rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.429, 1.430 policycoreutils.spec, 1.624, 1.625
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Aug 19 20:25:21 UTC 2009
- Previous message (by thread): rpms/kernel/devel fix-perf-make-man-failure.patch, NONE, 1.1.2.2 patch-2.6.31-rc6-git5.bz2.sign, NONE, 1.1.2.2 .cvsignore, 1.1014.2.24, 1.1014.2.25 kernel.spec, 1.1294.2.53, 1.1294.2.54 linux-2.6-debug-vm-would-have-oomkilled.patch, 1.2.6.1, 1.2.6.2 sources, 1.976.2.25, 1.976.2.26 upstream, 1.888.2.24, 1.888.2.25 xen.pvops.patch, 1.1.2.34, 1.1.2.35 patch-2.6.31-rc6-git3.bz2.sign, 1.1.2.2, NONE
- Next message (by thread): rpms/plexus-utils/devel plexus-utils-1.4.5-build.xml, 1.1, 1.2 plexus-utils.spec, 1.4, 1.5 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15342
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Wed Aug 19 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-6
- Redesign restorecond to use setfiles/restore functionality
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 14
restorecond/Makefile | 20
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.c | 423 +++--------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 19
restorecond/restorecond.o |binary
restorecond/restorecond_user.conf | 2
restorecond/stringslist.o |binary
restorecond/user.c | 220 +++++++++
restorecond/user.o |binary
restorecond/utmpwatcher.o |binary
restorecond/walk.c | 30 +
restorecond/watch.c | 253 ++++++++++
restorecond/watch.o |binary
scripts/Makefile | 3
scripts/chcat | 2
scripts/sandbox | 139 +++++
scripts/sandbox.8 | 22
scripts/sandbox.py | 67 ++
semanage/semanage | 61 +-
semanage/semanage.8 | 4
semanage/seobject.py | 109 ++++
setfiles/Makefile | 4
setfiles/restore.c | 531 ++++++++++++++++++++++
setfiles/restore.h | 50 ++
setfiles/restore.o |binary
setfiles/restorecon |binary
setfiles/setfiles |binary
setfiles/setfiles.c | 672 +++-------------------------
32 files changed, 1674 insertions(+), 988 deletions(-)
View full diff with command:
/usr/bin/cvs -n -f diff -kk -u -p -N -r 1.429 -r 1.430 policycoreutils-rhat.patchIndex: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.429
retrieving revision 1.430
diff -u -p -r1.429 -r1.430
--- policycoreutils-rhat.patch 18 Aug 2009 19:25:04 -0000 1.429
+++ policycoreutils-rhat.patch 19 Aug 2009 20:25:21 -0000 1.430
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-18 15:19:58.000000000 -0400
++++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-19 15:01:34.000000000 -0400
@@ -42,6 +42,8 @@
from optparse import OptionParser
@@ -38,18 +38,18 @@ diff --exclude-from=exclude --exclude=se
else:
# This is the default if no input is specified
f = sys.stdin
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.71/Makefile 2009-08-13 17:57:54.000000000 -0400
++++ policycoreutils-2.0.71/Makefile 2009-08-19 15:01:34.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-13 17:57:54.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-19 15:42:48.000000000 -0400
@@ -2,16 +2,23 @@
PREFIX ?= ${DESTDIR}/usr
SBINDIR ?= $(PREFIX)/sbin
@@ -64,16 +64,16 @@ diff --exclude-from=exclude --exclude=se
CFLAGS ?= -g -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -L$(PREFIX)/lib
-+override CFLAGS += -I$(PREFIX)/include -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -I/usr/lib/dbus-1.0/include -D_FILE_OFFSET_BITS=64 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib/glib-2.0/include
++override CFLAGS += -I$(PREFIX)/include -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib/glib-2.0/include
+
-+LDLIBS += -lselinux -ldbus-glib-1 -lglib-2.0 -L$(PREFIX)/lib
++LDLIBS += -lselinux -ldbus-glib-1 -lglib-2.0 -L$(LIBDIR)
all: restorecond
-restorecond: restorecond.o utmpwatcher.o stringslist.o
+restorecond.o utmpwatcher.o stringslist.o user.o watch.o: restorecond.h
+
-+restorecond: restorecond.o utmpwatcher.o stringslist.o user.o watch.o
++restorecond: ../setfiles/restore.o restorecond.o utmpwatcher.o stringslist.o user.o watch.o
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
install: all
@@ -91,21 +91,22 @@ diff --exclude-from=exclude --exclude=se
relabel: install
/sbin/restorecon $(SBINDIR)/restorecond
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-13 17:57:54.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-19 12:25:41.000000000 -0400
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-13 17:57:54.000000000 -0400
-@@ -48,294 +48,37 @@
++++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-19 15:42:48.000000000 -0400
+@@ -48,294 +48,39 @@
#include <signal.h>
#include <string.h>
#include <unistd.h>
-#include <ctype.h>
++#include "../setfiles/restore.h"
#include <sys/types.h>
-#include <sys/stat.h>
#include <syslog.h>
@@ -303,7 +304,7 @@ diff --exclude-from=exclude --exclude=se
-{
- char *line_buf = NULL;
- size_t len = 0;
-
+-
- while (getline(&line_buf, &len, cfg) > 0) {
- char *buffer = line_buf;
- while (isspace(*buffer))
@@ -322,20 +323,21 @@ diff --exclude-from=exclude --exclude=se
- }
- free(line_buf);
-}
-+static char *server_watch_file = "/etc/selinux/restorecond.conf";
-+static char *user_watch_file = "/etc/selinux/restorecond_user.conf";
-+static char *watch_file;
-
+-
-/*
- Read config file ignoring Comment lines
- Files specified one per line. Files with "~" will be expanded to the logged in users
- homedirs.
-*/
--
+
-static void read_config(int fd)
-{
- char *watch_file_path = "/etc/selinux/restorecond.conf";
--
++static char *server_watch_file = "/etc/selinux/restorecond.conf";
++static char *user_watch_file = "/etc/selinux/restorecond_user.conf";
++static char *watch_file;
++static struct restore_opts r_opts;
+
- FILE *cfg = NULL;
- if (debug_mode)
- printf("Read Config\n");
@@ -415,7 +417,7 @@ diff --exclude-from=exclude --exclude=se
}
static const char *pidfile = "/var/run/restorecond.pid";
-@@ -374,7 +117,7 @@
+@@ -374,7 +119,7 @@
static void usage(char *program)
{
@@ -424,7 +426,7 @@ diff --exclude-from=exclude --exclude=se
exit(0);
}
-@@ -390,74 +133,13 @@
+@@ -390,74 +135,35 @@
to see if it is one that we are watching.
*/
@@ -496,12 +498,34 @@ diff --exclude-from=exclude --exclude=se
- fprintf(stderr, "Daemon requires SELinux be enabled to run.\n");
- return 1;
- }
++ memset(&r_opts, 0, sizeof(r_opts));
++
++ r_opts.progress = 0;
++ r_opts.count = 0;
++ r_opts.debug = 0;
++ r_opts.change = 1;
++ r_opts.verbose = 0;
++ r_opts.logging = 0;
++ r_opts.rootpath = NULL;
++ r_opts.expand_realpath = 0;
++ r_opts.rootpathlen = 0;
++ r_opts.outfile = NULL;
++ r_opts.force = 0;
++ r_opts.hard_links = 0;
++ r_opts.expand_realpath = 1;
++ r_opts.abort_on_error = 0;
++ r_opts.add_assoc = 0;
++ r_opts.fts_flags = FTS_PHYSICAL;
++ r_opts.selabel_opt_validate = NULL;
++ r_opts.selabel_opt_path = NULL;
++
++ restore_init(&r_opts);
+ /* If we are not running SELinux then just exit */
+ if (is_selinux_enabled() != 1) return 0;
/* Register sighandlers */
sa.sa_flags = 0;
-@@ -467,15 +149,18 @@
+@@ -467,15 +173,18 @@
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
@@ -525,7 +549,7 @@ diff --exclude-from=exclude --exclude=se
case 'v':
verbose_mode = 1;
break;
-@@ -483,20 +168,36 @@
+@@ -483,22 +192,40 @@
usage(argv[0]);
}
}
@@ -565,9 +589,13 @@ diff --exclude-from=exclude --exclude=se
if (pidfile)
unlink(pidfile);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf
+ return 0;
+ }
++
++
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-05-18 13:53:14.000000000 -0400
-+++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-13 17:57:54.000000000 -0400
[...1849 lines suppressed...]
+- add_assoc = 1;
+- fts_flags = FTS_PHYSICAL | FTS_XDEV;
++ r_opts.expand_realpath = 0;
++ r_opts.abort_on_error = 1;
++ r_opts.add_assoc = 1;
++ r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV;
+ ctx_validate = 1;
+ } else {
+ /*
+@@ -772,14 +263,14 @@
+ * Follows mounts,
+ * Does lazy validation of contexts upon use.
+ */
+- if (strcmp(base, RESTORECON) && !quiet)
++ if (strcmp(base, RESTORECON) && !r_opts.quiet)
+ printf("Executed with an unrecognized name (%s), defaulting to %s behavior.\n", base, RESTORECON);
+ iamrestorecon = 1;
+ recurse = 0;
+- expand_realpath = 1;
+- abort_on_error = 0;
+- add_assoc = 0;
+- fts_flags = FTS_PHYSICAL;
++ r_opts.expand_realpath = 1;
++ r_opts.abort_on_error = 0;
++ r_opts.add_assoc = 0;
++ r_opts.fts_flags = FTS_PHYSICAL;
+ ctx_validate = 0;
+
+ /* restorecon only: silent exit if no SELinux.
+@@ -828,11 +319,6 @@
+ }
+ case 'e':
+ remove_exclude(optarg);
+- if (lstat(optarg, &sb) < 0 && errno != EACCES) {
+- fprintf(stderr, "Can't stat exclude path \"%s\", %s - ignoring.\n",
+- optarg, strerror(errno));
+- break;
+- }
+ if (add_exclude(optarg))
+ exit(1);
+ break;
+@@ -841,37 +327,37 @@
+ input_filename = optarg;
+ break;
+ case 'd':
+- debug = 1;
++ r_opts.debug = 1;
+ break;
+ case 'i':
+ ignore_enoent = 1;
+ break;
+ case 'l':
+- logging = 1;
++ r_opts.logging = 1;
+ break;
+ case 'F':
+- force = 1;
++ r_opts.force = 1;
+ break;
+ case 'n':
+- change = 0;
++ r_opts.change = 0;
+ break;
+ case 'o':
+ if (strcmp(optarg, "-") == 0) {
+- outfile = stdout;
++ r_opts.outfile = stdout;
+ break;
+ }
+
+- outfile = fopen(optarg, "w");
+- if (!outfile) {
++ r_opts.outfile = fopen(optarg, "w");
++ if (!r_opts.outfile) {
+ fprintf(stderr, "Error opening %s: %s\n",
+ optarg, strerror(errno));
+
+ usage(argv[0]);
+ }
+- __fsetlocking(outfile, FSETLOCKING_BYCALLER);
++ __fsetlocking(r_opts.outfile, FSETLOCKING_BYCALLER);
+ break;
+ case 'q':
+- quiet = 1;
++ r_opts.quiet = 1;
+ break;
+ case 'R':
+ case 'r':
+@@ -880,11 +366,11 @@
+ break;
+ }
+ if (optind + 1 >= argc) {
+- fprintf(stderr, "usage: %s -r rootpath\n",
++ fprintf(stderr, "usage: %s -r r_opts.rootpath\n",
+ argv[0]);
+ exit(1);
+ }
+- if (NULL != rootpath) {
++ if (NULL != r_opts.rootpath) {
+ fprintf(stderr,
+ "%s: only one -r can be specified\n",
+ argv[0]);
+@@ -895,23 +381,23 @@
+ case 's':
+ use_input_file = 1;
+ input_filename = "-";
+- add_assoc = 0;
++ r_opts.add_assoc = 0;
+ break;
+ case 'v':
+- if (progress) {
++ if (r_opts.progress) {
+ fprintf(stderr,
+ "Progress and Verbose mutually exclusive\n");
+ exit(1);
+ }
+- verbose++;
++ r_opts.verbose++;
+ break;
+ case 'p':
+- if (verbose) {
++ if (r_opts.verbose) {
+ fprintf(stderr,
+ "Progress and Verbose mutually exclusive\n");
+ usage(argv[0]);
+ }
+- progress = 1;
++ r_opts.progress = 1;
+ break;
+ case 'W':
+ warn_no_match = 1;
+@@ -959,18 +445,13 @@
+ }
+
+ /* Load the file contexts configuration and check it. */
+- opts[0].value = (ctx_validate ? (char*)1 : NULL);
+- opts[1].value = altpath;
+-
+- hnd = selabel_open(SELABEL_CTX_FILE, opts, 2);
+- if (!hnd) {
+- perror(altpath);
+- exit(1);
+- }
++ r_opts.selabel_opt_validate = (ctx_validate ? (char *)1 : NULL);
++ r_opts.selabel_opt_path = altpath;
+
+ if (nerr)
+ exit(1);
+
++ restore_init(&r_opts);
+ if (use_input_file) {
+ FILE *f = stdin;
+ ssize_t len;
+@@ -987,31 +468,34 @@
+ delim = (null_terminated != 0) ? '\0' : '\n';
+ while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
+ buf[len - 1] = 0;
+- errors |= process_one(buf);
++ if (!strcmp(buf, "/"))
++ mass_relabel = 1;
++ errors |= process_one(buf, recurse) < 0;
+ }
+ if (strcmp(input_filename, "-") != 0)
+ fclose(f);
+ } else {
+ for (i = optind; i < argc; i++) {
+- errors |= process_one(argv[i]);
++ if (!strcmp(argv[i], "/"))
++ mass_relabel = 1;
++ errors |= process_one(argv[i], recurse) < 0;
+ }
+ }
+-
++
++ if (mass_relabel)
++ mass_relabel_errs = errors;
+ maybe_audit_mass_relabel();
+
+ if (warn_no_match)
+- selabel_stats(hnd);
+-
+- selabel_close(hnd);
++ selabel_stats(r_opts.hnd);
+
+- if (outfile)
+- fclose(outfile);
++ selabel_close(r_opts.hnd);
++ restore_finish();
+
+- for (i = 0; i < excludeCtr; i++) {
+- free(excludeArray[i].directory);
+- }
++ if (r_opts.outfile)
++ fclose(r_opts.outfile);
+
+- if (progress && count >= STAR_COUNT)
++ if (r_opts.progress && r_opts.count >= STAR_COUNT)
+ printf("\n");
+ exit(errors);
+ }
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.624
retrieving revision 1.625
diff -u -p -r1.624 -r1.625
--- policycoreutils.spec 19 Aug 2009 19:02:29 -0000 1.624
+++ policycoreutils.spec 19 Aug 2009 20:25:21 -0000 1.625
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.71
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -265,6 +265,9 @@ else
fi
%changelog
+* Wed Aug 19 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-6
+- Redesign restorecond to use setfiles/restore functionality
+
* Wed Aug 19 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-5
- Fix sepolgen again
- Previous message (by thread): rpms/kernel/devel fix-perf-make-man-failure.patch, NONE, 1.1.2.2 patch-2.6.31-rc6-git5.bz2.sign, NONE, 1.1.2.2 .cvsignore, 1.1014.2.24, 1.1014.2.25 kernel.spec, 1.1294.2.53, 1.1294.2.54 linux-2.6-debug-vm-would-have-oomkilled.patch, 1.2.6.1, 1.2.6.2 sources, 1.976.2.25, 1.976.2.26 upstream, 1.888.2.24, 1.888.2.25 xen.pvops.patch, 1.1.2.34, 1.1.2.35 patch-2.6.31-rc6-git3.bz2.sign, 1.1.2.2, NONE
- Next message (by thread): rpms/plexus-utils/devel plexus-utils-1.4.5-build.xml, 1.1, 1.2 plexus-utils.spec, 1.4, 1.5 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list