[Selinux-commits] SF.net SVN: selinux: [2418] branches/stable/1_0/policycoreutils

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2418
          http://svn.sourceforge.net/selinux/?rev=2418&view=rev
Author:   ssmalley
Date:     2007-04-27 10:21:40 -0700 (Fri, 27 Apr 2007)

Log Message:
-----------
Ported r2362 and r2368 (policycoreutils:  various fixes) from trunk.

Modified Paths:
--------------
    branches/stable/1_0/policycoreutils/ChangeLog
    branches/stable/1_0/policycoreutils/VERSION
    branches/stable/1_0/policycoreutils/restorecon/restorecon.c
    branches/stable/1_0/policycoreutils/restorecond/restorecond.init
    branches/stable/1_0/policycoreutils/scripts/chcat
    branches/stable/1_0/policycoreutils/scripts/fixfiles
    branches/stable/1_0/policycoreutils/scripts/genhomedircon

Modified: branches/stable/1_0/policycoreutils/ChangeLog
===================================================================

--- branches/stable/1_0/policycoreutils/ChangeLog	2007-04-27 17:08:39 UTC (rev 2417)
+++ branches/stable/1_0/policycoreutils/ChangeLog	2007-04-27 17:21:40 UTC (rev 2418)
@@ -1,3 +1,7 @@
+1.34.8 2007-04-27
+	* Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
+	* Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
+
 1.34.7 2007-04-12
 	* Merged seobject setransRecords patch to return the first alias from Xavier Toth.
 

Modified: branches/stable/1_0/policycoreutils/VERSION
===================================================================
--- branches/stable/1_0/policycoreutils/VERSION	2007-04-27 17:08:39 UTC (rev 2417)
+++ branches/stable/1_0/policycoreutils/VERSION	2007-04-27 17:21:40 UTC (rev 2418)
@@ -1 +1 @@
-1.34.7
+1.34.8

Modified: branches/stable/1_0/policycoreutils/restorecon/restorecon.c
===================================================================
--- branches/stable/1_0/policycoreutils/restorecon/restorecon.c	2007-04-27 17:08:39 UTC (rev 2417)
+++ branches/stable/1_0/policycoreutils/restorecon/restorecon.c	2007-04-27 17:21:40 UTC (rev 2418)
@@ -336,8 +336,8 @@
 				if (!file_exist && errno == ENOENT)
 					return;
 				fprintf(stderr,
-					"%s:  error while labeling files under %s\n",
-					progname, buf);
+					"%s: error while traversing %s: %s\n",
+					progname, buf, strerror(errno));
 				errors++;
 			}
 		}

Modified: branches/stable/1_0/policycoreutils/restorecond/restorecond.init
===================================================================
--- branches/stable/1_0/policycoreutils/restorecond/restorecond.init	2007-04-27 17:08:39 UTC (rev 2417)
+++ branches/stable/1_0/policycoreutils/restorecond/restorecond.init	2007-04-27 17:21:40 UTC (rev 2418)
@@ -73,6 +73,7 @@
         ;;
   status)
 	status restorecond
+	RETVAL=$?
 	;;
   restart|reload)
 	restart

Modified: branches/stable/1_0/policycoreutils/scripts/chcat
===================================================================
--- branches/stable/1_0/policycoreutils/scripts/chcat	2007-04-27 17:08:39 UTC (rev 2417)
+++ branches/stable/1_0/policycoreutils/scripts/chcat	2007-04-27 17:21:40 UTC (rev 2418)
@@ -74,10 +74,12 @@
             if i not in cats:
                 cats.append(i)
 
-        new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
-        if new_serange[-1:] == ":":
-            new_serange = new_serange[:-1]
             
+        if len(cats) > 0:
+            new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
+        else
+            new_serange = "%s-%s" % (serange[0], top[0])
+            
         if add_ind:
             cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
         else:
@@ -151,10 +153,11 @@
             if i in cats:
                 cats.remove(i)
 
-        new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
-        if new_serange[-1:] == ":":
-            new_serange = new_serange[:-1]
-        
+        if len(cats) > 0:
+            new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
+        else
+            new_serange = "%s-%s" % (serange[0], top[0])
+            
         if add_ind:
             cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
         else:

Modified: branches/stable/1_0/policycoreutils/scripts/fixfiles
===================================================================
--- branches/stable/1_0/policycoreutils/scripts/fixfiles	2007-04-27 17:08:39 UTC (rev 2417)
+++ branches/stable/1_0/policycoreutils/scripts/fixfiles	2007-04-27 17:21:40 UTC (rev 2418)
@@ -138,7 +138,7 @@
     exit $?
 fi
 LogReadOnly
-${SETFILES} ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
 exit $?
 }
 

Modified: branches/stable/1_0/policycoreutils/scripts/genhomedircon
===================================================================
--- branches/stable/1_0/policycoreutils/scripts/genhomedircon	2007-04-27 17:08:39 UTC (rev 2417)
+++ branches/stable/1_0/policycoreutils/scripts/genhomedircon	2007-04-27 17:21:40 UTC (rev 2418)
@@ -26,6 +26,7 @@
 
 import sys, os, pwd, string, getopt, re
 from semanage import *;
+import selinux
 import gettext
 gettext.install('policycoreutils')
 
@@ -135,6 +136,9 @@
 		self.contextdir = "/contexts"
 		self.filecontextdir = self.contextdir+"/files"
 		self.usepwd = usepwd
+		self.default_user = "user_u"
+		self.default_prefix = "user"
+		self.users = self.getUsers()
 
 	def getFileContextDir(self):
 		return self.selinuxdir+self.type+self.filecontextdir
@@ -211,6 +215,10 @@
 		prefs["prefix"] = prefix
 		prefs["home"] = home
 		udict[user] = prefs
+			
+	def setDefaultUser(self, user, prefix):
+		self.default_user = user
+		self.default_prefix = prefix
 		
 	def getUsers(self):
 		udict = {}
@@ -219,7 +227,11 @@
 			for seuser in list:
 				user = []
 				seusername = semanage_seuser_get_sename(seuser)
-				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.get_default_prefix(seusername))
+				prefix = self.get_default_prefix(seusername)
+				if semanage_seuser_get_name(seuser) == "__default__":
+					self.setDefaultUser(seusername, prefix)
+
+				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, prefix)
 				
 		else:
 			try:
@@ -249,7 +261,10 @@
 				i = i.replace("HOME_DIR", home)
 				i = i.replace("ROLE", prefix)
 				i = i.replace("system_u", seuser)
-				ret = ret+i
+				# Validate if the generated context exists.  Some user types may not exist
+				scon = i.split()[-1]
+				if selinux.security_check_context(scon) == 0:
+					ret = ret+i
 		fd.close()
 		return ret
 
@@ -266,12 +281,11 @@
 		return ret
 
 	def genHomeDirContext(self):
-		users = self.getUsers()
 		ret = ""
 		# Fill in HOME and prefix for users that are defined
-		for u in users.keys():
-			ret += self.getHomeDirContext (u, users[u]["seuser"], users[u]["home"], users[u]["prefix"])
-			ret += self.getUserContext (u, users[u]["seuser"], users[u]["prefix"])
+		for u in self.users.keys():
+			ret += self.getHomeDirContext (u, self.users[u]["seuser"], self.users[u]["home"], self.users[u]["prefix"])
+			ret += self.getUserContext (u, self.users[u]["seuser"], self.users[u]["prefix"])
 		return ret+"\n"
 
 	def checkExists(self, home):
@@ -318,9 +332,9 @@
 	def genoutput(self):
 		ret = self.heading()
 		for h in self.getHomeDirs():
-			ret += self.getHomeDirContext ("user_u", "user_u" , h+'/[^/]*', "user")
+			ret += self.getHomeDirContext (self.default_user, self.default_user, h+'/[^/]*', self.default_prefix)
 			ret += self.getHomeRootContext(h)
-		ret += self.getUserContext(".*", "user_u", "user") + "\n"
+		ret += self.getUserContext(".*", self.default_user, self.default_prefix) + "\n"
 		ret += self.genHomeDirContext()
 		return ret
 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


