rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.344, 1.345 policycoreutils.spec, 1.492, 1.493
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Jan 10 19:12:59 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13542
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Tue Jan 8 2008 Dan Walsh <dwalsh at redhat.com> 2.0.34-7
- Fix fixfiles to handle no args
policycoreutils-rhat.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.344 -r 1.345 policycoreutils-rhat.patch
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.344
retrieving revision 1.345
diff -u -r1.344 -r1.345
--- policycoreutils-rhat.patch 8 Jan 2008 14:57:29 -0000 1.344
+++ policycoreutils-rhat.patch 10 Jan 2008 19:12:45 -0000 1.345
@@ -1,31 +1,120 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.34/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.34/audit2allow/audit2allow 2007-12-31 14:22:40.000000000 -0500
-@@ -60,7 +60,9 @@
++++ policycoreutils-2.0.34/audit2allow/audit2allow 2008-01-10 13:33:37.000000000 -0500
+@@ -28,6 +28,7 @@
+ import sepolgen.objectmodel as objectmodel
+ import sepolgen.defaults as defaults
+ import sepolgen.module as module
++#import sepolgen.audit2why as audit2why
+ from sepolgen.sepolgeni18n import _
+
+ class AuditToPolicy:
+@@ -60,7 +61,10 @@
parser.add_option("-o", "--output", dest="output",
help="append output to <filename>, conflicts with -M")
parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
- default=False, help="generate refpolicy style output")
+ default=True, help="generate refpolicy style output")
++
+ parser.add_option("-N", "--noreference", action="store_false", dest="refpolicy",
+ default=False, help="do not generate refpolicy style output")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
default=False, help="explain generated output")
parser.add_option("-e", "--explain", action="store_true", dest="explain_long",
-@@ -149,9 +151,11 @@
+@@ -72,6 +76,9 @@
+ parser.add_option("--debug", dest="debug", action="store_true", default=False,
+ help="leave generated modules for -M")
+
++ parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False,
++ help="Translates SELinux audit messages into a description of why the access was denied")
++
+ options, args = parser.parse_args()
+
+ # Make -d, -a, and -i conflict
+@@ -149,8 +156,10 @@
if self.__options.type:
filter = audit.TypeFilter(self.__options.type)
self.__avs = self.__parser.to_access(filter)
+ self.__selinux_errs = self.__parser.to_role(filter)
else:
self.__avs = self.__parser.to_access()
--
+ self.__selinux_errs = self.__parser.to_role()
-+
+
def __load_interface_info(self):
# Load interface info file
- if self.__options.interface_info:
-@@ -251,6 +255,12 @@
+@@ -210,7 +219,71 @@
+ sys.stdout.write((_("To make this policy package active, execute:" +\
+ "\n\nsemodule -i %s\n\n") % packagename))
+
++ def __output_audit2why(self):
++ import selinux
++ import selinux.audit2why as audit2why
++ audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
++ for i in self.__parser.avc_msgs:
++ rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
++ if rc >= 0:
++ print "%s\n\tWas caused by:" % i.message
++ if rc == audit2why.NOPOLICY:
++ raise "Must call policy_init first"
++ if rc == audit2why.BADTCON:
++ print "Invalid Target Context %s\n" % i.tcontext
++ continue
++ if rc == audit2why.BADSCON:
++ print "Invalid Source Context %s\n" % i.scontext
++ continue
++ if rc == audit2why.BADSCON:
++ print "Invalid Type Class %s\n" % i.tclass
++ continue
++ if rc == audit2why.BADPERM:
++ print "Invalid permission %s\n" % i.accesses
++ continue
++ if rc == audit2why. BADCOMPUTE:
++ raise "Error during access vector computation"
++ if rc == audit2why.ALLOW:
++ print "\t\tUnknown - would be allowed by active policy\n",
++ print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
++ print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
++ continue
++ if rc == audit2why.BOOLEAN:
++ if len(bools) > 1:
++ print "\tOne of the following booleans being set incorrectly."
++ for b in bools:
++ print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
++ print "\t# setsebool -P %s %d" % (b[0], b[1])
++ else:
++ print "\tThe boolean %s set incorrectly. Allow access by executing:" % bools[0][0]
++ print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
++
++ continue
++
++ if rc == audit2why.TERULE:
++ print "\t\tMissing or disabled type enforcingment (TE) allow rule.\n"
++ print "\t\tYou can use audit2allow to generate the missing allow rules and/or load policy to allow this access.\n"
++ continue
++
++ if rc == audit2why.CONSTRAINT:
++ print "\t\tConstraint violation.\n"
++ print "\t\tCheck policy/constraints.\n"
++ print "\t\tTypically, you just need to add a type attribute to the domain to satisfy the constraint.\n"
++ continue
++
++ if rc == audit2why.RBAC:
++ print "\t\tMissing role allow rule.\n"
++ print "\t\tAdd allow rule for the role pair.\n"
++ continue
++
++ audit2why.finish()
++ return
++
+ def __output(self):
++
++ if self.__options.audit2why:
++ return self.__output_audit2why()
++
+ g = policygen.PolicyGenerator()
+
+ if self.__options.module:
+@@ -251,6 +324,12 @@
fd = sys.stdout
writer.write(g.get_module(), fd)
@@ -69,29 +158,124 @@
if __name__ == "__main__":
sys.exit(main())
-Binary files nsapolicycoreutils/audit2why/audit2why and policycoreutils-2.0.34/audit2why/audit2why differ
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why policycoreutils-2.0.34/audit2why/audit2why
+--- nsapolicycoreutils/audit2why/audit2why 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.34/audit2why/audit2why 2008-01-10 13:37:42.000000000 -0500
+@@ -0,0 +1,2 @@
++#!/bin/sh
++audit2allow -w $*
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.8 policycoreutils-2.0.34/audit2why/audit2why.8
+--- nsapolicycoreutils/audit2why/audit2why.8 2007-07-16 14:20:41.000000000 -0400
++++ policycoreutils-2.0.34/audit2why/audit2why.8 2008-01-10 13:37:18.000000000 -0500
+@@ -1,79 +1 @@
+-.\" Hey, Emacs! This is an -*- nroff -*- source file.
+-.\" Copyright (c) 2005 Dan Walsh <dwalsh at redhat.com>
+-.\"
+-.\" This is free documentation; you can redistribute it and/or
+-.\" modify it under the terms of the GNU General Public License as
+-.\" published by the Free Software Foundation; either version 2 of
+-.\" the License, or (at your option) any later version.
+-.\"
+-.\" The GNU General Public License's references to "object code"
+-.\" and "executables" are to be interpreted as the output of any
+-.\" document formatting or typesetting system, including
+-.\" intermediate and printed output.
+-.\"
+-.\" This manual is distributed in the hope that it will be useful,
+-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-.\" GNU General Public License for more details.
+-.\"
+-.\" You should have received a copy of the GNU General Public
+-.\" License along with this manual; if not, write to the Free
+-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
+-.\" USA.
+-.\"
+-.\"
+-.TH AUDIT2WHY "8" "May 2005" "Security Enhanced Linux" NSA
+-.SH NAME
+-audit2why \- Translates SELinux audit messages into a description of why the access was denied
+-.SH SYNOPSIS
+-.B audit2why
+-.RI [ options "] "
+-.SH OPTIONS
+-.TP
+-
+-.B "\-\-help"
+-Print a short usage message
+-.TP
+-.B "\-p <policyfile>"
+-Specify an alternate policy file.
+-.SH DESCRIPTION
+-.PP
+-This utility processes SELinux audit messages from standard
+-input and and reports which component of the policy caused each
+-permission denial based on the specified policy file if the -p option
+-was used or the active policy otherwise. There are three possible
+-causes: 1) a missing or disabled TE allow rule, 2) a constraint violation,
+-or 3) a missing role allow rule. In the first case, the TE allow
+-rule may exist in the policy but may be disabled due to boolean settings.
+-See
+-.BR booleans (8).
[...4529 lines suppressed...]
-+
-+ /* Install Constants */
-+ SWIGINTERN void
-+ SWIG_Python_InstallConstants(PyObject *d, swig_const_info constants[]) {
-+ PyObject *obj = 0;
-+ size_t i;
-+ for (i = 0; constants[i].type; ++i) {
-+ switch(constants[i].type) {
-+ case SWIG_PY_POINTER:
-+ obj = SWIG_NewPointerObj(constants[i].pvalue, *(constants[i]).ptype,0);
-+ break;
-+ case SWIG_PY_BINARY:
-+ obj = SWIG_NewPackedObj(constants[i].pvalue, constants[i].lvalue, *(constants[i].ptype));
-+ break;
-+ default:
-+ obj = 0;
-+ break;
-+ }
-+ if (obj) {
-+ PyDict_SetItemString(d, constants[i].name, obj);
-+ Py_DECREF(obj);
-+ }
-+ }
-+ }
-+
-+ /* -----------------------------------------------------------------------------*/
-+ /* Fix SwigMethods to carry the callback ptrs when needed */
-+ /* -----------------------------------------------------------------------------*/
-+
-+ SWIGINTERN void
-+ SWIG_Python_FixMethods(PyMethodDef *methods,
-+ swig_const_info *const_table,
-+ swig_type_info **types,
-+ swig_type_info **types_initial) {
-+ size_t i;
-+ for (i = 0; methods[i].ml_name; ++i) {
-+ const char *c = methods[i].ml_doc;
-+ if (c && (c = strstr(c, "swig_ptr: "))) {
-+ int j;
-+ swig_const_info *ci = 0;
-+ const char *name = c + 10;
-+ for (j = 0; const_table[j].type; ++j) {
-+ if (strncmp(const_table[j].name, name,
-+ strlen(const_table[j].name)) == 0) {
-+ ci = &(const_table[j]);
-+ break;
-+ }
-+ }
-+ if (ci) {
-+ size_t shift = (ci->ptype) - types;
-+ swig_type_info *ty = types_initial[shift];
-+ size_t ldoc = (c - methods[i].ml_doc);
-+ size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
-+ char *ndoc = (char*)malloc(ldoc + lptr + 10);
-+ if (ndoc) {
-+ char *buff = ndoc;
-+ void *ptr = (ci->type == SWIG_PY_POINTER) ? ci->pvalue : 0;
-+ if (ptr) {
-+ strncpy(buff, methods[i].ml_doc, ldoc);
-+ buff += ldoc;
-+ strncpy(buff, "swig_ptr: ", 10);
-+ buff += 10;
-+ SWIG_PackVoidPtr(buff, ptr, ty->name, lptr);
-+ methods[i].ml_doc = ndoc;
-+ }
-+ }
-+ }
-+ }
-+ }
-+ }
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+/* -----------------------------------------------------------------------------*
-+ * Partial Init method
-+ * -----------------------------------------------------------------------------*/
-+
-+#ifdef __cplusplus
-+extern "C"
-+#endif
-+SWIGEXPORT void SWIG_init(void) {
-+ PyObject *m, *d;
-+
-+ /* Fix SwigMethods to carry the callback ptrs when needed */
-+ SWIG_Python_FixMethods(SwigMethods, swig_const_table, swig_types, swig_type_initial);
-+
-+ m = Py_InitModule((char *) SWIG_name, SwigMethods);
-+ d = PyModule_GetDict(m);
-+
-+ SWIG_InitializeModule(0);
-+ SWIG_InstallConstants(d,swig_const_table);
-+
-+
-+ SWIG_Python_SetConstant(d, "BADSCON",SWIG_From_int((int)(-1)));
-+ SWIG_Python_SetConstant(d, "BADTCON",SWIG_From_int((int)(-2)));
-+ SWIG_Python_SetConstant(d, "BADTCLASS",SWIG_From_int((int)(-3)));
-+ SWIG_Python_SetConstant(d, "BADPERM",SWIG_From_int((int)(-4)));
-+ SWIG_Python_SetConstant(d, "BADCOMPUTE",SWIG_From_int((int)(-5)));
-+ SWIG_Python_SetConstant(d, "NOPOLICY",SWIG_From_int((int)(-6)));
-+ SWIG_Python_SetConstant(d, "ALLOWED",SWIG_From_int((int)(0)));
-+ SWIG_Python_SetConstant(d, "TERULE",SWIG_From_int((int)(1)));
-+ SWIG_Python_SetConstant(d, "BOOLEAN",SWIG_From_int((int)(2)));
-+ SWIG_Python_SetConstant(d, "CONSTRAINT",SWIG_From_int((int)(3)));
-+ SWIG_Python_SetConstant(d, "RBAC",SWIG_From_int((int)(4)));
-+}
-+
-Binary files nsapolicycoreutils/audit2why/audit2whyswig_wrap.lo and policycoreutils-2.0.34/audit2why/audit2whyswig_wrap.lo differ
+- printf("\n");
+- }
+- free(buffer);
+- free(bufcopy);
+- exit(0);
+-}
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-2.0.34/audit2why/Makefile
--- nsapolicycoreutils/audit2why/Makefile 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.34/audit2why/Makefile 2008-01-05 07:59:15.000000000 -0500
-@@ -5,7 +5,18 @@
++++ policycoreutils-2.0.34/audit2why/Makefile 2008-01-10 13:38:49.000000000 -0500
+@@ -1,15 +1,7 @@
+ # Installation directories.
+ PREFIX ?= ${DESTDIR}/usr
+ BINDIR ?= $(PREFIX)/bin
+-LIBDIR ?= ${PREFIX}/lib
MANDIR ?= $(PREFIX)/share/man
- LOCALEDIR ?= /usr/share/locale
- INCLUDEDIR ?= ${PREFIX}/include
+-LOCALEDIR ?= /usr/share/locale
+-INCLUDEDIR ?= ${PREFIX}/include
-
-+PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
-+PYINC ?= /usr/include/$(PYLIBVER)
-+PYLIB ?= /usr/lib/$(PYLIBVER)
-+PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
-+
-+SWIGIF= audit2whyswig.i
-+SWIGCOUT= audit2whyswig_wrap.c
-+SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
-+SWIGSO=_audit2why.so
-+SWIGFILES=$(SWIGSO) audit2why.py
-+SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
-+GENERATED=$(SWIGCOUT)
-
- CFLAGS ?= -Werror -Wall -W
- override CFLAGS += -I$(INCLUDEDIR)
-@@ -15,14 +26,36 @@
+-
+-CFLAGS ?= -Werror -Wall -W
+-override CFLAGS += -I$(INCLUDEDIR)
+-LDLIBS = ${LIBDIR}/libsepol.a -lselinux -L$(LIBDIR)
- all: $(TARGETS)
+ TARGETS=audit2why
-+pywrap: all $(SWIGSO)
-+
-+#audit2why.o: audit2why.c
-+# $(CC) $(CFLAG) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
-+
-+$(SWIGLOBJ): $(SWIGCOUT)
-+ $(CC) $(CFLAG) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
-+
-+$(SWIGSO): $(SWIGLOBJ) audit2why.o
-+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< audit2why.o -L. $(LDLIBS) -Wl,-soname,$@
-+
-+$(SWIGCOUT): $(SWIGIF)
-+ $(SWIG) $^
-+
-+swigify: $(SWIGIF)
-+ $(SWIG) $^
-+
- install: all
- -mkdir -p $(BINDIR)
+@@ -20,11 +12,3 @@
install -m 755 $(TARGETS) $(BINDIR)
-mkdir -p $(MANDIR)/man8
install -m 644 audit2why.8 $(MANDIR)/man8/
-
-+install-pywrap: pywrap
-+ test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
-+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages
-+ install -m 644 audit2why.py $(PYTHONLIBDIR)/site-packages
-+
- clean:
+-
+-clean:
- -rm -f $(TARGETS) *.o
-+ -rm -f $(TARGETS) *.o $(SWIGLOBJ) $(SWIGSO)
-
- indent:
- ../../scripts/Lindent $(wildcard *.[ch])
+-
+-indent:
+- ../../scripts/Lindent $(wildcard *.[ch])
+-
+-relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.34/Makefile
--- nsapolicycoreutils/Makefile 2007-12-19 06:02:52.000000000 -0500
+++ policycoreutils-2.0.34/Makefile 2007-12-19 06:06:04.000000000 -0500
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.492
retrieving revision 1.493
diff -u -r1.492 -r1.493
--- policycoreutils.spec 8 Jan 2008 14:57:29 -0000 1.492
+++ policycoreutils.spec 10 Jan 2008 19:12:45 -0000 1.493
@@ -1,7 +1,7 @@
%define libauditver 1.4.2-1
%define libsepolver 2.0.10-1
%define libsemanagever 2.0.5-1
-%define libselinuxver 2.0.34-1
+%define libselinuxver 2.0.46-5
%define sepolgenver 1.0.10
Summary: SELinux policy core utilities
Name: policycoreutils
More information about the fedora-extras-commits
mailing list