rpms/policycoreutils/devel .cvsignore, 1.157, 1.158 policycoreutils-rhat.patch, 1.321, 1.322 policycoreutils.spec, 1.435, 1.436 sources, 1.162, 1.163
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Aug 23 21:01:12 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28442
Modified Files:
.cvsignore policycoreutils-rhat.patch policycoreutils.spec
sources
Log Message:
* Thu Aug 23 2007 Dan Walsh <dwalsh at redhat.com> 2.0.25-1
- Update semodule man page
* Fix genhomedircon searching for USER from Todd Miller
* Install run_init with mode 0755 from Dan Walsh.
* Fix chcat from Dan Walsh.
* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
* Optimize genhomedircon to compile regexes once from Dan Walsh.
* Fix semanage gettext call from Dan Walsh.
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.157
retrieving revision 1.158
diff -u -r1.157 -r1.158
--- .cvsignore 21 Aug 2007 13:02:46 -0000 1.157
+++ .cvsignore 23 Aug 2007 21:00:38 -0000 1.158
@@ -155,3 +155,4 @@
policycoreutils-2.0.21.tgz
policycoreutils-2.0.22.tgz
policycoreutils-2.0.23.tgz
+policycoreutils-2.0.25.tgz
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.321
retrieving revision 1.322
diff -u -r1.321 -r1.322
--- policycoreutils-rhat.patch 23 Aug 2007 14:24:18 -0000 1.321
+++ policycoreutils-rhat.patch 23 Aug 2007 21:00:38 -0000 1.322
@@ -36,68 +36,151 @@
}
free(scontext);
close(fd);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/run_init/Makefile policycoreutils-2.0.23/run_init/Makefile
---- nsapolicycoreutils/run_init/Makefile 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.23/run_init/Makefile 2007-08-22 16:29:22.000000000 -0400
-@@ -34,8 +34,8 @@
- install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
-- install -m 555 run_init $(SBINDIR)
-- install -m 555 open_init_pty $(SBINDIR)
-+ install -m 755 run_init $(SBINDIR)
-+ install -m 755 open_init_pty $(SBINDIR)
- install -m 644 run_init.8 $(MANDIR)/man8/
- install -m 644 open_init_pty.8 $(MANDIR)/man8/
- ifeq (${PAMH}, /usr/include/security/pam_appl.h)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.23/scripts/chcat
---- nsapolicycoreutils/scripts/chcat 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.23/scripts/chcat 2007-08-22 16:29:22.000000000 -0400
-@@ -77,7 +77,7 @@
-
- if len(cats) > 0:
- new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
-- else
-+ else:
- new_serange = "%s-%s" % (serange[0], top[0])
-
- if add_ind:
-@@ -155,7 +155,7 @@
-
- if len(cats) > 0:
- new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
-- else
-+ else:
- new_serange = "%s-%s" % (serange[0], top[0])
-
- if add_ind:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.23/scripts/fixfiles
---- nsapolicycoreutils/scripts/fixfiles 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.23/scripts/fixfiles 2007-08-22 16:29:22.000000000 -0400
-@@ -88,7 +88,7 @@
- esac; \
- fi; \
- done | \
-- while read pattern ; do find $pattern \
-+ while read pattern ; do sh -c "find $pattern" \
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
- \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
- done 2> /dev/null | \
-@@ -108,6 +108,7 @@
-
- rpmlist() {
- rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
-+[ ${PIPESTATUS[0]} != 0 ] && echo "$1 not found" >/dev/stderr
- }
-
- #
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.23/scripts/genhomedircon
---- nsapolicycoreutils/scripts/genhomedircon 2007-07-16 14:20:41.000000000 -0400
+--- nsapolicycoreutils/scripts/genhomedircon 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.23/scripts/genhomedircon 2007-08-23 10:08:04.000000000 -0400
-@@ -139,7 +139,22 @@
- self.default_user = "user_u"
- self.default_prefix = "user"
- self.users = self.getUsers()
+@@ -0,0 +1,404 @@
++#! /usr/bin/python -E
++# Copyright (C) 2004 Tresys Technology, LLC
++# see file 'COPYING' for use and warranty information
++#
++# genhomedircon - this script is used to generate file context
++# configuration entries for user home directories based on their
++# default prefixes and is run when building the policy. Specifically, we
++# replace HOME_ROOT, HOME_DIR, and ROLE macros in .fc files with
++# generic and user-specific values.
++#
++# Based off original script by Dan Walsh, <dwalsh at redhat.com>
++#
++# ASSUMPTIONS:
++#
++# The file CONTEXTDIR/files/homedir_template exists. This file is used to
++# set up the home directory context for each real user.
++#
++# If a user is not listed in CONTEXTDIR/seusers, he will default to user_u, prefix user
++#
++# "Real" users (as opposed to system users) are those whose UID is greater than
++# or equal STARTING_UID (usually 500) and whose login is not a member of
++# EXCLUDE_LOGINS. Users who are explicitly defined in CONTEXTDIR/seusers
++# are always "real" (including root, in the default configuration).
++#
++#
++
++import sys, os, pwd, string, getopt, re
++from semanage import *;
++import selinux
++import gettext
++gettext.install('policycoreutils')
++
++def grep(file, var):
++ ret = ""
++ fd = open(file, 'r')
++
++ for i in fd.readlines():
++ if re.search(var, i, 0) != None:
++ ret = i
++ break
++ fd.close()
++ return ret
++
++def findval(file, var, delim = ""):
++ val = ""
++ try:
++ fd = open(file, 'r')
++ for i in fd.readlines():
++ if i.startswith(var) == 1:
++ if delim == "":
++ val = i.split()[1]
++ else:
++ val = i.split(delim)[1]
++ val = val.split("#")[0]
++ val = val.strip()
++ fd.close()
++ except:
++ val = ""
++ return val
++
++def getStartingUID():
++ starting_uid = sys.maxint
++ uid_min = findval("/etc/login.defs", "UID_MIN")
++ if uid_min != "":
++ uid_min = uid_min.split("#")[0]
++ uid_min = uid_min.strip()
++ if int(uid_min) < starting_uid:
++ starting_uid = int(uid_min)
++
++ uid_min = findval("/etc/libuser.conf", "LU_UIDNUMBER", "=")
++ if uid_min != "":
++ uid_min = uid_min.split("#")[0]
++ uid_min = uid_min.strip()
++ if int(uid_min) < starting_uid:
++ starting_uid = int(uid_min)
++
++ if starting_uid == sys.maxint:
++ starting_uid = 500
++ return starting_uid
++
++def getDefaultHomeDir():
++ ret = []
++ homedir = findval("/etc/default/useradd", "HOME", "=")
++ if homedir != "" and not homedir in ret:
++ ret.append(homedir)
++
++ homedir = findval("/etc/libuser.conf", "LU_HOMEDIRECTORY", "=")
++ if homedir != "" and not homedir in ret:
++ ret.append(homedir)
++
++ if ret == []:
++ ret.append("/home")
++
++ # Add /export/home if it exists
++ # Some customers use this for automounted homedirs
++ if os.path.exists("/export/home"):
++ ret.append("/export/home")
++
++ return ret
++
++def getSELinuxType(directory):
++ val = findval(directory+"/config", "SELINUXTYPE", "=")
++ if val != "":
++ return val
++ return "targeted"
++
++def usage(rc=0, error = ""):
++ if error != "":
++ sys.stderr.write("%s\n" % error)
++ rc = 1
++ sys.stderr.write("Usage: %s [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ]\n" % sys.argv[0])
++ sys.stderr.flush()
++ sys.exit(rc)
++
++def warning(warning = ""):
++ sys.stderr.write("%s\n" % warning)
++ sys.stderr.flush()
++
++def errorExit(error):
++ sys.stderr.write("%s exiting for: " % sys.argv[0])
++ sys.stderr.write("%s\n" % error)
++ sys.stderr.flush()
++ sys.exit(1)
++
++class selinuxConfig:
++ def __init__(self, selinuxdir = "/etc/selinux", type = "targeted", usepwd = 1):
++ self.semanageHandle = semanage_handle_create()
++ self.semanaged = semanage_is_managed(self.semanageHandle)
++ if self.semanaged:
++ rc = semanage_connect(self.semanageHandle)
++ if rc:
++ errorExit("Unable to connect to semanage")
++ (status, self.ulist) = semanage_user_list(self.semanageHandle)
++ self.type = type
++ self.selinuxdir = selinuxdir +"/"
++ self.contextdir = "/contexts"
++ self.filecontextdir = self.contextdir+"/files"
++ self.usepwd = usepwd
++ self.default_user = "user_u"
++ self.default_prefix = "user"
++ self.users = self.getUsers()
+ fd = open(self.getFileContextFile())
+ self.fclines=[]
+ for i in fd.readlines():
@@ -111,59 +194,365 @@
+ self.fclines.append(re.compile(regex))
+ except:
+ continue
-
++
+ fd.close()
+
- def getFileContextDir(self):
- return self.selinuxdir+self.type+self.filecontextdir
-
-@@ -272,7 +287,7 @@
- ret = ""
- fd = open(self.getHomeDirTemplate(), 'r')
- for i in fd.readlines():
-- if i.find("USER") == 1:
++ def getFileContextDir(self):
++ return self.selinuxdir+self.type+self.filecontextdir
++
++ def getFileContextFile(self):
++ return self.getFileContextDir()+"/file_contexts"
++
++ def getContextDir(self):
++ return self.selinuxdir+self.type+self.contextdir
++
++ def getHomeDirTemplate(self):
++ return self.getFileContextDir()+"/homedir_template"
++
++ def getHomeRootContext(self, homedir):
++ ret = ""
++ fd = open(self.getHomeDirTemplate(), 'r')
++
++ for i in fd.readlines():
++ if i.find("HOME_ROOT") == 0:
++ i = i.replace("HOME_ROOT", homedir)
++ ret += i
++ fd.close()
++ if ret == "":
++ errorExit("No Home Root Context Found")
++ return ret
++
++ def heading(self):
++ ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
++ if self.semanaged:
++ ret += "# use semanage command to manage system users in order to change the file_context\n#\n#\n"
++ else:
++ ret += "# edit %s to change file_context\n#\n#\n" % (self.selinuxdir+self.type+"/seusers")
++ return ret
++
++ def get_default_prefix(self, name):
++ for user in self.ulist:
++ if semanage_user_get_name(user) == name:
++ return semanage_user_get_prefix(user)
++ return name
++
++ def get_old_prefix(self, user):
++ rc = grep(self.selinuxdir+self.type+"/users/system.users", "^user %s" % user)
++ if rc == "":
++ rc = grep(self.selinuxdir+self.type+"/users/local.users", "^user %s" % user)
++ if rc != "":
++ user = rc.split()
++ prefix = user[3]
++ if prefix == "{":
++ prefix = user[4]
++ if len(prefix) > 2 and (prefix[-2:] == "_r" or prefix[-2:] == "_u"):
++ prefix = prefix[:-2]
++ return prefix
++
++ def adduser(self, udict, user, seuser, prefix):
++ if seuser == self.default_user or user == "__default__" or user == "system_u":
++ return
++ # !!! chooses first prefix in the list to use in the file context !!!
++ try:
++ home = pwd.getpwnam(user)[5]
++ if home == "/":
++ # Probably install so hard code to /root
++ if user == "root":
++ home = "/root"
++ else:
++ return
++ except KeyError:
++ if user == "root":
++ home = "/root"
++ else:
++ sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
++ return
++ prefs = {}
++ prefs["seuser"] = seuser
++ prefs["prefix"] = prefix
++ prefs["home"] = home
++ udict[user] = prefs
++
++ def setDefaultUser(self, user, prefix):
++ self.default_user = user
++ self.default_prefix = prefix
++
++ def getUsers(self):
++ udict = {}
++ if self.semanaged:
++ (status, list) = semanage_seuser_list(self.semanageHandle)
++ for seuser in list:
++ user = []
++ seusername = semanage_seuser_get_sename(seuser)
++ prefix = self.get_default_prefix(seusername)
++ if semanage_seuser_get_name(seuser) == "__default__":
++ self.setDefaultUser(seusername, prefix)
++
++ self.adduser(udict, semanage_seuser_get_name(seuser), seusername, prefix)
++
++ else:
++ try:
++ fd = open(self.selinuxdir+self.type+"/seusers")
++ for u in fd.readlines():
++ u = u.strip()
++ if len(u) == 0 or u[0] == "#":
++ continue
++ user = u.split(":")
++ if len(user) < 2:
++ continue
++
++ prefix = self.get_old_prefix(user[1])
++ self.adduser(udict, user[0], user[1], prefix)
++ fd.close()
++ except IOError, error:
++ # Must be install so force add of root
++ self.adduser(udict, "root", "root", "root")
++
++ return udict
++
++ def getHomeDirContext(self, user, seuser, home, prefix):
++ ret = "\n\n#\n# Home Context for user %s\n#\n\n" % user
++ fd = open(self.getHomeDirTemplate(), 'r')
++ for i in fd.readlines():
++ if i.startswith("HOME_DIR") == 1:
++ i = i.replace("HOME_DIR", home)
++ i = i.replace("ROLE", prefix)
++ i = i.replace("system_u", seuser)
++ # Validate if the generated context exists. Some user types may not exist
++ scon = i.split()[-1]
++ if selinux.is_selinux_enabled() < 1 or selinux.security_check_context(scon) == 0:
++ ret = ret+i
++ fd.close()
++ return ret
++
++ def getUserContext(self, user, sel_user, prefix):
++ ret = ""
++ fd = open(self.getHomeDirTemplate(), 'r')
++ for i in fd.readlines():
+ if i.find("USER") > 0:
- i = i.replace("USER", user)
- i = i.replace("ROLE", prefix)
- i = i.replace("system_u", sel_user)
-@@ -289,20 +304,9 @@
- return ret+"\n"
-
- def checkExists(self, home):
-- fd = open(self.getFileContextFile())
-- for i in fd.readlines():
-- if len(i) == 0:
-- continue
++ i = i.replace("USER", user)
++ i = i.replace("ROLE", prefix)
++ i = i.replace("system_u", sel_user)
++ ret = ret+i
++ fd.close()
++ return ret
++
++ def genHomeDirContext(self):
++ ret = ""
++ # Fill in HOME and prefix for users that are defined
++ for u in self.users.keys():
++ ret += self.getHomeDirContext (u, self.users[u]["seuser"], self.users[u]["home"], self.users[u]["prefix"])
++ ret += self.getUserContext (u, self.users[u]["seuser"], self.users[u]["prefix"])
++ return ret+"\n"
++
++ def checkExists(self, home):
+ for i in self.fclines:
- try:
-- regex = i.split()[0]
-- #match a trailing .+
-- regex = re.sub("\.+$", "", regex)
-- regex = re.sub("\.\*$", "", regex)
-- #strip a (/.*)? which matches anything trailing to a /*$ which matches trailing /'s
--
-- regex = re.sub("\(\/\.\*\)\?", "", regex)
-- regex = regex + "/*$"
-- if re.search(regex,home, 0):
++ try:
+ if i.match(home):
- return 1
- except:
- continue
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.23/semanage/semanage
---- nsapolicycoreutils/semanage/semanage 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.23/semanage/semanage 2007-08-22 16:29:22.000000000 -0400
-@@ -34,7 +34,10 @@
- sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
-
- try:
-- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1)
-+ gettext.install(PROGNAME,
-+ localedir="/usr/share/locale",
-+ unicode=False,
-+ codeset = 'utf-8')
- except IOError:
- import __builtin__
- __builtin__.__dict__['_'] = unicode
++ return 1
++ except:
++ continue
++ return 0
++
++ def getHomeDirs(self):
++ homedirs = getDefaultHomeDir()
++ starting_uid = getStartingUID()
++ if self.usepwd == 0:
++ return homedirs
++ ulist = pwd.getpwall()
++ for u in ulist:
++ if u[2] >= starting_uid and \
++ u[6] in VALID_SHELLS and \
++ u[5] != "/" and \
++ string.count(u[5], "/") > 1:
++ homedir = u[5][:string.rfind(u[5], "/")]
++ if not homedir in homedirs:
++ if self.checkExists(homedir) == 1:
++ warning("%s homedir %s or its parent directory conflicts with a\ndefined context in %s,\n%s will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))
++ else:
++ homedirs.append(homedir)
++
++ homedirs.sort()
++ return homedirs
++
++ def genoutput(self):
++ ret = self.heading()
++ for h in self.getHomeDirs():
++ ret += self.getHomeDirContext (self.default_user, self.default_user, h+'/[^/]*', self.default_prefix)
++ ret += self.getHomeRootContext(h)
++ ret += self.getUserContext(".*", self.default_user, self.default_prefix) + "\n"
++ ret += self.genHomeDirContext()
++ return ret
++
++ def printout(self):
++ print self.genoutput()
++
++ def write(self):
++ fd = open(self.getFileContextDir()+"/file_contexts.homedirs", "w")
++ fd.write(self.genoutput())
++ fd.close()
++
++if os.getuid() > 0 or os.geteuid() > 0:
++ print _("You must be root to run %s.") % sys.argv[0]
++ sys.exit(1)
++
++try:
++ fd = open("/etc/shells", 'r')
++ VALID_SHELLS = fd.read().split("\n")
++ fd.close()
++ if "/sbin/nologin" in VALID_SHELLS:
++ VALID_SHELLS.remove("/sbin/nologin")
++ if "" in VALID_SHELLS:
++ VALID_SHELLS.remove("")
++except:
++ VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']
++
++#
++# This script will generate home dir file context
++# based off the homedir_template file, entries in the password file, and
++#
++try:
++ usepwd = 1
++ directory = "/etc/selinux"
++ type = None
++ gopts, cmds = getopt.getopt(sys.argv[1:], 'hnd:t:', ['help',
++ 'type=',
++ 'nopasswd',
++ 'dir='])
++ for o,a in gopts:
++ if o == '--type' or o == "-t":
++ type = a
++ if o == '--nopasswd' or o == "-n":
++ usepwd = 0
++ if o == '--dir' or o == "-d":
++ directory = a
++ if o == '--help' or o == "-h":
++ usage()
++except getopt.error, error:
++ errorExit(_("Options Error %s ") % error)
++
++if type == None:
++ type = getSELinuxType(directory)
++
++if len(cmds) != 0:
++ usage(1)
++
++selconf = selinuxConfig(directory, type, usepwd)
++try:
++ selconf.write()
++except IOError, error:
++ sys.stderr.write("%s: %s\n" % ( sys.argv[0], error ))
++ sys.exit(1)
++
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-2.0.23/scripts/genhomedircon.8
+--- nsapolicycoreutils/scripts/genhomedircon.8 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.23/scripts/genhomedircon.8 2007-08-20 19:16:35.000000000 -0400
+@@ -0,0 +1,82 @@
++.\" Hey, Emacs! This is an -*- nroff -*- source file.
++.\" Copyright (c) 2005 Manoj Srivastava <srivasta at debian.org>
++.\"
++.\" This is free documentation; you can redistribute it and/or
++.\" modify it under the terms of the GNU General Public License as
++.\" published by the Free Software Foundation; either version 2 of
++.\" the License, or (at your option) any later version.
++.\"
++.\" The GNU General Public License's references to "object code"
++.\" and "executables" are to be interpreted as the output of any
++.\" document formatting or typesetting system, including
++.\" intermediate and printed output.
++.\"
++.\" This manual is distributed in the hope that it will be useful,
++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++.\" GNU General Public License for more details.
++.\"
++.\" You should have received a copy of the GNU General Public
++.\" License along with this manual; if not, write to the Free
++.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
++.\" USA.
++.\"
++.\"
++.TH GENHOMEDIRCON "8" "January 2005" "Security Enhanced Linux" ""
++.SH NAME
++genhomedircon \- generate SELinux file context configuration entries for user home directories
++.SH SYNOPSIS
++.B genhomedircon [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ] [-h]
++
++.SH OPTIONS
++.TP
++.B "\-h"
++Print a short usage message
++.TP
++.B "\-d selinuxdir (\-\-directory)"
++Directory where selinux files are installed defaults to /etc/selinux
++.TP
++.B
++\-n \-\-nopasswd
++Indicates to the utility not to read homedirectories out of the password database.
++.TP
++\-t selinuxtype (\-\-type)
++Indicates the selinux type of this install. Defaults to "targeted".
++.SH DESCRIPTION
++.PP
++This utility is used to generate file context configuration entries for
++user home directories based on their
++.B prefix
++entry in the the
++.B semanage user record.
++genhomedircon is run when building
++the policy. It is also run automaticaly when ever the
++.B semanage
++utility modifies
++.B user
++or
++.B login
++records.
++Specifically, we replace HOME_ROOT, HOME_DIR, and ROLE macros in the
++.I /etc/selinux/<<SELINUXTYPE>>/contexts/files/homedir_template
++file with generic and user-specific values. HOME_ROOT and HOME_DIR is replaced with each distinct location where login users homedirectories are located. Defaults to /home. ROLE is replaced based on the prefix entry in the
++.B user
++record.
++.PP
++genhomedircon searches through all password entires for all "login" user home directories, (as opposed
++to system users). Login users are those whose UID is greater than or equal
++.I STARTING_UID
++(default 500) and whose login shell is not "/sbin/nologin", or
++"/bin/false".
++.PP
++.SH AUTHOR
++This manual page was originally written by
++.I Manoj Srivastava <srivasta at debian.org>,
++for the Debian GNU/Linux system, based on the comments and the code
++in the utility, and then updated by Dan Walsh of Red Hat. The
++.B genhomedircon
++utility was originally written by
++.I Dan Walsh of Red Hat
++with some modifications by
++.I Tresys Technology, LLC.
++
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.23/scripts/Makefile
+--- nsapolicycoreutils/scripts/Makefile 2007-08-23 16:52:26.000000000 -0400
++++ policycoreutils-2.0.23/scripts/Makefile 2007-08-20 19:16:35.000000000 -0400
+@@ -5,14 +5,18 @@
+ MANDIR ?= $(PREFIX)/share/man
+ LOCALEDIR ?= /usr/share/locale
+
+-all: fixfiles
++TARGETS=genhomedircon
++
++all: $(TARGETS) fixfiles
+
+ install: all
+ -mkdir -p $(BINDIR)
++ install -m 755 $(TARGETS) $(SBINDIR)
+ install -m 755 chcat $(BINDIR)
+ install -m 755 fixfiles $(DESTDIR)/sbin
+ -mkdir -p $(MANDIR)/man8
+ install -m 644 fixfiles.8 $(MANDIR)/man8/
++ install -m 644 genhomedircon.8 $(MANDIR)/man8/
+ install -m 644 chcat.8 $(MANDIR)/man8/
+
+ clean:
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.23/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2007-07-16 14:20:41.000000000 -0400
+++ policycoreutils-2.0.23/semanage/seobject.py 2007-08-22 16:29:22.000000000 -0400
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.435
retrieving revision 1.436
diff -u -r1.435 -r1.436
--- policycoreutils.spec 23 Aug 2007 14:24:19 -0000 1.435
+++ policycoreutils.spec 23 Aug 2007 21:00:38 -0000 1.436
@@ -5,8 +5,8 @@
%define sepolgenver 1.0.8
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.0.23
-Release: 2%{?dist}
+Version: 2.0.25
+Release: 1%{?dist}
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -193,6 +193,15 @@
fi
%changelog
+* Thu Aug 23 2007 Dan Walsh <dwalsh at redhat.com> 2.0.25-1
+- Update semodule man page
+ * Fix genhomedircon searching for USER from Todd Miller
+ * Install run_init with mode 0755 from Dan Walsh.
+ * Fix chcat from Dan Walsh.
+ * Fix fixfiles pattern expansion and error reporting from Dan Walsh.
+ * Optimize genhomedircon to compile regexes once from Dan Walsh.
+ * Fix semanage gettext call from Dan Walsh.
+
* Thu Aug 23 2007 Dan Walsh <dwalsh at redhat.com> 2.0.23-2
- Update semodule man page
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/sources,v
retrieving revision 1.162
retrieving revision 1.163
diff -u -r1.162 -r1.163
--- sources 21 Aug 2007 13:02:46 -0000 1.162
+++ sources 23 Aug 2007 21:00:38 -0000 1.163
@@ -1,2 +1,2 @@
4d6e57c7fc396efbcf96b7accab4ba30 sepolgen-1.0.8.tgz
-a730de6fcaab275b924c87c9207a0b03 policycoreutils-2.0.23.tgz
+43c5df63e94b6e35d1f830b5b7ee6cfc policycoreutils-2.0.25.tgz
More information about the fedora-extras-commits
mailing list