rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.436, 1.437 policycoreutils.spec, 1.635, 1.636
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Aug 28 18:18:48 UTC 2009
- Previous message (by thread): rpms/libsemanage/devel .cvsignore, 1.102, 1.103 libsemanage-rhat.patch, 1.54, 1.55 libsemanage.spec, 1.182, 1.183 sources, 1.105, 1.106
- Next message (by thread): rpms/gdb/devel gdb-bz520129-drow-bitfields.patch, NONE, 1.1 gdb-bz515434-qsort_cmp.patch, 1.1, 1.2 gdb.spec, 1.379, 1.380
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26172
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Fri Aug 28 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-14
- Add enable/disable patch
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 14
restorecond/Makefile | 24
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.c | 422 ++---------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 18
restorecond/restorecond_user.conf | 2
restorecond/user.c | 237 +++++++++
restorecond/watch.c | 254 ++++++++++
sandbox/Makefile | 31 +
sandbox/sandbox | 202 ++++++++
sandbox/sandbox.8 | 26 +
sandbox/sandboxX.sh | 13
sandbox/seunshare.c | 203 ++++++++
scripts/Makefile | 2
scripts/chcat | 2
semanage/semanage | 34 +
semanage/seobject.py | 66 ++
semodule/semodule.8 | 6
semodule/semodule.8.enable | 79 +++
semodule/semodule.c | 51 +-
semodule/semodule.c.enable | 454 ++++++++++++++++++
setfiles/Makefile | 4
setfiles/restore.c | 519 +++++++++++++++++++++
setfiles/restore.h | 49 +
setfiles/setfiles.c | 687 +++-------------------------
28 files changed, 2440 insertions(+), 976 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.436
retrieving revision 1.437
diff -u -p -r1.436 -r1.437
--- policycoreutils-rhat.patch 26 Aug 2009 21:52:30 -0000 1.436
+++ policycoreutils-rhat.patch 28 Aug 2009 18:18:46 -0000 1.437
@@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-28 14:07:24.000000000 -0400
@@ -42,6 +42,8 @@
from optparse import OptionParser
@@ -40,7 +40,7 @@ diff --exclude-from=exclude --exclude=se
f = sys.stdin
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.71/Makefile 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/Makefile 2009-08-28 14:07:24.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@@ -49,7 +49,7 @@ diff --exclude-from=exclude --exclude=se
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-28 14:07:24.000000000 -0400
@@ -1,17 +1,28 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
@@ -98,14 +98,14 @@ diff --exclude-from=exclude --exclude=se
/sbin/restorecon $(SBINDIR)/restorecond
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-28 14:07:24.000000000 -0400
@@ -48,294 +48,38 @@
#include <signal.h>
#include <string.h>
@@ -598,7 +598,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-28 14:07:24.000000000 -0400
@@ -4,8 +4,5 @@
/etc/mtab
/var/run/utmp
@@ -611,7 +611,7 @@ diff --exclude-from=exclude --exclude=se
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=File Context maintainer
@@ -622,7 +622,7 @@ diff --exclude-from=exclude --exclude=se
+StartupNotify=false
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-28 14:07:24.000000000 -0400
@@ -24,7 +24,21 @@
#ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H
@@ -649,13 +649,13 @@ diff --exclude-from=exclude --exclude=se
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/user.c 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/user.c 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,237 @@
+/*
+ * restorecond
@@ -896,7 +896,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,254 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@@ -1154,7 +1154,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.71/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,31 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -1189,8 +1189,8 @@ diff --exclude-from=exclude --exclude=se
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.71/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-26 17:34:50.000000000 -0400
-@@ -0,0 +1,193 @@
++++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-28 14:07:24.000000000 -0400
+@@ -0,0 +1,202 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil
+import selinux
@@ -1341,7 +1341,14 @@ diff --exclude-from=exclude --exclude=se
+ break
+
+ try:
++ newhomedir = None
++ newtmpdir = None
+ if X_ind:
++ if not os.path.exists("/usr/sbin/seunshare"):
++ raise ValueError("""/usr/sbin/seunshare required for sandbox -X, to install you need to execute
++#yum install /usr/sbin/seunshare""")
++ else:
++ print "exists"
+ import warnings
+ warnings.simplefilter("ignore")
+ newhomedir = os.tempnam(".", ".sandbox%s")
@@ -1368,8 +1375,10 @@ diff --exclude-from=exclude --exclude=se
+ selinux.setexeccon(None)
+ finally:
+ if X_ind:
-+ shutil.rmtree(newhomedir)
-+ shutil.rmtree(newtmpdir)
++ if newhomedir:
++ shutil.rmtree(newhomedir)
++ if newtmpdir:
++ shutil.rmtree(newtmpdir)
+
+ except getopt.GetoptError, error:
+ usage(_("Options Error %s ") % error.msg)
@@ -1386,7 +1395,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.71/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,26 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
@@ -1416,7 +1425,7 @@ diff --exclude-from=exclude --exclude=se
+.PP
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.71/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,13 @@
+#!/bin/bash
+(Xephyr -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
@@ -1431,10 +1440,9 @@ diff --exclude-from=exclude --exclude=se
+exit $EXITCODE
+break
+done
-Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.71/sandbox/seunshare differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.71/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-26 17:50:31.000000000 -0400
++++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,203 @@
+#include <signal.h>
+#include <sys/types.h>
@@ -1639,10 +1647,9 @@ diff --exclude-from=exclude --exclude=se
+
+ return status;
+}
-Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.71/sandbox/seunshare.o differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
-+++ policycoreutils-2.0.71/scripts/chcat 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/scripts/chcat 2009-08-28 14:07:24.000000000 -0400
@@ -435,6 +435,8 @@
continue
except ValueError, e:
@@ -1654,7 +1661,7 @@ diff --exclude-from=exclude --exclude=se
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.71/scripts/Makefile 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/scripts/Makefile 2009-08-28 14:07:24.000000000 -0400
@@ -5,7 +5,7 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@@ -1666,7 +1673,7 @@ diff --exclude-from=exclude --exclude=se
-mkdir -p $(BINDIR)
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-08-19 16:35:03.000000000 -0400
-+++ policycoreutils-2.0.71/semanage/semanage 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/semanage/semanage 2009-08-28 14:07:24.000000000 -0400
@@ -68,6 +68,7 @@
-h, --help Display this message
-n, --noheading Do not print heading when listing OBJECTS
@@ -1776,7 +1783,7 @@ diff --exclude-from=exclude --exclude=se
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-08-19 16:35:03.000000000 -0400
-+++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-28 14:07:24.000000000 -0400
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
@@ -1903,9 +1910,683 @@ diff --exclude-from=exclude --exclude=se
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.71/semodule/semodule.8
+--- nsapolicycoreutils/semodule/semodule.8 2008-08-28 09:34:24.000000000 -0400
++++ policycoreutils-2.0.71/semodule/semodule.8 2009-08-28 14:07:24.000000000 -0400
+@@ -35,6 +35,12 @@
+ .B \-b,\-\-base=MODULE_PKG
+ install/replace base module package
+ .TP
++.B \-d,\-\-disable=MODULE_NAME
++disable existing module
++.TP
++.B \-e,\-\-enable=MODULE_NAME
++enable existing module
++.TP
+ .B \-r,\-\-remove=MODULE_NAME
+ remove existing module
+ .TP
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8.enable policycoreutils-2.0.71/semodule/semodule.8.enable
+--- nsapolicycoreutils/semodule/semodule.8.enable 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.71/semodule/semodule.8.enable 2009-08-12 12:08:15.000000000 -0400
+@@ -0,0 +1,79 @@
++.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
++.SH NAME
++semodule \- Manage SELinux policy modules.
++
++.SH SYNOPSIS
++.B semodule [options]... MODE [MODES]...
++.br
++.SH DESCRIPTION
++.PP
++semodule is the tool used to manage SELinux policy modules,
++including installing, upgrading, listing and removing modules.
++semodule may also be used to force a rebuild of policy from the
++module store and/or to force a reload of policy without performing
++any other transaction. semodule acts on module packages created
++by semodule_package. Conventionally, these files have a .pp suffix
++(policy package), although this is not mandated in any way.
++
++.SH "OPTIONS"
++.TP
++.B \-R, \-\-reload
++force a reload of policy
++.TP
++.B \-B, \-\-build
++force a rebuild of policy (also reloads unless -n is used)
++.TP
++.B \-D, \-\-disable_dontaudit
++Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
++.TP
++.B \-i,\-\-install=MODULE_PKG
++install/replace a module package
++.TP
++.B \-u,\-\-upgrade=MODULE_PKG
++upgrade an existing module package
++.TP
++.B \-b,\-\-base=MODULE_PKG
++install/replace base module package
++.TP
++.B \-r,\-\-remove=MODULE_NAME
++remove existing module
++.TP
++.B \-l,\-\-list-modules
++display list of installed modules (other than base)
++.TP
++.B \-s,\-\-store
++name of the store to operate on
++.TP
++.B \-n,\-\-noreload
++do not reload policy after commit
++.TP
++.B \-h,\-\-help
++prints help message and quit
++.TP
++.B \-v,\-\-verbose
++be verbose
++
++.SH EXAMPLE
++.nf
++# Install or replace a base policy package.
++$ semodule -b base.pp
++# Install or replace a non-base policy package.
++$ semodule -i httpd.pp
++# List non-base modules.
++$ semodule -l
++# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
++$ semodule -DB
++# Turn "dontaudit" rules back on.
++$ semodule -B
++# Install or replace all non-base modules in the current directory.
++$ semodule -i *.pp
++# Install or replace all modules in the current directory.
++$ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
++.fi
++
++.SH SEE ALSO
++.B checkmodule(8), semodule_package(8)
++.SH AUTHORS
++.nf
++This manual page was written by Dan Walsh <dwalsh at redhat.com>.
++The program was written by Karl MacMillan <kmacmillan at tresys.com>, Joshua Brindle <jbrindle at tresys.com>, Jason Tang <jtang at tresys.com>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.71/semodule/semodule.c
+--- nsapolicycoreutils/semodule/semodule.c 2009-07-07 15:32:32.000000000 -0400
++++ policycoreutils-2.0.71/semodule/semodule.c 2009-08-28 14:08:55.000000000 -0400
+@@ -22,12 +22,12 @@
+
+ #include <semanage/modules.h>
+
+-enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
++enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
+ LIST_M, RELOAD
+ };
+ /* list of modes in which one ought to commit afterwards */
+ static const int do_commit[] = {
+- 0, 1, 1, 1, 1,
++ 0, 1, 1, 1, 1, 1, 1,
+ 0, 0
+ };
+
+@@ -106,7 +106,9 @@
+ printf(" -i,--install=MODULE_PKG install a new module\n");
+ printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
+ printf(" -b,--base=MODULE_PKG install new base module\n");
+- printf(" -r,--remove=MODULE_NAME remove existing module\n");
++ printf(" -e,--enable=MODULE_PKG enable existing module\n");
++ printf(" -d,--disable=MODULE_PKG disable existing module\n");
++ printf(" -r,--remove=MODULE_NAME remove existing module\n");
+ printf
+ (" -l,--list-modules display list of installed modules\n");
+ printf("Other options:\n");
+@@ -152,6 +154,8 @@
+ {"install", required_argument, NULL, 'i'},
+ {"list-modules", 0, NULL, 'l'},
+ {"verbose", 0, NULL, 'v'},
++ {"enable", required_argument, NULL, 'e'},
++ {"disable", required_argument, NULL, 'd'},
+ {"remove", required_argument, NULL, 'r'},
+ {"upgrade", required_argument, NULL, 'u'},
+ {"reload", 0, NULL, 'R'},
+@@ -166,7 +170,7 @@
+ no_reload = 0;
+ create_store = 0;
+ while ((i =
+- getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
++ getopt_long(argc, argv, "s:b:hi:lvqe:d:r:u:RnBD", opts,
+ NULL)) != -1) {
+ switch (i) {
+ case 'b':
+@@ -185,6 +189,12 @@
+ case 'v':
+ verbose = 1;
+ break;
++ case 'e':
++ set_mode(ENABLE_M, optarg);
++ break;
++ case 'd':
++ set_mode(DISABLE_M, optarg);
++ break;
+ case 'r':
+ set_mode(REMOVE_M, optarg);
+ break;
+@@ -238,6 +248,10 @@
+ mode = UPGRADE_M;
+ } else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
+ mode = REMOVE_M;
++ } else if (commands && commands[num_commands - 1].mode == ENABLE_M) {
++ mode = ENABLE_M;
++ } else if (commands && commands[num_commands - 1].mode == DISABLE_M) {
++ mode = DISABLE_M;
+ } else {
+ fprintf(stderr, "unknown additional arguments:\n");
+ while (optind < argc)
+@@ -352,6 +366,30 @@
+ semanage_module_install_base_file(sh, mode_arg);
+ break;
+ }
++ case ENABLE_M:{
++ if (verbose) {
++ printf
++ ("Attempting to enable module '%s':\n",
++ mode_arg);
++ }
++ result = semanage_module_enable(sh, mode_arg);
++ if ( result == -2 ) {
++ continue;
++ }
++ break;
++ }
++ case DISABLE_M:{
++ if (verbose) {
++ printf
++ ("Attempting to disable module '%s':\n",
++ mode_arg);
++ }
++ result = semanage_module_disable(sh, mode_arg);
++ if ( result == -2 ) {
++ continue;
++ }
++ break;
++ }
+ case REMOVE_M:{
+ if (verbose) {
+ printf
+@@ -382,11 +420,12 @@
+ semanage_module_info_t *m =
+ semanage_module_list_nth
+ (modinfo, j);
+- printf("%s\t%s\n",
++ printf("%s\t%s\t%s\n",
+ semanage_module_get_name
+ (m),
+ semanage_module_get_version
+- (m));
++ (m),
++ (semanage_module_get_enabled(m) ? "" : "Disabled"));
+ semanage_module_info_datum_destroy
+ (m);
+ }
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c.enable policycoreutils-2.0.71/semodule/semodule.c.enable
+--- nsapolicycoreutils/semodule/semodule.c.enable 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.71/semodule/semodule.c.enable 2009-08-12 12:08:15.000000000 -0400
+@@ -0,0 +1,454 @@
++/* Authors: Karl MacMillan <kmacmillan at tresys.com>
++ * Joshua Brindle <jbrindle at tresys.com>
++ * Jason Tang <jtang at tresys.com>
++ *
++ * Copyright (C) 2004-2005 Tresys Technology, LLC
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation, version 2.
++ */
++
++#include <fcntl.h>
++#include <getopt.h>
++#include <signal.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <errno.h>
++#include <string.h>
++#include <unistd.h>
++#include <sys/mman.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++
++#include <semanage/modules.h>
++
++enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
++ LIST_M, RELOAD
++};
++/* list of modes in which one ought to commit afterwards */
++static const int do_commit[] = {
++ 0, 1, 1, 1, 1,
++ 0, 0
++};
++
++struct command {
++ enum client_modes mode;
++ char *arg;
++};
++static struct command *commands = NULL;
++static int num_commands = 0;
++
++/* options given on command line */
++static int verbose;
++static int reload;
++static int no_reload;
++static int create_store;
++static int build;
++static int disable_dontaudit;
++
++static semanage_handle_t *sh = NULL;
++static char *store;
++
++extern char *optarg;
++extern int optind;
++
++static void cleanup(void)
++{
++ while (--num_commands >= 0) {
++ free(commands[num_commands].arg);
++ }
++ free(commands);
++}
++
++/* Signal handlers. */
++static void handle_signal(int sig_num)
++{
++ if (sig_num == SIGINT || sig_num == SIGQUIT || sig_num == SIGTERM) {
++ /* catch these signals, and then drop them */
++ }
++}
++
++static void set_store(char *storename)
++{
++ /* For now this only supports a store name, later on this
++ * should support an address for a remote connection */
++
++ if ((store = strdup(storename)) == NULL) {
++ fprintf(stderr, "Out of memory!\n");
++ goto bad;
++ }
++
++ return;
++
++ bad:
++ cleanup();
++ exit(1);
++}
++
++/* Establish signal handlers for the process. */
++static void create_signal_handlers(void)
++{
++ if (signal(SIGINT, handle_signal) == SIG_ERR ||
++ signal(SIGQUIT, handle_signal) == SIG_ERR ||
++ signal(SIGTERM, handle_signal) == SIG_ERR) {
++ fprintf(stderr, "Could not set up signal handler.\n");
++ exit(255);
++ }
++}
++
++static void usage(char *progname)
++{
++ printf("usage: %s [options]... MODE [MODES]...\n", progname);
++ printf("Manage SELinux policy modules.\n");
++ printf("MODES:\n");
++ printf(" -R, --reload reload policy\n");
++ printf(" -B, --build build and reload policy\n");
++ printf(" -i,--install=MODULE_PKG install a new module\n");
++ printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
++ printf(" -b,--base=MODULE_PKG install new base module\n");
++ printf(" -r,--remove=MODULE_NAME remove existing module\n");
++ printf
++ (" -l,--list-modules display list of installed modules\n");
++ printf("Other options:\n");
++ printf(" -s,--store name of the store to operate on\n");
++ printf(" -n,--noreload do not reload policy after commit\n");
++ printf(" -h,--help print this message and quit\n");
++ printf(" -v,--verbose be verbose\n");
++ printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
++}
++
++/* Sets the global mode variable to new_mode, but only if no other
++ * mode has been given. */
++static void set_mode(enum client_modes new_mode, char *arg)
++{
++ struct command *c;
++ char *s;
++ if ((c = realloc(commands, sizeof(*c) * (num_commands + 1))) == NULL) {
++ fprintf(stderr, "Out of memory!\n");
++ cleanup();
++ exit(1);
++ }
++ commands = c;
++ commands[num_commands].mode = new_mode;
++ commands[num_commands].arg = NULL;
++ num_commands++;
++ if (arg != NULL) {
++ if ((s = strdup(arg)) == NULL) {
++ fprintf(stderr, "Out of memory!\n");
++ cleanup();
++ exit(1);
++ }
++ commands[num_commands - 1].arg = s;
++ }
++}
++
++/* Parse command line and set global options. */
++static void parse_command_line(int argc, char **argv)
++{
++ static struct option opts[] = {
++ {"store", required_argument, NULL, 's'},
++ {"base", required_argument, NULL, 'b'},
++ {"help", 0, NULL, 'h'},
++ {"install", required_argument, NULL, 'i'},
++ {"list-modules", 0, NULL, 'l'},
++ {"verbose", 0, NULL, 'v'},
++ {"remove", required_argument, NULL, 'r'},
++ {"upgrade", required_argument, NULL, 'u'},
++ {"reload", 0, NULL, 'R'},
++ {"noreload", 0, NULL, 'n'},
++ {"build", 0, NULL, 'B'},
++ {"disable_dontaudit", 0, NULL, 'D'},
++ {NULL, 0, NULL, 0}
++ };
++ int i;
++ verbose = 0;
++ reload = 0;
++ no_reload = 0;
++ create_store = 0;
++ while ((i =
++ getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
++ NULL)) != -1) {
++ switch (i) {
++ case 'b':
++ set_mode(BASE_M, optarg);
++ create_store = 1;
++ break;
++ case 'h':
++ usage(argv[0]);
++ exit(0);
++ case 'i':
++ set_mode(INSTALL_M, optarg);
++ break;
++ case 'l':
++ set_mode(LIST_M, NULL);
++ break;
++ case 'v':
++ verbose = 1;
++ break;
++ case 'r':
++ set_mode(REMOVE_M, optarg);
++ break;
++ case 'u':
++ set_mode(UPGRADE_M, optarg);
++ break;
++ case 's':
++ set_store(optarg);
++ break;
++ case 'R':
++ reload = 1;
++ break;
++ case 'n':
++ no_reload = 1;
++ break;
++ case 'B':
++ build = 1;
++ break;
++ case 'D':
++ disable_dontaudit = 1;
++ break;
++ case '?':
++ default:{
++ usage(argv[0]);
++ exit(1);
++ }
++ }
++ }
++ if ((build || reload) && num_commands) {
++ fprintf(stderr,
++ "build or reload should not be used with other commands\n");
++ usage(argv[0]);
++ exit(1);
++ }
++ if (num_commands == 0 && reload == 0 && build == 0) {
++ fprintf(stderr, "At least one mode must be specified.\n");
++ usage(argv[0]);
++ exit(1);
++ }
++
++ if (optind < argc) {
++ int mode;
++ /* if -i/u/r was the last command treat any remaining
++ * arguments as args. Will allow 'semodule -i *.pp' to
++ * work as expected.
++ */
++
++ if (commands && commands[num_commands - 1].mode == INSTALL_M) {
++ mode = INSTALL_M;
++ } else if (commands && commands[num_commands - 1].mode == UPGRADE_M) {
++ mode = UPGRADE_M;
++ } else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
++ mode = REMOVE_M;
++ } else {
++ fprintf(stderr, "unknown additional arguments:\n");
++ while (optind < argc)
++ fprintf(stderr, " %s", argv[optind++]);
++ fprintf(stderr, "\n\n");
++ usage(argv[0]);
++ exit(1);
++ }
++ while (optind < argc)
++ set_mode(mode, argv[optind++]);
++ }
++}
++
++int main(int argc, char *argv[])
++{
++ int i, commit = 0;
++ int result;
++ int status = EXIT_FAILURE;
++
++ create_signal_handlers();
++ parse_command_line(argc, argv);
++
++ if (build)
++ commit = 1;
++
++ sh = semanage_handle_create();
++ if (!sh) {
++ fprintf(stderr, "%s: Could not create semanage handle\n",
++ argv[0]);
++ goto cleanup_nohandle;
++ }
++
++ if (store) {
++ /* Set the store we want to connect to, before connecting.
++ * this will always set a direct connection now, an additional
++ * option will need to be used later to specify a policy server
++ * location */
++ semanage_select_store(sh, store, SEMANAGE_CON_DIRECT);
++ }
++
++ /* if installing base module create store if necessary, for bootstrapping */
++ semanage_set_create_store(sh, create_store);
++
++ if (!create_store) {
++ if (!semanage_is_managed(sh)) {
++ fprintf(stderr,
++ "%s: SELinux policy is not managed or store cannot be accessed.\n",
++ argv[0]);
++ goto cleanup;
++ }
++
++ if (semanage_access_check(sh) < SEMANAGE_CAN_READ) {
++ fprintf(stderr, "%s: Cannot read policy store.\n",
++ argv[0]);
++ goto cleanup;
++ }
++ }
++
++ if ((result = semanage_connect(sh)) < 0) {
++ fprintf(stderr, "%s: Could not connect to policy handler\n",
++ argv[0]);
++ goto cleanup;
++ }
++
++ if (reload) {
++ if ((result = semanage_reload_policy(sh)) < 0) {
++ fprintf(stderr, "%s: Could not reload policy\n",
++ argv[0]);
++ goto cleanup;
++ }
++ }
++
++ if (build) {
++ if ((result = semanage_begin_transaction(sh)) < 0) {
++ fprintf(stderr, "%s: Could not begin transaction: %s\n",
++ argv[0], errno ? strerror(errno) : "");
++ goto cleanup;
++ }
++ }
++
++ for (i = 0; i < num_commands; i++) {
++ enum client_modes mode = commands[i].mode;
++ char *mode_arg = commands[i].arg;
++ switch (mode) {
++ case INSTALL_M:{
++ if (verbose) {
++ printf
++ ("Attempting to install module '%s':\n",
++ mode_arg);
++ }
++ result =
++ semanage_module_install_file(sh, mode_arg);
++ break;
++ }
++ case UPGRADE_M:{
++ if (verbose) {
++ printf
++ ("Attempting to upgrade module '%s':\n",
++ mode_arg);
++ }
++ result =
++ semanage_module_upgrade_file(sh, mode_arg);
++ break;
++ }
++ case BASE_M:{
++ if (verbose) {
++ printf
++ ("Attempting to install base module '%s':\n",
++ mode_arg);
++ }
++ result =
++ semanage_module_install_base_file(sh, mode_arg);
++ break;
++ }
++ case REMOVE_M:{
++ if (verbose) {
++ printf
++ ("Attempting to remove module '%s':\n",
++ mode_arg);
++ }
++ result = semanage_module_remove(sh, mode_arg);
++ if ( result == -2 ) {
++ continue;
++ }
++ break;
++ }
++ case LIST_M:{
++ semanage_module_info_t *modinfo;
++ int num_modules;
++ if (verbose) {
++ printf
++ ("Attempting to list active modules:\n");
++ }
++ if ((result =
++ semanage_module_list(sh, &modinfo,
++ &num_modules)) >= 0) {
++ int j;
++ if (num_modules == 0) {
++ printf("No modules.\n");
++ }
++ for (j = 0; j < num_modules; j++) {
++ semanage_module_info_t *m =
++ semanage_module_list_nth
++ (modinfo, j);
++ printf("%s\t%s\n",
++ semanage_module_get_name
++ (m),
++ semanage_module_get_version
++ (m));
++ semanage_module_info_datum_destroy
++ (m);
++ }
++ free(modinfo);
++ }
++ break;
++ }
++ default:{
++ fprintf(stderr,
++ "%s: Unknown mode specified.\n",
++ argv[0]);
++ usage(argv[0]);
++ goto cleanup;
++ }
++ }
++ commit += do_commit[mode];
++ if (result < 0) {
++ fprintf(stderr, "%s: Failed on %s!\n", argv[0],
++ mode_arg ? : "list");
++ goto cleanup;
++ } else if (verbose) {
++ printf("Ok: return value of %d.\n", result);
++ }
++ }
++
++ if (commit) {
++ if (verbose)
++ printf("Committing changes:\n");
++ if (no_reload)
++ semanage_set_reload(sh, 0);
++ if (build)
++ semanage_set_rebuild(sh, 1);
++ if (disable_dontaudit)
++ semanage_set_disable_dontaudit(sh, 1);
++ else if (build)
++ semanage_set_disable_dontaudit(sh, 0);
++
++ result = semanage_commit(sh);
++ }
++
++ if (result < 0) {
++ fprintf(stderr, "%s: Failed!\n", argv[0]);
++ goto cleanup;
++ } else if (commit && verbose) {
++ printf("Ok: transaction number %d.\n", result);
++ }
++
++ if (semanage_disconnect(sh) < 0) {
++ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
++ goto cleanup;
++ }
++ status = EXIT_SUCCESS;
++
++ cleanup:
++ if (semanage_is_connected(sh)) {
++ if (semanage_disconnect(sh) < 0) {
++ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
++ }
++ }
++ semanage_handle_destroy(sh);
++
++ cleanup_nohandle:
++ cleanup();
++ exit(status);
++}
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.71/setfiles/Makefile
--- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400
-+++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-28 14:07:24.000000000 -0400
@@ -5,7 +5,7 @@
LIBDIR ?= $(PREFIX)/lib
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
@@ -1926,7 +2607,7 @@ diff --exclude-from=exclude --exclude=se
ln -sf setfiles restorecon
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.71/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,519 @@
+#include "restore.h"
+
@@ -2449,7 +3130,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-28 14:07:24.000000000 -0400
@@ -0,0 +1,49 @@
+#ifndef RESTORE_H
+#define RESTORE_H
@@ -2502,7 +3183,7 @@ diff --exclude-from=exclude --exclude=se
+#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400
-+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-26 17:34:50.000000000 -0400
++++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-28 14:07:24.000000000 -0400
@@ -1,26 +1,12 @@
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.635
retrieving revision 1.636
diff -u -p -r1.635 -r1.636
--- policycoreutils.spec 27 Aug 2009 07:51:00 -0000 1.635
+++ policycoreutils.spec 28 Aug 2009 18:18:47 -0000 1.636
@@ -1,12 +1,12 @@
%define libauditver 1.4.2-1
%define libsepolver 2.0.19-1
-%define libsemanagever 2.0.28-2
+%define libsemanagever 2.0.36-2
%define libselinuxver 2.0.46-5
%define sepolgenver 1.0.17
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.71
-Release: 13%{?dist}
+Release: 14%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -295,6 +295,9 @@ fi
exit 0
%changelog
+* Fri Aug 28 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-14
+- Add enable/disable patch
+
* Thu Aug 27 2009 Tomas Mraz <tmraz at redhat.com> - 2.0.71-13
- rebuilt with new audit
- Previous message (by thread): rpms/libsemanage/devel .cvsignore, 1.102, 1.103 libsemanage-rhat.patch, 1.54, 1.55 libsemanage.spec, 1.182, 1.183 sources, 1.105, 1.106
- Next message (by thread): rpms/gdb/devel gdb-bz520129-drow-bitfields.patch, NONE, 1.1 gdb-bz515434-qsort_cmp.patch, 1.1, 1.2 gdb.spec, 1.379, 1.380
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list