[Selinux-commits] SF.net SVN: selinux: [2362] trunk/policycoreutils

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2362
          http://svn.sourceforge.net/selinux/?rev=2362&view=rev
Author:   ssmalley
Date:     2007-04-24 06:56:42 -0700 (Tue, 24 Apr 2007)

Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: policycoreutils patches
Date: Thu, 12 Apr 2007 16:54:02 -0400

Fix chcat to handle case where there are no categories.

Change fixfiles to run setfiles in quiet mode

Change genhomedircon to verify context before setting homedir file 
context.  This can happen if you have different user types, where one 
type has a homedir file context while another one does not.

restorecond init script does not return status properly

Fix output of restorecon.c errors to show correct error message.

[sds:  Dropped change to move audit2allow to /sbin, and added a prefix 
to the error message in restorecon.]

Modified Paths:
--------------
    trunk/policycoreutils/restorecon/restorecon.c
    trunk/policycoreutils/restorecond/restorecond.init
    trunk/policycoreutils/scripts/chcat
    trunk/policycoreutils/scripts/fixfiles
    trunk/policycoreutils/scripts/genhomedircon

Modified: trunk/policycoreutils/restorecon/restorecon.c
===================================================================

--- trunk/policycoreutils/restorecon/restorecon.c	2007-04-24 13:48:25 UTC (rev 2361)
+++ trunk/policycoreutils/restorecon/restorecon.c	2007-04-24 13:56:42 UTC (rev 2362)
@@ -336,8 +336,8 @@
 				if (!file_exist && errno == ENOENT)
 					return;
 				fprintf(stderr,
-					"%s:  error while labeling files under %s\n",
-					progname, buf);
+					"%s: error while traversing %s: %s\n",
+					progname, buf, strerror(errno));
 				errors++;
 			}
 		}

Modified: trunk/policycoreutils/restorecond/restorecond.init
===================================================================
--- trunk/policycoreutils/restorecond/restorecond.init	2007-04-24 13:48:25 UTC (rev 2361)
+++ trunk/policycoreutils/restorecond/restorecond.init	2007-04-24 13:56:42 UTC (rev 2362)
@@ -73,6 +73,7 @@
         ;;
   status)
 	status restorecond
+	RETVAL=$?
 	;;
   restart|reload)
 	restart

Modified: trunk/policycoreutils/scripts/chcat
===================================================================
--- trunk/policycoreutils/scripts/chcat	2007-04-24 13:48:25 UTC (rev 2361)
+++ trunk/policycoreutils/scripts/chcat	2007-04-24 13:56:42 UTC (rev 2362)
@@ -74,10 +74,12 @@
             if i not in cats:
                 cats.append(i)
 
-        new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
-        if new_serange[-1:] == ":":
-            new_serange = new_serange[:-1]
             
+        if len(cats) > 0:
+            new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
+        else
+            new_serange = "%s-%s" % (serange[0], top[0])
+            
         if add_ind:
             cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
         else:
@@ -151,10 +153,11 @@
             if i in cats:
                 cats.remove(i)
 
-        new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
-        if new_serange[-1:] == ":":
-            new_serange = new_serange[:-1]
-        
+        if len(cats) > 0:
+            new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
+        else
+            new_serange = "%s-%s" % (serange[0], top[0])
+            
         if add_ind:
             cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
         else:

Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles	2007-04-24 13:48:25 UTC (rev 2361)
+++ trunk/policycoreutils/scripts/fixfiles	2007-04-24 13:56:42 UTC (rev 2362)
@@ -138,7 +138,7 @@
     exit $?
 fi
 LogReadOnly
-${SETFILES} ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
 exit $?
 }
 

Modified: trunk/policycoreutils/scripts/genhomedircon
===================================================================
--- trunk/policycoreutils/scripts/genhomedircon	2007-04-24 13:48:25 UTC (rev 2361)
+++ trunk/policycoreutils/scripts/genhomedircon	2007-04-24 13:56:42 UTC (rev 2362)
@@ -26,6 +26,7 @@
 
 import sys, os, pwd, string, getopt, re
 from semanage import *;
+import selinux
 import gettext
 gettext.install('policycoreutils')
 
@@ -249,7 +250,10 @@
 				i = i.replace("HOME_DIR", home)
 				i = i.replace("ROLE", prefix)
 				i = i.replace("system_u", seuser)
-				ret = ret+i
+				# Validate if the generated context exists.  Some user types may not exist
+				scon = i.split()[-1]
+				if selinux.security_check_context(scon) == 0:
+					ret = ret+i
 		fd.close()
 		return ret
 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


