rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.433, 1.434 policycoreutils.spec, 1.628, 1.629
Daniel J Walsh
dwalsh at fedoraproject.org
Sat Aug 22 12:08:36 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5885
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Sat Aug 22 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-10
- Fix realpath usage to only happen on argv input from user
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 14
restorecond/Makefile | 24
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.c | 422 ++---------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 18
restorecond/restorecond_user.conf | 2
restorecond/user.c | 237 +++++++++
restorecond/watch.c | 254 ++++++++++
scripts/Makefile | 3
scripts/chcat | 2
scripts/sandbox | 139 +++++
scripts/sandbox.8 | 22
scripts/sandbox.py | 67 ++
semanage/semanage | 34 +
semanage/seobject.py | 66 ++
setfiles/Makefile | 4
setfiles/restore.c | 519 +++++++++++++++++++++
setfiles/restore.h | 49 +
setfiles/setfiles.c | 687 +++-------------------------
22 files changed, 1610 insertions(+), 970 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.433
retrieving revision 1.434
diff -u -p -r1.433 -r1.434
--- policycoreutils-rhat.patch 20 Aug 2009 19:51:45 -0000 1.433
+++ policycoreutils-rhat.patch 22 Aug 2009 12:08:34 -0000 1.434
@@ -105,7 +105,7 @@ diff --exclude-from=exclude --exclude=se
+Exec=/usr/sbin/restorecond -u
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-20 15:30:44.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-22 08:03:13.000000000 -0400
@@ -48,294 +48,38 @@
#include <signal.h>
#include <string.h>
@@ -430,7 +430,7 @@ diff --exclude-from=exclude --exclude=se
exit(0);
}
-@@ -390,74 +134,35 @@
+@@ -390,74 +134,33 @@
to see if it is one that we are watching.
*/
@@ -511,12 +511,10 @@ diff --exclude-from=exclude --exclude=se
+ r_opts.verbose = 0;
+ r_opts.logging = 0;
+ r_opts.rootpath = NULL;
-+ r_opts.expand_realpath = 0;
+ r_opts.rootpathlen = 0;
+ r_opts.outfile = NULL;
+ r_opts.force = 0;
+ r_opts.hard_links = 0;
-+ r_opts.expand_realpath = 1;
+ r_opts.abort_on_error = 0;
+ r_opts.add_assoc = 0;
+ r_opts.fts_flags = FTS_PHYSICAL;
@@ -529,7 +527,7 @@ diff --exclude-from=exclude --exclude=se
/* Register sighandlers */
sa.sa_flags = 0;
-@@ -467,38 +172,59 @@
+@@ -467,38 +170,59 @@
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
@@ -1685,8 +1683,8 @@ diff --exclude-from=exclude --exclude=se
ln -sf setfiles restorecon
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.71/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-20 13:11:02.000000000 -0400
-@@ -0,0 +1,530 @@
++++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-22 07:59:20.000000000 -0400
+@@ -0,0 +1,519 @@
+#include "restore.h"
+
+#define SKIP -2
@@ -1949,17 +1947,6 @@ diff --exclude-from=exclude --exclude=se
+ dev_t dev_num = 0;
+ FTS *fts_handle;
+ FTSENT *ftsent;
-+
-+ if (r_opts->expand_realpath) {
-+ char *p;
-+ p = realpath(name, NULL);
-+ if (!p) {
-+ fprintf(stderr, "realpath(%s) failed %s\n", name,
-+ strerror(errno));
-+ return -1;
-+ }
-+ name = p;
-+ }
+
+ if (r_opts == NULL){
+ fprintf(stderr,
@@ -2219,8 +2206,8 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-20 12:53:16.000000000 -0400
-@@ -0,0 +1,50 @@
++++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-22 08:02:45.000000000 -0400
+@@ -0,0 +1,49 @@
+#ifndef RESTORE_H
+#define RESTORE_H
+#ifndef _GNU_SOURCE
@@ -2256,7 +2243,6 @@ diff --exclude-from=exclude --exclude=se
+ FILE *outfile;
+ int force;
+ struct selabel_handle *hnd;
-+ int expand_realpath; /* Expand paths via realpath. */
+ int abort_on_error; /* Abort the file tree walk upon an error. */
+ int quiet;
+ int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
@@ -2273,7 +2259,7 @@ diff --exclude-from=exclude --exclude=se
+#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400
-+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-20 12:53:16.000000000 -0400
++++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-22 08:06:25.000000000 -0400
@@ -1,26 +1,12 @@
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
@@ -2837,7 +2823,7 @@ diff --exclude-from=exclude --exclude=se
- goto err;
- }
-
-
+-
- ftsent = fts_read(fts_handle);
- if (ftsent != NULL) {
- /* Keep the inode of the first one. */
@@ -2881,7 +2867,7 @@ diff --exclude-from=exclude --exclude=se
- if (expand_realpath)
- free(name);
- return rc;
--
+
-err:
- if (!strcmp(name, "/"))
- mass_relabel_errs = 1;
@@ -2891,7 +2877,7 @@ diff --exclude-from=exclude --exclude=se
#ifndef USE_AUDIT
static void maybe_audit_mass_relabel(void)
-@@ -729,21 +209,32 @@
+@@ -729,27 +209,37 @@
int use_input_file = 0;
char *buf = NULL;
size_t buf_len;
@@ -2932,7 +2918,13 @@ diff --exclude-from=exclude --exclude=se
if (!strcmp(base, SETFILES)) {
/*
-@@ -757,10 +248,10 @@
+ * setfiles:
+ * Recursive descent,
+- * Does not expand paths via realpath,
+ * Aborts on errors during the file tree walk,
+ * Try to track inode associations for conflict detection,
+ * Does not follow mounts,
+@@ -757,29 +247,26 @@
*/
iamrestorecon = 0;
recurse = 1;
@@ -2940,14 +2932,17 @@ diff --exclude-from=exclude --exclude=se
- abort_on_error = 1;
- add_assoc = 1;
- fts_flags = FTS_PHYSICAL | FTS_XDEV;
-+ r_opts.expand_realpath = 0;
+ r_opts.abort_on_error = 1;
+ r_opts.add_assoc = 1;
+ r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV;
ctx_validate = 1;
} else {
/*
-@@ -772,14 +263,14 @@
+ * restorecon:
+ * No recursive descent unless -r/-R,
+- * Expands paths via realpath,
+ * Do not abort on errors during the file tree walk,
+ * Do not try to track inode associations for conflict detection,
* Follows mounts,
* Does lazy validation of contexts upon use.
*/
@@ -2960,14 +2955,13 @@ diff --exclude-from=exclude --exclude=se
- abort_on_error = 0;
- add_assoc = 0;
- fts_flags = FTS_PHYSICAL;
-+ r_opts.expand_realpath = 1;
+ r_opts.abort_on_error = 0;
+ r_opts.add_assoc = 0;
+ r_opts.fts_flags = FTS_PHYSICAL;
ctx_validate = 0;
/* restorecon only: silent exit if no SELinux.
-@@ -828,11 +319,6 @@
+@@ -828,11 +315,6 @@
}
case 'e':
remove_exclude(optarg);
@@ -2979,7 +2973,7 @@ diff --exclude-from=exclude --exclude=se
if (add_exclude(optarg))
exit(1);
break;
-@@ -841,37 +327,37 @@
+@@ -841,37 +323,37 @@
input_filename = optarg;
break;
case 'd':
@@ -3026,7 +3020,7 @@ diff --exclude-from=exclude --exclude=se
break;
case 'R':
case 'r':
-@@ -880,11 +366,11 @@
+@@ -880,11 +362,11 @@
break;
}
if (optind + 1 >= argc) {
@@ -3040,7 +3034,7 @@ diff --exclude-from=exclude --exclude=se
fprintf(stderr,
"%s: only one -r can be specified\n",
argv[0]);
-@@ -895,23 +381,23 @@
+@@ -895,23 +377,23 @@
case 's':
use_input_file = 1;
input_filename = "-";
@@ -3069,7 +3063,7 @@ diff --exclude-from=exclude --exclude=se
break;
case 'W':
warn_no_match = 1;
-@@ -959,18 +445,13 @@
+@@ -959,18 +441,13 @@
}
/* Load the file contexts configuration and check it. */
@@ -3091,14 +3085,22 @@ diff --exclude-from=exclude --exclude=se
if (use_input_file) {
FILE *f = stdin;
ssize_t len;
-@@ -987,31 +468,34 @@
+@@ -987,31 +464,49 @@
delim = (null_terminated != 0) ? '\0' : '\n';
while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
buf[len - 1] = 0;
- errors |= process_one(buf);
+ if (!strcmp(buf, "/"))
+ mass_relabel = 1;
-+ errors |= process_one(buf, recurse) < 0;
++
++ char *filename = realpath(buf, NULL);
++ if (!filename) {
++ fprintf(stderr, "realpath(%s) failed %s\n", buf,
++ strerror(errno));
++ return -1;
++ }
++ errors |= process_one(filename, recurse) < 0;
++ free(filename);
}
if (strcmp(input_filename, "-") != 0)
fclose(f);
@@ -3107,7 +3109,14 @@ diff --exclude-from=exclude --exclude=se
- errors |= process_one(argv[i]);
+ if (!strcmp(argv[i], "/"))
+ mass_relabel = 1;
-+ errors |= process_one(argv[i], recurse) < 0;
++ char *filename = realpath(argv[i], NULL);
++ if (!filename) {
++ fprintf(stderr, "realpath(%s) failed %s\n", argv[i],
++ strerror(errno));
++ return -1;
++ }
++ errors |= process_one(filename, recurse) < 0;
++ free(filename);
}
}
-
@@ -3118,15 +3127,15 @@ diff --exclude-from=exclude --exclude=se
if (warn_no_match)
- selabel_stats(hnd);
--
-- selabel_close(hnd);
+ selabel_stats(r_opts.hnd);
-- if (outfile)
-- fclose(outfile);
+- selabel_close(hnd);
+ selabel_close(r_opts.hnd);
+ restore_finish();
+- if (outfile)
+- fclose(outfile);
+-
- for (i = 0; i < excludeCtr; i++) {
- free(excludeArray[i].directory);
- }
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.628
retrieving revision 1.629
diff -u -p -r1.628 -r1.629
--- policycoreutils.spec 21 Aug 2009 19:30:00 -0000 1.628
+++ policycoreutils.spec 22 Aug 2009 12:08:36 -0000 1.629
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.71
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -265,6 +265,9 @@ fi
exit 0
%changelog
+* Sat Aug 22 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-10
+- Fix realpath usage to only happen on argv input from user
+
* Fri Aug 21 2009 Ville Skyttä <ville.skytta at iki.fi> - 2.0.71-9
- Don't try to remove restorecond after last erase (done already in %%preun).
- Ensure scriptlets exit with status 0.
More information about the fedora-extras-commits
mailing list