Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2007-02-21 17:09:34
|
Revision: 2246
http://svn.sourceforge.net/selinux/?rev=2246&view=rev
Author: ssmalley
Date: 2007-02-21 09:09:32 -0800 (Wed, 21 Feb 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: policycoreutils patch
Date: Tue, 20 Feb 2007 09:50:32 -0500
chcat fixes:
* Broken stderr handling fix
* if serange ends in a ":" chop it off.
* Switch chcat to exec semanage rather than use builtin so that
proper transitions happen, otherwise I would have to run chcat under an
semanage context.
Man pages fixes to be more standard.
Modified Paths:
--------------
trunk/policycoreutils/scripts/chcat
trunk/policycoreutils/scripts/chcat.8
trunk/policycoreutils/scripts/fixfiles.8
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/scripts/chcat
===================================================================
--- trunk/policycoreutils/scripts/chcat 2007-02-21 17:06:44 UTC (rev 2245)
+++ trunk/policycoreutils/scripts/chcat 2007-02-21 17:09:32 UTC (rev 2246)
@@ -25,12 +25,23 @@
import commands, sys, os, pwd, string, getopt, selinux
import seobject
import gettext
+import codecs
+import locale
+sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
+sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
try:
gettext.install('policycoreutils')
-except:
- pass
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+def errorExit(error):
+ sys.stderr.write("%s: " % sys.argv[0])
+ sys.stderr.write("%s\n" % error)
+ sys.stderr.flush()
+ sys.exit(1)
+
def verify_users(users):
for u in users:
try:
@@ -62,12 +73,20 @@
for i in newcat[1:]:
if i not in cats:
cats.append(i)
+
new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
-
+ if new_serange[-1:] == ":":
+ new_serange = new_serange[:-1]
+
if add_ind:
- logins.add(u, user[0], new_serange)
+ cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
else:
- logins.modify(u, user[0], new_serange)
+ cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+
return errors
def chcat_add(orig, newcat, objects,login_ind):
@@ -133,11 +152,17 @@
cats.remove(i)
new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
+ if new_serange[-1:] == ":":
+ new_serange = new_serange[:-1]
if add_ind:
- logins.add(u, user[0], new_serange)
+ cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
else:
- logins.modify(u, user[0], new_serange)
+ cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
return errors
def chcat_remove(orig, newcat, objects, login_ind):
@@ -198,11 +223,17 @@
user = seusers["__default__"]
serange = user[1].split("-")
new_serange = "%s-%s:%s" % (serange[0],newcat[0], string.join(newcat[1:], ","))
-
+ if new_serange[-1:] == ":":
+ new_serange = new_serange[:-1]
+
if add_ind:
- logins.add(u, user[0], new_serange)
+ cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
else:
- logins.modify(u, user[0], new_serange)
+ cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
return errors
def chcat_replace(newcat, objects, login_ind):
@@ -362,6 +393,10 @@
if list_ind == 0 and len(cmds) < 1:
usage()
+
+ except getopt.error, error:
+ errorExit(_("Options Error %s ") % error.msg)
+
except ValueError, e:
usage()
Modified: trunk/policycoreutils/scripts/chcat.8
===================================================================
--- trunk/policycoreutils/scripts/chcat.8 2007-02-21 17:06:44 UTC (rev 2245)
+++ trunk/policycoreutils/scripts/chcat.8 2007-02-21 17:09:32 UTC (rev 2246)
@@ -3,30 +3,31 @@
chcat \- change file SELinux security category
.SH SYNOPSIS
.B chcat
-\fICATEGORY FILE\fR...
+\fIcategory file\fR...
.br
.B chcat -l
-\fICATEGORY USER\fR...
+\fIcategory user\fR...
.br
.B chcat
-\fI[[+|-]CATEGORY],...] FILE\fR...
+\fI[[+|-]category...] file\fR...
.br
.B chcat -l
-\fI[[+|-]CATEGORY],...] USER\fR...
+\fI[[+|-]category...] user\fR...
.br
.B chcat
-[\fI-d\fR] \fIFILE\fR...
+[\fI-d\fR] \fIfile\fR...
.br
.B chcat -l
-[\fI-d\fR] \fIUSER\fR...
+[\fI-d\fR] \fIuser\fR...
.br
.B chcat
-\fI-L\fR [-l] [ USER ... ]
+\fI-L\fR [ -l ] [ user ... ]
.br
+.SH DESCRIPTION
.PP
-Change/Remove the security CATEGORY for each FILE/USER.
+Change/Remove the security \fIcategory\fR for each \fIfile\fR or \fIuser\fR.
.PP
-Use +/- to add/remove categories from a FILE/USER.
+Use +/- to add/remove categories from a \fIfile\fR or \fIuser\fR.
.PP
.B
Note:
Modified: trunk/policycoreutils/scripts/fixfiles.8
===================================================================
--- trunk/policycoreutils/scripts/fixfiles.8 2007-02-21 17:06:44 UTC (rev 2245)
+++ trunk/policycoreutils/scripts/fixfiles.8 2007-02-21 17:09:32 UTC (rev 2246)
@@ -54,7 +54,7 @@
change any incorrect file context labels.
.TP
.B relabel
-Prompt for removal of contents of /tmp directory and then change any inccorect file context labels to match the install file_contexts file.
+Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
.TP
.B verify
List out files with incorrect file context labels, but do not change them.
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-02-21 17:06:44 UTC (rev 2245)
+++ trunk/policycoreutils/semanage/seobject.py 2007-02-21 17:09:32 UTC (rev 2246)
@@ -209,7 +209,7 @@
os.write(fd, self.out())
os.close(fd)
os.rename(newfilename, self.filename)
-
+
class semanageRecords:
def __init__(self):
self.sh = semanage_handle_create()
@@ -464,7 +464,8 @@
rc = semanage_user_set_mlslevel(self.sh, u, selevel)
if rc < 0:
raise ValueError(_("Could not set MLS level for %s") % name)
-
+ if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0:
+ raise ValueError(_("Invalid prefix %s") % prefix)
rc = semanage_user_set_prefix(self.sh, u, prefix)
if rc < 0:
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@@ -530,7 +531,9 @@
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
if prefix != "":
- semanage_user_set_prefix(self.sh, u, prefix)
+ if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
+ raise ValueError(_("Invalid prefix %s") % prefix)
+ semanage_user_set_prefix(self.sh, u, prefix)
if len(roles) != 0:
for r in rlist:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-02-22 16:10:23
|
Revision: 2266
http://svn.sourceforge.net/selinux/?rev=2266&view=rev
Author: ssmalley
Date: 2007-02-22 08:10:19 -0800 (Thu, 22 Feb 2007)
Log Message:
-----------
Updated VERSIONs and ChangeLogs.
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-02-22 16:08:19 UTC (rev 2265)
+++ trunk/policycoreutils/ChangeLog 2007-02-22 16:10:19 UTC (rev 2266)
@@ -1,3 +1,6 @@
+2.0.6 2007-02-22
+ * Merged newrole O_NONBLOCK fix from Linda Knippers.
+
2.0.5 2007-02-22
* Merged sepolgen and audit2allow patches to leave generated files
in the current directory from Karl MacMillan.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-02-22 16:08:19 UTC (rev 2265)
+++ trunk/policycoreutils/VERSION 2007-02-22 16:10:19 UTC (rev 2266)
@@ -1 +1 @@
-2.0.5
+2.0.6
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kma...@us...> - 2007-03-01 19:04:50
|
Revision: 2276
http://svn.sourceforge.net/selinux/?rev=2276&view=rev
Author: kmacmillan
Date: 2007-03-01 11:04:48 -0800 (Thu, 01 Mar 2007)
Log Message:
-----------
policycoreutils 2.0.7
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-03-01 19:01:48 UTC (rev 2275)
+++ trunk/policycoreutils/ChangeLog 2007-03-01 19:04:48 UTC (rev 2276)
@@ -1,3 +1,6 @@
+2.0.7 2007-03-01
+ * Merged restorecond init script LSB compliance patch from Steve Grubb.
+
2.0.6 2007-02-22
* Merged newrole O_NONBLOCK fix from Linda Knippers.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-03-01 19:01:48 UTC (rev 2275)
+++ trunk/policycoreutils/VERSION 2007-03-01 19:04:48 UTC (rev 2276)
@@ -1 +1 @@
-2.0.6
+2.0.7
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-10 19:09:50
|
Revision: 2336
http://svn.sourceforge.net/selinux/?rev=2336&view=rev
Author: ssmalley
Date: 2007-04-10 12:09:48 -0700 (Tue, 10 Apr 2007)
Log Message:
-----------
Updated ChangeLog and VERSION
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-04-10 19:05:33 UTC (rev 2335)
+++ trunk/policycoreutils/ChangeLog 2007-04-10 19:09:48 UTC (rev 2336)
@@ -1,3 +1,6 @@
+2.0.8 2007-04-10
+ * Merged updates to sepolgen-ifgen from Karl MacMillan.
+
2.0.7 2007-03-01
* Merged restorecond init script LSB compliance patch from Steve Grubb.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-04-10 19:05:33 UTC (rev 2335)
+++ trunk/policycoreutils/VERSION 2007-04-10 19:09:48 UTC (rev 2336)
@@ -1 +1 @@
-2.0.7
+2.0.8
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-12 16:19:57
|
Revision: 2339
http://svn.sourceforge.net/selinux/?rev=2339&view=rev
Author: ssmalley
Date: 2007-04-12 09:19:56 -0700 (Thu, 12 Apr 2007)
Log Message:
-----------
Updated ChangeLog and VERSION.
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-04-12 15:48:54 UTC (rev 2338)
+++ trunk/policycoreutils/ChangeLog 2007-04-12 16:19:56 UTC (rev 2339)
@@ -1,3 +1,6 @@
+2.0.9 2007-04-12
+ * Merged seobject setransRecords patch to return the first alias from Xavier Toth.
+
2.0.8 2007-04-10
* Merged updates to sepolgen-ifgen from Karl MacMillan.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-04-12 15:48:54 UTC (rev 2338)
+++ trunk/policycoreutils/VERSION 2007-04-12 16:19:56 UTC (rev 2339)
@@ -1 +1 @@
-2.0.8
+2.0.9
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-24 13:56:43
|
Revision: 2362
http://svn.sourceforge.net/selinux/?rev=2362&view=rev
Author: ssmalley
Date: 2007-04-24 06:56:42 -0700 (Tue, 24 Apr 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: policycoreutils patches
Date: Thu, 12 Apr 2007 16:54:02 -0400
Fix chcat to handle case where there are no categories.
Change fixfiles to run setfiles in quiet mode
Change genhomedircon to verify context before setting homedir file
context. This can happen if you have different user types, where one
type has a homedir file context while another one does not.
restorecond init script does not return status properly
Fix output of restorecon.c errors to show correct error message.
[sds: Dropped change to move audit2allow to /sbin, and added a prefix
to the error message in restorecon.]
Modified Paths:
--------------
trunk/policycoreutils/restorecon/restorecon.c
trunk/policycoreutils/restorecond/restorecond.init
trunk/policycoreutils/scripts/chcat
trunk/policycoreutils/scripts/fixfiles
trunk/policycoreutils/scripts/genhomedircon
Modified: trunk/policycoreutils/restorecon/restorecon.c
===================================================================
--- trunk/policycoreutils/restorecon/restorecon.c 2007-04-24 13:48:25 UTC (rev 2361)
+++ trunk/policycoreutils/restorecon/restorecon.c 2007-04-24 13:56:42 UTC (rev 2362)
@@ -336,8 +336,8 @@
if (!file_exist && errno == ENOENT)
return;
fprintf(stderr,
- "%s: error while labeling files under %s\n",
- progname, buf);
+ "%s: error while traversing %s: %s\n",
+ progname, buf, strerror(errno));
errors++;
}
}
Modified: trunk/policycoreutils/restorecond/restorecond.init
===================================================================
--- trunk/policycoreutils/restorecond/restorecond.init 2007-04-24 13:48:25 UTC (rev 2361)
+++ trunk/policycoreutils/restorecond/restorecond.init 2007-04-24 13:56:42 UTC (rev 2362)
@@ -73,6 +73,7 @@
;;
status)
status restorecond
+ RETVAL=$?
;;
restart|reload)
restart
Modified: trunk/policycoreutils/scripts/chcat
===================================================================
--- trunk/policycoreutils/scripts/chcat 2007-04-24 13:48:25 UTC (rev 2361)
+++ trunk/policycoreutils/scripts/chcat 2007-04-24 13:56:42 UTC (rev 2362)
@@ -74,10 +74,12 @@
if i not in cats:
cats.append(i)
- new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
- if new_serange[-1:] == ":":
- new_serange = new_serange[:-1]
+ if len(cats) > 0:
+ new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
+ else
+ new_serange = "%s-%s" % (serange[0], top[0])
+
if add_ind:
cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
else:
@@ -151,10 +153,11 @@
if i in cats:
cats.remove(i)
- new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
- if new_serange[-1:] == ":":
- new_serange = new_serange[:-1]
-
+ if len(cats) > 0:
+ new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
+ else
+ new_serange = "%s-%s" % (serange[0], top[0])
+
if add_ind:
cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
else:
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2007-04-24 13:48:25 UTC (rev 2361)
+++ trunk/policycoreutils/scripts/fixfiles 2007-04-24 13:56:42 UTC (rev 2362)
@@ -138,7 +138,7 @@
exit $?
fi
LogReadOnly
-${SETFILES} ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
exit $?
}
Modified: trunk/policycoreutils/scripts/genhomedircon
===================================================================
--- trunk/policycoreutils/scripts/genhomedircon 2007-04-24 13:48:25 UTC (rev 2361)
+++ trunk/policycoreutils/scripts/genhomedircon 2007-04-24 13:56:42 UTC (rev 2362)
@@ -26,6 +26,7 @@
import sys, os, pwd, string, getopt, re
from semanage import *;
+import selinux
import gettext
gettext.install('policycoreutils')
@@ -249,7 +250,10 @@
i = i.replace("HOME_DIR", home)
i = i.replace("ROLE", prefix)
i = i.replace("system_u", seuser)
- ret = ret+i
+ # Validate if the generated context exists. Some user types may not exist
+ scon = i.split()[-1]
+ if selinux.security_check_context(scon) == 0:
+ ret = ret+i
fd.close()
return ret
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-24 13:58:06
|
Revision: 2363
http://svn.sourceforge.net/selinux/?rev=2363&view=rev
Author: ssmalley
Date: 2007-04-24 06:58:04 -0700 (Tue, 24 Apr 2007)
Log Message:
-----------
Updated ChangeLog and VERSION.
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-04-24 13:56:42 UTC (rev 2362)
+++ trunk/policycoreutils/ChangeLog 2007-04-24 13:58:04 UTC (rev 2363)
@@ -1,3 +1,6 @@
+2.0.10 2007-04-24
+ * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
+
2.0.9 2007-04-12
* Merged seobject setransRecords patch to return the first alias from Xavier Toth.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-04-24 13:56:42 UTC (rev 2362)
+++ trunk/policycoreutils/VERSION 2007-04-24 13:58:04 UTC (rev 2363)
@@ -1 +1 @@
-2.0.9
+2.0.10
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-24 17:17:03
|
Revision: 2366
http://svn.sourceforge.net/selinux/?rev=2366&view=rev
Author: ssmalley
Date: 2007-04-24 10:17:01 -0700 (Tue, 24 Apr 2007)
Log Message:
-----------
Updated ChangeLog and VERSION.
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-04-24 17:15:41 UTC (rev 2365)
+++ trunk/policycoreutils/ChangeLog 2007-04-24 17:17:01 UTC (rev 2366)
@@ -1,3 +1,6 @@
+2.0.11 2007-04-24
+ * Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
+
2.0.10 2007-04-24
* Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-04-24 17:15:41 UTC (rev 2365)
+++ trunk/policycoreutils/VERSION 2007-04-24 17:17:01 UTC (rev 2366)
@@ -1 +1 @@
-2.0.10
+2.0.11
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-24 20:16:42
|
Revision: 2369
http://svn.sourceforge.net/selinux/?rev=2369&view=rev
Author: ssmalley
Date: 2007-04-24 13:16:42 -0700 (Tue, 24 Apr 2007)
Log Message:
-----------
Updated ChangeLog and VERSION.
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-04-24 20:14:58 UTC (rev 2368)
+++ trunk/policycoreutils/ChangeLog 2007-04-24 20:16:42 UTC (rev 2369)
@@ -1,3 +1,6 @@
+2.0.12 2007-04-24
+ * Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
+
2.0.11 2007-04-24
* Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-04-24 20:14:58 UTC (rev 2368)
+++ trunk/policycoreutils/VERSION 2007-04-24 20:16:42 UTC (rev 2369)
@@ -1 +1 @@
-2.0.11
+2.0.12
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-24 20:23:47
|
Revision: 2373
http://svn.sourceforge.net/selinux/?rev=2373&view=rev
Author: ssmalley
Date: 2007-04-24 13:23:46 -0700 (Tue, 24 Apr 2007)
Log Message:
-----------
Updated ChangeLog and VERSION.
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-04-24 20:21:41 UTC (rev 2372)
+++ trunk/policycoreutils/ChangeLog 2007-04-24 20:23:46 UTC (rev 2373)
@@ -1,3 +1,6 @@
+2.0.13 2007-04-24
+ * Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
+
2.0.12 2007-04-24
* Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-04-24 20:21:41 UTC (rev 2372)
+++ trunk/policycoreutils/VERSION 2007-04-24 20:23:46 UTC (rev 2373)
@@ -1 +1 @@
-2.0.12
+2.0.13
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-25 18:31:59
|
Revision: 2375
http://svn.sourceforge.net/selinux/?rev=2375&view=rev
Author: ssmalley
Date: 2007-04-25 11:31:53 -0700 (Wed, 25 Apr 2007)
Log Message:
-----------
Build fix for setsebool
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
trunk/policycoreutils/setsebool/setsebool.c
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-04-24 20:35:23 UTC (rev 2374)
+++ trunk/policycoreutils/ChangeLog 2007-04-25 18:31:53 UTC (rev 2375)
@@ -1,3 +1,6 @@
+2.0.14 2007-04-25
+ * Build fix for setsebool.
+
2.0.13 2007-04-24
* Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-04-24 20:35:23 UTC (rev 2374)
+++ trunk/policycoreutils/VERSION 2007-04-25 18:31:53 UTC (rev 2375)
@@ -1 +1 @@
-2.0.13
+2.0.14
Modified: trunk/policycoreutils/setsebool/setsebool.c
===================================================================
--- trunk/policycoreutils/setsebool/setsebool.c 2007-04-24 20:35:23 UTC (rev 2374)
+++ trunk/policycoreutils/setsebool/setsebool.c 2007-04-25 18:31:53 UTC (rev 2375)
@@ -161,10 +161,6 @@
semanage_disconnect(handle);
- out:
- semanage_handle_destroy(handle);
- return 0;
-
err:
semanage_bool_key_free(bool_key);
semanage_bool_free(boolean);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-05-03 17:40:42
|
Revision: 2427
http://svn.sourceforge.net/selinux/?rev=2427&view=rev
Author: ssmalley
Date: 2007-05-03 10:40:41 -0700 (Thu, 03 May 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.16
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-05-03 17:39:05 UTC (rev 2426)
+++ trunk/policycoreutils/ChangeLog 2007-05-03 17:40:41 UTC (rev 2427)
@@ -1,3 +1,6 @@
+2.0.16 2007-05-03
+ * Merged support for modifying the prefix via semanage from Dan Walsh.
+
2.0.15 2007-04-26
* Merged move of audit2why to /usr/bin from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-05-03 17:39:05 UTC (rev 2426)
+++ trunk/policycoreutils/VERSION 2007-05-03 17:40:41 UTC (rev 2427)
@@ -1 +1 @@
-2.0.15
+2.0.16
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-05-09 14:47:48
|
Revision: 2431
http://svn.sourceforge.net/selinux/?rev=2431&view=rev
Author: ssmalley
Date: 2007-05-09 07:47:47 -0700 (Wed, 09 May 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.17
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-05-09 14:29:30 UTC (rev 2430)
+++ trunk/policycoreutils/ChangeLog 2007-05-09 14:47:47 UTC (rev 2431)
@@ -1,3 +1,6 @@
+2.0.17 2007-05-09
+ * Merged genhomedircon fix to find conflicting directories correctly from Dan Walsh.
+
2.0.16 2007-05-03
* Merged support for modifying the prefix via semanage from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-05-09 14:29:30 UTC (rev 2430)
+++ trunk/policycoreutils/VERSION 2007-05-09 14:47:47 UTC (rev 2431)
@@ -1 +1 @@
-2.0.16
+2.0.17
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kma...@us...> - 2007-05-11 14:30:32
|
Revision: 2436
http://svn.sourceforge.net/selinux/?rev=2436&view=rev
Author: kmacmillan
Date: 2007-05-11 07:30:29 -0700 (Fri, 11 May 2007)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: Coalesce setfiles and restorecon into a single program
Date: Fri, 04 May 2007 15:19:47 -0400
restorecon started life as a much simpler program, but has gradually
grown to being largely a duplicate of setfiles, only differing in its
interface and default behaviors. Meanwhile, people keep adding features
and options to both programs, leading to inconsistencies.
This patch coalesces setfiles and restorecon into a single program
presenting different interfaces and default behaviors depending on
basename(argv[0]), making restorecon a symlink to setfiles.
Unresolved issue: Current policy defines separate domains for the two
programs. We need to either coalesce the domains as well, or if there
is legitimate reason for separating them, restorecon could remain a
separate binary (either a complete separate copy or a wrapper) even if
the sources are coalesced.
Comments?
Acked-by: Karl MacMillan <kma...@me...>
Modified Paths:
--------------
trunk/policycoreutils/Makefile
trunk/policycoreutils/setfiles/Makefile
trunk/policycoreutils/setfiles/setfiles.c
Added Paths:
-----------
trunk/policycoreutils/setfiles/restorecon.8
Removed Paths:
-------------
trunk/policycoreutils/restorecon/Makefile
trunk/policycoreutils/restorecon/restorecon.8
trunk/policycoreutils/restorecon/restorecon.c
Modified: trunk/policycoreutils/Makefile
===================================================================
--- trunk/policycoreutils/Makefile 2007-05-09 15:03:33 UTC (rev 2435)
+++ trunk/policycoreutils/Makefile 2007-05-11 14:30:29 UTC (rev 2436)
@@ -1,4 +1,4 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
all install relabel clean indent:
@for subdir in $(SUBDIRS); do \
Deleted: trunk/policycoreutils/restorecon/Makefile
===================================================================
--- trunk/policycoreutils/restorecon/Makefile 2007-05-09 15:03:33 UTC (rev 2435)
+++ trunk/policycoreutils/restorecon/Makefile 2007-05-11 14:30:29 UTC (rev 2436)
@@ -1,28 +0,0 @@
-# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
-SBINDIR ?= $(DESTDIR)/sbin
-MANDIR = $(PREFIX)/share/man
-
-CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -lsepol -L$(PREFIX)/lib
-
-all: restorecon
-
-restorecon: restorecon.o
- $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
-
-install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 restorecon $(SBINDIR)
- install -m 644 restorecon.8 $(MANDIR)/man8
-
-clean:
- -rm -f restorecon *.o
-
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
-relabel: install
- /sbin/restorecon $(SBINDIR)/restorecon
Deleted: trunk/policycoreutils/restorecon/restorecon.8
===================================================================
--- trunk/policycoreutils/restorecon/restorecon.8 2007-05-09 15:03:33 UTC (rev 2435)
+++ trunk/policycoreutils/restorecon/restorecon.8 2007-05-11 14:30:29 UTC (rev 2436)
@@ -1,68 +0,0 @@
-.TH "restorecon" "8" "2002031409" "" ""
-.SH "NAME"
-restorecon \- restore file(s) default SELinux security contexts.
-
-.SH "SYNOPSIS"
-.B restorecon
-.I [\-o outfilename ] [\-R] [\-n] [\-v] [\-e directory ] pathname...
-.P
-.B restorecon
-.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-v] [\-F]
-
-.SH "DESCRIPTION"
-This manual page describes the
-.BR restorecon
-program.
-.P
-This program is primarily used to set the security context
-(extended attributes) on one or more files.
-.P
-It can be run at any time to correct errors, to add support for
-new policy, or with the \-n option it can just check whether the file
-contexts are all as you expect.
-
-.SH "OPTIONS"
-.TP
-.B \-i
-ignore files that do not exist
-.TP
-.B \-f infilename
-infilename contains a list of files to be processed by application. Use \- for stdin.
-.TP
-.B \-e directory
-directory to exclude (repeat option for more than one directory.)
-.TP
-.B \-R \-r
-change files and directories file labels recursively
-.TP
-.B \-n
-don't change any file labels.
-.TP
-.B \-o outfilename
-save list of files with incorrect context in outfilename.
-.TP
-.B \-v
-show changes in file labels.
-.TP
-.B \-vv
-show changes in file labels, if type, role, or user are changing.
-.TP
-.B \-F
-Force reset of context to match file_context for customizable files, or the user section, if it has changed.
-.TP
-.SH "ARGUMENTS"
-.B pathname...
-The pathname for the file(s) to be relabeled.
-.SH NOTE
-restorecon does not follow symbolic links.
-
-.SH "AUTHOR"
-This man page was written by Dan Walsh <dw...@re...>.
-Some of the content of this man page was taken from the setfiles
-man page written by Russell Coker <ru...@co...>.
-The program was written by Dan Walsh <dw...@re...>.
-
-.SH "SEE ALSO"
-.BR load_policy (8),
-.BR checkpolicy (8)
-.BR setfiles (8)
Deleted: trunk/policycoreutils/restorecon/restorecon.c
===================================================================
--- trunk/policycoreutils/restorecon/restorecon.c 2007-05-09 15:03:33 UTC (rev 2435)
+++ trunk/policycoreutils/restorecon/restorecon.c 2007-05-11 14:30:29 UTC (rev 2436)
@@ -1,456 +0,0 @@
-/*
- * restorecon
- *
- * AUTHOR: Dan Walsh <dw...@re...>
- *
- * PURPOSE:
- * This program takes a list of files and sets their security context
- * to match the specification returned by matchpathcon.
- *
- * USAGE:
- * restorecon [-Rnv] pathname...
- *
- * -e Specify directory to exclude
- * -i Ignore error if file does not exist
- * -n Do not change any file labels.
- * -v Show changes in file labels.
- * -o filename save list of files with incorrect context
- * -F Force reset of context to match file_context for customizable files
- *
- * pathname... The file(s) to label
- *
- * EXAMPLE USAGE:
- * restorecon /dev/tty*
- *
- */
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdio_ext.h>
-#include <errno.h>
-#include <string.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <limits.h>
-#include <selinux/selinux.h>
-#include <getopt.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <stdio.h>
-#define __USE_XOPEN_EXTENDED 1 /* nftw */
-#include <ftw.h>
-
-static int change = 1;
-static int verbose = 0;
-static int progress = 0;
-static FILE *outfile = NULL;
-static char *progname;
-static int errors = 0;
-static int recurse = 0;
-static int file_exist = 1;
-static int force = 0;
-#define STAT_BLOCK_SIZE 1
-static int pipe_fds[2] = { -1, -1 };
-static unsigned long long count = 0;
-
-#define MAX_EXCLUDES 100
-static int excludeCtr = 0;
-struct edir {
- char *directory;
- size_t size;
-};
-static struct edir excludeArray[MAX_EXCLUDES];
-static int add_exclude(const char *directory)
-{
- struct stat sb;
- size_t len = 0;
- if (directory == NULL || directory[0] != '/') {
- fprintf(stderr, "Full path required for exclude: %s.\n",
- directory);
- return 1;
- }
- if (lstat(directory, &sb)) {
- fprintf(stderr, "Directory \"%s\" not found, ignoring.\n",
- directory);
- return 0;
- }
- if ((sb.st_mode & S_IFDIR) == 0) {
- fprintf(stderr,
- "\"%s\" is not a Directory: mode %o, ignoring\n",
- directory, sb.st_mode);
- return 0;
- }
-
- if (excludeCtr == MAX_EXCLUDES) {
- fprintf(stderr, "Maximum excludes %d exceeded.\n",
- MAX_EXCLUDES);
- return 1;
- }
-
- len = strlen(directory);
- while (len > 1 && directory[len - 1] == '/') {
- len--;
- }
- excludeArray[excludeCtr].directory = strndup(directory, len);
-
- if (excludeArray[excludeCtr].directory == NULL) {
- fprintf(stderr, "Out of memory.\n");
- return 1;
- }
- excludeArray[excludeCtr++].size = len;
-
- return 0;
-}
-static int exclude(const char *file)
-{
- int i = 0;
- for (i = 0; i < excludeCtr; i++) {
- if (strncmp
- (file, excludeArray[i].directory,
- excludeArray[i].size) == 0) {
- if (file[excludeArray[i].size] == 0
- || file[excludeArray[i].size] == '/') {
- return 1;
- }
- }
- }
- return 0;
-}
-
-/* Compare two contexts to see if their differences are "significant",
- * or whether the only difference is in the user. */
-static int only_changed_user(const char *a, const char *b)
-{
- char *rest_a, *rest_b; /* Rest of the context after the user */
- if (force)
- return 0;
- if (!a || !b)
- return 0;
- rest_a = strchr(a, ':');
- rest_b = strchr(b, ':');
- if (!rest_a || !rest_b)
- return 0;
- return (strcmp(rest_a, rest_b) == 0);
-}
-
-void usage(const char *const name)
-{
- fprintf(stderr,
- "usage: %s [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
- name);
- exit(1);
-}
-
-/* filename has trailing '/' removed by nftw or other calling code */
-int restore(const char *filename)
-{
- int retcontext = 0;
- security_context_t scontext = NULL;
- security_context_t prev_context = NULL;
- struct stat st;
- char path[PATH_MAX + 1];
-
- if (progress) {
- count++;
- if (count % 80000 == 0) {
- fprintf(stdout, "\n");
- fflush(stdout);
- }
- if (count % 1000 == 0) {
- fprintf(stdout, "*");
- fflush(stdout);
- }
- }
-
- if (excludeCtr > 0 && exclude(filename)) {
- return 0;
- }
-
- if (lstat(filename, &st) != 0) {
- if (!file_exist && errno == ENOENT)
- return 0;
- fprintf(stderr, "lstat(%s) failed: %s\n", filename,
- strerror(errno));
- return 1;
- }
- if (S_ISLNK(st.st_mode)) {
- if (verbose > 1)
- fprintf(stderr,
- "Warning! %s refers to a symbolic link, not following last component.\n",
- filename);
- char *p = NULL, *file_sep;
- char *tmp_path = strdupa(filename);
- size_t len = 0;
- if (!tmp_path) {
- fprintf(stderr, "strdupa on %s failed: %s\n", filename,
- strerror(errno));
- return 1;
- }
- file_sep = strrchr(tmp_path, '/');
- if (file_sep == tmp_path) {
- file_sep++;
- p = strcpy(path, "");
- } else if (file_sep) {
- *file_sep = 0;
- file_sep++;
- p = realpath(tmp_path, path);
- } else {
- file_sep = tmp_path;
- p = realpath("./", path);
- }
- if (p)
- len = strlen(p);
- if (!p || len + strlen(file_sep) + 2 > PATH_MAX) {
- fprintf(stderr, "realpath(%s) failed %s\n", filename,
- strerror(errno));
- return 1;
- }
- p += len;
- /* ensure trailing slash of directory name */
- if (len == 0 || *(p - 1) != '/') {
- *p = '/';
- p++;
- }
- strcpy(p, file_sep);
- filename = path;
- } else {
- char *p;
- p = realpath(filename, path);
- if (!p) {
- fprintf(stderr, "realpath(%s) failed %s\n", filename,
- strerror(errno));
- return 1;
- }
- filename = p;
- }
- if (excludeCtr > 0 && exclude(filename)) {
- return 0;
- }
- if (matchpathcon(filename, st.st_mode, &scontext) < 0) {
- if (errno == ENOENT)
- return 0;
- fprintf(stderr, "matchpathcon(%s) failed %s\n", filename,
- strerror(errno));
- return 1;
- }
- retcontext = lgetfilecon_raw(filename, &prev_context);
-
- if (retcontext >= 0 || errno == ENODATA) {
- int customizable = 0;
- if (retcontext < 0)
- prev_context = NULL;
- if (retcontext < 0 || force ||
- (strcmp(prev_context, scontext) != 0 &&
- !(customizable =
- is_context_customizable(prev_context) > 0))) {
- if (only_changed_user(scontext, prev_context) == 0) {
- if (outfile)
- fprintf(outfile, "%s\n", filename);
- if (change) {
- if (lsetfilecon(filename, scontext) < 0) {
- fprintf(stderr,
- "%s set context %s->%s failed:'%s'\n",
- progname, filename,
- scontext,
- strerror(errno));
- if (retcontext >= 0)
- freecon(prev_context);
- freecon(scontext);
- return 1;
- }
- }
-
- if (verbose)
- printf("%s reset %s context %s->%s\n",
- progname, filename,
- (retcontext >=
- 0 ? prev_context : ""),
- scontext);
- }
- }
- if (verbose > 1 && !force && customizable > 0) {
- printf("%s: %s not reset customized by admin to %s\n",
- progname, filename, prev_context);
- }
-
- if (retcontext >= 0)
- freecon(prev_context);
- } else {
- errors++;
- fprintf(stderr, "%s get context on %s failed: '%s'\n",
- progname, filename, strerror(errno));
- }
- freecon(scontext);
- return errors;
-}
-
-static int pre_stat(const char *file_unused __attribute__ ((unused)),
- const struct stat *sb_unused __attribute__ ((unused)),
- int flag_unused __attribute__ ((unused)),
- struct FTW *s_unused __attribute__ ((unused)))
-{
- char buf[STAT_BLOCK_SIZE];
- if (write(pipe_fds[1], buf, STAT_BLOCK_SIZE) != STAT_BLOCK_SIZE) {
- fprintf(stderr, "Error writing to stat pipe, child exiting.\n");
- exit(1);
- }
- return 0;
-}
-
-static int apply_spec(const char *file,
- const struct stat *sb_unused __attribute__ ((unused)),
- int flag, struct FTW *s_unused __attribute__ ((unused)))
-{
- char buf[STAT_BLOCK_SIZE];
- if (pipe_fds[0] != -1
- && read(pipe_fds[0], buf, STAT_BLOCK_SIZE) != STAT_BLOCK_SIZE) {
- fprintf(stderr, "Read error on pipe.\n");
- pipe_fds[0] = -1;
- }
- if (flag == FTW_DNR) {
- fprintf(stderr, "%s: unable to read directory %s\n",
- progname, file);
- return 0;
- }
- errors = errors + restore(file);
- return 0;
-}
-void process(char *buf)
-{
- int rc;
- if (recurse) {
- if (pipe(pipe_fds) == -1)
- rc = -1;
- else
- rc = fork();
- if (rc == 0) {
- close(pipe_fds[0]);
- nftw(buf, pre_stat, 1024, FTW_PHYS);
- exit(1);
- }
- if (rc > 0)
- close(pipe_fds[1]);
- if (rc == -1 || rc > 0) {
- if (nftw(buf, apply_spec, 1024, FTW_PHYS)) {
- if (!file_exist && errno == ENOENT)
- return;
- fprintf(stderr,
- "%s: error while traversing %s: %s\n",
- progname, buf, strerror(errno));
- errors++;
- }
- }
- } else {
- /* Eliminate trailing / */
- size_t len = strlen(buf);
- if (len > 1 && buf[len - 1] == '/') {
- buf[len - 1] = 0;
- }
- errors = errors + restore(buf);
- }
-}
-int main(int argc, char **argv)
-{
- int i = 0;
- char *file_name = NULL;
- int file = 0;
- int opt;
- char *buf = NULL;
- size_t buf_len;
-
- memset(excludeArray, 0, sizeof(excludeArray));
-
- progname = argv[0];
- if (is_selinux_enabled() <= 0)
- exit(0);
-
- set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
-
- while ((opt = getopt(argc, argv, "ipFrRnvf:o:e:")) > 0) {
- switch (opt) {
- case 'n':
- change = 0;
- break;
- case 'i':
- file_exist = 0;
- break;
- case 'r':
- case 'R':
- recurse = 1;
- break;
- case 'F':
- force = 1;
- break;
- case 'e':
- if (add_exclude(optarg))
- exit(1);
- break;
- case 'o':
- if (strcmp(optarg, "-") == 0)
- outfile = stdout;
- else {
- outfile = fopen(optarg, "w");
- if (!outfile) {
- fprintf(stderr,
- "Error opening %s: %s\n",
- optarg, strerror(errno));
- usage(argv[0]);
- }
- __fsetlocking(outfile, FSETLOCKING_BYCALLER);
- }
- break;
- case 'v':
- if (progress) {
- fprintf(stderr,
- "Progress and Verbose mutually exclusive\n");
- usage(argv[0]);
- }
-
- verbose++;
- break;
- case 'p':
- if (verbose) {
- fprintf(stderr,
- "Progress and Verbose mutually exclusive\n");
- usage(argv[0]);
- }
- progress = 1;
- break;
- case 'f':
- file = 1;
- file_name = optarg;
- break;
- case '?':
- usage(argv[0]);
- }
- }
- if (file) {
- FILE *f = stdin;
- ssize_t len;
- if (strcmp(file_name, "-") != 0)
- f = fopen(file_name, "r");
- if (f == NULL) {
- fprintf(stderr, "Unable to open %s: %s\n", file_name,
- strerror(errno));
- usage(argv[0]);
- }
- __fsetlocking(f, FSETLOCKING_BYCALLER);
- while ((len = getline(&buf, &buf_len, f)) != -1) {
- buf[len - 1] = 0;
- process(buf);
- }
- if (strcmp(file_name, "-") != 0)
- fclose(f);
- } else {
- if (optind >= argc)
- usage(argv[0]);
- for (i = optind; i < argc; i++) {
- process(argv[i]);
- }
- }
- if (outfile)
- fclose(outfile);
-
- return errors;
-}
Modified: trunk/policycoreutils/setfiles/Makefile
===================================================================
--- trunk/policycoreutils/setfiles/Makefile 2007-05-09 15:03:33 UTC (rev 2435)
+++ trunk/policycoreutils/setfiles/Makefile 2007-05-11 14:30:29 UTC (rev 2436)
@@ -15,18 +15,22 @@
LDLIBS += -laudit
endif
-all: setfiles
+all: setfiles restorecon
setfiles: setfiles.o
+restorecon: setfiles
+ ln -sf setfiles restorecon
+
install: all
[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
-mkdir -p $(SBINDIR)
install -m 755 setfiles $(SBINDIR)
- install -m 644 setfiles.8 $(MANDIR)/man8
+ (cd $(SBINDIR) && ln -sf setfiles restorecon)
+ install -m 644 setfiles.8 restorecon.8 $(MANDIR)/man8
clean:
- rm -f setfiles *.o
+ rm -f setfiles restorecon *.o
indent:
../../scripts/Lindent $(wildcard *.[ch])
Added: trunk/policycoreutils/setfiles/restorecon.8
===================================================================
--- trunk/policycoreutils/setfiles/restorecon.8 (rev 0)
+++ trunk/policycoreutils/setfiles/restorecon.8 2007-05-11 14:30:29 UTC (rev 2436)
@@ -0,0 +1,68 @@
+.TH "restorecon" "8" "2002031409" "" ""
+.SH "NAME"
+restorecon \- restore file(s) default SELinux security contexts.
+
+.SH "SYNOPSIS"
+.B restorecon
+.I [\-o outfilename ] [\-R] [\-n] [\-v] [\-e directory ] pathname...
+.P
+.B restorecon
+.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-v] [\-F]
+
+.SH "DESCRIPTION"
+This manual page describes the
+.BR restorecon
+program.
+.P
+This program is primarily used to set the security context
+(extended attributes) on one or more files.
+.P
+It can be run at any time to correct errors, to add support for
+new policy, or with the \-n option it can just check whether the file
+contexts are all as you expect.
+
+.SH "OPTIONS"
+.TP
+.B \-i
+ignore files that do not exist
+.TP
+.B \-f infilename
+infilename contains a list of files to be processed by application. Use \- for stdin.
+.TP
+.B \-e directory
+directory to exclude (repeat option for more than one directory.)
+.TP
+.B \-R \-r
+change files and directories file labels recursively
+.TP
+.B \-n
+don't change any file labels.
+.TP
+.B \-o outfilename
+save list of files with incorrect context in outfilename.
+.TP
+.B \-v
+show changes in file labels.
+.TP
+.B \-vv
+show changes in file labels, if type, role, or user are changing.
+.TP
+.B \-F
+Force reset of context to match file_context for customizable files, or the user section, if it has changed.
+.TP
+.SH "ARGUMENTS"
+.B pathname...
+The pathname for the file(s) to be relabeled.
+.SH NOTE
+restorecon does not follow symbolic links.
+
+.SH "AUTHOR"
+This man page was written by Dan Walsh <dw...@re...>.
+Some of the content of this man page was taken from the setfiles
+man page written by Russell Coker <ru...@co...>.
+The program was written by Dan Walsh <dw...@re...>.
+
+.SH "SEE ALSO"
+.BR load_policy (8),
+.BR checkpolicy (8)
+.BR setfiles (8)
Modified: trunk/policycoreutils/setfiles/setfiles.c
===================================================================
--- trunk/policycoreutils/setfiles/setfiles.c 2007-05-09 15:03:33 UTC (rev 2435)
+++ trunk/policycoreutils/setfiles/setfiles.c 2007-05-11 14:30:29 UTC (rev 2436)
@@ -1,64 +1,6 @@
-/*
- * setfiles
- *
- * AUTHOR: Stephen Smalley <sd...@ep...>
- * This program was derived in part from the setfiles.pl script
- * developed by Secure Computing Corporation.
- *
- * PURPOSE:
- * This program reads a set of file security context specifications
- * based on pathname regular expressions and labels files
- * accordingly, traversing a set of file systems specified by
- * the user. The program does not cross file system boundaries.
- *
- * USAGE:
- * setfiles [-dnpqsvW] [-e directory ] [-c policy] [-o filename ] spec_file pathname...
- *
- * -e Specify directory to exclude
- * -F Force reset of context to match file_context for customizable files
- * -c Verify the specification file using a binary policy
- * -d Show what specification matched each file.
- * -l Log changes in files labels to syslog.
- * -n Do not change any file labels.
- * -p Show progress. Prints * for every 1000 files
- * -q Be quiet (suppress non-error output).
- * -r Use an alternate root path
- * -s Use stdin for a list of files instead of searching a partition.
- * -v Show changes in file labels.
- * -W Warn about entries that have no matching file.
- * -o filename write out file names with wrong context.
- *
- * spec_file The specification file.
- * pathname... The file systems to label (omit if using -s).
- *
- * EXAMPLE USAGE:
- * ./setfiles -v file_contexts `mount | awk '/ext3/{print $3}'`
- *
- * SPECIFICATION FILE:
- * Each specification has the form:
- * regexp [ -type ] ( context | <<none>> )
- *
- * By default, the regexp is an anchored match on both ends (i.e. a
- * caret (^) is prepended and a dollar sign ($) is appended automatically).
- * This default may be overridden by using .* at the beginning and/or
- * end of the regular expression.
- *
- * The optional type field specifies the file type as shown in the mode
- * field by ls, e.g. use -d to match only directories or -- to match only
- * regular files.
- *
- * The value of <<none> may be used to indicate that matching files
- * should not be relabeled.
- *
- * The last matching specification is used.
- *
- * If there are multiple hard links to a file that match
- * different specifications and those specifications indicate
- * different security contexts, then a warning is displayed
- * but the file is still labeled based on the last matching
- * specification other than <<none>>.
- */
-
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
#include <unistd.h>
#include <stdlib.h>
#include <fcntl.h>
@@ -83,8 +25,9 @@
#define AUDIT_FS_RELABEL 2309
#endif
#endif
+static int mass_relabel;
+static int mass_relabel_errs;
-static int add_assoc = 1;
static FILE *outfile = NULL;
static int force = 0;
#define STAT_BLOCK_SIZE 1
@@ -107,15 +50,28 @@
static int debug = 0;
static int change = 1;
static int quiet = 0;
-static int use_stdin = 0;
+static int ignore_enoent;
static int verbose = 0;
static int log = 0;
static int warn_no_match = 0;
static char *rootpath = NULL;
static int rootpathlen = 0;
+static int recurse; /* Recursive descent. */
+static int errors;
static char *progname;
+#define SETFILES "setfiles"
+#define RESTORECON "restorecon"
+static int iamrestorecon;
+
+/* Behavior flags determined based on setfiles vs. restorecon */
+static int expand_realpath; /* Expand paths via realpath. */
+static int abort_on_error; /* Abort the file tree walk upon an error. */
+static int add_assoc; /* Track inode associations for conflict detection. */
+static int nftw_flags; /* Flags to nftw, e.g. follow links, follow mounts */
+static int matchpathcon_flags; /* Flags to matchpathcon */
+
static void
#ifdef __GNUC__
__attribute__ ((format(printf, 1, 2)))
@@ -132,6 +88,7 @@
static int add_exclude(const char *directory)
{
struct stat sb;
+ size_t len = 0;
if (directory == NULL || directory[0] != '/') {
fprintf(stderr, "Full path required for exclude: %s.\n",
directory);
@@ -155,12 +112,17 @@
return 1;
}
- excludeArray[excludeCtr].directory = strdup(directory);
- if (!excludeArray[excludeCtr].directory) {
+ len = strlen(directory);
+ while (len > 1 && directory[len - 1] == '/') {
+ len--;
+ }
+ excludeArray[excludeCtr].directory = strndup(directory, len);
+
+ if (excludeArray[excludeCtr].directory == NULL) {
fprintf(stderr, "Out of memory.\n");
return 1;
}
- excludeArray[excludeCtr++].size = strlen(directory);
+ excludeArray[excludeCtr++].size = len;
return 0;
}
@@ -185,7 +147,79 @@
{
int ret;
const char *fullname = name;
+ char path[PATH_MAX + 1];
+ if (excludeCtr > 0) {
+ if (exclude(fullname)) {
+ return -1;
+ }
+ }
+ ret = lstat(fullname, sb);
+ if (ret) {
+ if (ignore_enoent && errno == ENOENT)
+ return 0;
+ fprintf(stderr, "%s: unable to stat file %s: %s\n", progname,
+ fullname, strerror(errno));
+ return -1;
+ }
+
+ if (expand_realpath) {
+ if (S_ISLNK(sb->st_mode)) {
+ if (verbose > 1)
+ fprintf(stderr,
+ "Warning! %s refers to a symbolic link, not following last component.\n",
+ fullname);
+ char *p = NULL, *file_sep;
+ char *tmp_path = strdupa(fullname);
+ size_t len = 0;
+ if (!tmp_path) {
+ fprintf(stderr, "strdupa on %s failed: %s\n", fullname,
+ strerror(errno));
+ return -1;
+ }
+ file_sep = strrchr(tmp_path, '/');
+ if (file_sep == tmp_path) {
+ file_sep++;
+ p = strcpy(path, "");
+ } else if (file_sep) {
+ *file_sep = 0;
+ file_sep++;
+ p = realpath(tmp_path, path);
+ } else {
+ file_sep = tmp_path;
+ p = realpath("./", path);
+ }
+ if (p)
+ len = strlen(p);
+ if (!p || len + strlen(file_sep) + 2 > PATH_MAX) {
+ fprintf(stderr, "realpath(%s) failed %s\n", fullname,
+ strerror(errno));
+ return -1;
+ }
+ p += len;
+ /* ensure trailing slash of directory name */
+ if (len == 0 || *(p - 1) != '/') {
+ *p = '/';
+ p++;
+ }
+ strcpy(p, file_sep);
+ fullname = path;
+ if (excludeCtr > 0 && exclude(fullname))
+ return -1;
+ } else {
+ char *p;
+ p = realpath(fullname, path);
+ if (!p) {
+ fprintf(stderr, "realpath(%s) failed %s\n", fullname,
+ strerror(errno));
+ return -1;
+ }
+ fullname = p;
+ if (excludeCtr > 0 && exclude(fullname))
+ return -1;
+ }
+ }
+
/* fullname will be the real file that gets labeled
* name will be what is matched in the policy */
if (NULL != rootpath) {
@@ -197,18 +231,6 @@
name += rootpathlen;
}
- if (excludeCtr > 0) {
- if (exclude(fullname)) {
- return -1;
- }
- }
- ret = lstat(fullname, sb);
- if (ret) {
- fprintf(stderr, "%s: unable to stat file %s\n", progname,
- fullname);
- return -1;
- }
-
if (rootpath != NULL && name[0] == '\0')
/* this is actually the root dir of the alt root */
return matchpathcon_index("/", sb->st_mode, con);
@@ -218,11 +240,17 @@
void usage(const char *const name)
{
- fprintf(stderr,
- "usage: %s [-dnpqvW] [-o filename] [-r alt_root_path ] spec_file pathname...\n"
- "usage: %s -c policyfile spec_file\n"
- "usage: %s -s [-dnqvW] [-o filename ] spec_file\n", name, name,
- name);
+ if (iamrestorecon) {
+ fprintf(stderr,
+ "usage: %s [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ name);
+ } else {
+ fprintf(stderr,
+ "usage: %s [-dnpqvW] [-o filename] [-r alt_root_path ] spec_file pathname...\n"
+ "usage: %s -c policyfile spec_file\n"
+ "usage: %s -s [-dnqvW] [-o filename ] spec_file\n", name, name,
+ name);
+ }
exit(1);
}
@@ -253,39 +281,21 @@
return (strcmp(rest_a, rest_b) == 0);
}
-/*
- * Apply the last matching specification to a file.
- * This function is called by nftw on each file during
- * the directory traversal.
- */
-static int apply_spec(const char *file,
- const struct stat *sb_unused __attribute__ ((unused)),
- int flag, struct FTW *s_unused __attribute__ ((unused)))
+static int restore(const char *file)
{
- const char *my_file;
+ char *my_file = strdupa(file);
struct stat my_sb;
int i, j, ret;
char *context, *newcon;
int user_only_changed = 0;
- char buf[STAT_BLOCK_SIZE];
- if (pipe_fds[0] != -1
- && read(pipe_fds[0], buf, STAT_BLOCK_SIZE) != STAT_BLOCK_SIZE) {
- fprintf(stderr, "Read error on pipe.\n");
- pipe_fds[0] = -1;
- }
+ size_t len = strlen(my_file);
- /* Skip the extra slash at the beginning, if present. */
+ /* Skip the extra slashes at the beginning and end, if present. */
if (file[0] == '/' && file[1] == '/')
- my_file = &file[1];
- else
- my_file = file;
+ my_file++;
+ if (len > 1 && my_file[len - 1] == '/')
+ my_file[len - 1] = 0;
- if (flag == FTW_DNR) {
- fprintf(stderr, "%s: unable to read directory %s\n",
- progname, my_file);
- return 0;
- }
-
i = match(my_file, &my_sb, &newcon);
if (i < 0)
/* No matching specification. */
@@ -330,10 +340,8 @@
if (errno == ENODATA) {
context = NULL;
} else {
- perror(my_file);
- fprintf(stderr,
- "%s: unable to obtain attribute for file %s\n",
- progname, my_file);
+ fprintf(stderr, "%s get context on %s failed: '%s'\n",
+ progname, my_file, strerror(errno));
goto err;
}
user_only_changed = 0;
@@ -346,7 +354,7 @@
* specification.
*/
if ((strcmp(newcon, "<<none>>") == 0) ||
- (context && (strcmp(context, newcon) == 0))) {
+ (context && (strcmp(context, newcon) == 0) && !force)) {
freecon(context);
goto out;
}
@@ -366,12 +374,8 @@
* the user has changed but the role and type are the
* same. For "-vv", emit everything. */
if (verbose > 1 || !user_only_changed) {
- if (context)
- printf("%s: relabeling %s from %s to %s\n",
- progname, my_file, context, newcon);
- else
- printf("%s: labeling %s to %s\n", progname,
- my_file, newcon);
+ printf("%s reset %s context %s->%s\n",
+ progname, my_file, context ?: "", newcon);
}
}
@@ -401,9 +405,8 @@
*/
ret = lsetfilecon(my_file, newcon);
if (ret) {
- perror(my_file);
- fprintf(stderr, "%s: unable to relabel %s to %s\n",
- progname, my_file, newcon);
+ fprintf(stderr, "%s set context %s->%s failed:'%s'\n",
+ progname, my_file, newcon, strerror(errno));
goto out;
}
out:
@@ -414,6 +417,34 @@
return -1;
}
+/*
+ * Apply the last matching specification to a file.
+ * This function is called by nftw on each file during
+ * the directory traversal.
+ */
+static int apply_spec(const char *file,
+ const struct stat *sb_unused __attribute__ ((unused)),
+ int flag, struct FTW *s_unused __attribute__ ((unused)))
+{
+ char buf[STAT_BLOCK_SIZE];
+ if (pipe_fds[0] != ...
[truncated message content] |
|
From: <kma...@us...> - 2007-05-11 14:32:25
|
Revision: 2438
http://svn.sourceforge.net/selinux/?rev=2438&view=rev
Author: kmacmillan
Date: 2007-05-11 07:32:25 -0700 (Fri, 11 May 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.18
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-05-11 14:31:21 UTC (rev 2437)
+++ trunk/policycoreutils/ChangeLog 2007-05-11 14:32:25 UTC (rev 2438)
@@ -1,3 +1,6 @@
+2.0.18 2007-05-11
+ * Merged merging of restorecon into setfiles from Stephen Smalley.
+
2.0.17 2007-05-09
* Merged genhomedircon fix to find conflicting directories correctly from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-05-11 14:31:21 UTC (rev 2437)
+++ trunk/policycoreutils/VERSION 2007-05-11 14:32:25 UTC (rev 2438)
@@ -1 +1 @@
-2.0.17
+2.0.18
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <kma...@us...> - 2007-05-11 18:41:01
|
Revision: 2444
http://svn.sourceforge.net/selinux/?rev=2444&view=rev
Author: kmacmillan
Date: 2007-05-11 11:41:00 -0700 (Fri, 11 May 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.19
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-05-11 18:39:22 UTC (rev 2443)
+++ trunk/policycoreutils/ChangeLog 2007-05-11 18:41:00 UTC (rev 2444)
@@ -1,3 +1,6 @@
+2.0.19 2007-05-11
+ * Merge newrole support for alternate pam configs from Ted X Toth.
+
2.0.18 2007-05-11
* Merged merging of restorecon into setfiles from Stephen Smalley.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-05-11 18:39:22 UTC (rev 2443)
+++ trunk/policycoreutils/VERSION 2007-05-11 18:41:00 UTC (rev 2444)
@@ -1 +1 @@
-2.0.18
+2.0.19
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-06-05 13:48:01
|
Revision: 2458
http://svn.sourceforge.net/selinux/?rev=2458&view=rev
Author: ssmalley
Date: 2007-06-05 06:47:52 -0700 (Tue, 05 Jun 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: policycoreutils patch
Date: Fri, 01 Jun 2007 10:32:35 -0400
policycoreutils should be checking if the user is the default_type not
hard coded to user_u.
Also if selinux is not enabled, the verification step should not
happen. This is causing problems in chroot environments for the install.
Both these fixes should go into the new genhomedircon that is being
added to semanage.
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/policycoreutils/audit2why/Makefile
trunk/policycoreutils/newrole/Makefile
trunk/policycoreutils/restorecond/Makefile
trunk/policycoreutils/run_init/Makefile
trunk/policycoreutils/scripts/genhomedircon
trunk/policycoreutils/secon/Makefile
trunk/policycoreutils/sestatus/Makefile
Modified: trunk/policycoreutils/audit2why/Makefile
===================================================================
--- trunk/policycoreutils/audit2why/Makefile 2007-06-01 11:57:09 UTC (rev 2457)
+++ trunk/policycoreutils/audit2why/Makefile 2007-06-05 13:47:52 UTC (rev 2458)
@@ -9,7 +9,7 @@
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = ${LIBDIR}/libsepol.a -lselinux -lsepol -L$(LIBDIR)
+LDLIBS = ${LIBDIR}/libsepol.a -lselinux -L$(LIBDIR)
TARGETS=audit2why
Modified: trunk/policycoreutils/newrole/Makefile
===================================================================
--- trunk/policycoreutils/newrole/Makefile 2007-06-01 11:57:09 UTC (rev 2457)
+++ trunk/policycoreutils/newrole/Makefile 2007-06-05 13:47:52 UTC (rev 2458)
@@ -23,7 +23,7 @@
CFLAGS ?= -Werror -Wall -W
EXTRA_OBJS =
override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -lsepol -L$(PREFIX)/lib
+LDLIBS += -lselinux -L$(PREFIX)/lib
ifeq (${PAMH}, /usr/include/security/pam_appl.h)
override CFLAGS += -DUSE_PAM
EXTRA_OBJS += hashtab.o
Modified: trunk/policycoreutils/restorecond/Makefile
===================================================================
--- trunk/policycoreutils/restorecond/Makefile 2007-06-01 11:57:09 UTC (rev 2457)
+++ trunk/policycoreutils/restorecond/Makefile 2007-06-05 13:47:52 UTC (rev 2458)
@@ -7,7 +7,7 @@
CFLAGS ?= -g -Werror -Wall -W
override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS += -lselinux -lsepol -L$(PREFIX)/lib
+LDLIBS += -lselinux -L$(PREFIX)/lib
all: restorecond
Modified: trunk/policycoreutils/run_init/Makefile
===================================================================
--- trunk/policycoreutils/run_init/Makefile 2007-06-01 11:57:09 UTC (rev 2457)
+++ trunk/policycoreutils/run_init/Makefile 2007-06-05 13:47:52 UTC (rev 2458)
@@ -10,7 +10,7 @@
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-LDLIBS += -lselinux -lsepol -L$(PREFIX)/lib
+LDLIBS += -lselinux -L$(PREFIX)/lib
ifeq (${PAMH}, /usr/include/security/pam_appl.h)
override CFLAGS += -DUSE_PAM
LDLIBS += -lpam -lpam_misc
Modified: trunk/policycoreutils/scripts/genhomedircon
===================================================================
--- trunk/policycoreutils/scripts/genhomedircon 2007-06-01 11:57:09 UTC (rev 2457)
+++ trunk/policycoreutils/scripts/genhomedircon 2007-06-05 13:47:52 UTC (rev 2458)
@@ -193,7 +193,7 @@
return prefix
def adduser(self, udict, user, seuser, prefix):
- if seuser == "user_u" or user == "__default__" or user == "system_u":
+ if seuser == self.default_user or user == "__default__" or user == "system_u":
return
# !!! chooses first prefix in the list to use in the file context !!!
try:
@@ -263,7 +263,7 @@
i = i.replace("system_u", seuser)
# Validate if the generated context exists. Some user types may not exist
scon = i.split()[-1]
- if selinux.security_check_context(scon) == 0:
+ if selinux.is_selinux_enabled() < 1 or selinux.security_check_context(scon) == 0:
ret = ret+i
fd.close()
return ret
Modified: trunk/policycoreutils/secon/Makefile
===================================================================
--- trunk/policycoreutils/secon/Makefile 2007-06-01 11:57:09 UTC (rev 2457)
+++ trunk/policycoreutils/secon/Makefile 2007-06-05 13:47:52 UTC (rev 2458)
@@ -9,7 +9,7 @@
VERSION = $(shell cat ../VERSION)
CFLAGS ?= $(WARNS) -O1
override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR)
-LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+LDLIBS = -lselinux -L$(LIBDIR)
all: secon
Modified: trunk/policycoreutils/sestatus/Makefile
===================================================================
--- trunk/policycoreutils/sestatus/Makefile 2007-06-01 11:57:09 UTC (rev 2457)
+++ trunk/policycoreutils/sestatus/Makefile 2007-06-05 13:47:52 UTC (rev 2458)
@@ -7,7 +7,7 @@
CFLAGS = -Werror -Wall -W
override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+LDLIBS = -lselinux -L$(LIBDIR)
all: sestatus
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-06-05 14:02:45
|
Revision: 2461
http://svn.sourceforge.net/selinux/?rev=2461&view=rev
Author: ssmalley
Date: 2007-06-05 07:02:40 -0700 (Tue, 05 Jun 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.20
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-06-05 13:59:27 UTC (rev 2460)
+++ trunk/policycoreutils/ChangeLog 2007-06-05 14:02:40 UTC (rev 2461)
@@ -1,3 +1,9 @@
+2.0.20 2007-06-05
+ * Merged genhomedircon fixes from Dan Walsh.
+ * Merged setfiles -c usage fix from Dan Walsh.
+ * Merged restorecon fix from Yuichi Nakamura.
+ * Dropped -lsepol where no longer needed.
+
2.0.19 2007-05-11
* Merge newrole support for alternate pam configs from Ted X Toth.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-06-05 13:59:27 UTC (rev 2460)
+++ trunk/policycoreutils/VERSION 2007-06-05 14:02:40 UTC (rev 2461)
@@ -1 +1 @@
-2.0.19
+2.0.20
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-06-13 12:47:44
|
Revision: 2476
http://svn.sourceforge.net/selinux/?rev=2476&view=rev
Author: ssmalley
Date: 2007-06-13 05:47:40 -0700 (Wed, 13 Jun 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.21
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-06-13 12:46:01 UTC (rev 2475)
+++ trunk/policycoreutils/ChangeLog 2007-06-13 12:47:40 UTC (rev 2476)
@@ -1,3 +1,6 @@
+2.0.21 2007-06-13
+ * Fixed setsebool (falling through to error path on success).
+
2.0.20 2007-06-05
* Merged genhomedircon fixes from Dan Walsh.
* Merged setfiles -c usage fix from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-06-13 12:46:01 UTC (rev 2475)
+++ trunk/policycoreutils/VERSION 2007-06-13 12:47:40 UTC (rev 2476)
@@ -1 +1 @@
-2.0.20
+2.0.21
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-08-23 14:32:50
|
Revision: 2524
http://selinux.svn.sourceforge.net/selinux/?rev=2524&view=rev
Author: ssmalley
Date: 2007-08-23 07:32:48 -0700 (Thu, 23 Aug 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: policycoreutils changes
Date: Tue, 21 Aug 2007 16:41:56 -0400
Change run_tty and open_init_pty to 755 instead of 555. Some audit
tools are reporting this as a problem. And I see no real value of 555.
for these to.
Simple bugfix for chcat
Fixes to make sure fixfiles reports errors and handles strange regexes.
Speed enhancement for genhomedircon to only compile regex's once.
Modified Paths:
--------------
trunk/policycoreutils/run_init/Makefile
trunk/policycoreutils/scripts/chcat
trunk/policycoreutils/scripts/fixfiles
trunk/policycoreutils/scripts/genhomedircon
trunk/policycoreutils/semanage/semanage
Modified: trunk/policycoreutils/run_init/Makefile
===================================================================
--- trunk/policycoreutils/run_init/Makefile 2007-08-23 14:19:41 UTC (rev 2523)
+++ trunk/policycoreutils/run_init/Makefile 2007-08-23 14:32:48 UTC (rev 2524)
@@ -34,8 +34,8 @@
install: all
test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m 555 run_init $(SBINDIR)
- install -m 555 open_init_pty $(SBINDIR)
+ install -m 755 run_init $(SBINDIR)
+ install -m 755 open_init_pty $(SBINDIR)
install -m 644 run_init.8 $(MANDIR)/man8/
install -m 644 open_init_pty.8 $(MANDIR)/man8/
ifeq (${PAMH}, /usr/include/security/pam_appl.h)
Modified: trunk/policycoreutils/scripts/chcat
===================================================================
--- trunk/policycoreutils/scripts/chcat 2007-08-23 14:19:41 UTC (rev 2523)
+++ trunk/policycoreutils/scripts/chcat 2007-08-23 14:32:48 UTC (rev 2524)
@@ -77,7 +77,7 @@
if len(cats) > 0:
new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
- else
+ else:
new_serange = "%s-%s" % (serange[0], top[0])
if add_ind:
@@ -155,7 +155,7 @@
if len(cats) > 0:
new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
- else
+ else:
new_serange = "%s-%s" % (serange[0], top[0])
if add_ind:
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2007-08-23 14:19:41 UTC (rev 2523)
+++ trunk/policycoreutils/scripts/fixfiles 2007-08-23 14:32:48 UTC (rev 2524)
@@ -88,7 +88,7 @@
esac; \
fi; \
done | \
- while read pattern ; do find $pattern \
+ while read pattern ; do sh -c "find $pattern" \
! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
\( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
done 2> /dev/null | \
@@ -108,6 +108,7 @@
rpmlist() {
rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
+[ ${PIPESTATUS[0]} != 0 ] && echo "$1 not found" >/dev/stderr
}
#
Modified: trunk/policycoreutils/scripts/genhomedircon
===================================================================
--- trunk/policycoreutils/scripts/genhomedircon 2007-08-23 14:19:41 UTC (rev 2523)
+++ trunk/policycoreutils/scripts/genhomedircon 2007-08-23 14:32:48 UTC (rev 2524)
@@ -139,7 +139,22 @@
self.default_user = "user_u"
self.default_prefix = "user"
self.users = self.getUsers()
+ fd = open(self.getFileContextFile())
+ self.fclines=[]
+ for i in fd.readlines():
+ try:
+ regex = i.split()[0]
+ #match a trailing .+
+ regex = re.sub("\.+$", "", regex)
+ regex = re.sub("\.\*$", "", regex)
+ regex = re.sub("\(\/\.\*\)\?", "", regex)
+ regex = regex + "/*$"
+ self.fclines.append(re.compile(regex))
+ except:
+ continue
+ fd.close()
+
def getFileContextDir(self):
return self.selinuxdir+self.type+self.filecontextdir
@@ -289,20 +304,9 @@
return ret+"\n"
def checkExists(self, home):
- fd = open(self.getFileContextFile())
- for i in fd.readlines():
- if len(i) == 0:
- continue
+ for i in self.fclines:
try:
- regex = i.split()[0]
- #match a trailing .+
- regex = re.sub("\.+$", "", regex)
- regex = re.sub("\.\*$", "", regex)
- #strip a (/.*)? which matches anything trailing to a /*$ which matches trailing /'s
-
- regex = re.sub("\(\/\.\*\)\?", "", regex)
- regex = regex + "/*$"
- if re.search(regex,home, 0):
+ if i.match(home):
return 1
except:
continue
Modified: trunk/policycoreutils/semanage/semanage
===================================================================
--- trunk/policycoreutils/semanage/semanage 2007-08-23 14:19:41 UTC (rev 2523)
+++ trunk/policycoreutils/semanage/semanage 2007-08-23 14:32:48 UTC (rev 2524)
@@ -34,7 +34,10 @@
sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
try:
- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1)
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
except IOError:
import __builtin__
__builtin__.__dict__['_'] = unicode
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-08-23 14:38:13
|
Revision: 2525
http://selinux.svn.sourceforge.net/selinux/?rev=2525&view=rev
Author: ssmalley
Date: 2007-08-23 07:38:08 -0700 (Thu, 23 Aug 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.24
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-08-23 14:32:48 UTC (rev 2524)
+++ trunk/policycoreutils/ChangeLog 2007-08-23 14:38:08 UTC (rev 2525)
@@ -1,3 +1,11 @@
+2.0.24 2007-08-23
+ * Fix genhomedircon searching for USER from Todd Miller
+ * Install run_init with mode 0755 from Dan Walsh.
+ * Fix chcat from Dan Walsh.
+ * Fix fixfiles pattern expansion and error reporting from Dan Walsh.
+ * Optimize genhomedircon to compile regexes once from Dan Walsh.
+ * Fix semanage gettext call from Dan Walsh.
+
2.0.23 2007-08-16
* Disable dontaudits via semodule -D
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-08-23 14:32:48 UTC (rev 2524)
+++ trunk/policycoreutils/VERSION 2007-08-23 14:38:08 UTC (rev 2525)
@@ -1 +1 @@
-2.0.23
+2.0.24
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-08-23 14:50:13
|
Revision: 2533
http://selinux.svn.sourceforge.net/selinux/?rev=2533&view=rev
Author: ssmalley
Date: 2007-08-23 07:50:08 -0700 (Thu, 23 Aug 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.25
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-08-23 14:48:58 UTC (rev 2532)
+++ trunk/policycoreutils/ChangeLog 2007-08-23 14:50:08 UTC (rev 2533)
@@ -1,3 +1,7 @@
+2.0.25 2007-08-23
+ * Remove genhomedircon script (functionality is now provided
+ within libsemanage) from Todd Miller.
+
2.0.24 2007-08-23
* Fix genhomedircon searching for USER from Todd Miller
* Install run_init with mode 0755 from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-08-23 14:48:58 UTC (rev 2532)
+++ trunk/policycoreutils/VERSION 2007-08-23 14:50:08 UTC (rev 2533)
@@ -1 +1 @@
-2.0.24
+2.0.25
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-18 19:41:22
|
Revision: 2565
http://selinux.svn.sourceforge.net/selinux/?rev=2565&view=rev
Author: ssmalley
Date: 2007-09-18 12:41:20 -0700 (Tue, 18 Sep 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.26
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-09-18 19:40:38 UTC (rev 2564)
+++ trunk/policycoreutils/ChangeLog 2007-09-18 19:41:20 UTC (rev 2565)
@@ -1,3 +1,6 @@
+2.0.26 2007-09-18
+ * Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
+
2.0.25 2007-08-23
* Remove genhomedircon script (functionality is now provided
within libsemanage) from Todd Miller.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-09-18 19:40:38 UTC (rev 2564)
+++ trunk/policycoreutils/VERSION 2007-09-18 19:41:20 UTC (rev 2565)
@@ -1 +1 @@
-2.0.25
+2.0.26
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-19 18:44:18
|
Revision: 2572
http://selinux.svn.sourceforge.net/selinux/?rev=2572&view=rev
Author: ssmalley
Date: 2007-09-19 11:44:09 -0700 (Wed, 19 Sep 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.27
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-09-19 18:43:34 UTC (rev 2571)
+++ trunk/policycoreutils/ChangeLog 2007-09-19 18:44:09 UTC (rev 2572)
@@ -1,3 +1,6 @@
+2.0.27 2007-09-19
+ * Improve semodule reporting of system errors from Stephen Smalley.
+
2.0.26 2007-09-18
* Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-09-19 18:43:34 UTC (rev 2571)
+++ trunk/policycoreutils/VERSION 2007-09-19 18:44:09 UTC (rev 2572)
@@ -1 +1 @@
-2.0.26
+2.0.27
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 14:09:46
|
Revision: 2641
http://selinux.svn.sourceforge.net/selinux/?rev=2641&view=rev
Author: ssmalley
Date: 2007-10-05 07:09:43 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.28
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-10-05 14:07:01 UTC (rev 2640)
+++ trunk/policycoreutils/ChangeLog 2007-10-05 14:09:43 UTC (rev 2641)
@@ -1,3 +1,7 @@
+2.0.28 2007-10-05
+ * Update semodule man page for -D from Dan Walsh.
+ * Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
+
2.0.27 2007-09-19
* Improve semodule reporting of system errors from Stephen Smalley.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-10-05 14:07:01 UTC (rev 2640)
+++ trunk/policycoreutils/VERSION 2007-10-05 14:09:43 UTC (rev 2641)
@@ -1 +1 @@
-2.0.27
+2.0.28
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X