %s" % (k, self.dict[k])
-+
-+ def add(self, raw, trans):
-+ if trans.find(" ") >= 0:
-+ raise ValueError("Translations can not contain spaces '%s' " % trans)
-+
-+ if validate_level(raw) == None:
-+ raise ValueError("Invalid Level '%s' " % raw)
-+
-+ if self.dict.has_key(raw):
-+ raise ValueError("%s already defined in translations" % raw)
-+ else:
-+ self.dict[raw]=trans
-+ self.save()
-+
-+ def modify(self, raw, trans):
-+ if trans.find(" ") >= 0:
-+
-+ raise ValueError("Translations can not contain spaces '%s' " % trans)
-+ if self.dict.has_key(raw):
-+ self.dict[raw]=trans
-+ else:
-+ raise ValueError("%s not defined in translations" % raw)
-+ self.save()
-+
-+ def delete(self, raw):
-+ self.dict.pop(raw)
-+ self.save()
-+
-+ def save(self):
-+ newfilename = tempfile.mktemp('', self.filename)
-+ fd=open(newfilename, "w")
-+ fd.write(self.out())
-+ fd.close()
-+ os.rename(newfilename, self.filename)
-+
- class semanageRecords:
- def __init__(self):
- self.sh = semanage_handle_create()
-@@ -458,7 +543,7 @@
-
- rc = semanage_commit(self.sh)
- if rc < 0:
-- raise ValueError("Failed to add port %s/%s" % (proto, port))
-+ raise ValueError("Failed to modify port %s/%s" % (proto, port))
-
- def delete(self, port, proto):
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
-@@ -491,22 +576,44 @@
- for idx in range(self.psize):
- u = semanage_port_by_idx(self.plist, idx)
- con = semanage_port_get_con(u)
-- name = semanage_context_get_type(con)
-+ type = semanage_context_get_type(con)
-+ if type == "reserved_port_t":
-+ continue
-+ level = semanage_context_get_mls(con)
-+ proto=semanage_port_get_proto_str(u)
-+ low=semanage_port_get_low(u)
-+ high = semanage_port_get_high(u)
-+ dict[(low, high)]=(type, proto, level)
-+ return dict
-+
-+ def get_all_by_type(self):
-+ dict={}
-+ (rc, self.plist, self.psize) = semanage_port_list(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not list ports")
-+
-+ for idx in range(self.psize):
-+ u = semanage_port_by_idx(self.plist, idx)
-+ con = semanage_port_get_con(u)
-+ type = semanage_context_get_type(con)
-+ if type == "reserved_port_t":
-+ continue
-+ level = semanage_context_get_mls(con)
- proto=semanage_port_get_proto_str(u)
- low=semanage_port_get_low(u)
- high = semanage_port_get_high(u)
-- if (name, proto) not in dict.keys():
-- dict[(name,proto)]=[]
-+ if (type, proto) not in dict.keys():
-+ dict[(type,proto)]=[]
- if low == high:
-- dict[(name,proto)].append("%d" % low)
-+ dict[(type,proto)].append("%d" % low)
- else:
-- dict[(name,proto)].append("%d-%d" % (low, high))
-+ dict[(type,proto)].append("%d-%d" % (low, high))
- return dict
-
- def list(self, heading=1):
- if heading:
-- print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number")
-- dict=self.get_all()
-+ print "%-30s %-8s %s\n" % ("SELinux Port Type", "Proto", "Port Number")
-+ dict=self.get_all_by_type()
- keys=dict.keys()
- keys.sort()
- for i in keys:
-@@ -614,7 +721,7 @@
-
- rc = semanage_commit(self.sh)
- if rc < 0:
-- raise ValueError("Failed to add interface %s" % interface)
-+ raise ValueError("Failed to modify interface %s" % interface)
-
- def delete(self, interface):
- (rc,k) = semanage_iface_key_create(self.sh, interface)
-@@ -779,7 +886,7 @@
-
- rc = semanage_commit(self.sh)
- if rc < 0:
-- raise ValueError("Failed to add file context for %s" % target)
-+ raise ValueError("Failed to modify file context for %s" % target)
-
- def delete(self, target, ftype):
- (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/setsebool.c policycoreutils-1.29.8/setsebool/setsebool.c
---- nsapolicycoreutils/setsebool/setsebool.c 2006-01-04 13:07:46.000000000 -0500
-+++ policycoreutils-1.29.8/setsebool/setsebool.c 2006-01-18 13:27:42.000000000 -0500
-@@ -130,7 +130,7 @@
-
- for (j = 0; j < boolcnt; j++) {
-
-- if (semanage_bool_create(handle, &boolean) < 0)
-+ if (semanage_bool_create(handle, &boolean) < 0)
- goto err;
-
- if (semanage_bool_set_name(handle, boolean, boollist[j].name) < 0)
-@@ -144,9 +144,10 @@
- if (permanent && semanage_bool_modify_local(handle, bool_key, boolean) < 0)
- goto err;
-
-- if (semanage_bool_set_active(handle, bool_key, boolean) < 0)
-+ if (semanage_bool_set_active(handle, bool_key, boolean) < 0) {
-+ fprintf(stderr, "Could not change boolean %s\n", boollist[j].name);
- goto err;
--
-+ }
- semanage_bool_key_free(bool_key);
- semanage_bool_free(boolean);
- bool_key = NULL;
+ \fB\-d\fR
+ delete the category from each FILE/USER.
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.221
retrieving revision 1.222
diff -u -r1.221 -r1.222
--- policycoreutils.spec 19 Jan 2006 14:45:25 -0000 1.221
+++ policycoreutils.spec 19 Jan 2006 21:14:38 -0000 1.222
@@ -3,8 +3,8 @@
%define libselinuxver 1.29.6-1
Summary: SELinux policy core utilities.
Name: policycoreutils
-Version: 1.29.8
-Release: 4
+Version: 1.29.9
+Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -97,6 +97,10 @@
%{_libdir}/python2.4/site-packages/seobject.py*
%changelog
+* Thu Jan 19 2006 Dan Walsh <dwalsh at redhat.com> 1.29.9-1
+- Update to match NSA
+ * Merged chcat, semanage, and setsebool patches from Dan Walsh.
+
* Thu Jan 19 2006 Dan Walsh <dwalsh at redhat.com> 1.29.8-4
- Fixes for "add"-"modify" error messages
- Fixes for chcat
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/sources,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -r1.99 -r1.100
--- sources 18 Jan 2006 17:43:23 -0000 1.99
+++ sources 19 Jan 2006 21:14:38 -0000 1.100
@@ -1 +1 @@
-c40bd665ecbb503adf1a8e8730fed32a policycoreutils-1.29.8.tgz
+f9a8e2b1f33895ef25ad9eeb52dec04e policycoreutils-1.29.9.tgz
- Previous message (by thread): rpms/gnome-screensaver/devel gnome-screensaver.spec, 1.47, 1.48 sources, 1.14, 1.15
- Next message (by thread): rpms/fedora-logos/devel .cvsignore, 1.20, 1.21 fedora-logos.spec, 1.22, 1.23 sources, 1.21, 1.22
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list