|
|
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv23144
Modified Files:
.cvsignore policycoreutils-rhat.patch policycoreutils.spec
sources
Log Message:
* Thu Sep 1 2005 Dan Walsh <dwalsh@xxxxxxxxxx> 1.25.9-1
- Update to match NSA
* Changed setfiles -c to translate the context to raw format
prior to calling libsepol.
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- .cvsignore 25 Aug 2005 20:44:24 -0000 1.62
+++ .cvsignore 1 Sep 2005 16:17:38 -0000 1.63
@@ -46,3 +46,4 @@
policycoreutils-1.25.5.tgz
policycoreutils-1.25.6.tgz
policycoreutils-1.25.7.tgz
+policycoreutils-1.25.9.tgz
policycoreutils-rhat.patch:
policycoreutils-1.25.7/scripts/fixfiles | 8 ++
semodule_package/Makefile | 3 +
semodule_package/semod.conf | 96 ++++++++++++++++++++++++++++++++
setfiles/setfiles.8 | 3 +
setfiles/setfiles.c | 4 -
5 files changed, 110 insertions(+), 4 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -r1.98 -r1.99
--- policycoreutils-rhat.patch 26 Aug 2005 18:23:35 -0000 1.98
+++ policycoreutils-rhat.patch 1 Sep 2005 16:17:38 -0000 1.99
@@ -1,24 +1,169 @@
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/restorecon/restorecon.c
policycoreutils-1.25.7/restorecon/restorecon.c
---- nsapolicycoreutils/restorecon/restorecon.c 2005-07-27 09:58:39.000000000
-0400
-+++ policycoreutils-1.25.7/restorecon/restorecon.c 2005-08-26
14:20:10.000000000 -0400
-@@ -186,7 +186,7 @@
- freecon(scontext);
- return 0;
- }
-- retcontext=lgetfilecon(filename,&prev_context);
-+ retcontext=lgetfilecon_raw(filename,&prev_context);
-
- if (retcontext >= 0 || errno == ENODATA) {
- int customizable=0;
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c
policycoreutils-1.25.7/setfiles/setfiles.c
---- nsapolicycoreutils/setfiles/setfiles.c 2005-04-11 16:00:46.000000000
-0400
-+++ policycoreutils-1.25.7/setfiles/setfiles.c 2005-08-26 14:20:28.000000000
-0400
-@@ -285,7 +285,7 @@
- }
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles
policycoreutils-1.25.7/scripts/fixfiles
+--- nsapolicycoreutils/scripts/fixfiles 2005-08-25 16:18:08.000000000
-0400
++++ policycoreutils-1.25.7/scripts/fixfiles 2005-08-26 16:05:39.000000000
-0400
+@@ -61,7 +61,11 @@
+ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
+ TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
+ test -z "$TEMPFILE" && exit
+- /usr/bin/diff $PREFC $FC | grep '^[<>]'|cut -c3-| grep ^/ | \
++ PREFCTEMPFILE=`mktemp ${PREFC}.XXXXXXXXXX`
++ sed -r -e 's,:s0[[:space:]], ,g' $PREFC > ${PREFCTEMPFILE}
++ sed -r -e 's,:s0[[:space:]], ,g' $FC | \
++ /usr/bin/diff -b ${PREFCTEMPFILE} - | \
++ grep '^[<>]'|cut -c3-| grep ^/ | \
+ egrep -v '(^/home|^/root|^/tmp|^/dev)' |\
+ sed -r -e 's,[[:blank:]].*,,g' \
+ -e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \
+@@ -85,7 +89,7 @@
+ while read pattern ; do find $pattern \( -fstype ext2 -o -fstype ext3
-o -fstype jfs -o -fstype xfs \) -print; done 2> /dev/null | \
+ egrep -v '(^/home|^/root|^/tmp|^/dev)' |\
+ ${RESTORECON} $2 -v -f -
+- rm -f ${TEMPFILE}
++ rm -f ${TEMPFILE} ${PREFCTEMPFILE}
+ fi
+ }
+ #
+--- nsapolicycoreutils/semodule_package/Makefile 2005-07-28
09:46:02.000000000 -0400
++++ policycoreutils-1.25.7/semodule_package/Makefile 2005-08-30
10:31:41.000000000 -0400
+@@ -3,6 +3,7 @@
+ INCLUDEDIR ?= $(PREFIX)/include
+ BINDIR ?= $(PREFIX)/bin
+ LIBDIR ?= ${PREFIX}/lib
++SELINUXDIR ?= ${DESTDIR}/etc/selinux
+
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += -I$(INCLUDEDIR)
+@@ -14,7 +15,9 @@
+
+ install: all
+ -mkdir -p $(BINDIR)
++ -mkdir -p $(SELINUXDIR)
+ install -m 755 semodule_package $(BINDIR)
++ install -m 640 semod.conf $(SELINUXDIR)/semod.conf
- /* Get the current context of the file. */
-- ret = lgetfilecon(my_file, &context);
-+ ret = lgetfilecon_raw(my_file, &context);
- if (ret < 0) {
- if (errno == ENODATA) {
- context = malloc(10);
+ relabel:
+
+--- nsapolicycoreutils/semodule_package/semod.conf 1969-12-31
19:00:00.000000000 -0500
++++ policycoreutils-1.25.7/semodule_package/semod.conf 2005-08-30
10:24:54.000000000 -0400
+@@ -0,0 +1,96 @@
++# Authors: Jason Tang <jtang@xxxxxxxxxx>
++#
++# Copyright (C) 2004-2005 Tresys Technology, LLC
++#
++# This library is free software; you can redistribute it and/or
++# modify it under the terms of the GNU Lesser General Public
++# License as published by the Free Software Foundation; either
++# version 2.1 of the License, or (at your option) any later version.
++#
++# This library is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++# Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public
++# License along with this library; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
++
++# Specify how libsemanage will interact with the module store. The three
++# options are:
++#
++# "direct" - libsemanage will write directly to the store.
++# /foo/bar - Write by way of a policy server, whose named socket
++# is at /foo/bar. The path must begin with a '/'.
++# foo.com:4242 - Establish a TCP connection to a remote policy server
++# at foo.com. If there is a colon then the remainder
++# is interpreted as a port number; otherwise default
++# to port 4242.
++module-store = direct
++
++# When generating the final linked and expanded policy, by default
++# semodule will set the policy version to POLICYDB_VERSION_MAX, as
++# given in <sepol/policydb.h>. Change this setting if a different
++# version is necessary.
++#policy-version = 19
++
++# After a policy has been created this library will attempt to load it
++# by calling the load_policy utility. If there are special
++# requirements (e.g., read booleans from a certain file) then add them
++# here. Below are the default values. Within 'args', the special
++# sequence "$@" will be replaced with the policy filename.
++#[load_policy]
++#path = /usr/sbin/load_policy
++#args = -b $@
++#[end]
++
++# In addition to loading a policy libsemanage will validate file contexts
++# by calling the setfiles utility. As above, "$@" will be replaced
++# with the policy filename. In addition "$<" will be replaced with
++# the file contexts filename.
++#[setfiles]
++#path = /usr/sbin/setfiles
++#args = -q -c $@ $<
++#[end]
++
++# Each program specified within a [verify] block is run during
++# committing. There are three types of verifies allowed: module,
++# linked, and kernel. Multiple verifies may exist for a stage; place
++# each program within its own [verify] block. For each stage the
++# programs are executed in the order given below. If a program ever
++# returns a non-zero value then the entire commit is aborted.
++#
++# Module verifies are executed for each source module prior to
++# linking. After they have been linked each link verifier is run
++# against the linked base module. Finally, each kernel verifier is
++# run against the final expanded kernel policy. If these verifiers
++# all exit with a return value of 0 then that kernel policy will be
++# loaded.
++#
++# 'path' gives a path the verificaton program. 'args' is any
++# free-form string that supplies command line arguments to the
++# verifier. Within args single quotes, double quotes, and backslashes
++# are metacharacters handled similarly to bash. Within 'args', the
++# special sequence "$@" will be replaced with a filename to the entity
++# being checked: source module for module verifiers, linked module for
++# linked, kernel policy for kernel. The sequence "$<" will be
++# replaced with the previous filename, if applicable. If an older
++# version does not exist "$<" expands to an empty string.
++#[verify module]
++#path = /usr/bin/some_module_verifier
++#args = -Wall -ansi -pedantic $@ $<
++#[end]
++
++#[verify module]
++#path = /another/module/verify/program
++#args = -With -some_more arguments
++#[end]
++
++#[verify linked]
++#path = /usr/local/bin/some_link_verifier
++#[end]
++
++#[verify kernel]
++#path = /usr/sbin/kernel_verifier
++#args = "some argument" "some other parameter" -k $@
++#[end]
+--- nsapolicycoreutils/setfiles/setfiles.8 2005-03-17 10:29:50.000000000
-0500
++++ policycoreutils-1.25.7/setfiles/setfiles.8 2005-08-29 12:52:49.000000000
-0400
+@@ -35,6 +35,9 @@
+ .B \-q
+ suppress non-error output.
+ .TP
++.B \-r
++use an alternate root path
++.TP
+ .B \-e directory
+ directory to exclude (repeat option for more than one directory.)
+ .TP
+--- nsapolicycoreutils/setfiles/setfiles.c 2005-04-11 16:00:46.000000000
-0400
++++ policycoreutils-1.25.7/setfiles/setfiles.c 2005-08-29 12:50:56.000000000
-0400
+@@ -198,8 +198,8 @@
+ void usage(const char * const name)
+ {
+ fprintf(stderr,
+- "usage: %s [-dnqvW] [-o filename] spec_file pathname...\n"
+- "usage: %s [-c policyfile] spec_file\n"
++ "usage: %s [-dnqvW] [-o filename] [-r alt_root_path ]
spec_file pathname...\n"
++ "usage: %s -c policyfile spec_file\n"
+ "usage: %s -s [-dnqvW] [-o filename ] spec_file\n", name,
name, name);
+ exit(1);
+ }
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.136
retrieving revision 1.137
diff -u -r1.136 -r1.137
--- policycoreutils.spec 26 Aug 2005 18:52:18 -0000 1.136
+++ policycoreutils.spec 1 Sep 2005 16:17:38 -0000 1.137
@@ -1,18 +1,18 @@
-%define libselinuxver 1.25.4-1
-%define libsepolver 1.7.20-1
-%define libsemanagever 1.1.3-1
+%define libselinuxver 1.25.6-1
+%define libsepolver 1.7.24-1
+%define libsemanagever 1.1.4-1
Summary: SELinux policy core utilities.
Name: policycoreutils
-Version: 1.25.7
+Version: 1.25.9
Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
-#Patch: policycoreutils-rhat.patch
+Patch: policycoreutils-rhat.patch
BuildRequires: libselinux-devel >= %{libselinuxver} pam-devel libsepol-devel
>= %{libsepolver} libsemanage-devel >= %{libsemanagever}
-Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver}
+Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver}
BuildRoot: %{_tmppath}/%{name}-buildroot
@@ -35,6 +35,7 @@
%prep
%setup -q
+%patch -p1 -b .rhat
%build
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all
@@ -83,10 +84,22 @@
%{_mandir}/man1/audit2allow.1.gz
%{_mandir}/man1/newrole.1.gz
%config %{_sysconfdir}/pam.d/newrole
+%config %{_sysconfdir}/selinux/semod.conf
%config %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog
+* Thu Sep 1 2005 Dan Walsh <dwalsh@xxxxxxxxxx> 1.25.9-1
+- Update to match NSA
+ * Changed setfiles -c to translate the context to raw format
+ prior to calling libsepol.
+
+* Fri Aug 26 2005 Dan Walsh <dwalsh@xxxxxxxxxx> 1.25.7-3
+- Use new version of libsemange and require it for install
+
+* Fri Aug 26 2005 Dan Walsh <dwalsh@xxxxxxxxxx> 1.25.7-2
+- Ignore s0 in file context
+
* Thu Aug 25 2005 Dan Walsh <dwalsh@xxxxxxxxxx> 1.25.7-1
- Update to match NSA
* Merged patch for fixfiles -C from Dan Walsh.
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/sources,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- sources 25 Aug 2005 20:44:24 -0000 1.65
+++ sources 1 Sep 2005 16:17:38 -0000 1.66
@@ -1 +1 @@
-5139e99f462c5ae689f105d47adf0ce5 policycoreutils-1.25.7.tgz
+cefb5a0c070be495b8e0ab07229137a8 policycoreutils-1.25.9.tgz
--
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits
|
|