[email protected]
[Top] [All Lists]

PERFORCE change 114577 for review

Subject: PERFORCE change 114577 for review
From: Todd Miller
Date: Thu, 15 Feb 2007 20:18:54 GMT
http://perforce.freebsd.org/chv.cgi?CH=114577

Change 114577 by [email protected]_p4 on 2007/02/15 20:18:07

        Update to policycoreutils-1.34.1 from the SELinux web site.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/ChangeLog#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/Makefile#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/VERSION#3 
edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/audit2allow/Makefile#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/audit2allow/audit2allow#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/audit2allow/audit2allow.1#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/audit2allow/avc.py#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/audit2why/Makefile#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/audit2why/audit2why.c#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/load_policy/Makefile#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/load_policy/load_policy.8#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/load_policy/load_policy.c#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/newrole/Makefile#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/newrole/newrole-lspp.pamd#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/newrole/newrole.1#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/newrole/newrole.c#4
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/Makefile#3 
edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/POTFILES#3 
edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/POTFILES.in#3
 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/af.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/am.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ar.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/as.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/be.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/bg.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/bn.po#1 
add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/bn_IN.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ca.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/cs.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/cy.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/da.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/de.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/el.po#1 
add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/en_GB.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/es.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/et.po#3 
edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/eu_ES.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/fa.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/fi.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/fr.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/gl.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/gu.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/he.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/hi.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/hr.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/hu.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/hy.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/id.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/is.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/it.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ja.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ka.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/kn.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ko.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ku.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/lo.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/lt.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/lv.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/mk.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ml.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/mr.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ms.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/my.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/nb.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/nl.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/nn.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/no.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/nso.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/or.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/pa.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/pl.po#3 
edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/policycoreutils.pot#3
 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/pt.po#1 
add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/pt_BR.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ro.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ru.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/si.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/sk.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/sl.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/sq.po#1 
add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/sr%40Latn.po#1
 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/sr.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/sv.po#3 
edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ta.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/te.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/th.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/tr.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/uk.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/ur.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/vi.po#1 
add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/zh_CN.po#1 
add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/zh_TW.po#1 
add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/po/zu.po#1 
add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecon/Makefile#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecon/restorecon.8#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecon/restorecon.c#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecond/Makefile#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecond/restorecond.8#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecond/restorecond.c#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecond/restorecond.conf#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecond/restorecond.h#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecond/restorecond.init#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecond/stringslist.c#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecond/stringslist.h#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecond/utmpwatcher.c#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/restorecond/utmpwatcher.h#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/run_init/Makefile#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/run_init/open_init_pty.c#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/run_init/run_init.8#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/run_init/run_init.c#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/scripts/Makefile#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/scripts/chcat#2 
edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/scripts/chcat.8#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/scripts/fixfiles#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/scripts/fixfiles.8#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/scripts/genhomedircon#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/scripts/genhomedircon.8#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/secon/Makefile#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/secon/secon.1#1 
add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/secon/secon.c#1 
add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semanage/Makefile#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semanage/semanage#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semanage/semanage.8#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semanage/seobject.py#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule/Makefile#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule/semodule.8#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule/semodule.c#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_deps/Makefile#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_deps/semodule_deps.8#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_deps/semodule_deps.c#1
 add
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_expand/Makefile#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_expand/semodule_expand.8#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_expand/semodule_expand.c#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_link/Makefile#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_link/semodule_link.8#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_link/semodule_link.c#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_package/Makefile#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_package/semodule_package.8#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/semodule_package/semodule_package.c#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/sestatus/Makefile#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/sestatus/sestatus.c#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/setfiles/Makefile#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/setfiles/setfiles.8#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/setfiles/setfiles.c#3
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/setsebool/Makefile#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/setsebool/setsebool.8#2
 edit
.. 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/setsebool/setsebool.c#2
 edit

Differences ...

==== 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/ChangeLog#3 
(text+ko) ====

@@ -1,3 +1,205 @@
+1.34.1 2007-01-22
+       * Fixed newrole non-pam build.
+
+1.34.0 2007-01-18
+       * Updated version for stable branch.
+
+1.33.16 2007-01-18
+       * Merged po file updates from Dan Walsh.
+       * Removed update-po from all target in po/Makefile.
+
+1.33.15 2007-01-17
+       * Merged unicode-to-string fix for seobject audit from Dan Walsh.
+       * Merged man page updates to make "apropos selinux" work from Dan Walsh.
+
+1.33.14 2007-01-16
+       * Merged newrole man page patch from Michael Thompson.
+
+1.33.13 2007-01-16
+       * Merged patch to fix python unicode problem from Dan Walsh.
+       
+1.33.12 2007-01-11
+       * Merged newrole securetty check from Dan Walsh.
+       * Merged semodule patch to generalize list support from Karl MacMillan.
+
+1.33.11 2007-01-09
+       * Merged fixfiles and seobject fixes from Dan Walsh.
+       * Merged semodule support for list of modules after -i from Karl 
MacMillan. 
+
+1.33.10 2007-01-08
+       * Merged patch to correctly handle a failure during semanage handle
+         creation from Karl MacMillan.
+
+1.33.9 2007-01-05
+       * Merged patch to fix seobject role modification from Dan Walsh.
+
+1.33.8 2007-01-04
+       * Merged patches from Dan Walsh to:
+         - omit the optional name from audit2allow
+         - use the installed python version in the Makefiles
+         - re-open the tty with O_RDWR in newrole
+
+1.33.7 2007-01-03
+       * Patch from Dan Walsh to correctly suppress warnings in load_policy.
+       
+1.33.6 2006-11-29
+       * Patch from Dan Walsh to add an pam_acct_msg call to run_init
+       * Patch from Dan Walsh to fix error code returns in newrole
+       * Patch from Dan Walsh to remove verbose flag from semanage man page
+       * Patch from Dan Walsh to make audit2allow use refpolicy Makefile
+         in /usr/share/selinux/<SELINUXTYPE>
+
+1.33.5 2006-11-27
+       * Merged patch from Michael C Thompson to clean up genhomedircon
+         error handling.
+1.33.4 2006-11-21
+       * Merged po file updates from Dan Walsh.
+
+1.33.3 2006-11-21
+       * Merged setsebool patch from Karl MacMillan. 
+         This fixes a bug reported by Yuichi Nakamura with
+         always setting booleans persistently on an unmanaged system.
+
+1.33.2 2006-11-20
+       * Merged patch from Dan Walsh (via Karl MacMillan):
+         * Added newrole audit message on login failure
+         * Add /var/log/wtmp to restorecond.conf watch list
+         * Fix genhomedircon, semanage, semodule_expand man pages.
+       
+1.33.1 2006-11-13
+       * Merged newrole patch set from Michael Thompson.
+
+1.32 2006-10-17
+       * Updated version for release.
+
+1.30.31 2006-10-17
+       * Merged audit2allow -l fix from Yuichi Nakamura.
+       * Merged restorecon -i and -o - support from Karl MacMillan.
+       * Merged semanage/seobject fix from Dan Walsh.
+       * Merged fixfiles -R and verify changes from Dan Walsh.
+
+1.30.30 2006-09-29
+       * Merged newrole auditing of failures due to user actions from
+         Michael Thompson.
+
+1.30.29 2006-09-13
+       * Man page corrections from Dan Walsh
+       * Change all python invocations to /usr/bin/python -E
+       * Add missing getopt flags to genhomedircon
+
+1.30.28 2006-09-01
+       * Merged fix for restorecon // handling from Erich Schubert.
+       * Merged translations update and fixfiles fix from Dan Walsh.
+
+1.30.27 2006-08-24
+       * Merged fix for restorecon symlink handling from Erich Schubert.
+
+1.30.26 2006-08-11
+       * Merged semanage local file contexts patch from Chris PeBenito.
+
+1.30.25 2006-08-03
+       * Merged patch from Dan Walsh with:
+         * audit2allow: process MAC_POLICY_LOAD events
+         * newrole:  run shell with - prefix to start a login shell
+         * po:  po file updates
+         * restorecond:  bail if SELinux not enabled
+         * fixfiles: omit -q 
+         * genhomedircon:  fix exit code if non-root
+         * semodule_deps:  install man page
+
+1.30.24 2006-08-03
+       * Merged secon Makefile fix from Joshua Brindle.
+
+1.30.23 2006-08-03
+       * Merged netfilter contexts support patch from Chris PeBenito.
+
+1.30.22 2006-07-28
+       * Merged restorecond size_t fix from Joshua Brindle.
+
+1.30.21 2006-07-28
+       * Merged secon keycreate patch from Michael LeMay.
+
+1.30.20 2006-07-26
+       * Merged restorecond fixes from Dan Walsh.
+         Merged updated po files from Dan Walsh.
+
+1.30.19 2006-07-26
+       * Merged python gettext patch from Stephen Bennett.
+
+1.30.18 2006-07-25
+       * Merged semodule_deps from Karl MacMillan.
+
+1.30.17 2006-06-29
+       * Lindent.
+
+1.30.16 2006-06-26
+       * Merged patch from Dan Walsh with:
+         * -p option (progress) for setfiles and restorecon.
+         * disable context translation for setfiles and restorecon.
+         * on/off values for setsebool.
+
+1.30.15 2006-06-26
+       * Merged setfiles and semodule_link fixes from Joshua Brindle.
+       
+1.30.14 2006-06-16
+       * Merged fix for setsebool error path from Serge Hallyn.
+
+1.30.13 2006-06-16
+       * Merged patch from Dan Walsh with:
+       *    Updated po files.
+       *    Fixes for genhomedircon and seobject.
+       *    Audit message for mass relabel by setfiles.
+
+1.30.12 2006-06-02
+       * Updated fixfiles script for new setfiles location in /sbin.
+
+1.30.11 2006-05-26
+       * Merged more translations from Dan Walsh.
+       * Merged patch to relocate setfiles to /sbin for early relabel
+         when /usr might not be mounted from Dan Walsh.
+       * Merged semanage/seobject patch to preserve fcontext ordering in list.
+       * Merged secon patch from James Antill.
+
+1.30.10 2006-05-22
+       * Merged patch with updates to audit2allow, secon, genhomedircon,
+         and semanage from Dan Walsh.
+
+1.30.9 2006-05-08
+       * Fixed audit2allow and po Makefiles for DESTDIR= builds.
+       * Merged .po file patch from Dan Walsh.
+       * Merged bug fix for genhomedircon.
+
+1.30.8 2006-05-08
+       * Merged patch from Dan Walsh.
+         This includes audit2allow changes for analysis plugins,
+         internationalization support for several additional programs 
+         and added po files, some fixes for semanage, and several cleanups.
+         It also adds a new secon utility.
+
+1.30.7 2006-05-05
+       * Merged fix warnings patch from Karl MacMillan.
+
+1.30.6 2006-04-14
+       * Merged semanage prefix support from Russell Coker.
+
+1.30.5 2006-04-11
+       * Added a test to setfiles to check that the spec file is
+         a regular file.
+
+1.30.4 2006-03-29
+       * Merged audit2allow fixes for refpolicy from Dan Walsh.
+       * Merged fixfiles patch from Dan Walsh.
+       * Merged restorecond daemon from Dan Walsh.
+
+1.30.3 2006-03-29
+       * Merged semanage non-MLS fixes from Chris PeBenito.
+
+1.30.2 2006-03-29
+       * Merged semanage and semodule man page examples from Thomas Bleher.
+
+1.30.1 2006-03-20
+       * Merged semanage labeling prefix patch from Ivan Gyurdiev.
+
 1.30 2006-03-14
        * Updated version for release.
 

==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/Makefile#3 
(text+ko) ====

@@ -1,7 +1,8 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon audit2allow 
audit2why scripts sestatus semodule_package semodule semodule_link 
semodule_expand setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond 
secon audit2allow audit2why scripts sestatus semodule_package semodule 
semodule_link semodule_expand semodule_deps setsebool po
 
-all install relabel clean: 
+all install relabel clean indent:
        @for subdir in $(SUBDIRS); do \
                (cd $$subdir && $(MAKE) [email protected]) || exit 1; \
        done
 
+test:

==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/VERSION#3 
(text+ko) ====

@@ -1,1 +1,1 @@
-1.30
+1.34.1

==== 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/audit2allow/Makefile#3
 (text+ko) ====

@@ -1,8 +1,11 @@
 # Installation directories.
 PREFIX ?= ${DESTDIR}/usr
 BINDIR ?= $(PREFIX)/bin
+LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
+PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % 
sys.version_info[0:2]')
+PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
 
 TARGETS=audit2allow
 
@@ -13,7 +16,11 @@
        install -m 755 $(TARGETS) $(BINDIR)
        -mkdir -p $(MANDIR)/man1
        install -m 644 audit2allow.1 $(MANDIR)/man1/
+       test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d 
$(PYTHONLIBDIR)/site-packages
+       install -m 755 avc.py $(PYTHONLIBDIR)/site-packages
 
 clean:
 
+indent:
+
 relabel:

==== 
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policycoreutils/audit2allow/audit2allow#3
 (text+ko) ====

@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/python -E
 # Copyright (C) 2005 Red Hat 
 # see file 'COPYING' for use and warranty information
 #
@@ -24,438 +24,24 @@
 #                                        02111-1307  USA
 #
 #  
-import commands, sys, os, pwd, string, getopt, re, selinux
-
-obj="(\{[^\}]*\}|[^ \t:]*)"
-allow_regexp="allow[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, 
obj)
-
-awk_script='/^[[:blank:]]*interface[[:blank:]]*\(/ {\n\
-        IFACEFILE=FILENAME\n\
-       IFACENAME = 
gensub("^[[:blank:]]*interface[[:blank:]]*\\\\(\`?","","g",$0);\n\
-       IFACENAME = gensub("\'?,.*$","","g",IFACENAME);\n\
-}\n\
-\n\
-/^[[:blank:]]*allow[[:blank:]]+.*;[[:blank:]]*$/ {\n\
-\n\
-  if ((length(IFACENAME) > 0) && (IFACEFILE == FILENAME)){\n\
-               ALLOW = gensub("^[[:blank:]]*","","g",$0)\n\
-               ALLOW = gensub(";[[:blank:]]*$","","g",$0)\n\
-               print FILENAME "\\t" IFACENAME "\\t" ALLOW;\n\
-       }\n\
-}\
-'
-
-class accessTrans:
-    def __init__(self):
-        self.dict={}
-       try:
-               
fd=open("/usr/share/selinux/devel/include/support/obj_perm_sets.spt")
-       except IOError, error:
-               raise IOError("Reference policy generation requires the policy 
development package.\n%s" % error)
-        records=fd.read().split("\n")
-        regexp="^define *\(`([^']*)' *, *` *\{([^}]*)}'"
-        for r in records:
-            m=re.match(regexp,r)
-            if m!=None:
-                self.dict[m.groups()[0]] = m.groups()[1].split()
-        fd.close()
-    def get(self, var):
-        l=[]
-        for v in var:
-            if v in self.dict.keys():
-                l += self.dict[v]
-            else:
-                if v not in ("{", "}"):
-                    l.append(v)
-        return l
-
-class interfaces:
-    def __init__(self):
-        self.dict={}
-        trans=accessTrans()
-       (input, output) = os.popen2("awk -f - 
/usr/share/selinux/devel/include/*/*.if 2> /dev/null")
-       input.write(awk_script)
-       input.close()
-       records=output.read().split("\n")
-       input.close()
-        if len(records) > 0:
-            regexp="([^ \t]*)[ \t]+([^ \t]*)[ \t]+%s" % allow_regexp
-            for r in records:
-                m=re.match(regexp,r)
-                if m==None:
-                    continue
-                else:
-                    val=m.groups()
-                file=os.path.basename(val[0]).split(".")[0]
-                iface=val[1]
-                Scon=val[2].split()
-                Tcon=val[3].split()
-                Class=val[4].split()
-                Access=trans.get(val[5].split())
-                for s in Scon:
-                    for t in Tcon:
-                        for c in Class:
-                            if (s, t, c) not in self.dict.keys():
-                                self.dict[(s, t, c)]=[]
-                            self.dict[(s, t, c)].append((Access, file, iface))
-    def out(self):
-        keys=self.dict.keys()
-        keys.sort()
-        for k in keys:
-            print k
-            for i in self.dict[k]:
-                print "\t", i
-                
-    def match(self, Scon, Tcon, Class, Access):
-        keys=self.dict.keys()
-        ret=[]
-        if (Scon, Tcon, Class) in keys:
-            for i in self.dict[(Scon, Tcon, Class)]:
-                if Access in i[0]:
-                    if i[2].find(Access) >= 0:
-                        ret.insert(0, i)
-                    else:
-                        ret.append(i)
-            return ret
-        if ("$1", Tcon, Class) in keys:
-            for i in self.dict[("$1", Tcon, Class)]:
-                if Access in i[0]:
-                    if i[2].find(Access) >= 0:
-                        ret.insert(0, i)
-                    else:
-                        ret.append(i)
-            return ret
-        if (Scon, "$1", Class) in keys:
-            for i in self.dict[(Scon, "$1", Class)]:
-                if Access in i[0]:
-                    if i[2].find(Access) >= 0:
-                        ret.insert(0, i)
-                    else:
-                        ret.append(i)
-            return ret
-        else:
-            return ret
-        
-
-class serule:
-       def __init__(self, type, source, target, seclass):
-               self.type=type
-               self.source=source
-               self.target=target
-               self.seclass=seclass
-               self.avcinfo={}
-               self.iface=None
-               
-       def add(self, avc):
-               for a in avc[0]:
-                       if a not in self.avcinfo.keys():
-                               self.avcinfo[a]=[]
-
-                       self.avcinfo[a].append(avc[1:])
-
-       def getAccess(self):
-               if len(self.avcinfo.keys()) == 1:
-                       for i in self.avcinfo.keys():
-                               return i
-               else:
-                       keys=self.avcinfo.keys()
-                       keys.sort()
-                       ret="{"
-                       for i in keys:
-                               ret=ret + " " + i                               
-                       ret=ret+" }"
-                       return ret
-       def out(self, verbose=0):
-               ret=""
-               ret=ret+"%s %s %s:%s %s;" % (self.type, self.source, 
self.gettarget(), self.seclass, self.getAccess())
-               if verbose:
-                       keys=self.avcinfo.keys()
-                       keys.sort()
-                       for i in keys:
-                               for x in self.avcinfo[i]:
-                                       ret=ret+"\n\t#TYPE=AVC  MSG=%s  " % x[0]
-                                       if len(x[1]):
-                                               ret=ret+"COMM=%s  " % x[1]
-                                       if len(x[2]):
-                                               ret=ret+"NAME=%s  " % x[2]
-                                       ret=ret + " : " + i 
-               return ret
-               
-       def gen_reference_policy(self, iface):
-               ret=""
-               Scon=self.source
-               Tcon=self.gettarget()
-               Class=self.seclass
-               Access=self.getAccess()
-               m=iface.match(Scon,Tcon,Class,Access)
-               if len(m)==0:
-                       return self.out()
-               else:
-                       file=m[0][1]
-                       ret="\n#%s\n"% self.out()
-                       ret += "optional_policy(`%s', `\n" % m[0][1]
-                       first=True
-                       for i in m:
-                               if file != i[1]:
-                                       ret += "')\ngen_require(`%s', `\n" % 
i[1]
-                                       file = i[1]
-                                       first=True
-                               if first:
-                                       ret += "\t%s(%s)\n" % (i[2], Scon)
-                                       first=False
-                               else:
-                                       ret += "#\t%s(%s)\n" % (i[2], Scon)
-                       ret += "');"
-               return ret
-               
-       def gettarget(self):
-               if self.source == self.target:
-                       return "self"
-               else:
-                       return self.target
-       
-class seruleRecords:
-       def __init__(self, input, last_reload=0, verbose=0, te_ind=0):
-               self.last_reload=last_reload
-               self.seRules={}
-               self.seclasses={}
-               self.types=[]
-               self.roles=[]
-               self.load(input, te_ind)
-               self.gen_ref_policy = False
-
-       def gen_reference_policy(self):
-               self.gen_ref_policy = True
-               self.iface=interfaces()
-
-       def warning(self, error):
-               sys.stderr.write("%s: " % sys.argv[0])
-               sys.stderr.write("%s\n" % error)
-               sys.stderr.flush()
-
-       def load(self, input, te_ind=0):
-               VALID_CMDS=("allow", "dontaudit", "auditallow", "role")
-               
-               avc=[]
-               found=0
-               line = input.readline()
-               if te_ind:
-                       while line:
-                               rec=line.split()
-                               if len(rec) and rec[0] in VALID_CMDS:
-                                       self.add_terule(line)
-                               line = input.readline()
-                                       
-               else:
-                       while line:
-                               rec=line.split()
-                               for i in rec:
-                                       if i=="avc:" or i=="message=avc:" or 
i=="msg='avc:":
-
-                                               found=1
-                                       else:
-                                               avc.append(i)
-                               if found:
-                                       self.add(avc)
-                                       found=0
-                                       avc=[]
-                               line = input.readline()
-                               
-
-       def get_target(self, i, rule):
-               target=[]
-               if rule[i][0] == "{":
-                       for t in rule[i].split("{"):
-                               if len(t):
-                                       target.append(t)
-                       i=i+1
-                       for s in rule[i:]:
-                               if s.find("}") >= 0:
-                                       for s1 in s.split("}"):
-                                               if len(s1):
-                                                       target.append(s1)
-                                               i=i+1
-                                               return (i, target)
+from avc import *
 
-                               target.append(s)
-                               i=i+1
-               else:
-                       if rule[i].find(";") >= 0:
-                               for s1 in rule[i].split(";"):
-                                       if len(s1):
-                                               target.append(s1)
-                       else:
-                               target.append(rule[i])
-
-               i=i+1
-               return (i, target)
-
-       def rules_split(self, rules):
-               (idx, target ) = self.get_target(0, rules)
-               (idx, subject) = self.get_target(idx, rules)
-               return (target, subject)
-
-       def add_terule(self, rule):
-               rc = rule.split(":")
-               rules=rc[0].split()
-               type=rules[0]
-               if type == "role":
-                       print type
-               (sources, targets) = self.rules_split(rules[1:])
-               rules=rc[1].split()
-               (seclasses, access) = self.rules_split(rules)
-               for scon in sources:
-                       for tcon in targets:
-                               for seclass in seclasses:
-                                       self.add_rule(type, scon, tcon, 
seclass,access)
-               
-       def add_rule(self, rule_type, scon, tcon, seclass, access, msg="", 
comm="", name=""):
-               self.add_seclass(seclass, access)
-               self.add_type(tcon)
-               self.add_type(scon)
-               if (rule_type, scon, tcon, seclass) not in self.seRules.keys():
-                       self.seRules[(rule_type, scon, tcon, 
seclass)]=serule(rule_type, scon, tcon, seclass)
-                               
-               self.seRules[(rule_type, scon, tcon, seclass)].add((access, 
msg, comm, name ))
-
-       def add(self,avc):
-               scon=""
-               tcon=""
-               seclass=""
-               comm=""
-               name=""
-               msg=""
-               access=[]
-               if "security_compute_sid" in avc:
-                       return
-               
-               if "load_policy" in avc and self.last_reload:
-                       self.seRules={}
-
-               if "granted" in avc:
-                       return
-               try:
-                       for i in range (0, len(avc)):
-                               if avc[i]=="{":
-                                       i=i+1
-                                       while i<len(avc) and avc[i] != "}":
-                                               access.append(avc[i])
-                                               i=i+1
-                                       continue
-                       
-                               t=avc[i].split('=')
-                               if len(t) < 2:
-                                       continue
-                               if t[0]=="scontext":
-                                       context=t[1].split(":")
-                                       scon=context[2]
-                                       srole=context[1]
-                                       continue
-                               if t[0]=="tcontext":
-                                       context=t[1].split(":")
-                                       tcon=context[2]
-                                       trole=context[1]
-                                       continue
-                               if t[0]=="tclass":
-                                       seclass=t[1]
-                                       continue
-                               if t[0]=="comm":
-                                       comm=t[1]
-                                       continue
-                               if t[0]=="name":
-                                       name=t[1]
-                                       continue
-                               if t[0]=="msg":
-                                       msg=t[1]
-                                       continue
-
-                       if scon=="" or tcon =="" or seclass=="":
-                               return
-               except IndexError, e:
-                       self.warning("Bad AVC Line: %s" % avc)
-                       return
-                       
-               self.add_role(srole)
-               self.add_role(trole)
-               self.add_rule("allow", scon, tcon, seclass, access, msg, comm, 
name)
-
-       def add_seclass(self,seclass, access):
-               if seclass not in self.seclasses.keys():
-                               self.seclasses[seclass]=[]
-               for a in access:
-                       if a not in self.seclasses[seclass]:
-                               self.seclasses[seclass].append(a)
-                               
-       def add_role(self,role):
-               if role not in self.roles:
-                               self.roles.append(role)
-
-       def add_type(self,type):
-               if type not in self.types:
-                               self.types.append(type)
-
-       def gen_module(self, module):
-               return "module %s 1.0;" % module
-
-       def gen_requires(self):
-               self.roles.sort()
-               self.types.sort()
-               keys=self.seclasses.keys()
-               keys.sort()
-               rec="\n\nrequire {\n"
-               if len(self.roles) > 0:
-                       for i in self.roles:
-                               rec += "\trole %s; \n" % i
-                       rec += "\n" 
-
-               for i in keys:
-                       access=self.seclasses[i]
-                       if len(access) > 1:
-                               access.sort()
-                               rec += "\tclass %s {" % i
-                               for a in access:
-                                       rec += " %s" % a
-                               rec += " }; \n"
-                       else:
-                               rec += "\tclass %s %s;\n" % (i, access[0])
-                               
-               rec += "\n" 
-                       
-               for i in self.types:
-                       rec += "\ttype %s; \n" % i
-               rec += " };\n\n\n"
-               return rec
-       
-       def out(self, require=0, module=""):
-               rec=""
-               if len(self.seRules.keys())==0:
-                      raise(ValueError("No AVC messages found."))
-               if module != "":
-                       rec += self.gen_module(module)
-                       rec += self.gen_requires()
-               else:
-                       if requires:
-                               rec+=self.gen_requires()
-
-               keys=self.seRules.keys()
-               keys.sort()
-               for i in keys:
-                       if self.gen_ref_policy:
-                               rec += 
self.seRules[i].gen_reference_policy(self.iface)+"\n"
-                       else:
-                               rec += self.seRules[i].out(verbose)+"\n"
-               return rec
-
 if __name__ == '__main__':
-
+       import commands, sys, os, getopt, selinux
+        import gettext
+       import re
+        try:
+                gettext.install('policycoreutils')
+        except:
+                pass
        def get_mls_flag():
                if selinux.is_selinux_mls_enabled():
                        return "-M"
                else:
                        return ""
 
-       def usage(msg=""):
-               print 'audit2allow [-adhilrv] [-t file ] [ -f fcfile ] [-i 
<inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
+       def usage(msg = ""):
+               print _('audit2allow [-adhilrv] [-t file ] [ -f fcfile ] [-i 
<inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
                -a, --all        read input from audit and message log, 
conflicts with -i\n\
                -d, --dmesg      read input from output of /bin/dmesg\n\
                -h, --help       display this message\n\
@@ -465,14 +51,20 @@
                -M               generate loadable module package, conflicts 
with -o\n\
                -o, --output     append output to <outputfile>, conflicts with 
-M\n\
                -r, --requires   generate require output \n\
-               -t, --tefile     Indicates input is Existing Type Enforcement 
file\n\
+               -t, --tefile     Add input from Existing Type Enforcement 
file\n\
                -f, --fcfile     Existing Type Enforcement file, requires -M\n\
                -v, --verbose    verbose output\n\
-               '
+                -A, --analyze    Analyze output\n\
+                ')
                if msg != "":
                        print msg
                sys.exit(1)
                
+       def verify_module(module):
+               m = re.findall("[^a-zA-Z0-9]", module)
+               if len(m) != 0:
+                       usage(_("Alphanumeric Charaters Only"))
+               
        def errorExit(error):
                sys.stderr.write("%s: " % sys.argv[0])
                sys.stderr.write("%s\n" % error)
@@ -483,24 +75,26 @@
        # 
        #
        try:
-               last_reload=0
-               input=sys.stdin
-               output=sys.stdout
-               module=""
-               requires=0
-               verbose=0
-               auditlogs=0
-               buildPP=0
-               input_ind=0
-               output_ind=0
-               ref_ind=False
-               te_ind=0
+               last_reload = 0
+               inputfd = sys.stdin
+               output = sys.stdout
+               module = ""
+               requires = 0
+               verbose = 0
+               auditlogs = 0
+               buildPP = 0
+               input_ind = 0
+               output_ind = 0
+               ref_ind = False
+               analyze = False
+               te_inputs = []
 
-               fc_file=""
+               fc_file = ""
                gopts, cmds = getopt.getopt(sys.argv[1:],
-                                           'adf:hi:lm:M:o:rtvR',
+                                           'Aadf:hi:lm:M:o:rt:vR',
                                            ['all',
-                                            'dmesg',
+                                             'analyze',
+                                             'dmesg',
                                             'fcfile=',
                                             'help',
                                             'input=',
@@ -509,57 +103,63 @@
                                             'output=',
                                             'requires',
                                             'reference',
-                                            'tefile',
+                                            'tefile=',
                                             'verbose'
                                             ])
                for o,a in gopts:
                        if o == "-a" or o == "--all":
-                               if input_ind or te_ind:
+                               if input_ind:
                                        usage()
-                               input=open("/var/log/messages", "r")
-                               auditlogs=1
+                               inputfd = open("/var/log/messages", "r")
+                               auditlogs = 1
                        if o == "-d"  or o == "--dmesg":
-                               input=os.popen("/bin/dmesg", "r")
+                               inputfd = os.popen("/bin/dmesg", "r")
                        if o == "-f" or o == "--fcfile":
-                               if a[0]=="-":
+                               if a[0] == "-":
                                        usage()
-                               fc_file=a
+                               fc_file = a
                        if o == "-h" or o == "--help":
                                usage()
                        if o == "-i"or o == "--input":
-                               if auditlogs  or a[0]=="-":
+                               if auditlogs  or a[0] == "-":
                                        usage()
-                               input_ind=1
-                               input=open(a, "r")
+                               input_ind = 1
+                               inputfd = open(a, "r")
                        if o == '--lastreload' or o == "-l":
-                               last_reload=1
+                               last_reload = 1
                        if o == "-m" or o == "--module":
-                               if module != "" or a[0]=="-":
+                               if module != "" or a[0] == "-":
                                        usage()
-                               module=a
+                               module = a
+                               verify_module(module)
                        if o == "-M":
-                               if module != "" or output_ind  or a[0]=="-":
+                               if module != "" or output_ind  or a[0] == "-":
                                        usage()
-                               module=a
-                               outfile=a+".te"
-                               buildPP=1
-                               output=open(outfile, "w")
+                               module = a
+                               verify_module(module)
+                               outfile = a+".te"
+                               buildPP = 1
+                               if not os.path.exists("/usr/bin/checkmodule"):
+                                       errorExit("-M Requires the checkmodule 
command, you need to install the checkpolicy rpm package")
+                               output = open(outfile, "w")
                        if o == "-r" or o == "--requires":
-                               requires=1
+                               requires = 1
                        if o == "-t" or o == "--tefile":
-                               if auditlogs:

>>> TRUNCATED FOR MAIL (1000 lines) <<<
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/p4-projects
To unsubscribe, send any mail to "[email protected]"

<Prev in Thread] Current Thread [Next in Thread>
  • PERFORCE change 114577 for review, Todd Miller <=